Comments (5)
from rpki-client-portable.
from rpki-client-portable.
A little more context, now that I am less pressed for time...!
To be a little less terse: the semantics of these three things aren't really independent of each other in rpki-client's logic, so it makes not all that much sense to split them up.
Yup, I get that the options I'm asking for allow one to construct an installation layout that won't work out of the box!
Your example sounds more like a --no-default-tal-files option but maybe you have more use cases than that?
I'm currently packaging rpki-client
for Nix/NixOS.
I'll provide the TALs in a separate package, so that they can be shared as dependencies of other RP packages (similar to how Debian does this).
Nix builds happen in a sandbox, in which /etc
isn't writable, so unlike Debian I can't just write them out in the build root and then prune them afterwards.
--no-default-tal-files
would work for this part.
The .constraints
files, on the other hand, are an rpki-client
specific thing, so providing them as a separate package doesn't make sense. Instead, I'd like to ship these in $PREFIX/share/rpki-client/constraints
so that they're available to symlink/copy into place post-installation.
Ideally, I'd like to be able to express:
- runtime TAL search path to be
/etc/rpki/tals/
- inhibit writing the TALs, and
- write the constraints to
$PREFIX/share/rpki-client/constraints
from rpki-client-portable.
I think you are trying to make us add complexity at the wrong level.
The constraints files are an integral part of rpki-client, they should work out of the box in any installation, and they should be installed into the same directory as the TALs. So, no, they should not be installed elsewhere for symlinking/copy post-installation and we don't want to add a config knob for that. If you don't want to use them yourself, that is your decision and your problem to handle. I believe as a packager you should not break that for all nix users.
As I said, I'm willing to entertain a --no-default-tal-files
option, but I'm not entirely sold on having multiple RP programs share the massive amount of disk space the TAL files take up. Again, this sounds like a downstream decision that should be solved downstream.
Nix builds happen in a sandbox, in which /etc isn't writable, so unlike Debian I can't just write them out in the build root and then prune them afterwards.
I don't really understand what this means, but it sure sounds like a self-inflicted problem by an opinionated packaging tool at should be solved by its developers or users.
from rpki-client-portable.
My hope is that one day more RP implementations gain support for the constraints syntax specified in draft-snijders-constraining-rpki-trust-anchors. An argument could be made that - while at present moment - rpki-client is the only implementation that can make use of the *.constraints
files, they are not intended to be rpki-client-specific. Wouldn't this nix package be simplified if both *.tal
and *.constraints
end up in /etc/rpki/tals/
?
from rpki-client-portable.
Related Issues (20)
- 7.9 - release HOT 2
- Nightly GitHub Action failure HOT 2
- Upload signing public key of rpki-client to keys.openpgp.org? HOT 2
- Proxy support issues since 8.0 HOT 11
- crash with unhandled entity type 7 HOT 6
- Geofeed validation doesn't seem to work correctly on Ubuntu 22.04.1 LTS - RPKI-client 8.2 HOT 2
- Updated rpki-client interval for crontab?
- Nightly GitHub Action failure HOT 1
- Add ARIN TAL to OpenBSD upstream repository? HOT 2
- Nightly GitHub Action failure HOT 1
- symbol collision between libcompat.a and libtls HOT 2
- Apparent lack of HOST_NAME_MAX on macOS? HOT 2
- GitHub Action failure: undefined reference to `inflate' HOT 1
- Nightly GitHub Action failure: implicit declaration of function 'arc4random_uniform' HOT 1
- Issuer certificate not found even tough it is in cache `ta` folder HOT 5
- better documentation on metrics
- vis.c warning on debian HOT 1
- Nightly GitHub Action failure: undefined reference to `spl_read'
- Nightly GitHub Action failure: 1 out of 7 hunks FAILED -- saving rejects to file rpki-client.8.rej HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rpki-client-portable.