From 4434fc70044da9dadd5efb4e32e8ac03740d8f54 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Fri, 25 Mar 2022 13:29:24 -0600
Subject: [PATCH 1/3] Ensure a useful logfile gets recorded for synapse startup
 failures

---
 .../end-to-end-tests/pick-synapse-log-file.js | 26 +++++++++++++++++++
 test/end-to-end-tests/run.sh                  |  5 +++-
 test/end-to-end-tests/synapse/start.sh        |  6 -----
 3 files changed, 30 insertions(+), 7 deletions(-)
 create mode 100644 test/end-to-end-tests/pick-synapse-log-file.js

diff --git a/test/end-to-end-tests/pick-synapse-log-file.js b/test/end-to-end-tests/pick-synapse-log-file.js
new file mode 100644
index 00000000000..aaefd0dfd2d
--- /dev/null
+++ b/test/end-to-end-tests/pick-synapse-log-file.js
@@ -0,0 +1,26 @@
+/*
+Copyright 2022 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+const path = require('path');
+
+// used from run.sh as getopts doesn't support long parameters
+const idx = process.argv.indexOf("--log-directory");
+if (idx !== -1) {
+    const value = process.argv[idx + 1];
+    process.stdout.write(path.join(path.resolve(value), 'homeserver.log'));
+} else {
+    process.stdout.write(path.join(process.cwd(), 'homeserver.log'));
+}
diff --git a/test/end-to-end-tests/run.sh b/test/end-to-end-tests/run.sh
index b65ce2a9567..f60a2cb30d7 100755
--- a/test/end-to-end-tests/run.sh
+++ b/test/end-to-end-tests/run.sh
@@ -10,6 +10,8 @@ echo "Please first run $BASE_DIR/install.sh"
 fi
 
 has_custom_app=$(node has-custom-app.js $@)
+synapse_log_file=$(node pick-synapse-log-file.js $@)
+touch $synapse_log_file
 
 if [ ! -d "element/element-web" ] && [ $has_custom_app -ne "1" ]; then
     echo "Please provide an instance of Element to test against by passing --app-url <url> or running $BASE_DIR/element/install.sh"
@@ -25,13 +27,14 @@ stop_servers() {
 
 handle_error() {
 	EXIT_CODE=$?
+	echo "Tests fell over with a non-zero exit code: stopping servers"
 	stop_servers
 	exit $EXIT_CODE
 }
 
 trap 'handle_error' ERR
 
-./synapse/start.sh
+LOGFILE=$synapse_log_file ./synapse/start.sh
 reg_secret=`./synapse/getcfg.sh registration_shared_secret`
 if [ $has_custom_app -ne "1" ]; then
     ./element/start.sh
diff --git a/test/end-to-end-tests/synapse/start.sh b/test/end-to-end-tests/synapse/start.sh
index 2ff6ae69d00..f17047afd08 100755
--- a/test/end-to-end-tests/synapse/start.sh
+++ b/test/end-to-end-tests/synapse/start.sh
@@ -5,11 +5,5 @@ BASE_DIR=$(cd $(dirname $0) && pwd)
 cd $BASE_DIR
 cd installations/consent/env/bin/
 source activate
-LOGFILE=$(mktemp)
 echo "Synapse log file at $LOGFILE"
 ./synctl start 2> $LOGFILE
-EXIT_CODE=$?
-if [ $EXIT_CODE -ne 0 ]; then
-	cat $LOGFILE
-fi
-exit $EXIT_CODE

From 49029cf8477d3b549106a1f6152f21b69d2c30e3 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Fri, 25 Mar 2022 13:33:49 -0600
Subject: [PATCH 2/3] Update synapse config to stop complaining about key
 servers

---
 .../config-templates/consent/homeserver.yaml  | 49 ++++++++++++++++---
 1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml b/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml
index 13aea8d18dc..bc3a3716744 100644
--- a/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml
+++ b/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml
@@ -792,13 +792,50 @@ signing_key_path: "{{SYNAPSE_ROOT}}localhost.signing.key"
 
 # The trusted servers to download signing keys from.
 #
-#perspectives:
-#  servers:
-#    "matrix.org":
-#      verify_keys:
-#        "ed25519:auto":
-#          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+# When we need to fetch a signing key, each server is tried in parallel.
+#
+# Normally, the connection to the key server is validated via TLS certificates.
+# Additional security can be provided by configuring a `verify key`, which
+# will make synapse check that the response is signed by that key.
+#
+# This setting supercedes an older setting named `perspectives`. The old format
+# is still supported for backwards-compatibility, but it is deprecated.
+#
+# 'trusted_key_servers' defaults to matrix.org, but using it will generate a
+# warning on start-up. To suppress this warning, set
+# 'suppress_key_server_warning' to true.
+#
+# Options for each entry in the list include:
+#
+#    server_name: the name of the server. required.
+#
+#    verify_keys: an optional map from key id to base64-encoded public key.
+#       If specified, we will check that the response is signed by at least
+#       one of the given keys.
+#
+#    accept_keys_insecurely: a boolean. Normally, if `verify_keys` is unset,
+#       and federation_verify_certificates is not `true`, synapse will refuse
+#       to start, because this would allow anyone who can spoof DNS responses
+#       to masquerade as the trusted key server. If you know what you are doing
+#       and are sure that your network environment provides a secure connection
+#       to the key server, you can set this to `true` to override this
+#       behaviour.
+#
+# An example configuration might look like:
+#
+#trusted_key_servers:
+#  - server_name: "my_trusted_server.example.com"
+#    verify_keys:
+#      "ed25519:auto": "abcdefghijklmnopqrstuvwxyzabcdefghijklmopqr"
+#  - server_name: "my_other_trusted_server.example.com"
+#
+trusted_key_servers:
+    - server_name: "matrix.org"
 
+# Uncomment the following to disable the warning that is emitted when the
+# trusted_key_servers include 'matrix.org'. See above.
+#
+suppress_key_server_warning: true
 
 # Enable SAML2 for registration and login. Uses pysaml2.
 #

From bc3751935bcd52d4089c53c4416b5f5dfed66c0e Mon Sep 17 00:00:00 2001
From: Travis Ralston <travisr@matrix.org>
Date: Fri, 25 Mar 2022 13:34:23 -0600
Subject: [PATCH 3/3] Add flag to turn on registrations again

From https://github.com/matrix-org/synapse/pull/12091
---
 .../synapse/config-templates/consent/homeserver.yaml        | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml b/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml
index bc3a3716744..9aa67b22209 100644
--- a/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml
+++ b/test/end-to-end-tests/synapse/config-templates/consent/homeserver.yaml
@@ -633,6 +633,12 @@ uploads_path: "{{SYNAPSE_ROOT}}uploads"
 #
 enable_registration: true
 
+# Enable registration without email or captcha verification. Note: this option is *not* recommended,
+# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
+# unless `enable_registration` is also enabled.
+#
+enable_registration_without_verification: true
+
 # The user must provide all of the below types of 3PID when registering.
 #
 #registrations_require_3pid: