lolepezy
commented
4 years ago Hi,
Repositories that end up in the validator's cache are taken from either prefetch URL or certificate extensions. So if you remove a repository and it pops us again, it means it's mentioned in some of the certificates. It's not possible to configure a list of repositories to download from (or prohibit downloading from), there's no such feature and we did't plan to add it.
The latest release (https://github.com/RIPE-NCC/rpki-validator-3/releases/tag/3.1-2020.09.25.11.16) of the validator includes a mechanism to clean up repositories that are not mentioned by any certificate for long enough, so if you upgrade it will take care of that.
Sometimes people create a delegated CA and don't manage it properly, so we end up with a bunch of unavailable or in some other way broken repositories in the RPKI hierarchy. Normally, it's safe to just leave them be, there's usually no point in manually managing the repositories. Do you have any specific reason why do you need it?
Hello Folks, I was wondering how can I delete a repository from the list of repos that my RPKI validator downloads from ( eg the list at http:///api/rpki-repositories )
I can see that in swagger, there is a delete API that I can call like
curl -X DELETE --header 'Accept: application/json' 'http://<vailidator address>/api/rpki-repositories/<repoId>'However, it seems that once deleted, the RPKI validator gets the same repository ( under a new id ) in its next download round. Is there a way to blacklist or have the validator not download a repository for good?
Also, where are the list of repositories to download come from? are they all under the "prefetch uri"s in the /preconfigured-tals folder? or is there a list / setting somewhere else in the application that one can configure?