Re: rpki-client exclude files from rsync fetch

Tue, 31 Aug 2021 09:16:39 -0700 

Hi,

I don't think this should be user configurable.

If folks remove entries like "+ *.crl" it breaks things.
If folks add entries like "+ *.mp3" it wastes network bandwidth. :-)

Let's use "--include" and "--exclude" instead.

kind regards,

Job

On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote:
> RPKI repository can only include a few specific files, everything else is
> just ignored and deleted after every fetch.  Since openrsync supports
> --exclude-file now we can use this to limit what is actually accepted by
> the client.
> 
> I used a config file in /etc/rpki instead of using multiple --exclude /
> --include arguments. Mostly to keep the execvp argv short.
> 
> What you think?
> -- 
> :wq Claudio
> 
> Index: etc/Makefile
> ===================================================================
> RCS file: /cvs/src/etc/Makefile,v
> retrieving revision 1.484
> diff -u -p -r1.484 Makefile
> --- etc/Makefile      1 May 2021 16:11:07 -0000       1.484
> +++ etc/Makefile      31 Aug 2021 12:17:40 -0000
> @@ -156,7 +156,7 @@ distribution-etc-root-var: distrib-dirs
>                   ${DESTDIR}/etc/ppp
>       cd rpki; \
>               ${INSTALL} -c -o root -g wheel -m 644 \
> -                 afrinic.tal apnic.tal lacnic.tal ripe.tal \
> +                 afrinic.tal apnic.tal lacnic.tal ripe.tal rsync.filter \
>                   ${DESTDIR}/etc/rpki
>       cd examples; \
>               ${INSTALL} -c -o root -g wheel -m 644 ${EXAMPLES} \
> Index: etc/rpki/rsync.filter
> ===================================================================
> RCS file: etc/rpki/rsync.filter
> diff -N etc/rpki/rsync.filter
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ etc/rpki/rsync.filter     31 Aug 2021 12:09:24 -0000
> @@ -0,0 +1,7 @@
> ++ */
> ++ *.cer
> ++ *.crl
> ++ *.gbr
> ++ *.mft
> ++ *.roa
> +- *
> Index: usr.sbin/rpki-client/rsync.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
> retrieving revision 1.24
> diff -u -p -r1.24 rsync.c
> --- usr.sbin/rpki-client/rsync.c      19 Apr 2021 17:04:35 -0000      1.24
> +++ usr.sbin/rpki-client/rsync.c      31 Aug 2021 12:17:11 -0000
> @@ -279,6 +279,8 @@ proc_rsync(char *prog, char *bind_addr, 
>                       args[i++] = "--no-motd";
>                       args[i++] = "--timeout";
>                       args[i++] = "180";
> +                     args[i++] = "--exclude-from";
> +                     args[i++] = "/etc/rpki/rsync.filter";
>                       if (bind_addr != NULL) {
>                               args[i++] = "--address";
>                               args[i++] = (char *)bind_addr;
>

Reply via email to