From: Alberto Leiva Popper Date: Fri, 22 Mar 2019 19:59:16 +0000 (-0600) Subject: Redo #4. X-Git-Tag: v0.0.2~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a15847901a730699329b48335ab3deefa7ef7a80;p=thirdparty%2FFORT-validator.git Redo #4. After discussing it further still, we decided to add another synchronization strategy, which behaves as requested in the issue. The new strategy is `root-except-ta`. As its name implies, it behaves as `root` mode, except for the root certificate, which is synchronized in `strict` mode. This way we get the best of both worlds: If the root certificate is known to reside in the same repository as everything else, the user can choose `root` and synchronize as fast as possible. On the other hand, if the user does not want to download the entire repository until the root certificate has been validated, they can choose `root-except-ta`. --- diff --git a/man/rpki-validator.8 b/man/rpki-validator.8 index c0c3f2e9..427a6eb9 100644 --- a/man/rpki-validator.8 +++ b/man/rpki-validator.8 @@ -36,7 +36,7 @@ and/or read. .RE .P ---sync-strategy=(off|strict|root) +--sync-strategy=(off|strict|root|root-except-ta) .RS 4 RSYNC download strategy. .P @@ -91,6 +91,17 @@ few roots as possible, and they contain minimal RPKI-unrelated noise files, this is the fastest synchronization strategy. At time of writing, this is true for all the current official repositories. .RE +.P +root-except-ta +.RS 4 +Synchronizes the root certificate (the one pointed by the TAL) in 'strict' mode, +and once it's validated, synchronizes the rest of the repository in 'root' mode. +.P +Useful if you want 'root', but the root certificate is separated from the rest +of the repository. Also useful if you don't want the validator to download the +entire repository without first confirming the integrity and legitimacy of the +root certificate. +.RE .RE .P diff --git a/src/config.c b/src/config.c index cc62fa8d..6c1c69fa 100644 --- a/src/config.c +++ b/src/config.c @@ -607,9 +607,25 @@ config_get_rsync_program(void) struct string_array const * config_get_rsync_args(bool is_ta) { - return is_ta - ? &rpki_config.rsync.args.flat - : &rpki_config.rsync.args.recursive; + switch (rpki_config.sync_strategy) { + case SYNC_ROOT: + return &rpki_config.rsync.args.recursive; + case SYNC_ROOT_EXCEPT_TA: + return is_ta + ? &rpki_config.rsync.args.flat + : &rpki_config.rsync.args.recursive; + case SYNC_STRICT: + return &rpki_config.rsync.args.flat; + case SYNC_OFF: + break; + } + + pr_crit("Invalid sync strategy: '%u'", rpki_config.sync_strategy); + /* + * Return something usable anyway; don't want to check NULL. + * This is supposed to be unreachable code anyway. + */ + return &rpki_config.rsync.args.recursive; } void diff --git a/src/config/sync_strategy.c b/src/config/sync_strategy.c index 71cfbe91..38e73550 100644 --- a/src/config/sync_strategy.c +++ b/src/config/sync_strategy.c @@ -7,9 +7,10 @@ #include "log.h" #include "config/str.h" -#define SYNC_VALUE_OFF "off" -#define SYNC_VALUE_STRICT "strict" -#define SYNC_VALUE_ROOT "root" +#define SYNC_VALUE_OFF "off" +#define SYNC_VALUE_STRICT "strict" +#define SYNC_VALUE_ROOT "root" +#define SYNC_VALUE_ROOT_EXCEPT_TA "root-except-ta" static void print_sync_strategy(struct group_fields const *group, @@ -28,6 +29,9 @@ print_sync_strategy(struct group_fields const *group, case SYNC_ROOT: str = SYNC_VALUE_ROOT; break; + case SYNC_ROOT_EXCEPT_TA: + str = SYNC_VALUE_ROOT_EXCEPT_TA; + break; } pr_info("%s.%s: %s", group->name, field->name, str); @@ -45,6 +49,8 @@ parse_argv_sync_strategy(struct option_field const *field, char const *str, *result = SYNC_STRICT; else if (strcmp(str, SYNC_VALUE_ROOT) == 0) *result = SYNC_ROOT; + else if (strcmp(str, SYNC_VALUE_ROOT_EXCEPT_TA) == 0) + *result = SYNC_ROOT_EXCEPT_TA; else return pr_err("Unknown synchronization strategy: '%s'", str); @@ -75,5 +81,8 @@ const struct global_type gt_sync_strategy = { .print = print_sync_strategy, .parse.argv = parse_argv_sync_strategy, .parse.toml = parse_toml_sync_strategy, - .arg_doc = SYNC_VALUE_OFF "|" SYNC_VALUE_STRICT "|" SYNC_VALUE_ROOT, + .arg_doc = SYNC_VALUE_OFF + "|" SYNC_VALUE_STRICT + "|" SYNC_VALUE_ROOT + "|" SYNC_VALUE_ROOT_EXCEPT_TA, }; diff --git a/src/config/sync_strategy.h b/src/config/sync_strategy.h index 4f00fdd0..a41ebc06 100644 --- a/src/config/sync_strategy.h +++ b/src/config/sync_strategy.h @@ -48,6 +48,14 @@ enum sync_strategy { * structured to benefit this strategy. */ SYNC_ROOT, + /** + * Same as SYNC_ROOT, except the root certificate is synchronized + * separately. + * (Either because it's in a separate directory, or because we don't + * want to download its entire repository until we've verified its + * legitimacy and integrity.) + */ + SYNC_ROOT_EXCEPT_TA, }; extern const struct global_type gt_sync_strategy; diff --git a/src/rsync/rsync.c b/src/rsync/rsync.c index e8b93e96..ac576d2d 100644 --- a/src/rsync/rsync.c +++ b/src/rsync/rsync.c @@ -133,12 +133,13 @@ static int get_rsync_uri(struct rpki_uri const *requested_uri, bool is_ta, struct rpki_uri *rsync_uri) { - if (is_ta) - return handle_strict_strategy(requested_uri, rsync_uri); - switch (config_get_sync_strategy()) { case SYNC_ROOT: return handle_root_strategy(requested_uri, rsync_uri); + case SYNC_ROOT_EXCEPT_TA: + return is_ta + ? handle_strict_strategy(requested_uri, rsync_uri) + : handle_root_strategy(requested_uri, rsync_uri); case SYNC_STRICT: return handle_strict_strategy(requested_uri, rsync_uri); case SYNC_OFF: