Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Suppress the trusted key server warning for matrix.org in the demo scripts #15527

Merged
merged 5 commits into from
May 3, 2023
Merged

Suppress the trusted key server warning for matrix.org in the demo scripts #15527

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
af6f91e
Suppress the trusted key server warning for matrix.org in the demo sc…
anoadragon453 May 3, 2023
81d4b20
changelog
anoadragon453 May 3, 2023
4a1a0ad
Clarify our trusted_key_servers config
anoadragon453 May 3, 2023
c8d0f97
Request keys directly from federated servers instead
anoadragon453 May 3, 2023
41b67a1
Update the changelog to reflect the PR's new behaviour
anoadragon453 May 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/15527.misc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Suppress the trusted key server warning when running the demo scripts.
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
7 changes: 5 additions & 2 deletions demo/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ for port in 8080 8081 8082; do
echo ''

# Warning, this heredoc depends on the interaction of tabs and spaces.
# Please don't accidentaly bork me with your fancy settings.
# Please don't accidentally bork me with your fancy settings.
listeners=$(cat <<-PORTLISTENERS
# Configure server to listen on both $https_port and $port
# This overides some of the default settings above
Expand Down Expand Up @@ -81,10 +81,13 @@ for port in 8080 8081 8082; do
echo "tls_private_key_path: \"$DIR/$port/localhost:$port.tls.key\""

# Ignore keys from the trusted keys server
echo '# Ignore keys from the trusted keys server'
echo '# Ignore keys from the trusted keys server.'
echo '# Specifically, we do this by omitting the "verify_keys" option'
echo '# and enabling "accept_keys_insecurely"'
echo 'trusted_key_servers:'
echo ' - server_name: "matrix.org"'
echo ' accept_keys_insecurely: true'
echo 'suppress_key_server_warning: true'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it not make more sense to not use a trusted key server at all in the demo script?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was tempted to do so, but figured not to rock the boat.

However - upon testing trusted_key_servers: [] (not setting the option defaults to matrix.org), it works as expected 🎉

I've updated the config to simple request signing keys directly from the server in c8d0f97. Thanks for calling it out!

echo ''

# Allow the servers to communicate over localhost.
Expand Down