Don't implicitly include server signing key

erikjohnston · erikjohnston · commit fe0ac98e6653 · 2019-08-23T15:36:28.000+01:00
diff --git a/synapse/config/key.py b/synapse/config/key.py
@@ -85,14 +85,13 @@ def read_config(self, config, config_dir_path, **kwargs):
             config.get("key_refresh_interval", "1d")
         )
 
-        self.key_server_signing_keys = list(self.signing_key)
         key_server_signing_keys_path = config.get("key_server_signing_keys_path")
         if key_server_signing_keys_path:
-            self.key_server_signing_keys.extend(
-                self.read_signing_keys(
-                    key_server_signing_keys_path, "key_server_signing_keys_path"
-                )
+            self.key_server_signing_keys = self.read_signing_keys(
+                key_server_signing_keys_path, "key_server_signing_keys_path"
             )
+        else:
+            self.key_server_signing_keys = list(self.signing_key)
 
         # if neither trusted_key_servers nor perspectives are given, use the default.
         if "perspectives" not in config and "trusted_key_servers" not in config:
@@ -221,8 +220,8 @@ def generate_config_section(
         #  - server_name: "matrix.org"
         #
 
-        # The additional signing keys to use when acting as a trusted key server, on
-        # top of the normal signing keys.
+        # The signing keys to use when acting as a trusted key server. If not specified
+        # defaults to the server signing key.
         #
         # Can contain multiple keys, one per line.
         #

Original file line number	Diff line number	Diff line change
`@@ -85,14 +85,13 @@ def read_config(self, config, config_dir_path, **kwargs):`
`85`	`85`	`config.get("key_refresh_interval", "1d")`
`86`	`86`	`)`
`87`	`87`
`88`		`- self.key_server_signing_keys = list(self.signing_key)`
`89`	`88`	`key_server_signing_keys_path = config.get("key_server_signing_keys_path")`
`90`	`89`	`if key_server_signing_keys_path:`
`91`		`- self.key_server_signing_keys.extend(`
`92`		`- self.read_signing_keys(`
`93`		`- key_server_signing_keys_path, "key_server_signing_keys_path"`
`94`		`- )`
	`90`	`+ self.key_server_signing_keys = self.read_signing_keys(`
	`91`	`+ key_server_signing_keys_path, "key_server_signing_keys_path"`
`95`	`92`	`)`
	`93`	`+ else:`
	`94`	`+ self.key_server_signing_keys = list(self.signing_key)`
`96`	`95`
`97`	`96`	`# if neither trusted_key_servers nor perspectives are given, use the default.`
`98`	`97`	`if "perspectives" not in config and "trusted_key_servers" not in config:`
`@@ -221,8 +220,8 @@ def generate_config_section(`
`221`	`220`	`# - server_name: "matrix.org"`
`222`	`221`	`#`
`223`	`222`
`224`		`- # The additional signing keys to use when acting as a trusted key server, on`
`225`		`- # top of the normal signing keys.`
	`223`	`+ # The signing keys to use when acting as a trusted key server. If not specified`
	`224`	`+ # defaults to the server signing key.`
`226`	`225`	`#`
`227`	`226`	`# Can contain multiple keys, one per line.`
`228`	`227`	`#`