Cleanup

svn path=/Makefile; revision=1876

16 files changed, 33 insertions, 129 deletions

diff --git a/Makefile b/Makefile
index ac04f819..ffe08765 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,9 @@
 # $Id$
 
-SUBDIRS = openssl rcynic tests pow rpkid
+SUBDIRS = openssl rcynic utils pow rpkid
 
 all install clean test:
-	@for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && make $@); done
+	@for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && ${MAKE} $@); done
 
 test: all
 
diff --git a/README b/README
index 588e6142..99aaaedf 100644
--- a/README
+++ b/README
@@ -22,17 +22,17 @@ Programs:
 
 - rcynic: "cynical rsync" validator for rsync-based RPKI repositories.
 
-- rpkid: rpkid and friends, an (unfinished) collection of Python
-  programs to handle the publication side of the RPKI project.
+- rpkid: rpkid and friends, a collection of Python programs to handle
+  the publication side of the RPKI project.
 
-- tests and scripts: various little test programs and utilities, not
+- utils and scripts: various little test programs and utilities, not
   really intended for use by anyone but the author.  If they're
   useful, cool, enjoy, but if they blow up in your face, set your
   computer on fire, and turn your cat blue, that's your problem.
 
 Other:
 
-- docs: Design documents for various protocols used by the entities
-  that generate and publish RPKI data.
+- presentations: miscellaneous presentations and design documents for
+  the project.
 
 - wiki-mirror: Mirror of selected documents from a Wiki at APNIC.
diff --git a/openssl/Makefile b/openssl/Makefile
index 73d655ea..8868d50e 100644
--- a/openssl/Makefile
+++ b/openssl/Makefile
@@ -3,11 +3,12 @@
 VERSION = SNAP-20080509
 
 all: openssl-${VERSION}/Makefile
-	cd openssl-${VERSION}; make $@
+	cd openssl-${VERSION}; ${MAKE} $@
 	ln -sf openssl-${VERSION} openssl
 
 clean:
 	rm -rf openssl-${VERSION} openssl
+	cd tests; ${MAKE} $@
 
 openssl-${VERSION}/Makefile: openssl-${VERSION}/config
 	cd openssl-${VERSION}; PERL=/usr/bin/perl ./config enable-rfc3779 no-dso
@@ -23,5 +24,5 @@ install:
 sandblast:
 	svn st -v openssl* | awk '/^I/ && NF == 2 {system("set -x; rm -rf " $$2)}'
 
-test:
-	@true
+test: all
+	cd tests; ${MAKE} $@
diff --git a/openssl/tests/Makefile b/openssl/tests/Makefile
index f7b803eb..8e0c14e5 100644
--- a/openssl/tests/Makefile
+++ b/openssl/tests/Makefile
@@ -1,6 +1,6 @@
 # $Id$
 
-OPENSSL_DIR = ../../openssl/openssl
+OPENSSL_DIR = ../openssl
 
 CFLAGS = -g -I${OPENSSL_DIR}/include
 
diff --git a/presentations/presentations/070523.lacnic-pki.pdf b/presentations/070523.lacnic-pki.pdf
index 5ab83fa3..5ab83fa3 100644
--- a/presentations/presentations/070523.lacnic-pki.pdf
+++ b/presentations/070523.lacnic-pki.pdf
diff --git a/presentations/README b/presentations/README
index 26bc0688..6ff000fc 100644
--- a/presentations/README
+++ b/presentations/README
@@ -5,23 +5,17 @@ confusing.
 
 README				This file
 
-entity-decompose.pdf		An overview presentation
-
-images				Some old pictures
-
-left-right-protocol		Pseudo-code for left-right protocol
+070523.lacnic-pki.pdf		A presentation from LACNIC, May 2007
 
-left-right-xml			XML samples of left-right protocol
+bpki.pdf			Old discussion of a design choice
+				between two slightly different
+				business PKI (BPKI) architectures
 
-presentations			More presentations
+entity-decompose.pdf		An overview presentation
 
-publication-protocol		Pseudo-code for publication protocol
+images				Some old pictures
 
 repository-engine-objects.dot	Objects in the RPKI engine (PDF)
 repository-engine-objects.pdf	Graphviz source for "
 
 repository-structure.txt	Old notes on repository structure
-
-signed-manifests		ASN.1 for signed manifests
-
-up-down-protocol		Pointer to up-down protocol specification
diff --git a/presentations/signed-manifests b/presentations/signed-manifests
deleted file mode 100644
index d1bd3f5e..00000000
--- a/presentations/signed-manifests
+++ /dev/null
@@ -1,74 +0,0 @@
--- $Id$
-
--- Copyright (C) 2007-2008  American Registry for Internet Numbers ("ARIN")
---
--- Permission to use, copy, modify, and distribute this software for any
--- purpose with or without fee is hereby granted, provided that the above
--- copyright notice and this permission notice appear in all copies.
---
--- THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
--- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
--- AND FITNESS.  IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
--- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
--- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
--- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
--- PERFORMANCE OF THIS SOFTWARE.
-
--- Signed manifests for RPKI repositories.  Relying parties use object
--- (as opposed to channel) security for everything in this design
--- repository, which is the right thing to do for various reasons but
--- leaves us open to attacks which intercept the rsync connection and
--- drop valid objects out of an SIA collection.  At present this is
--- not detectable, so we need a mechanism.
---
--- Manifests as described here are modeled on CRLs, because the issues
--- involved in detecting stale manifests, manifest replays, etc are
--- similar to those for CRLs.  So we want many of the fields that a
--- CRL has.  Syntax differs, though, since RPKI repositories can
--- contain objects not covered by CRLs (eg, ROAs), and reuse CMS as
--- the manifest signature format rather than inventing another one.
---
--- See RFC 3280 section 5 for CRL layout and extensions.
---
--- We're only trying to cover objects in the same SIA collection
--- (directory) as the manifest.  We will probably want to name the
--- manifest itself with a name derived from the g(ski) of the cert of
--- which this is the SIA collection.  We'll need an EE cert to sign
--- the manifest; the EE cert should probably just use RFC 3779
--- inheritance to cover all the resources that its issuer holds.  If we
--- use CMS, we might just want to include the EE cert in the CMS
--- bag of certs.
---
--- Lisp pseudo-code version of my original proposal for what goes
--- inside the CMS wrapper:
---
---	(manifest :version 1
---		  :collection-uri "rsync://foo.example/wombat/"
---		  :this-update    timestamp
---		  :next-update    timestamp
---		  :manifest-serial 17
---		  :hash-algorithm :sha256
---		  (:name foo.cer :hash aabbccdd...)
---		  (:name bar.cer :hash bbccddee...)
---		  (:name foo.roa :hash ccddeeff...)
---		  (:name baz.crl :hash ddeeff00...)
---		  ...)
---
--- Steve Kent came up with something very similar in ASN.1.  At this
--- point I think that Steve and I have converged, so here is Steve's
--- ASN.1, which, absent new issues, I expect to implement with
--- OpenSSL's ASN.1 engine.
-
-Manifest ::= SEQUENCE {
-	version	    [0]	INTEGER DEFAULT 0,	-- first version is 0
-	manifestNumber	INTEGER,		-- to identify unscheduled manifest issuance
-	thisUpdate	GeneralizedTime,	-- this manifest issuance time
-	nextUpdate      GeneralizedTime,	-- next scheduled manifest issuance time
-	fileHashAlg	OBJECT IDENTIFIER,	-- algorithm used to generate file content hash values
-	fileList        SEQUENCE OF FileAndHash -- list of file name and content hash pairs
-}
-
-FileAndHash ::=	SEQUENCE {
-	file		IA5String		-- file name
-	hash		BIT STRING		-- hash of file content
-}
diff --git a/presentations/up-down-protocol b/presentations/up-down-protocol
deleted file mode 100644
index 4e4aa86c..00000000
--- a/presentations/up-down-protocol
+++ /dev/null
@@ -1,8 +0,0 @@
-$Id$
-
-The master copy of the up-down protocol currently lives in a wiki at
-APNIC.  A flat text mirror of this document can be found at:
-
-http://subvert-rpki.hactrn.net/wiki-mirror/text/mirin.apnic.net/resourcecerts/wiki/index.php/IR-ISP_Definition
-
-(ie, ../wiki-mirror/text/mirin.apnic.net/resourcecerts/wiki/index.php/IR-ISP_Definition within this repository).
diff --git a/rpkid/Makefile b/rpkid/Makefile
index ba94e12f..5877012a 100644
--- a/rpkid/Makefile
+++ b/rpkid/Makefile
@@ -67,34 +67,25 @@ all-tests:: relaxng
 all-tests:: parse-test
 
 resource-cert-samples-regen: resource-cert-samples/.stamp
-	cd resource-cert-samples && make
+	cd resource-cert-samples && ${MAKE}
 
 resource-cert-samples/.stamp: generate-testrepo.py Makefile
 	python generate-testrepo.py
 	touch $@
 
-HTML2TEXT = xsltproc --html tweak-doc.xsl $? | lynx -dump -nolist -force_html /dev/stdin >$@
-
 irbe-cli.usage: irbe-cli.py
 	python irbe-cli.py --help | sed 's/^/      /' >$@
 
 dox doxygen: irbe-cli.usage
 	TZ='' doxygen
-	cd doc/latex && TZ='' make >/dev/null 2>&1
-
-doc:: dox doc/INSTALLATION doc/OPERATION doc/left-right-protocol doc/publication-protocol
-
-doc/INSTALLATION: doc/html/Installation.html
-	${HTML2TEXT}
-
-doc/OPERATION: doc/html/Operation.html
-	${HTML2TEXT}
-
-doc/left-right-protocol: doc/html/Left-right.html
-	${HTML2TEXT}
-
-doc/publication-protocol: doc/html/Publication.html
-	${HTML2TEXT}
+	cd doc/latex && TZ='' ${MAKE} >/dev/null 2>&1
+	for i in Installation Operation Left-right Publication; do \
+		xsltproc --html tweak-doc.xsl doc/html/$$i.html | lynx -dump -nolist -force_html /dev/stdin >doc/$$i; \
+	done
+	cd doc; ln -f latex/refman.pdf manual.pdf
+	cd doc; tar -cf - html | gzip -9 >manual.tar.gz
+
+doc:: dox
 
 tags:
 	find . -type f -name '*.py' ! -name relaxng.py | etags -
diff --git a/rpkid/doc/INSTALLATION b/rpkid/doc/Installation
index aec99f3f..3d964801 100644
--- a/rpkid/doc/INSTALLATION
+++ b/rpkid/doc/Installation
@@ -68,5 +68,5 @@ Installation
      __________________________________________________________________
 
 
-    Generated on Thu Jun 12 17:41:24 2008 for RPKI Engine by  doxygen
+    Generated on Thu Jun 12 18:21:05 2008 for RPKI Engine by  doxygen
     1.5.5
diff --git a/rpkid/doc/left-right-protocol b/rpkid/doc/Left-right
index ba2d447f..1f1be710 100644
--- a/rpkid/doc/left-right-protocol
+++ b/rpkid/doc/Left-right
@@ -473,5 +473,5 @@ Error handling
      __________________________________________________________________
 
 
-    Generated on Thu Jun 12 17:41:25 2008 for RPKI Engine by  doxygen
+    Generated on Thu Jun 12 18:21:05 2008 for RPKI Engine by  doxygen
     1.5.5
diff --git a/rpkid/doc/OPERATION b/rpkid/doc/Operation
index 19471050..4c5e987f 100644
--- a/rpkid/doc/OPERATION
+++ b/rpkid/doc/Operation
@@ -688,5 +688,5 @@ testpoke.py
      __________________________________________________________________
 
 
-    Generated on Thu Jun 12 17:41:24 2008 for RPKI Engine by  doxygen
+    Generated on Thu Jun 12 18:21:05 2008 for RPKI Engine by  doxygen
     1.5.5
diff --git a/rpkid/doc/publication-protocol b/rpkid/doc/Publication
index c6bf4c13..cf89abde 100644
--- a/rpkid/doc/publication-protocol
+++ b/rpkid/doc/Publication
@@ -223,5 +223,5 @@ Additional access control considerations.
      __________________________________________________________________
 
 
-    Generated on Thu Jun 12 17:41:25 2008 for RPKI Engine by  doxygen
+    Generated on Thu Jun 12 18:21:05 2008 for RPKI Engine by  doxygen
     1.5.5
diff --git a/rpkid/doc/manual.pdf b/rpkid/doc/manual.pdf
new file mode 100644
index 00000000..997a3b07
--- /dev/null
+++ b/rpkid/doc/manual.pdf
diff --git a/rpkid/doc/manual.tar.gz b/rpkid/doc/manual.tar.gz
new file mode 100644
index 00000000..905be159
--- /dev/null
+++ b/rpkid/doc/manual.tar.gz
diff --git a/utils/Makefile b/utils/Makefile
index 51aa972d..e6f7710c 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -1,9 +1,9 @@
 # $Id$
 
-SUBDIRS = resource-set uri
+SUBDIRS = uri
 
 all clean test:
-	@for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && make $@); done
+	@for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && ${MAKE} $@); done
 
 install:
 	@true