From: Job Snijders <job@sobornost.net>
Date: Sat, 16 May 2026 14:41:47 +0000 (+0000)
Subject: Exclude hidden files and directories when synchronizing via Rsync
X-Git-Tag: 1.6.8~4
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=refs%2Fpull%2F175%2Fhead;p=thirdparty%2FFORT-validator.git

Exclude hidden files and directories when synchronizing via Rsync

According to RFC 9286 section 4.2.2, filenames in the RPKI cannot start
with a dot. And RFC 6481 section 1.1 describes the concept of a publication
point as a "directory in a publicly accessible filesystem". From there it
follows there is no need to transfer hidden files and directories. This may
help in avoiding exposure to intermediate states (e.g., /a/.~tmp~/b.roa).
---

diff --git a/src/config.c b/src/config.c
index 25a5c767..a2afb779 100644
--- a/src/config.c
+++ b/src/config.c
@@ -948,6 +948,7 @@ set_default_values(void)
 
 		"--contimeout=20", "--max-size=20MB", "--timeout=15",
 
+		"--exclude=.*",
 		"--include=*/", "--include=*.cer", "--include=*.crl",
 		"--include=*.gbr", "--include=*.mft", "--include=*.roa",
 		"--exclude=*",