Every update to desktop version of Riot changes the device key

[spijet]

Description

After updating Riot to new version I find that I'm unable to read any e2e-encrypted chats I'm member of, seeing this error instead of every message:

** Unable to decrypt: The sender's device has not sent us the keys for this message. **

Then, if I open my secondary Riot instance (iOS or browser-based), I see that, while having unchanged device ID, my Desktop instance has different device key (iOS/Web "see" the old device key on the "Verify" page, while Desktop shows the new key in its "Options" screen).

Steps to reproduce

• Update riot-desktop package
• Launch it
• Check the device key in the app and compare it with the key seen in other Riot apps

Describe how what happens differs from what you expected.

Log: Sent!

Version information

• Platform: Desktop

For the desktop app:

• OS: Arch Linux
• Version: 0.15.4 (olm version: 2.2.1)
• Arch Linux package versions:
• • riot-web: 0.15.4-1
• • riot-desktop: 0.15.4-1

[ara4n]

this sounds possibly related to #6761 or #6714

[spijet]

Could be, but (fortunately) the bug doesn't affect the web version of Riot for me — only the desktop one. I wonder if exporting E2E keys before upgrading and importing them afterwards could work as a workaround.

As for now, I have to either remove ~/.config/Riot completely or remove the Desktop app from known devices list in web version, and then proceed to log in and re-verify every single device from every e2e chat to get it working.

[turt2live]

I wonder if it's somehow related to #6120 as well

[spijet]

My whole ~/.config/Riot/IndexedDB/ dir is 5.0 MBytes at the moment. Also, I think that if it was the cause, wouldn't device key change at arbitrary points in time, not exactly after upgrading Riot?

[turt2live]

Potentially. I only mentioned it because it fits into the category of "strange e2e behaviour". It's more than likely something to do with electron though.

[ArchangeGabriel]

Why would it have to do with electron? electron wasn’t updated in a while on Arch. However it could be related to NodeJS for instance, since Arch updated to 10.x recently.

I have not observed this issue yet, I will look carefully on next Riot update.

[turt2live]

*electron version of riot

[ArchangeGabriel]

There is no embedded electron in Riot on ArchLinux, system one is used. ;)

[ArchangeGabriel]

So actually this could be an electron version mismatch between Riot expectations and what is available.

[turt2live]

I'm just trying to say the desktop version of Riot, which is commonly known as the electron version :(

Either way, my suggestion clearly isn't the issue so I'll leave it to someone else to figure out (as done here: #6808 (comment) )

[ArchangeGabriel]

Oh, that make senses. @spijet When you say the web version isn’t affected, do you mean the one @ riot.im, the one in Arch or both?

[spijet]

@ArchangeGabriel My employer hosts its own Matrix server with its own deployment of riot-web (which is not different from current upstream, AFAIK). I see no problems when using the web version, only the Electron-based desktop version from Arch.

The problem itself happens exactly after upgrading riot-{web,desktop} packages, not NodeJS or Electron. I'll try to isolate the case when the next Riot version is available (by isolating I mean I will only update riot-web and riot-desktop packages and nothing else, just to check).

[spijet]

So, it happened again. The funny thing is, I actually excluded new versions of Riot-web and Riot-desktop packages from installing this time to try to isolate the case, but when I started Riot after upgrading every package (except Riot), I got this issue.

My Pacman update log looks like this:

[2018-06-16 20:47] [ALPM] transaction started
[2018-06-16 20:47] [ALPM] upgraded libgcrypt (1.8.2-1 -> 1.8.3-1)
[2018-06-16 20:47] [ALPM] upgraded libsynctex (2017.44590-14 -> 2018.47465-2)
[2018-06-16 20:47] [ALPM] upgraded texlive-bin (2017.44590-14 -> 2018.47465-2)
[2018-06-16 20:47] [ALPM] upgraded texlive-core (2017.46770-1 -> 2018.47471-1)
[2018-06-16 20:47] [ALPM-SCRIPTLET] >>> updmap custom entries should go into /etc/texmf/web2c/updmap-local.cfg
[2018-06-16 20:47] [ALPM-SCRIPTLET] >>> fmtutil custom entries should go into /etc/texmf/web2c/fmtutil-local.cnf
[2018-06-16 20:47] [ALPM] upgraded texlive-bibtexextra (2017.46775-1 -> 2018.47418-1)
[2018-06-16 20:47] [ALPM] upgraded texlive-formatsextra (2017.45845-1 -> 2018.47198-1)
[2018-06-16 20:47] [ALPM] upgraded texlive-games (2017.46791-1 -> 2018.47472-1)
[2018-06-16 20:47] [ALPM] upgraded texlive-publishers (2017.46790-1 -> 2018.47473-1)
[2018-06-16 20:47] [ALPM] upgraded texlive-latexextra (2017.46778-1 -> 2018.47410-1)
[2018-06-16 20:47] [ALPM] upgraded texlive-science (2017.46789-1 -> 2018.47412-1)
[2018-06-16 20:47] [ALPM] upgraded qt5-webengine (5.11.0-2 -> 5.11.0-3)
[2018-06-16 20:47] [ALPM] upgraded libnm (1.10.8-1 -> 1.10.10-1)
[2018-06-16 20:48] [ALPM] upgraded texlive-fontsextra (2017.46787-1 -> 2018.47288-1)
[2018-06-16 20:48] [ALPM] upgraded totem-plparser (3.26.0+11+g0091a56-1 -> 3.26.1-1)
[2018-06-16 20:48] [ALPM] upgraded libnm-glib (1.10.8-1 -> 1.10.10-1)
[2018-06-16 20:48] [ALPM] upgraded texlive-humanities (2017.46767-1 -> 2018.47359-1)
[2018-06-16 20:48] [ALPM] upgraded texlive-pstricks (2017.46667-1 -> 2018.47400-1)
[2018-06-16 20:48] [ALPM] upgraded graphene (1.8.0-1 -> 1.8.2-1)
[2018-06-16 20:48] [ALPM] upgraded texlive-pictures (2017.46740-1 -> 2018.47373-1)
[2018-06-16 20:48] [ALPM] upgraded networkmanager (1.10.8-1 -> 1.10.10-1)
[2018-06-16 20:48] [ALPM] upgraded texlive-music (2017.46141-1 -> 2018.47198-1)
[2018-06-16 20:48] [ALPM] upgraded texlive-langcyrillic (2017.45751-1 -> 2018.47458-1)
[2018-06-16 20:48] [ALPM] upgraded libvirt-python2 (4.3.0-1 -> 4.4.0-1)
[2018-06-16 20:48] [ALPM] upgraded python-cached-property (1.4.2-1 -> 1.4.3-1)
[2018-06-16 20:48] [ALPM] upgraded crystal (0.24.2-2 -> 0.25.0-1)
[2018-06-16 20:48] [ALPM] upgraded shellcheck (0.5.0-11 -> 0.5.0-12)
[2018-06-16 20:48] [ALPM] transaction completed

Any ideas what could possibly cause this? I took a quick look at Riot package dependencies and didn't see anything that could be related to these packages.

[spijet]

Actually, I might have missed an Electron update 3 days ago:

[2018-06-13 11:04] [ALPM] upgraded electron (1.8.4-2 -> 2.0.2-1)

But I don't remember if I restarted Riot after electron update (explicitly restarted it after the last update though). Oh well, gotta try to isolate the case again.

[akontsevich]

#Hope you'll find the solution to solve this. I was forced to remove old room and create new one unencryped. No users in it since then. :)

[spijet]

Just did a partial upgrade of Riot, after upgrading everything else on my system:

[2018-07-05 10:06] [PACMAN] Running 'pacman --color auto -S community/riot-desktop community/riot-web'
[2018-07-05 10:07] [ALPM] running '00_snapper-pre.hook'...
[2018-07-05 10:07] [ALPM-SCRIPTLET] ==> root: 1282
[2018-07-05 10:07] [ALPM] transaction started
[2018-07-05 10:07] [ALPM] upgraded riot-web (0.15.5-1 -> 0.15.6-1)
[2018-07-05 10:07] [ALPM] upgraded riot-desktop (0.15.5-1 -> 0.15.6-1)

So far so good — nothing broke this time. I exported E2E room keys before upgrading, in case if anything goes wrong. @akontsevich, it could work for you in the future.

[akontsevich]

@spijet hope so. For now all my users gone from this platform.

[spijet]

Just upgraded Riot to 0.15.7-1 — no problems here. I think I'll close it for now. Will reopen in case if anything breaks again.