From af6f91eb94f3120fe06a56d57073072858229b38 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Wed, 3 May 2023 09:51:46 +0100
Subject: [PATCH 1/5] Suppress the trusted key server warning for matrix.org in
 the demo scripts

---
 demo/start.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/demo/start.sh b/demo/start.sh
index fdd75816fb26..e033761cb113 100755
--- a/demo/start.sh
+++ b/demo/start.sh
@@ -46,7 +46,7 @@ for port in 8080 8081 8082; do
             echo ''
 
 			# Warning, this heredoc depends on the interaction of tabs and spaces.
-			# Please don't accidentaly bork me with your fancy settings.
+			# Please don't accidentally bork me with your fancy settings.
 			listeners=$(cat <<-PORTLISTENERS
 			# Configure server to listen on both $https_port and $port
 			# This overides some of the default settings above
@@ -85,6 +85,7 @@ for port in 8080 8081 8082; do
             echo 'trusted_key_servers:'
             echo '  - server_name: "matrix.org"'
             echo '    accept_keys_insecurely: true'
+            echo 'suppress_key_server_warning: true'
             echo ''
 
 			# Allow the servers to communicate over localhost.

From 81d4b2035f267c6184c43ef922271e1aa937c70c Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Wed, 3 May 2023 09:56:46 +0100
Subject: [PATCH 2/5] changelog

---
 changelog.d/15527.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/15527.misc

diff --git a/changelog.d/15527.misc b/changelog.d/15527.misc
new file mode 100644
index 000000000000..91e7529d4b0c
--- /dev/null
+++ b/changelog.d/15527.misc
@@ -0,0 +1 @@
+Suppress the trusted key server warning when running the demo scripts.
\ No newline at end of file

From 4a1a0adf8edb95c9b0375a2206791ed178ccd813 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Wed, 3 May 2023 10:02:37 +0100
Subject: [PATCH 3/5] Clarify our trusted_key_servers config

The current comment confused me on how exactly it was ignoring keys from matrix.org
---
 demo/start.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/demo/start.sh b/demo/start.sh
index e033761cb113..bcb0bdecbdfd 100755
--- a/demo/start.sh
+++ b/demo/start.sh
@@ -81,7 +81,9 @@ for port in 8080 8081 8082; do
             echo "tls_private_key_path: \"$DIR/$port/localhost:$port.tls.key\""
 
             # Ignore keys from the trusted keys server
-            echo '# Ignore keys from the trusted keys server'
+            echo '# Ignore keys from the trusted keys server.'
+            echo '# Specifically, we do this by omitting the "verify_keys" option'
+            echo '# and enabling "accept_keys_insecurely"'
             echo 'trusted_key_servers:'
             echo '  - server_name: "matrix.org"'
             echo '    accept_keys_insecurely: true'

From c8d0f97e10184a3f94eb0fff3f1da6b65e2efb52 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Wed, 3 May 2023 12:19:25 +0100
Subject: [PATCH 4/5] Request keys directly from federated servers instead

There's no reason to set a trusted key server in a private federation demo setup
---
 demo/start.sh | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/demo/start.sh b/demo/start.sh
index bcb0bdecbdfd..06ec6f985f35 100755
--- a/demo/start.sh
+++ b/demo/start.sh
@@ -80,15 +80,8 @@ for port in 8080 8081 8082; do
             echo "tls_certificate_path: \"$DIR/$port/localhost:$port.tls.crt\""
             echo "tls_private_key_path: \"$DIR/$port/localhost:$port.tls.key\""
 
-            # Ignore keys from the trusted keys server
-            echo '# Ignore keys from the trusted keys server.'
-            echo '# Specifically, we do this by omitting the "verify_keys" option'
-            echo '# and enabling "accept_keys_insecurely"'
-            echo 'trusted_key_servers:'
-            echo '  - server_name: "matrix.org"'
-            echo '    accept_keys_insecurely: true'
-            echo 'suppress_key_server_warning: true'
-            echo ''
+            # Request keys directly from servers contacted over federation
+            echo 'trusted_key_servers: []'
 
 			# Allow the servers to communicate over localhost.
 			allow_list=$(cat <<-ALLOW_LIST

From 41b67a131600c6fcff3ff3bd03ccedcba1da155a Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Wed, 3 May 2023 12:28:54 +0100
Subject: [PATCH 5/5] Update the changelog to reflect the PR's new behaviour

Co-authored-by: David Robertson <davidr@element.io>
---
 changelog.d/15527.misc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog.d/15527.misc b/changelog.d/15527.misc
index 91e7529d4b0c..752a32adeb5d 100644
--- a/changelog.d/15527.misc
+++ b/changelog.d/15527.misc
@@ -1 +1 @@
-Suppress the trusted key server warning when running the demo scripts.
\ No newline at end of file
+Don't use a trusted key server when running the demo scripts.
\ No newline at end of file