Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workaround for error when fetching notary's own key #6620

Merged
merged 2 commits into from Jan 6, 2020

Conversation

@richvdh
Copy link
Member

richvdh commented Jan 3, 2020

As a notary server, when we return our own keys, include all of our signing
keys in verify_keys.

This is a workaround for #6596.

(based on #6619)

richvdh added 2 commits Jan 3, 2020
We already get the Site via the Channel, so there's no need for a dedicated
RequestFactory: we can just use the right constructor.
As a notary server, when we return our own keys, include all of our signing
keys in verify_keys.

This is a workaround for #6596.
@richvdh richvdh requested a review from matrix-org/synapse-core Jan 3, 2020
Copy link
Member

babolivier left a comment

lgtm

@richvdh richvdh merged commit 18674ee into develop Jan 6, 2020
22 checks passed
22 checks passed
buildkite/synapse Build #6285 passed (16 minutes, 13 seconds)
Details
buildkite/synapse/check-sample-config Passed (1 minute, 30 seconds)
Details
buildkite/synapse/check-style Passed (2 minutes, 1 second)
Details
buildkite/synapse/isort Passed (34 seconds)
Details
buildkite/synapse/mypy Passed (31 seconds)
Details
buildkite/synapse/newspaper-newsfile Passed (18 seconds)
Details
buildkite/synapse/packaging Passed (19 seconds)
Details
buildkite/synapse/pipeline Passed (9 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-postgres-9-dot-5 Passed (10 minutes, 23 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-sqlite Passed (6 minutes, 42 seconds)
Details
buildkite/synapse/python-3-dot-5-slash-sqlite-slash-old-deps Passed (8 minutes, 1 second)
Details
buildkite/synapse/python-3-dot-6-slash-sqlite Passed (6 minutes, 4 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-postgres-11 Passed (9 minutes, 54 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-postgres-9-dot-5 Passed (10 minutes, 37 seconds)
Details
buildkite/synapse/python-3-dot-7-slash-sqlite Passed (5 minutes, 59 seconds)
Details
buildkite/synapse/synapse-port-db-slash-python-3-dot-5-slash-postgres-9-dot-5 Passed (1 minute, 36 seconds)
Details
buildkite/synapse/synapse-port-db-slash-python-3-dot-7-slash-postgres-11 Passed (1 minute, 38 seconds)
Details
buildkite/synapse/sytest-python-3-dot-5-slash-postgres-9-dot-6-slash-monolith Passed (11 minutes, 6 seconds)
Details
buildkite/synapse/sytest-python-3-dot-5-slash-postgres-9-dot-6-slash-workers Passed (12 minutes, 51 seconds)
Details
buildkite/synapse/sytest-python-3-dot-5-slash-sqlite-slash-monolith Passed (9 minutes, 57 seconds)
Details
buildkite/synapse/sytest-python-3-dot-7-slash-postgres-11-slash-monolith Passed (9 minutes, 51 seconds)
Details
buildkite/synapse/sytest-python-3-dot-7-slash-postgres-11-slash-workers Passed (12 minutes, 39 seconds)
Details
richvdh added a commit that referenced this pull request Jan 7, 2020
This was ill-advised. We can't modify verify_keys here, because the response
object has already been signed by the requested key.

Furthermore, it's somewhat unnecessary because existing versions of Synapse
(which get upset that the notary key isn't present in verify_keys) will fall
back to a direct fetch via `/key/v2/server`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.