From ec07ebb1d6ff5a627b23fb117c0688067a3a0c20 Mon Sep 17 00:00:00 2001 From: pcarana Date: Mon, 14 Dec 2020 18:00:07 -0600 Subject: [PATCH] Use --tal argument with --init-tals (that now is a flag) --- docs/run.md | 2 +- docs/usage.md | 8 +++++--- man/fort.8 | 16 ++++++++++------ src/config.c | 38 ++++++++++++++++++-------------------- 4 files changed, 34 insertions(+), 30 deletions(-) diff --git a/docs/run.md b/docs/run.md index defbd55e..384692a8 100644 --- a/docs/run.md +++ b/docs/run.md @@ -8,7 +8,7 @@ description: This is probably all you need, an RTR server will serve the ROAs re This is probably all you need: fetch the RIR TALs and then start an RTR server that will serve the ROAs resulting from a validation rooted at the trust anchors defined by the TALs contained at directory `--tal`: {% highlight bash %} -fort --init-tals +fort --init-tals --tal fort \ --tal \ diff --git a/docs/usage.md b/docs/usage.md index 2b286f29..522180e5 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -215,15 +215,17 @@ fort {{ site.fort-latest-version }} ### `--init-tals` -- **Type:** String (Path to directory) +- **Type:** None - **Availability:** `argv` only -Download the RIR TALs into the existent local path directory and exit. +Download the RIR TALs into the existent local path directory set at [`--tal`](#--tal) argument and exit. -This argument exists merely to have all TALs before running FORT validator, the directory path should be the same that will be set at the [`--tal`](#--tal) argument. +This argument exists merely to have all TALs before running FORT validator, the directory path should be set at the [`--tal`](#--tal) argument. By default, the 4 TALs that don't require a policy acceptance are downloaded from FORT validator's GitHub repository. ARIN TAL does require an explicit acceptance by the user, so it's downloaded only after the user accepts ARIN's RPA; this message is displayed at the terminal and only if the user accepts, ARIN TAL is also downloaded. +This is an example on how to use this argument (assuming that `/etc/fort/tal` exists and is writable): `fort --init-tals --tal /etc/fort/tal` + ### `--tal` - **Type:** String (Path to file or directory) diff --git a/man/fort.8 b/man/fort.8 index 4cb1a8b8..81c1c3a5 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -8,7 +8,7 @@ fort \- RPKI certificate path validator and RTR server [\fIOPTIONS\fR] .P .B fort ---init-tals=\fIPATH\fR +--init-tals --tal=\fIPATH\fR .P .B fort [-h|--help|--V|--version|--usage] @@ -56,19 +56,23 @@ Print program version and exit. .RE .P -.B \-\-init-tals=\fIDIRECTORY\fR +.B \-\-init-tals .RS 4 -Download the RIR TALs into the existent local \fIDIRECTORY\fR and exit. +Download the RIR TALs into the existent local path directory set at \fI--tal\fR +argument and exit. .P This argument exists merely to have all TALs before running FORT validator, -the \fIDIRECTORY\fR should be the same that will be set at the \fI--tal\fR -argument. +the directory path should be set at the \fI--tal\fR argument. .P By default, the 4 TALs that don't require a policy acceptance are downloaded from FORT validator's GitHub repository. ARIN TAL does require an explicit acceptance by the user, so it's downloaded only after the user accepts ARIN's RPA; this message is displayed at the terminal and only if the user accepts, ARIN TAL is also downloaded. +.P +This is an example on how to use this argument (assuming that +\fI/etc/fort/tal\fR exists and is writable): +\fBfort --init-tals --tal /etc/fort/tal\fR .RE .P @@ -1194,7 +1198,7 @@ By default, it has a value of \fI43200\fR (12 hours). .P .SH EXAMPLES -.B fort \-\-init-tals=/tmp/tal +.B fort \-\-init-tals \-\-tal=/tmp/tal .RS 4 Download the 5 RIR TALs into the specified directory. ARIN TAL will be downloaded only if the user accepts ARIN's RPA. diff --git a/src/config.c b/src/config.c index b6a0dd39..96b3d6a9 100644 --- a/src/config.c +++ b/src/config.c @@ -200,8 +200,8 @@ struct rpki_config { /* Time period that must lapse to warn about a stale repository */ unsigned int stale_repository_period; - /* Local dir where the TALs will be downloaded */ - char *init_tals; + /* Download the TALs into --tal? */ + bool init_tals; /* HTTPS URLS from where the TALS will be fetched */ struct init_locations init_tal_locations; @@ -751,9 +751,9 @@ static const struct option_field options[] = { { .id = 11000, .name = "init-tals", - .type = >_string, + .type = >_bool, .offset = offsetof(struct rpki_config, init_tals), - .doc = "Fetch the RIR's TAL files into the specified path", + .doc = "Fetch the RIR's TAL files into the specified path at --tal", .availability = AVAILABILITY_GETOPT, }, { @@ -1062,7 +1062,7 @@ set_default_values(void) rpki_config.asn1_decode_max_stack = 4096; /* 4kB */ rpki_config.stale_repository_period = 43200; /* 12 hours */ - rpki_config.init_tals = NULL; + rpki_config.init_tals = false; error = init_locations_init(&rpki_config.init_tal_locations, init_locations_no_msg, ARRAY_LEN(init_locations_no_msg), init_locations_w_msg, ARRAY_LEN(init_locations_w_msg)); @@ -1103,19 +1103,17 @@ valid_output_file(char const *path) static int validate_config(void) { - if (rpki_config.init_tals != NULL) { - if (!valid_file_or_dir(rpki_config.init_tals, false, true, - pr_op_errno)) - return pr_op_err("Invalid init TAL directory."); - /* Ignore the other checks */ - return 0; - } - if (rpki_config.tal == NULL) - return pr_op_err("The TAL file/directory (--tal) is mandatory."); + return pr_op_err("The TAL(s) location (--tal) is mandatory."); - if (!valid_file_or_dir(rpki_config.tal, true, true, pr_op_errno)) - return pr_op_err("Invalid TAL file/directory."); + /* A file location at --tal isn't valid when --init-tals is set */ + if (!valid_file_or_dir(rpki_config.tal, !rpki_config.init_tals, true, + pr_op_errno)) + return pr_op_err("Invalid TAL(s) location."); + + /* Ignore the other checks */ + if (rpki_config.init_tals) + return 0; if (rpki_config.server.interval.expire < rpki_config.server.interval.refresh || @@ -1234,13 +1232,13 @@ handle_flags_config(int argc, char **argv) } error = validate_config(); + if (error) + goto end; /* If present, nothing else is done */ - if (rpki_config.init_tals != NULL) { - if (error) - goto end; + if (rpki_config.init_tals) { error = init_tals_exec(&rpki_config.init_tal_locations, - rpki_config.init_tals); + rpki_config.tal); free(long_opts); free(short_opts); exit(error); -- 2.47.2