On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote: > RPKI repository can only include a few specific files, everything else is > just ignored and deleted after every fetch. Since openrsync supports > --exclude-file now we can use this to limit what is actually accepted by > the client. > > I used a config file in /etc/rpki instead of using multiple --exclude / > --include arguments. Mostly to keep the execvp argv short. > > What you think?
It seems using a config file to keep the argv list short is too controversial and all alternate suggestions are worse. So just add the include/exclude list as arguments. -- :wq Claudio Index: rsync.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v retrieving revision 1.24 diff -u -p -r1.24 rsync.c --- rsync.c 19 Apr 2021 17:04:35 -0000 1.24 +++ rsync.c 1 Sep 2021 09:08:06 -0000 @@ -277,8 +277,14 @@ proc_rsync(char *prog, char *bind_addr, args[i++] = (char *)prog; args[i++] = "-rt"; args[i++] = "--no-motd"; - args[i++] = "--timeout"; - args[i++] = "180"; + args[i++] = "--timeout=180"; + args[i++] = "--include=*/"; + args[i++] = "--include=*.cer"; + args[i++] = "--include=*.crl"; + args[i++] = "--include=*.gbr"; + args[i++] = "--include=*.mft"; + args[i++] = "--include=*.roa"; + args[i++] = "--exclude=*"; if (bind_addr != NULL) { args[i++] = "--address"; args[i++] = (char *)bind_addr;