RPKI repository can only include a few specific files, everything else is
just ignored and deleted after every fetch. Since openrsync supports
--exclude-file now we can use this to limit what is actually accepted by
the client.
I used a config file in /etc/rpki instead of using multiple --exclude /
--include arguments. Mostly to keep the execvp argv short.
What you think?
--
:wq Claudio
Index: etc/Makefile
===================================================================
RCS file: /cvs/src/etc/Makefile,v
retrieving revision 1.484
diff -u -p -r1.484 Makefile
--- etc/Makefile 1 May 2021 16:11:07 -0000 1.484
+++ etc/Makefile 31 Aug 2021 12:17:40 -0000
@@ -156,7 +156,7 @@ distribution-etc-root-var: distrib-dirs
${DESTDIR}/etc/ppp
cd rpki; \
${INSTALL} -c -o root -g wheel -m 644 \
- afrinic.tal apnic.tal lacnic.tal ripe.tal \
+ afrinic.tal apnic.tal lacnic.tal ripe.tal rsync.filter \
${DESTDIR}/etc/rpki
cd examples; \
${INSTALL} -c -o root -g wheel -m 644 ${EXAMPLES} \
Index: etc/rpki/rsync.filter
===================================================================
RCS file: etc/rpki/rsync.filter
diff -N etc/rpki/rsync.filter
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ etc/rpki/rsync.filter 31 Aug 2021 12:09:24 -0000
@@ -0,0 +1,7 @@
++ */
++ *.cer
++ *.crl
++ *.gbr
++ *.mft
++ *.roa
+- *
Index: usr.sbin/rpki-client/rsync.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving revision 1.24
diff -u -p -r1.24 rsync.c
--- usr.sbin/rpki-client/rsync.c 19 Apr 2021 17:04:35 -0000 1.24
+++ usr.sbin/rpki-client/rsync.c 31 Aug 2021 12:17:11 -0000
@@ -279,6 +279,8 @@ proc_rsync(char *prog, char *bind_addr,
args[i++] = "--no-motd";
args[i++] = "--timeout";
args[i++] = "180";
+ args[i++] = "--exclude-from";
+ args[i++] = "/etc/rpki/rsync.filter";
if (bind_addr != NULL) {
args[i++] = "--address";
args[i++] = (char *)bind_addr;
