clarity and refactor

This commit is contained in:
Neil Johnson 2019-09-25 13:46:20 +01:00
parent 5871b6e347
commit 5be727ff3e

View file

@ -50,6 +50,31 @@ and you should enable 'federation_verify_certificates' in your configuration.
If you are *sure* you want to do this, set 'accept_keys_insecurely' on the
trusted_key_server configuration."""
TRUSTED_KEY_SERVER_NOT_CONFIGURED_WARN = """\
Synapse requires that a list of trusted key servers are specified in order to
provide signing keys for other servers in the federation.
This homeserver does not have a trusted key server configured in
homeserver.yaml and will fall back to the default of 'matrix.org'.
Trusted key servers should be long-lived and stable which makes matrix.org a
good choice for many admins, but some admins may wish to choose another. To
suppress this warning, the admin should set 'trusted_key_servers' in
homeserver.yaml to their desired key server and 'suppress_key_server_warning'
to 'true'.
In a future release the software-defined default will be removed entirely and
the trusted key server will be defined exclusively by the value of
'trusted_key_servers'."""
TRUSTED_KEY_SERVER_CONFIGURED_AS_M_ORG_WARN = """\
This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.
To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml."""
logger = logging.getLogger(__name__)
@ -84,6 +109,7 @@ class KeyConfig(Config):
self.key_refresh_interval = self.parse_duration(
config.get("key_refresh_interval", "1d")
)
suppress_key_server_warning = config.get("suppress_key_server_warning", False)
key_server_signing_keys_path = config.get("key_server_signing_keys_path")
if key_server_signing_keys_path:
@ -95,49 +121,10 @@ class KeyConfig(Config):
# if neither trusted_key_servers nor perspectives are given, use the default.
if "perspectives" not in config and "trusted_key_servers" not in config:
logger.warn(
"""
Synapse requires that a list of trusted key servers are
specified in order to provide signing keys for other servers in
the federation.
This homeserver does not have a trusted key server configured in
homeserver.yaml and will fall back to the default of
'matrix.org'.
Trusted key servers should be long-lived and stable which
makes matrix.org a good choice for many admins, but some admins may
wish to choose another. To suppress this warning, the admin
should set 'trusted_key_servers' in homeserver.yaml to their
desired key server and 'suppress_key_server_warning' to 'true'.
In a future release the software-defined default will be
removed entirely and the trusted key server will be defined
exclusively by the value of 'trusted_key_servers'.
"""
)
logger.warn(TRUSTED_KEY_SERVER_NOT_CONFIGURED_WARN)
key_servers = [{"server_name": "matrix.org"}]
else:
key_servers = config.get("trusted_key_servers", [])
for server in key_servers:
if (
server["server_name"] == "matrix.org"
and not suppress_key_server_warning
):
logger.warn(
"""
This server is configured to use 'matrix.org' as its
trusted key server via the 'trusted_key_servers' config
option. 'matrix.org' is a good choice for a key server
since it is long-lived, stable and trusted. However, some
admins may wish to use another server for this purpose.
To suppress this warning and continue using
'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in
homeserver.yaml.
"""
)
if not isinstance(key_servers, list):
raise ConfigError(
@ -145,6 +132,13 @@ class KeyConfig(Config):
% (type(key_servers).__name__,)
)
for server in key_servers:
if (
server["server_name"] == "matrix.org"
and not suppress_key_server_warning
):
logger.warn(TRUSTED_KEY_SERVER_CONFIGURED_AS_M_ORG_WARN)
# merge the 'perspectives' config into the 'trusted_key_servers' config.
key_servers.extend(_perspectives_to_key_servers(config))
@ -230,6 +224,10 @@ class KeyConfig(Config):
# This setting supercedes an older setting named `perspectives`. The old format
# is still supported for backwards-compatibility, but it is deprecated.
#
# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
# warning on start up to suppress this warning set 'suppress_key_server_warning'
# to true.
#
# Options for each entry in the list include:
#
# server_name: the name of the server. required.
@ -253,15 +251,11 @@ class KeyConfig(Config):
# verify_keys:
# "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
# - server_name: "my_other_trusted_server.example.com"
#
trusted_key_servers:
- server_name: "matrix.org"
# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
# warning on start up to suppress this warning set 'suppress_key_server_warning'
# to True.
#
#suppress_key_server_warning: True
#suppress_key_server_warning: true
#
# The signing keys to use when acting as a trusted key server. If not specified
# defaults to the server signing key.