mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-23 05:00:24 +03:00
clarity and refactor
This commit is contained in:
parent
5871b6e347
commit
5be727ff3e
1 changed files with 42 additions and 48 deletions
|
@ -50,6 +50,31 @@ and you should enable 'federation_verify_certificates' in your configuration.
|
|||
If you are *sure* you want to do this, set 'accept_keys_insecurely' on the
|
||||
trusted_key_server configuration."""
|
||||
|
||||
TRUSTED_KEY_SERVER_NOT_CONFIGURED_WARN = """\
|
||||
Synapse requires that a list of trusted key servers are specified in order to
|
||||
provide signing keys for other servers in the federation.
|
||||
|
||||
This homeserver does not have a trusted key server configured in
|
||||
homeserver.yaml and will fall back to the default of 'matrix.org'.
|
||||
|
||||
Trusted key servers should be long-lived and stable which makes matrix.org a
|
||||
good choice for many admins, but some admins may wish to choose another. To
|
||||
suppress this warning, the admin should set 'trusted_key_servers' in
|
||||
homeserver.yaml to their desired key server and 'suppress_key_server_warning'
|
||||
to 'true'.
|
||||
|
||||
In a future release the software-defined default will be removed entirely and
|
||||
the trusted key server will be defined exclusively by the value of
|
||||
'trusted_key_servers'."""
|
||||
|
||||
TRUSTED_KEY_SERVER_CONFIGURED_AS_M_ORG_WARN = """\
|
||||
This server is configured to use 'matrix.org' as its trusted key server via the
|
||||
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
|
||||
server since it is long-lived, stable and trusted. However, some admins may
|
||||
wish to use another server for this purpose.
|
||||
|
||||
To suppress this warning and continue using 'matrix.org', admins should set
|
||||
'suppress_key_server_warning' to 'true' in homeserver.yaml."""
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -84,6 +109,7 @@ class KeyConfig(Config):
|
|||
self.key_refresh_interval = self.parse_duration(
|
||||
config.get("key_refresh_interval", "1d")
|
||||
)
|
||||
|
||||
suppress_key_server_warning = config.get("suppress_key_server_warning", False)
|
||||
key_server_signing_keys_path = config.get("key_server_signing_keys_path")
|
||||
if key_server_signing_keys_path:
|
||||
|
@ -95,49 +121,10 @@ class KeyConfig(Config):
|
|||
|
||||
# if neither trusted_key_servers nor perspectives are given, use the default.
|
||||
if "perspectives" not in config and "trusted_key_servers" not in config:
|
||||
logger.warn(
|
||||
"""
|
||||
Synapse requires that a list of trusted key servers are
|
||||
specified in order to provide signing keys for other servers in
|
||||
the federation.
|
||||
|
||||
This homeserver does not have a trusted key server configured in
|
||||
homeserver.yaml and will fall back to the default of
|
||||
'matrix.org'.
|
||||
|
||||
Trusted key servers should be long-lived and stable which
|
||||
makes matrix.org a good choice for many admins, but some admins may
|
||||
wish to choose another. To suppress this warning, the admin
|
||||
should set 'trusted_key_servers' in homeserver.yaml to their
|
||||
desired key server and 'suppress_key_server_warning' to 'true'.
|
||||
|
||||
In a future release the software-defined default will be
|
||||
removed entirely and the trusted key server will be defined
|
||||
exclusively by the value of 'trusted_key_servers'.
|
||||
"""
|
||||
)
|
||||
logger.warn(TRUSTED_KEY_SERVER_NOT_CONFIGURED_WARN)
|
||||
key_servers = [{"server_name": "matrix.org"}]
|
||||
else:
|
||||
key_servers = config.get("trusted_key_servers", [])
|
||||
for server in key_servers:
|
||||
if (
|
||||
server["server_name"] == "matrix.org"
|
||||
and not suppress_key_server_warning
|
||||
):
|
||||
logger.warn(
|
||||
"""
|
||||
This server is configured to use 'matrix.org' as its
|
||||
trusted key server via the 'trusted_key_servers' config
|
||||
option. 'matrix.org' is a good choice for a key server
|
||||
since it is long-lived, stable and trusted. However, some
|
||||
admins may wish to use another server for this purpose.
|
||||
|
||||
To suppress this warning and continue using
|
||||
'matrix.org', admins should set
|
||||
'suppress_key_server_warning' to 'true' in
|
||||
homeserver.yaml.
|
||||
"""
|
||||
)
|
||||
|
||||
if not isinstance(key_servers, list):
|
||||
raise ConfigError(
|
||||
|
@ -145,6 +132,13 @@ class KeyConfig(Config):
|
|||
% (type(key_servers).__name__,)
|
||||
)
|
||||
|
||||
for server in key_servers:
|
||||
if (
|
||||
server["server_name"] == "matrix.org"
|
||||
and not suppress_key_server_warning
|
||||
):
|
||||
logger.warn(TRUSTED_KEY_SERVER_CONFIGURED_AS_M_ORG_WARN)
|
||||
|
||||
# merge the 'perspectives' config into the 'trusted_key_servers' config.
|
||||
key_servers.extend(_perspectives_to_key_servers(config))
|
||||
|
||||
|
@ -230,6 +224,10 @@ class KeyConfig(Config):
|
|||
# This setting supercedes an older setting named `perspectives`. The old format
|
||||
# is still supported for backwards-compatibility, but it is deprecated.
|
||||
#
|
||||
# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
|
||||
# warning on start up to suppress this warning set 'suppress_key_server_warning'
|
||||
# to true.
|
||||
#
|
||||
# Options for each entry in the list include:
|
||||
#
|
||||
# server_name: the name of the server. required.
|
||||
|
@ -253,15 +251,11 @@ class KeyConfig(Config):
|
|||
# verify_keys:
|
||||
# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
|
||||
# - server_name: "my_other_trusted_server.example.com"
|
||||
|
||||
#
|
||||
trusted_key_servers:
|
||||
- server_name: "matrix.org"
|
||||
|
||||
# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
|
||||
# warning on start up to suppress this warning set 'suppress_key_server_warning'
|
||||
# to True.
|
||||
#
|
||||
#suppress_key_server_warning: True
|
||||
#suppress_key_server_warning: true
|
||||
#
|
||||
# The signing keys to use when acting as a trusted key server. If not specified
|
||||
# defaults to the server signing key.
|
||||
|
|
Loading…
Reference in a new issue