From fb27576deb5ea4897cfdd1d91a027ba620653440 Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Mon, 23 Sep 2019 16:14:56 +0100 Subject: [PATCH] Explicitly log when a homeserver does not have the 'trusted_key_servers' config field configured. --- changelog.d/6090.doc | 1 + synapse/config/key.py | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 changelog.d/6090.doc diff --git a/changelog.d/6090.doc b/changelog.d/6090.doc new file mode 100644 index 0000000000..a6da448a1a --- /dev/null +++ b/changelog.d/6090.doc @@ -0,0 +1 @@ +Explicitly log when a homeserver does not have the 'trusted_key_servers' config field configured. diff --git a/synapse/config/key.py b/synapse/config/key.py index ba2199bceb..53f9c81ca0 100644 --- a/synapse/config/key.py +++ b/synapse/config/key.py @@ -95,6 +95,24 @@ class KeyConfig(Config): # if neither trusted_key_servers nor perspectives are given, use the default. if "perspectives" not in config and "trusted_key_servers" not in config: + logger.warn( + """ + Synapse requires that a notary homeserver is configured to + verify keys of other servers in the federation. This homeserver + does not have a notary server configured in homeserver.yaml and + will fall back to the default of 'matrix.org'. + + Notary servers should be long lived, stable and trusted which + makes matrix.org a good choice for many admins, but some may + wish to choose another. To suppress this warning, the admin + should set 'trusted_key_servers' in homeserver.yaml to their + desired notary server. + + In a future release the software defined default will be + removed entirely and the notary server will be defined + exclusively by the value of 'trust_key_servers'. + """ + ) key_servers = [{"server_name": "matrix.org"}] else: key_servers = config.get("trusted_key_servers", [])