search

NICMx / FORT-validator

RPKI cache validator
MIT License
51 stars 24 forks source link

validator doesn't like sync caRepositories in strict mode #7

Closed dhfelix closed 5 years ago

dhfelix commented 5 years ago

When the validator is executed for the first time in strict mode rpki_validator --tal arin.tal --sync-strategy strict --roa-output-file arin.csv and the default folder "repository" is generated manually.

the next result is displayed

INF: Configuration {
INF:   root.local-repository: repository/
INF:   root.sync-strategy: strict
INF:   root.maximum-certificate-depth: 32
INF:   tal.tal: ../../arin.tal
INF:   tal.shuffle-uris: false
INF:   rsync.program: rsync
INF:   rsync.arguments-recursive:
INF:     --recursive
INF:     --delete
INF:     --times
INF:     --contimeout=20
INF:     $REMOTE
INF:     $LOCAL
INF:   rsync.arguments-flat:
INF:     --times
INF:     --contimeout=20
INF:     $REMOTE
INF:     $LOCAL
INF:   output.color-output: false
INF:   output.output-file-name-format: global-url
INF:   output.roa-output-file: arin.csv
INF: }
INF: rpkiManifest registered. Its nid is 1061.
INF: signedObject registered. Its nid is 1062.
INF: rpkiNotify registered. Its nid is 1063.
INF: id-cp-ipAddr-asNumber (RFC 6484) registered. Its nid is 1064.
INF: id-cp-ipAddr-asNumber-v2 (RFC 8360) registered. Its nid is 1065.
INF: id-pe-ipAddrBlocks-v2 registered. Its nid is 1066.
INF: id-pe-autonomousSysIds-v2 registered. Its nid is 1067.
DBG: Going to RSYNC 'rsync://rpki.arin.net/repository/arin-rpki-ta.cer' ('repository/rpki.arin.net/repository/arin-rpki-ta.cer').
DBG: Executing RSYNC:
DBG:     rsync
DBG:     --times
DBG:     --contimeout=20
DBG:     rsync://rpki.arin.net/repository/arin-rpki-ta.cer
DBG:     repository/rpki.arin.net/repository/arin-rpki-ta.cer
DBG: Child terminated with error code 0.
DBG: TAL URI 'rsync://rpki.arin.net/repository/arin-rpki-ta.cer' {
DBG:   TA Certificate 'rsync://rpki.arin.net/repository/arin-rpki-ta.cer' {
DBG:     serial Number: 10D0C9F4328576D51CC73C042CFC15E9B3D6378
DBG:     caRepository: rsync://rpki.arin.net/repository/arin-rpki-ta/
DBG:     Going to RSYNC 'rsync://rpki.arin.net/repository/arin-rpki-ta/' ('repository/rpki.arin.net/repository/arin-rpki-ta/').
DBG:     Executing RSYNC:
DBG:         rsync
DBG:         --times
DBG:         --contimeout=20
DBG:         rsync://rpki.arin.net/repository/arin-rpki-ta/
DBG:         repository/rpki.arin.net/repository/arin-rpki-ta/
skipping directory .
DBG:     Child terminated with error code 0.
DBG:     IP {
DBG:       Prefix: 0.0.0.0/0
DBG:       Prefix: ::/0
DBG:     }
DBG:     ASN {
DBG:       ASN: 0-4294967295
DBG:     }
DBG:     Manifest 'rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft' {
ERR:       rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft: Could not open file 'repository/rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft': No such file or directory
DBG:     }
DBG:   }
DBG:   Deleted 0 certificates from the stack.
DBG: }

Apparently rsync does not like to synchronize folders with the default command. The following flags can be used to synchronize the repository without being recursive.

-d, --dirs transfer directories without recursing
-m, --prune-empty-dirs prune empty directory chains from file-list