From: Alberto Leiva Popper Date: Tue, 11 Jun 2019 23:07:03 +0000 (-0500) Subject: Add more installation options X-Git-Tag: v0.0.2~7^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba4a2c7a8185bc70a309d76eba6cd307f99771cd;p=thirdparty%2FFORT-validator.git Add more installation options --- diff --git a/Makefile.am b/Makefile.am index f2b73326..fa77b18e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,3 +12,8 @@ AUTOMAKE_OPTIONS = foreign SUBDIRS = src man test + +EXTRA_DIST = tal/afrinic.tal +EXTRA_DIST += tal/apnic.tal +EXTRA_DIST += tal/lacnic.tal +EXTRA_DIST += tal/ripe.tal diff --git a/README.md b/README.md index 337ce660..f35ebbf2 100644 --- a/README.md +++ b/README.md @@ -24,36 +24,14 @@ make install More documentation at [https://nicmx.github.io/FORT-validator/](https://nicmx.github.io/FORT-validator/). -## RTR Configuration - -> TODO Update this - -The RTR server reads the configuration from a JSON file, learn about it at FORT's site [RTR Server arguments](https://nicmx.github.io/FORT-validator/doc/rtr-server.html). - -Here's an example of a valid configuration file (assuming that the CSV file returned by FORT's validator is located at `/tmp/fort/roas.csv`): - -```javascript -{ - "listen": { - "address": "127.0.0.1", - "port": "8323", - "queue": 10 - }, - "vrps": { - "location": "/tmp/fort/roas.csv", - "checkInterval": 60 - } -} -``` - -## Execution - -> TODO Update this - -The executable needs only one argument: the location of the configuration file. So, assuming that the configuration file is located at `/home/fort/rtr.conf`, use the flag `-f` to indicate such location and run the server: +## Usage ``` -$ rtr_server -f /home/fort/rtr.conf +fort \ + --tal \ + --local-repository \ + --server.address \ + --server.port ``` -That's it! The server will be listening on the configured port for any RTR client that wishes to establish a connection and exchange for validated ROA payloads. +An RTR server will serve the ROAs resulting from a validation rooted at the trust anchors defined by the TALs contained at directory `--tal`. diff --git a/docs/doc/installation.md b/docs/doc/installation.md index 176a9ca5..212e8944 100644 --- a/docs/doc/installation.md +++ b/docs/doc/installation.md @@ -11,20 +11,11 @@ title: Compilation and Installation ## Index 1. [Dependencies](#dependencies) -2. [Debian-based distributions](#debian-based-distributions) -3. [OpenBSD](#openbsd) - -## Introduction - -Currently, you have three options: - -- The Debian package: Easiest; for Debian-based distributions only. -- The generic autotools-based "upstream" tarball: For most (if not all) other users. -- Compiling on the git repository: Best for developers. - -## Debian package - - +2. [Option 1: Installing the Debian package](#option-1-installing-the-debian-package) +3. [Option 2: Compiling and installing the release tarball](#option-2-compiling-and-installing-the-release-tarball) + 1. [Debian version](#debian-version) + 2. [OpenBSD version](#openbsd-version) +4. [Option 3: Compiling from the git repositories](#option-3-compiling-from-the-git-repositories) ## Dependencies @@ -37,15 +28,40 @@ The dependencies are 3. libcrypto (Either [LibreSSL](http://www.libressl.org/) or [OpenSSL](https://www.openssl.org/)) 4. [rsync](http://rsync.samba.org/) -There's also [autoconf](https://www.gnu.org/software/autoconf/) and unzip (or [git](https://git-scm.com/)), but those are only needed for installation paperwork. +The build dependencies are -## Debian-based distributions +- [autoconf](https://www.gnu.org/software/autoconf/) +- unzip (or [git](https://git-scm.com/)) -I haven't actually tried this in all the Debian-based distributions. Tested in Ubuntu 18. +(Some builds do not need all these dependencies.) + +## Option 1: Installing the Debian package + +> TODO Upload to Debian, add more archs and/or host these links on Github releases properly. + +{% highlight bash %} +wget https://www.dropbox.com/s/dbdhn4yd9m3nnct/libcmscodec1_0.0.1-1_amd64.deb +wget https://www.dropbox.com/s/7c0rs49ewcu6m93/fort_0.0.1-1_amd64.deb +sudo apt install ./libcmscodec1_0.0.1-1_amd64.deb ./fort_0.0.1-1_amd64.deb +{% endhighlight %} + +Aside from the `fort` binary documented elsewhere in this documentation, the Debian package also ships with a systemd service, which you can [configure](usage.html#--configuration-file) at `/etc/fort/config.json`. + +{% highlight bash %} +sudo service fort start +service fort status +tail /var/log/syslog +sudo service fort stop +{% endhighlight %} + +etc. + +## Option 2: Compiling and installing the release tarball + +### Debian version {% highlight bash %} ########### normal dependencies ########### -# autoconf 2.69 or higher, please. sudo apt install autoconf build-essential libjansson-dev libssl-dev pkg-config rsync unzip ############### libcmscodec ############### @@ -74,7 +90,7 @@ sudo make install cd ../../ {% endhighlight %} -## OpenBSD +### OpenBSD version > TODO: The autotools are weird in this OS. > @@ -85,7 +101,8 @@ cd ../../ {% highlight bash %} ########### normal dependencies ########### su -pkg_add jansson libexecinfo rsync unzip # OpenBSD ships with LibreSSL +# OpenBSD already ships with LibreSSL +pkg_add jansson libexecinfo rsync unzip exit ############### libcmscodec ############### @@ -117,3 +134,38 @@ make install exit cd ../../ {% endhighlight %} + +## Option 3: Compiling the git repositories + +{% highlight bash %} +########### normal dependencies ########### +sudo apt install autoconf build-essential git libjansson-dev libssl-dev pkg-config rsync + +################## asn1c ################## +# (Needed by libcmscodec's autogen. Relatively recent commit required.) +git clone https://github.com/vlm/asn1c.git +cd asn1c +test -f configure || autoreconf -iv +./configure +make +sudo make install + +############### libcmscodec ############### +git clone https://github.com/NICMx/libcmscodec.git +cd libcmscodec/ +./autogen.sh +./configure +make +sudo make install +sudo ldconfig +cd ../ + +################## fort ################### +git clone https://github.com/NICMx/FORT-validator.git +cd FORT-validator/ +./autogen.sh +./configure +make +sudo make install +cd ../ +{% endhighlight %} diff --git a/docs/doc/intro-rpki.md b/docs/doc/intro-rpki.md index e1bdb294..94e7cd2d 100644 --- a/docs/doc/intro-rpki.md +++ b/docs/doc/intro-rpki.md @@ -12,15 +12,7 @@ Routing, having been conceived near the inception of networking, was hardly desi ## Solution -The RPKI (Resource Public Key Infrastructure) is a PKI (Public Key Infrastructure) that deals with Internet Resources. - -> ### PKI -> -> TODO - -> ### Internet Resources -> -> In this context, "resource" refers to IP Addresses and AS numbers. +The RPKI (Resource Public Key Infrastructure) is a PKI (Public Key Infrastructure) that deals with Internet Resources. (In this context, "resource" refers to IP Addresses and AS numbers.) Basically, the idea is that one should be able to verify the origin of a route by following a chain of criptographically-signed certificates rooted at one of the [RIRs](https://en.wikipedia.org/wiki/Regional_Internet_registry): diff --git a/docs/doc/run.md b/docs/doc/run.md index 34afb8f3..b04adede 100644 --- a/docs/doc/run.md +++ b/docs/doc/run.md @@ -12,7 +12,7 @@ This is probably all you need: fort \ --tal \ --local-repository \ - --server.address + --server.address \ --server.port {% endhighlight %} diff --git a/docs/doc/slurm.md b/docs/doc/slurm.md index 2a3a4406..c0a12b48 100644 --- a/docs/doc/slurm.md +++ b/docs/doc/slurm.md @@ -25,8 +25,6 @@ None of the entries of the SLURM configuration are allowed to collide with each Fort reloads the SLURM files during every validation cycle. If the new configuration is invalid, **it is treated as nonexistent**. Note that this means that an isolated mistake will temporarily drop all your SLURM overrides. This is intended to change in a future revision of Fort, in which the validator will fall back to the previous valid SLURM configuration on error. -> TODO: open an issue for that. Giving the users the opportunity to argue it is probably a good idea. - ## SLURM File Definition ### Root