fix(e2ee): switch to PR #921 Rust FFI branch for native HKDF (MAT-144)

PR #904 callback-based HKDF hack only fired for the first frame cryptor (audio), leaving video frame cryptors with PBKDF2 - DEC_FAILED oscillation. PR #921 integrates HKDF natively at the WebRTC C++ level, applying uniformly to all frame cryptors (audio + video). Also removes aggressive video re-keying workaround and adds 5s cooldown to DEC_FAILED re-keying handler to prevent tight loops. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 09:52:32 +02:00
parent 4fc268cdd7
commit f85562ed28
2 changed files with 16 additions and 23 deletions
--- a/10
+++ b/10
@@ -1,6 +1,8 @@
-# Stage 1: Build patched Rust FFI with HKDF support for Element Call E2EE
-# Fork: onestacked/livekit-rust-sdks branch EC-compat-changes
-# PR: https://github.com/livekit/rust-sdks/pull/904
+# Stage 1: Build patched Rust FFI with native HKDF support for Element Call E2EE
+# Fork: onestacked/livekit-rust-sdks branch EC-compat-changes-webrtc-change
+# PR: https://github.com/livekit/rust-sdks/pull/921 (proper HKDF at WebRTC C++ level)
+# Replaces #904 which used a callback hack that only worked for the first frame cryptor
+# (audio), causing DEC_FAILED on video tracks (MAT-144).
 # Must use rust:latest (trixie/sid) — bookworm GCC 12 can't compile webrtc C++20 code
 FROM rust:latest AS rust-build
 RUN apt-get update && apt-get install -y --no-install-recommends \
@@ -8,7 +10,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
    libva-dev libglib2.0-dev nasm make clang \
    && rm -rf /var/lib/apt/lists/*
 WORKDIR /build
-RUN git clone --branch EC-compat-changes --depth 1 --recurse-submodules \
+RUN git clone --branch EC-compat-changes-webrtc-change --depth 1 --recurse-submodules \
    https://github.com/onestacked/livekit-rust-sdks.git
 WORKDIR /build/livekit-rust-sdks/livekit-ffi
 RUN cargo build --release