christian/matrix-ai-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f85562ed2840cafa426cf9a4846549426c5ef30b
matrix-ai-agent/Dockerfile
Christian Gick f85562ed28 fix(e2ee): switch to PR #921 Rust FFI branch for native HKDF (MAT-144) 
PR #904 callback-based HKDF hack only fired for the first frame cryptor
(audio), leaving video frame cryptors with PBKDF2 - DEC_FAILED oscillation.
PR #921 integrates HKDF natively at the WebRTC C++ level, applying uniformly
to all frame cryptors (audio + video).

Also removes aggressive video re-keying workaround and adds 5s cooldown
to DEC_FAILED re-keying handler to prevent tight loops.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 09:52:32 +02:00

76 lines
3.4 KiB
Docker
Raw Blame History

# Stage 1: Build patched Rust FFI with native HKDF support for Element Call E2EE
# Fork: onestacked/livekit-rust-sdks branch EC-compat-changes-webrtc-change
# PR: https://github.com/livekit/rust-sdks/pull/921 (proper HKDF at WebRTC C++ level)
# Replaces #904 which used a callback hack that only worked for the first frame cryptor
# (audio), causing DEC_FAILED on video tracks (MAT-144).
# Must use rust:latest (trixie/sid) — bookworm GCC 12 can't compile webrtc C++20 code
FROM rust:latest AS rust-build
RUN apt-get update && apt-get install -y --no-install-recommends \
git cmake g++ libssl-dev pkg-config protobuf-compiler \
libva-dev libglib2.0-dev nasm make clang \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /build
RUN git clone --branch EC-compat-changes-webrtc-change --depth 1 --recurse-submodules \
https://github.com/onestacked/livekit-rust-sdks.git
WORKDIR /build/livekit-rust-sdks/livekit-ffi
RUN cargo build --release
# Stage 2: Generate Python protobuf bindings from patched .proto files
FROM python:3.11-slim-bookworm AS proto-gen
RUN pip install --no-cache-dir protobuf grpcio-tools mypy-protobuf
COPY --from=rust-build /build/livekit-rust-sdks/livekit-ffi/protocol/ /proto/
RUN mkdir -p /gen && \
python -m grpc_tools.protoc \
-I/proto \
--python_out=/gen \
--mypy_out=/gen \
/proto/audio_frame.proto \
/proto/ffi.proto \
/proto/handle.proto \
/proto/participant.proto \
/proto/room.proto \
/proto/track.proto \
/proto/video_frame.proto \
/proto/e2ee.proto \
/proto/stats.proto \
/proto/track_publication.proto \
/proto/rpc.proto \
/proto/data_stream.proto && \
touch /gen/__init__.py && \
# Fix imports to be relative (same as upstream generate_proto.sh)
for f in /gen/*.py /gen/*.pyi; do \
perl -i -pe 's|^(import (audio_frame_pb2\|ffi_pb2\|handle_pb2\|participant_pb2\|room_pb2\|track_pb2\|video_frame_pb2\|e2ee_pb2\|stats_pb2\|rpc_pb2\|track_publication_pb2\|data_stream_pb2))|from . \1|g' "$f"; \
done
# Stage 3: Final image
# Must use trixie (GLIBC 2.38+) — patched FFI from rust:latest needs CXXABI_1.3.15
# which requires libstdc++6 from GCC 14, which in turn needs GLIBC 2.38
FROM python:3.11-slim-trixie
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
ffmpeg libolm-dev \
&& rm -rf /var/lib/apt/lists/*
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Install confluence-collab for section-based editing (CF-1812)
COPY confluence-collab/ /tmp/confluence-collab/
RUN pip install --no-cache-dir /tmp/confluence-collab/ && rm -rf /tmp/confluence-collab/
# Overwrite installed FFI binary with patched version (HKDF + key_ring_size support)
COPY --from=rust-build /build/livekit-rust-sdks/target/release/liblivekit_ffi.so /patched/
ENV LIVEKIT_LIB_PATH=/patched/liblivekit_ffi.so
# Overwrite installed proto bindings with patched versions (new fields: key_ring_size, key_derivation_function)
COPY --from=proto-gen /gen/ /patched_proto/
RUN PROTO_DIR=$(python -c "import livekit.rtc._proto; import os; print(os.path.dirname(livekit.rtc._proto.__file__))") && \
cp /patched_proto/*.py "$PROTO_DIR/" && \
cp /patched_proto/*.pyi "$PROTO_DIR/" 2>/dev/null || true
# Patch SDK Python code to pass new fields through to proto (e2ee.py + room.py)
COPY patch_sdk.py /tmp/patch_sdk.py
RUN python /tmp/patch_sdk.py && rm /tmp/patch_sdk.py
COPY . .
Reference in New Issue View Git Blame Copy Permalink