Add --no-motd to and remove -l from rsync options. #962
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
DRiKE
approved these changes
Jun 10, 2024
Koenvh1
approved these changes
Jun 10, 2024
There was a problem hiding this comment.
Looks good to me. Not sure how much the -0 adds, and adding that does break things for people that use openrsync and link that as rsync (does anyone do that?).
koen@beta:~/Downloads/openrsync$ ./openrsync -rtz0 rsync://rpki.ripe.net/ta /tmp/ripenccrsync/
openrsync: -z not supported yet
./openrsync: invalid option -- '0'
usage: openrsync [-aDglnoprtvx] [-e program] [--address=sourceaddr]
[--compare-dest=dir] [--del] [--exclude] [--exclude-from=file]
[--include] [--include-from=file] [--no-motd] [--numeric-ids]
[--port=portnumber] [--rsync-path=program] [--timeout=seconds]
[--version] source ... directory
|
It’s a capital letter O (yeah, using that is a bit of a bad idea), so the shortcut for |
|
Maybe we should move the |
AlexanderBand
approved these changes
Jun 10, 2024
AlexanderBand
approved these changes
Jun 10, 2024
partim
added a commit
that referenced
this pull request
Jun 10, 2024
Breaking changes * Keep the content of an RRDP repository in a single file rather than as individual files under a directory. ([#886]) * Changed the `summary` output format to have all lines end in a semicolon. ([#907]) * Changed the options used for `rsync`. The options `-rtO --delete` are now always used. The options set in the `rsync-args` are added or, if that is not used, `-z` and `--no-motd`, as well as `--contimeout=10` if it is supported by the rsync command, and `--max-size` if the `max-object-size` option has not been set to 0. ([#962]) New * The `chain_validity` value in the `jsonext` format now considers the validity of the manifest’s EE certificates. A new `stale` value shows the time when any of the publication points along the way will become stale. ([#945]) * If a collected manifest has a lower manifest number or an older thisUpdate field than a stored manifest for the same CA, the collected manifest is ignored and the stored publication point is used instead. This implements a requirement added in [RFC 9286]. ([#946], [#954]) * The number of delta entries in a RRDP notification file is now limited to 500 by default. If there are more entries, the deltas are ignored and the snapshot is used. The limit can be changed through the new `rrdp-max-delta-list-len` configuration value. ([#961]) * The RRDP collector now falls back to a snapshot update if the hash of a delta listed in the notification file has changed from the previous update. This implements [draft-ietf-sidrops-rrdp-desynchronization-00]. ([#951]) * The RRDP collector now enforces that all URIs referred to or redirected to by an RRDP server have the same origin as the rpkiNotify URI in the CA certificate. ([#953]) * The config file used is now printed for some commands. This should help with avoiding confusion when running Routinator as different users. ([#959]) Bug fixes * Fixed an issue where the refresh time was calculated as zero under certain conditions until the dataset was updated. ([#940]) * Add the current RRDP serial number to the RRDP server metrics when a Not Modified response is received so that Prometheus shows a constant value.
partim
added a commit
that referenced
this pull request
Jun 20, 2024
…970) Breaking changes * Keep the content of an RRDP repository in a single file rather than as individual files under a directory. ([#886]) * Switched to the all-new version 0.4 of the Routinator UI. This also changes the way we import the UI into Routinator by simply including the built assets which means downloads are not necessary during the build process any more. ([#952]) * Changed the `summary` output format to have all lines end in a semicolon. ([#907]) * Changed the options used for `rsync`. The options `-rtO --delete` are now always used. The options set in the `rsync-args` are added or, if that is not used, `-z` and `--no-motd`, as well as `--contimeout=10` if it is supported by the rsync command, and `--max-size` if the `max-object-size` option has not been set to 0. ([#962]) New * The `chain_validity` value in the `jsonext` format now considers the validity of the manifest’s EE certificates. A new `stale` value shows the time when any of the publication points along the way will become stale. ([#945]) * If a collected manifest has a lower manifest number or an older thisUpdate field than a stored manifest for the same CA, the collected manifest is ignored and the stored publication point is used instead. This implements a requirement added in [RFC 9286]. ([#946], [#954]) * The number of delta entries in a RRDP notification file is now limited to 500 by default. If there are more entries, the deltas are ignored and the snapshot is used. The limit can be changed through the new `rrdp-max-delta-list-len` configuration value. ([#961]) * The RRDP collector now falls back to a snapshot update if the hash of a delta listed in the notification file has changed from the previous update. This implements [draft-ietf-sidrops-rrdp-desynchronization-00]. ([#951]) * The RRDP collector now enforces that all URIs referred to or redirected to by an RRDP server have the same origin as the rpkiNotify URI in the CA certificate. ([#953]) * The config file used is now printed for some commands. This should help with avoiding confusion when running Routinator as different users. ([#959]) Bug fixes * Fixed an issue where the refresh time was calculated as zero under certain conditions until the dataset was updated. ([#940]) * Add the current RRDP serial number to the RRDP server metrics when a Not Modified response is received so that Prometheus shows a constant value.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the
--no-motdoption to the default extra rsync options and removes-lfrom the base rsync options.This means we now have
-rtO --deleteas the base options and-z,--contimeout=10,--max-size, and--no-motdas the default extra options that can be overwritten.I think keeping
--deleteis fine – an attacker can always replace a file rather than deleting it and still break the publication point in question. We cannot limit the file patterns accepted as that would prevent adding new file types until all relying party installations are updated – RFC 9286 specifically says that missing fails lead to a failed fetch.