diff options
| author | Rob Austein <sra@hactrn.net> | 2014-04-07 21:25:15 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2014-04-07 21:25:15 +0000 |
| commit | 440687c9d13a28b902bd9594f88eea6f42be686e (patch) | |
| tree | d239056a195315c9c55b3c67103f9b1771aab0c2 | |
| parent | 8f81bbe3c5f76eda26bea1cf4b455de8faec0449 (diff) | |
Whack test code to work with new tree, fix relaxng.py.
svn path=/branches/tk685/; revision=5765
| -rw-r--r-- | Makefile.in | 9 | ||||
| -rw-r--r-- | ca/Makefile.in | 64 | ||||
| -rw-r--r-- | ca/doc/README | 16 | ||||
| -rw-r--r-- | ca/doc/mainpage.py | 71 | ||||
| -rw-r--r-- | ca/tests/revoke.yaml | 60 | ||||
| -rw-r--r-- | ca/tests/smoketest.1.yaml | 4 | ||||
| -rw-r--r-- | ca/tests/smoketest.3.yaml | 12 | ||||
| -rw-r--r-- | ca/tests/smoketest.7.yaml | 4 | ||||
| -rw-r--r-- | ca/tests/smoketest.py | 8 | ||||
| -rw-r--r-- | ca/tests/yamltest-test-all.sh | 6 | ||||
| -rwxr-xr-x | configure | 12 | ||||
| -rw-r--r-- | configure.ac | 10 | ||||
| -rw-r--r-- | doc/pubd-bpki.dot (renamed from ca/doc/pubd-bpki.dot) | 0 | ||||
| -rw-r--r-- | doc/rpkid-bpki.dot (renamed from ca/doc/rpkid-bpki.dot) | 0 | ||||
| -rw-r--r-- | rp/Makefile.in | 2 | ||||
| -rw-r--r-- | rp/rpki-rtr/Makefile.in (renamed from rp/rtr-origin/Makefile.in) | 0 | ||||
| -rw-r--r-- | rp/rpki-rtr/README (renamed from rp/rtr-origin/README) | 0 | ||||
| -rwxr-xr-x | rp/rpki-rtr/rtr-origin (renamed from rp/rtr-origin/rtr-origin) | 0 | ||||
| -rw-r--r-- | rp/rpki-rtr/rules.darwin.mk (renamed from rp/rtr-origin/rules.darwin.mk) | 0 | ||||
| -rw-r--r-- | rp/rpki-rtr/rules.freebsd.mk (renamed from rp/rtr-origin/rules.freebsd.mk) | 0 | ||||
| -rw-r--r-- | rp/rpki-rtr/rules.linux.mk (renamed from rp/rtr-origin/rules.linux.mk) | 0 | ||||
| -rw-r--r-- | rp/rpki-rtr/rules.unknown.mk (renamed from rp/rtr-origin/rules.unknown.mk) | 0 | ||||
| -rwxr-xr-x | rp/rpki-rtr/server.sh (renamed from rp/rtr-origin/server.sh) | 0 | ||||
| -rw-r--r-- | rp/rpki-rtr/sshd.conf | 23 | ||||
| -rw-r--r-- | rp/rtr-origin/sshd.conf | 23 | ||||
| -rw-r--r-- | rpki/relaxng.py | 1198 | ||||
| -rw-r--r-- | schemas/Makefile.in | 2 |
27 files changed, 698 insertions, 826 deletions
diff --git a/Makefile.in b/Makefile.in index 71dab019..4465ef9e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -97,3 +97,12 @@ ${POW_SO}: .FORCE setup_autoconf.py build/stamp: .FORCE setup_autoconf.py ${PYTHON} setup.py build touch $@ + +lint: + find rpki -name '*.py' | xargs pylint --rcfile ${abs_top_srcdir}/buildtools/pylint.rc + +tags: Makefile + find rpki rp ca schemas -type f \ + \( -name '*.[ch] -o -name '*.py' -o -name '*.sql' -o -name '*.rnc' \) \ + ! -name relaxng.py ! -name sql_schemas.py -print | \ + etags - diff --git a/ca/Makefile.in b/ca/Makefile.in index 0764edc1..317b8395 100644 --- a/ca/Makefile.in +++ b/ca/Makefile.in @@ -55,73 +55,23 @@ uninstall deinstall:: distclean:: rm -f installed -dont-run-trang: - touch *.rng - -relaxng: left-right-schema.rng up-down-schema.rng publication-schema.rng +relaxng: cd tests; $(MAKE) protocol-samples - xmllint --noout --relaxng left-right-schema.rng tests/left-right-protocol-samples/*.xml - xmllint --noout --relaxng up-down-schema.rng tests/up-down-protocol-samples/*.xml - xmllint --noout --relaxng publication-schema.rng tests/publication-protocol-samples/*.xml + xmllint --noout --relaxng ../schemas/relaxng/left-right-schema.rng tests/left-right-protocol-samples/*.xml + xmllint --noout --relaxng ../schemas/relaxng/up-down-schema.rng tests/up-down-protocol-samples/*.xml + xmllint --noout --relaxng ../schemas/relaxng/publication-schema.rng tests/publication-protocol-samples/*.xml unit-tests: all PWD=`pwd`; for i in rpki/*.py; do echo "[$$i]"; PYTHONPATH=$$PWD ${PYTHON} $$i; done -all-tests:: unit-tests - -all-tests:: relaxng +all-tests:: unit-tests relaxng test all-tests parse-test profile yamltest yamlconf:: all cd tests; $(MAKE) $@ -tags: Makefile - find . -type d -name build -prune -o -type f \( -name '*.py' -o -name '*.sql' -o -name '*.rnc' -o -name '*.py.in' \) ! -name relaxng.py ! -name sql_schemas.py -print | etags - - -lint: - pylint --rcfile ${abs_top_srcdir}/buildtools/pylint.rc rpki/*.py rpki/irdb/*.py *.py tests/*.py - -# Documentation - -doc/pubd.dot: pubd.sql - sh ${abs_top_srcdir}/buildtools/graphviz-sql.sh $? >$@ - -doc/rpkid.dot: rpkid.sql - sh ${abs_top_srcdir}/buildtools/graphviz-sql.sh $? >$@ - -.SUFFIXES: .dot .png .pdf .eps - -.dot.pdf: - dot -Tps2 $? | ps2pdf - $@ - -.dot.eps: - dot -o $@ -Teps $? - -.dot.png: - dot -o $@ -Tpng $? - -dot: doc/pubd.dot doc/rpkid.dot - -eps: doc/pubd.eps doc/rpkid.eps doc/rpkid-bpki.eps doc/pubd-bpki.eps - -png: doc/pubd.png doc/rpkid.png doc/rpkid-bpki.png doc/pubd-bpki.png - -pdf: doc/pubd.pdf doc/rpkid.pdf doc/rpkid-bpki.pdf doc/pubd-bpki.pdf - -docclean: - rm -rf doc/html doc/latex doc/xml - rm -f doc/*.eps doc/*.pdf doc/*.png - rm -f doc/pubd.dot doc/rpkid.dot - -html: dot eps png - TZ='' IMAGE_PATH=${abs_builddir}/doc doxygen - -docs: dot eps png html pdf - -## - -distclean:: clean docclean +distclean:: clean cd tests; ${MAKE} $@ - rm -f TAGS Makefile + rm -f Makefile all:: examples/rpki.conf diff --git a/ca/doc/README b/ca/doc/README deleted file mode 100644 index 33902d7e..00000000 --- a/ca/doc/README +++ /dev/null @@ -1,16 +0,0 @@ -$Id$ - -Internals documentation for the RPKI CA tools. - -Once upon a time this included the hand-written documentation for the -CA tools, but that is now part of the overall package documentation. -What's left here is just what Doxygen generates from the source code -and a few Graphviz diagrams. - -At the moment the control for the stuff generated here is still -../Makefile, that may change at some point. - -We no longer generate the documentation here automatically, as it's -kind of large and we're not sure anybody else cares about it, so if -you want this manual you'll have to install Doxygen and build it -yourself. diff --git a/ca/doc/mainpage.py b/ca/doc/mainpage.py deleted file mode 100644 index 4570547b..00000000 --- a/ca/doc/mainpage.py +++ /dev/null @@ -1,71 +0,0 @@ -## @file -# @details -# Doxygen documentation source, expressed as Python comments to make Doxygen happy. -# -# $Id$ -# -# Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. -# -# Portions copyright (C) 2007--2008 American Registry for Internet Numbers ("ARIN") -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. - -## @mainpage RPKI Engine Reference Manual -# -# This collection of Python modules implements an RPKI CA engine. -# -# See http://trac.rpki.net/ for the RPKI tools package documentation. -# -# The documentation you're reading is generated automatically by -# Doxygen from comments and documentation in -# <a href="http://trac.rpki.net/browser/trunk">the code</a>. -# -# At one point this manual also included documentation for the CA -# tools, but that has been integrated into the overall package -# documentation. This manual is now just the CA tools internals. - -## @page sql-schemas SQL database schemas -# -# @li @subpage rpkid-sql "rpkid database schema" -# @li @subpage pubd-sql "pubd database schema" - -## @page rpkid-sql rpkid SQL schema -# -# @image html rpkid.png "Diagram of rpkid.sql" -# @image latex rpkid.eps "Diagram of rpkid.sql" height=\textheight -# -# @verbinclude rpkid.sql - -## @page pubd-sql pubd SQL Schema -# -# @image html pubd.png "Diagram of pubd.sql" -# @image latex pubd.eps "Diagram of pubd.sql" width=\textwidth -# -# @verbinclude pubd.sql - -# Local Variables: -# mode:python -# compile-command: "cd ../.. && ./config.status && cd rpkid && make docs" -# End: diff --git a/ca/tests/revoke.yaml b/ca/tests/revoke.yaml index 2edb8335..ae53f0d8 100644 --- a/ca/tests/revoke.yaml +++ b/ca/tests/revoke.yaml @@ -54,7 +54,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -67,7 +67,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 @@ -81,7 +81,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -92,7 +92,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -105,7 +105,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -118,7 +118,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -129,7 +129,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -142,7 +142,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -155,7 +155,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -166,7 +166,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -179,7 +179,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -192,7 +192,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -203,7 +203,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -216,7 +216,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -229,7 +229,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -240,7 +240,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -253,7 +253,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -266,7 +266,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -277,7 +277,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -290,7 +290,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -303,7 +303,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -314,7 +314,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -327,7 +327,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -340,7 +340,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -351,7 +351,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -364,7 +364,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -377,7 +377,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 @@ -388,7 +388,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -401,7 +401,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - name: R0 @@ -414,7 +414,7 @@ kids: cd rcynic-data; pax -rwl . ../$dir; find . -type f -name '*.cer' | sort | - xargs ../../../../utils/uri/uri -s + xargs ../../../../rp/utils/uri -s >../${dir%.data}.uris; sleep 1 - sleep 30 diff --git a/ca/tests/smoketest.1.yaml b/ca/tests/smoketest.1.yaml index 914aaae4..81bc887a 100644 --- a/ca/tests/smoketest.1.yaml +++ b/ca/tests/smoketest.1.yaml @@ -52,7 +52,7 @@ kids: --- - shell set -x; - rtr_origin='python ../../../rtr-origin/rtr-origin.py'; + rtr_origin='python ../../../rp/rpki-rtr/rtr-origin.py'; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show --- @@ -70,7 +70,7 @@ kids: ipv4: 10.3.0.1/32, 10.0.0.44/32 --- - shell set -x; - rtr_origin='python ../../../rtr-origin/rtr-origin.py'; + rtr_origin='python ../../../rp/rpki-rtr/rtr-origin.py'; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show --- diff --git a/ca/tests/smoketest.3.yaml b/ca/tests/smoketest.3.yaml index e6a10a12..41a88643 100644 --- a/ca/tests/smoketest.3.yaml +++ b/ca/tests/smoketest.3.yaml @@ -51,17 +51,17 @@ kids: ipv4: 10.3.0.0/23 --- #- shell find publication -type f -name '*.roa' -# -print -exec ../../../utils/print_roa/print_roa {} \; +# -print -exec ../../../rp/utils/print_roa {} \; #- shell find publication -type f -name '*.mft' -# -print -exec ../../../utils/print_manifest/print_manifest {} \; +# -print -exec ../../../rp/utils/print_manifest {} \; #--- #- shell find publication -type f -name '*.roa' -# -print -exec ../../../utils/print_roa/print_roa {} \; +# -print -exec ../../../rp/utils/print_roa {} \; #- shell find publication -type f -name '*.mft' -# -print -exec ../../../utils/print_manifest/print_manifest {} \; +# -print -exec ../../../rp/utils/print_manifest {} \; #--- - shell set -x; - rtr_origin=../../../rtr-origin/rtr-origin; + rtr_origin=../../../rp/rpki-rtr/rtr-origin; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show --- @@ -76,6 +76,6 @@ kids: ipv6: 2002:0a00::/32-128 --- - shell set -x; - rtr_origin=../../../rtr-origin/rtr-origin; + rtr_origin=../../../rp/rpki-rtr/rtr-origin; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show diff --git a/ca/tests/smoketest.7.yaml b/ca/tests/smoketest.7.yaml index fedd2fff..7c808552 100644 --- a/ca/tests/smoketest.7.yaml +++ b/ca/tests/smoketest.7.yaml @@ -70,8 +70,8 @@ roa_request: --- - shell set -x; find publication -type f -name '*.roa' - -print -exec ../../../utils/print_roa/print_roa {} \; + -print -exec ../../../rp/utils/print_roa {} \; ; - rtr_origin=../../../rtr-origin/rtr-origin; + rtr_origin=../../../rp/rpki-rtr/rtr-origin; $rtr_origin --cronjob rcynic-data/authenticated && $rtr_origin --show diff --git a/ca/tests/smoketest.py b/ca/tests/smoketest.py index 28bedaa4..e5f5a754 100644 --- a/ca/tests/smoketest.py +++ b/ca/tests/smoketest.py @@ -115,14 +115,14 @@ prog_poke = cfg.get("prog_poke", "../testpoke.py") prog_rootd = cfg.get("prog_rootd", "../../rootd") prog_pubd = cfg.get("prog_pubd", "../../pubd") prog_rsyncd = cfg.get("prog_rsyncd", "rsync") -prog_rcynic = cfg.get("prog_rcynic", "../../../rcynic/rcynic") +prog_rcynic = cfg.get("prog_rcynic", "../../../rp/rcynic/rcynic") prog_openssl = cfg.get("prog_openssl", "../../../openssl/openssl/apps/openssl") -rcynic_stats = cfg.get("rcynic_stats", "echo ; ../../../rcynic/rcynic-text %s.xml ; echo" % rcynic_name) +rcynic_stats = cfg.get("rcynic_stats", "echo ; ../../../rp/rcynic/rcynic-text %s.xml ; echo" % rcynic_name) -rpki_sql_file = cfg.get("rpki_sql_file", "../rpkid.sql") +rpki_sql_file = cfg.get("rpki_sql_file", "../../schemas/sql/rpkid.sql") irdb_sql_file = cfg.get("irdb_sql_file", "old_irdbd.sql") -pub_sql_file = cfg.get("pub_sql_file", "../pubd.sql") +pub_sql_file = cfg.get("pub_sql_file", "../../schemas/sql/pubd.sql") startup_delay = int(cfg.get("startup_delay", "10")) diff --git a/ca/tests/yamltest-test-all.sh b/ca/tests/yamltest-test-all.sh index 8daea04e..4bd5c560 100644 --- a/ca/tests/yamltest-test-all.sh +++ b/ca/tests/yamltest-test-all.sh @@ -43,9 +43,9 @@ do do sleep 30 date - ../../rcynic/rcynic - ../../rcynic/rcynic-text rcynic.xml - ../../utils/scan_roas/scan_roas rcynic-data/authenticated + ../../rp/rcynic/rcynic + ../../rp/rcynic/rcynic-text rcynic.xml + ../../rp/utils/scan_roas rcynic-data/authenticated date echo "$title" done @@ -4576,22 +4576,22 @@ $as_echo "$enable_target_installation" >&6; } case $host_os in darwin*) RCYNIC_MAKE_RULES='rp/rcynic/rules.darwin.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.darwin.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.darwin.mk' CA_MAKE_RULES='ca/rules.darwin.mk' ;; freebsd*) RCYNIC_MAKE_RULES='rp/rcynic/rules.freebsd.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.freebsd.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.freebsd.mk' CA_MAKE_RULES='ca/rules.freebsd.mk' ;; linux*) RCYNIC_MAKE_RULES='rp/rcynic/rules.linux.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.linux.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.linux.mk' CA_MAKE_RULES='ca/rules.linux.mk' ;; *) RCYNIC_MAKE_RULES='rp/rcynic/rules.unknown.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.unknown.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.unknown.mk' CA_MAKE_RULES='ca/rules.unknown.mk' ;; esac @@ -5056,7 +5056,7 @@ fi if test $build_rp_tools = yes then - ac_config_files="$ac_config_files rp/Makefile rp/rcynic/Makefile rp/rcynic/static-rsync/Makefile rp/utils/Makefile rp/rtr-origin/Makefile" + ac_config_files="$ac_config_files rp/Makefile rp/rcynic/Makefile rp/rcynic/static-rsync/Makefile rp/utils/Makefile rp/rpki-rtr/Makefile" fi @@ -5810,7 +5810,7 @@ do "rp/rcynic/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rcynic/Makefile" ;; "rp/rcynic/static-rsync/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rcynic/static-rsync/Makefile" ;; "rp/utils/Makefile") CONFIG_FILES="$CONFIG_FILES rp/utils/Makefile" ;; - "rp/rtr-origin/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rtr-origin/Makefile" ;; + "rp/rpki-rtr/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rpki-rtr/Makefile" ;; "ca/Makefile") CONFIG_FILES="$CONFIG_FILES ca/Makefile" ;; "ca/tests/Makefile") CONFIG_FILES="$CONFIG_FILES ca/tests/Makefile" ;; diff --git a/configure.ac b/configure.ac index ff25b982..c8f153d7 100644 --- a/configure.ac +++ b/configure.ac @@ -388,22 +388,22 @@ AC_MSG_RESULT([$enable_target_installation]) case $host_os in darwin*) RCYNIC_MAKE_RULES='rp/rcynic/rules.darwin.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.darwin.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.darwin.mk' CA_MAKE_RULES='ca/rules.darwin.mk' ;; freebsd*) RCYNIC_MAKE_RULES='rp/rcynic/rules.freebsd.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.freebsd.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.freebsd.mk' CA_MAKE_RULES='ca/rules.freebsd.mk' ;; linux*) RCYNIC_MAKE_RULES='rp/rcynic/rules.linux.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.linux.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.linux.mk' CA_MAKE_RULES='ca/rules.linux.mk' ;; *) RCYNIC_MAKE_RULES='rp/rcynic/rules.unknown.mk' - RTR_ORIGIN_MAKE_RULES='rp/rtr-origin/rules.unknown.mk' + RTR_ORIGIN_MAKE_RULES='rp/rpki-rtr/rules.unknown.mk' CA_MAKE_RULES='ca/rules.unknown.mk' ;; esac @@ -818,7 +818,7 @@ then rp/rcynic/Makefile rp/rcynic/static-rsync/Makefile rp/utils/Makefile - rp/rtr-origin/Makefile]) + rp/rpki-rtr/Makefile]) fi if test $build_ca_tools = yes diff --git a/ca/doc/pubd-bpki.dot b/doc/pubd-bpki.dot index 44ad8a90..44ad8a90 100644 --- a/ca/doc/pubd-bpki.dot +++ b/doc/pubd-bpki.dot diff --git a/ca/doc/rpkid-bpki.dot b/doc/rpkid-bpki.dot index 651591cb..651591cb 100644 --- a/ca/doc/rpkid-bpki.dot +++ b/doc/rpkid-bpki.dot diff --git a/rp/Makefile.in b/rp/Makefile.in index ceeef9f1..2c770a46 100644 --- a/rp/Makefile.in +++ b/rp/Makefile.in @@ -1,6 +1,6 @@ # $Id$ -SUBDIRS = rcynic rtr-origin utils +SUBDIRS = rcynic rpki-rtr utils all clean test distclean install deinstall uninstall:: @for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && ${MAKE} $@); done diff --git a/rp/rtr-origin/Makefile.in b/rp/rpki-rtr/Makefile.in index e587305b..e587305b 100644 --- a/rp/rtr-origin/Makefile.in +++ b/rp/rpki-rtr/Makefile.in diff --git a/rp/rtr-origin/README b/rp/rpki-rtr/README index dae53010..dae53010 100644 --- a/rp/rtr-origin/README +++ b/rp/rpki-rtr/README diff --git a/rp/rtr-origin/rtr-origin b/rp/rpki-rtr/rtr-origin index e1e82ccf..e1e82ccf 100755 --- a/rp/rtr-origin/rtr-origin +++ b/rp/rpki-rtr/rtr-origin diff --git a/rp/rtr-origin/rules.darwin.mk b/rp/rpki-rtr/rules.darwin.mk index 1230db92..1230db92 100644 --- a/rp/rtr-origin/rules.darwin.mk +++ b/rp/rpki-rtr/rules.darwin.mk diff --git a/rp/rtr-origin/rules.freebsd.mk b/rp/rpki-rtr/rules.freebsd.mk index df99da47..df99da47 100644 --- a/rp/rtr-origin/rules.freebsd.mk +++ b/rp/rpki-rtr/rules.freebsd.mk diff --git a/rp/rtr-origin/rules.linux.mk b/rp/rpki-rtr/rules.linux.mk index 23f90f69..23f90f69 100644 --- a/rp/rtr-origin/rules.linux.mk +++ b/rp/rpki-rtr/rules.linux.mk diff --git a/rp/rtr-origin/rules.unknown.mk b/rp/rpki-rtr/rules.unknown.mk index fb16e93a..fb16e93a 100644 --- a/rp/rtr-origin/rules.unknown.mk +++ b/rp/rpki-rtr/rules.unknown.mk diff --git a/rp/rtr-origin/server.sh b/rp/rpki-rtr/server.sh index 7ccf2f38..7ccf2f38 100755 --- a/rp/rtr-origin/server.sh +++ b/rp/rpki-rtr/server.sh diff --git a/rp/rpki-rtr/sshd.conf b/rp/rpki-rtr/sshd.conf new file mode 100644 index 00000000..df32ca67 --- /dev/null +++ b/rp/rpki-rtr/sshd.conf @@ -0,0 +1,23 @@ +# $Id$ +# +# sshd config file for testing. Invoke thusly: +# +# /usr/sbin/sshd -f $top/rpki-rtr/sshd.conf -d + +Port 2222 +Protocol 2 +ListenAddress 127.0.0.1 +ListenAddress ::1 +HostKey /u/sra/rpki/subvert-rpki.hactrn.net/rpki-rtr/ssh_host_rsa_key +PermitRootLogin no +PubkeyAuthentication yes +AuthorizedKeysFile /u/sra/rpki/subvert-rpki.hactrn.net/rpki-rtr/authorized_keys +PasswordAuthentication no +PermitEmptyPasswords no +ChallengeResponseAuthentication no +UsePAM no +AllowTcpForwarding no +X11Forwarding no +UseDNS no +PidFile /u/sra/rpki/subvert-rpki.hactrn.net/rpki-rtr/sshd.pid +Subsystem rpki-rtr /u/sra/rpki/subvert-rpki.hactrn.net/rpki-rtr/server.sh diff --git a/rp/rtr-origin/sshd.conf b/rp/rtr-origin/sshd.conf deleted file mode 100644 index 0124fc4c..00000000 --- a/rp/rtr-origin/sshd.conf +++ /dev/null @@ -1,23 +0,0 @@ -# $Id$ -# -# sshd config file for testing. Invoke thusly: -# -# /usr/sbin/sshd -f /u/sra/rpki/subvert-rpki.hactrn.net/rtr-origin/sshd.conf -d - -Port 2222 -Protocol 2 -ListenAddress 127.0.0.1 -ListenAddress ::1 -HostKey /u/sra/rpki/subvert-rpki.hactrn.net/rtr-origin/ssh_host_rsa_key -PermitRootLogin no -PubkeyAuthentication yes -AuthorizedKeysFile /u/sra/rpki/subvert-rpki.hactrn.net/rtr-origin/authorized_keys -PasswordAuthentication no -PermitEmptyPasswords no -ChallengeResponseAuthentication no -UsePAM no -AllowTcpForwarding no -X11Forwarding no -UseDNS no -PidFile /u/sra/rpki/subvert-rpki.hactrn.net/rtr-origin/sshd.pid -Subsystem rpki-rtr /u/sra/rpki/subvert-rpki.hactrn.net/rtr-origin/server.sh diff --git a/rpki/relaxng.py b/rpki/relaxng.py index 917ed6ed..3dcf3d4f 100644 --- a/rpki/relaxng.py +++ b/rpki/relaxng.py @@ -2,9 +2,9 @@ import lxml.etree -## @var relaxng/left_right -## Parsed RelaxNG relaxng/left_right schema -relaxng/left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> +## @var left_right +## Parsed RelaxNG left_right schema +left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: left-right-schema.rnc 5757 2014-04-05 22:42:12Z sra $ @@ -1095,277 +1095,379 @@ relaxng/left_right = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version= --> ''')) -## @var relaxng/up_down -## Parsed RelaxNG relaxng/up_down schema -relaxng/up_down = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> +## @var myrpki +## Parsed RelaxNG myrpki schema +myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- - $Id: up-down-schema.rnc 5757 2014-04-05 22:42:12Z sra $ - - RelaxNG schema for the up-down protocol, extracted from RFC 6492. + $Id: myrpki.rnc 5757 2014-04-05 22:42:12Z sra $ - Copyright (c) 2012 IETF Trust and the persons identified as authors - of the code. All rights reserved. + RelaxNG schema for MyRPKI XML messages. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: + This message protocol is on its way out, as we're in the process of + moving on from the user interface model that produced it, but even + after we finish replacing it we'll still need the schema for a while + to validate old messages when upgrading. - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so + run the compact syntax through trang to get XML syntax. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. + Copyright (C) 2009-2011 Internet Systems Consortium ("ISC") - * Neither the name of Internet Society, IETF or IETF Trust, nor the - names of specific contributors, may be used to endorse or promote - products derived from this software without specific prior written - permission. + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. --> -<grammar ns="http://www.apnic.net/specs/rescerts/up-down/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> - <define name="resource_set_as"> - <data type="string"> +<grammar ns="http://www.hactrn.net/uris/rpki/myrpki/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="version"> + <value>2</value> + </define> + <define name="base64"> + <data type="base64Binary"> <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9]*</param> </data> </define> - <define name="resource_set_ip4"> + <define name="object_handle"> <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[\-,/.0-9]*</param> + <param name="maxLength">255</param> + <param name="pattern">[\-_A-Za-z0-9]+</param> </data> </define> - <define name="resource_set_ip6"> + <define name="pubd_handle"> <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[\-,/:0-9a-fA-F]*</param> + <param name="maxLength">255</param> + <param name="pattern">[\-_A-Za-z0-9/]+</param> </data> </define> - <define name="class_name"> - <data type="token"> - <param name="minLength">1</param> - <param name="maxLength">1024</param> + <define name="uri"> + <data type="anyURI"> + <param name="maxLength">4096</param> </data> </define> - <define name="ski"> - <data type="token"> - <param name="minLength">27</param> - <param name="maxLength">1024</param> - </data> + <define name="asn"> + <data type="positiveInteger"/> </define> - <define name="label"> - <data type="token"> - <param name="minLength">1</param> - <param name="maxLength">1024</param> + <define name="asn_list"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9]+</param> </data> </define> - <define name="cert_url"> + <define name="ipv4_list"> <data type="string"> - <param name="minLength">10</param> - <param name="maxLength">4096</param> + <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9/.]+</param> </data> </define> - <define name="base64_binary"> - <data type="base64Binary"> - <param name="minLength">4</param> + <define name="ipv6_list"> + <data type="string"> <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9/:a-fA-F]+</param> </data> </define> - <start> - <element name="message"> - <attribute name="version"> - <data type="positiveInteger"> - <param name="maxInclusive">1</param> - </data> - </attribute> - <attribute name="sender"> - <ref name="label"/> - </attribute> - <attribute name="recipient"> - <ref name="label"/> - </attribute> - <ref name="payload"/> - </element> - </start> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>list</value> - </attribute> - <ref name="list_request"/> - </define> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>list_response</value> - </attribute> - <ref name="list_response"/> - </define> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>issue</value> - </attribute> - <ref name="issue_request"/> - </define> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>issue_response</value> - </attribute> - <ref name="issue_response"/> - </define> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>revoke</value> - </attribute> - <ref name="revoke_request"/> - </define> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>revoke_response</value> - </attribute> - <ref name="revoke_response"/> - </define> - <define name="payload" combine="choice"> - <attribute name="type"> - <value>error_response</value> - </attribute> - <ref name="error_response"/> - </define> - <define name="list_request"> - <empty/> - </define> - <define name="list_response"> - <zeroOrMore> - <ref name="class"/> - </zeroOrMore> + <define name="timestamp"> + <data type="dateTime"> + <param name="pattern">.*Z</param> + </data> </define> - <define name="class"> - <element name="class"> - <attribute name="class_name"> - <ref name="class_name"/> - </attribute> - <attribute name="cert_url"> - <ref name="cert_url"/> - </attribute> - <attribute name="resource_set_as"> - <ref name="resource_set_as"/> - </attribute> - <attribute name="resource_set_ipv4"> - <ref name="resource_set_ip4"/> - </attribute> - <attribute name="resource_set_ipv6"> - <ref name="resource_set_ip6"/> + <!-- + Message formate used between configure_resources and + configure_daemons. + --> + <start combine="choice"> + <element name="myrpki"> + <attribute name="version"> + <ref name="version"/> </attribute> - <attribute name="resource_set_notafter"> - <data type="dateTime"/> + <attribute name="handle"> + <ref name="object_handle"/> </attribute> <optional> - <attribute name="suggested_sia_head"> - <data type="anyURI"> - <param name="maxLength">1024</param> - <param name="pattern">rsync://.+</param> - </data> + <attribute name="service_uri"> + <ref name="uri"/> </attribute> </optional> <zeroOrMore> - <element name="certificate"> - <attribute name="cert_url"> - <ref name="cert_url"/> + <element name="roa_request"> + <attribute name="asn"> + <ref name="asn"/> + </attribute> + <attribute name="v4"> + <ref name="ipv4_list"/> + </attribute> + <attribute name="v6"> + <ref name="ipv6_list"/> + </attribute> + </element> + </zeroOrMore> + <zeroOrMore> + <element name="child"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="valid_until"> + <ref name="timestamp"/> </attribute> <optional> - <attribute name="req_resource_set_as"> - <ref name="resource_set_as"/> + <attribute name="asns"> + <ref name="asn_list"/> </attribute> </optional> <optional> - <attribute name="req_resource_set_ipv4"> - <ref name="resource_set_ip4"/> + <attribute name="v4"> + <ref name="ipv4_list"/> </attribute> </optional> <optional> - <attribute name="req_resource_set_ipv6"> - <ref name="resource_set_ip6"/> + <attribute name="v6"> + <ref name="ipv6_list"/> </attribute> </optional> - <ref name="base64_binary"/> + <optional> + <element name="bpki_certificate"> + <ref name="base64"/> + </element> + </optional> </element> </zeroOrMore> - <element name="issuer"> - <ref name="base64_binary"/> + <zeroOrMore> + <element name="parent"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <attribute name="myhandle"> + <ref name="object_handle"/> + </attribute> + </optional> + <optional> + <attribute name="sia_base"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <element name="bpki_cms_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> + </zeroOrMore> + <zeroOrMore> + <element name="repository"> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <optional> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + </optional> + <optional> + <element name="bpki_certificate"> + <ref name="base64"/> + </element> + </optional> + </element> + </zeroOrMore> + <optional> + <element name="bpki_ca_certificate"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_crl"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_bsc_certificate"> + <ref name="base64"/> + </element> + </optional> + <optional> + <element name="bpki_bsc_pkcs10"> + <ref name="base64"/> + </element> + </optional> + </element> + </start> + <!-- Format of an identity.xml file. --> + <start combine="choice"> + <element name="identity"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <element name="bpki_ta"> + <ref name="base64"/> </element> </element> - </define> - <define name="issue_request"> - <element name="request"> - <attribute name="class_name"> - <ref name="class_name"/> + </start> + <!-- + Format of <authorization/> element used in referrals. The Base64 + text is a <referral/> (q. v.) element signed with CMS. + --> + <define name="authorization"> + <element name="authorization"> + <attribute name="referrer"> + <ref name="pubd_handle"/> </attribute> + <ref name="base64"/> + </element> + </define> + <!-- Format of <contact_info/> element used in referrals. --> + <define name="contact_info"> + <element name="contact_info"> <optional> - <attribute name="req_resource_set_as"> - <ref name="resource_set_as"/> + <attribute name="uri"> + <ref name="uri"/> </attribute> </optional> + <data type="string"/> + </element> + </define> + <!-- Variant payload portion of a <repository/> element. --> + <define name="repository_payload"> + <choice> + <attribute name="type"> + <value>none</value> + </attribute> + <attribute name="type"> + <value>offer</value> + </attribute> + <group> + <attribute name="type"> + <value>referral</value> + </attribute> + <ref name="authorization"/> + <ref name="contact_info"/> + </group> + </choice> + </define> + <!-- <parent/> element (response from configure_child). --> + <start combine="choice"> + <element name="parent"> + <attribute name="version"> + <ref name="version"/> + </attribute> <optional> - <attribute name="req_resource_set_ipv4"> - <ref name="resource_set_ip4"/> + <attribute name="valid_until"> + <ref name="timestamp"/> </attribute> </optional> <optional> - <attribute name="req_resource_set_ipv6"> - <ref name="resource_set_ip6"/> + <attribute name="service_uri"> + <ref name="uri"/> </attribute> </optional> - <ref name="base64_binary"/> - </element> - </define> - <define name="issue_response"> - <ref name="class"/> - </define> - <define name="revoke_request"> - <ref name="revocation"/> - </define> - <define name="revoke_response"> - <ref name="revocation"/> - </define> - <define name="revocation"> - <element name="key"> - <attribute name="class_name"> - <ref name="class_name"/> + <attribute name="child_handle"> + <ref name="object_handle"/> </attribute> - <attribute name="ski"> - <ref name="ski"/> + <attribute name="parent_handle"> + <ref name="object_handle"/> </attribute> + <element name="bpki_resource_ta"> + <ref name="base64"/> + </element> + <element name="bpki_child_ta"> + <ref name="base64"/> + </element> + <optional> + <element name="repository"> + <ref name="repository_payload"/> + </element> + </optional> </element> - </define> - <define name="error_response"> - <element name="status"> - <data type="positiveInteger"> - <param name="maxInclusive">9999</param> - </data> + </start> + <!-- + <repository/> element, types offer and referral + (input to configure_publication_client). + --> + <start combine="choice"> + <element name="repository"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="parent_handle"> + <ref name="object_handle"/> + </attribute> + <ref name="repository_payload"/> + <element name="bpki_client_ta"> + <ref name="base64"/> + </element> </element> - <zeroOrMore> - <element name="description"> - <attribute name="xml:lang"> - <data type="language"/> - </attribute> - <data type="string"> - <param name="maxLength">1024</param> - </data> + </start> + <!-- + <repository/> element, confirmation type (output of + configure_publication_client). + --> + <start combine="choice"> + <element name="repository"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="type"> + <value>confirmed</value> + </attribute> + <attribute name="parent_handle"> + <ref name="object_handle"/> + </attribute> + <attribute name="client_handle"> + <ref name="pubd_handle"/> + </attribute> + <attribute name="service_uri"> + <ref name="uri"/> + </attribute> + <attribute name="sia_base"> + <ref name="uri"/> + </attribute> + <element name="bpki_server_ta"> + <ref name="base64"/> </element> - </zeroOrMore> - </define> + <element name="bpki_client_ta"> + <ref name="base64"/> + </element> + <optional> + <ref name="authorization"/> + </optional> + <optional> + <ref name="contact_info"/> + </optional> + </element> + </start> + <!-- + <referral/> element. This is the entirety of a separate message + which is signed with CMS then included ase the Base64 content of an + <authorization/> element in the main message. + --> + <start combine="choice"> + <element name="referral"> + <attribute name="version"> + <ref name="version"/> + </attribute> + <attribute name="authorized_sia_base"> + <ref name="uri"/> + </attribute> + <ref name="base64"/> + </element> + </start> </grammar> <!-- Local Variables: @@ -1376,9 +1478,9 @@ relaxng/up_down = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1. --> ''')) -## @var relaxng/publication -## Parsed RelaxNG relaxng/publication schema -relaxng/publication = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> +## @var publication +## Parsed RelaxNG publication schema +publication = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: publication-schema.rnc 5757 2014-04-05 22:42:12Z sra $ @@ -1954,392 +2056,9 @@ relaxng/publication = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version --> ''')) -## @var relaxng/myrpki -## Parsed RelaxNG relaxng/myrpki schema -relaxng/myrpki = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> -<!-- - $Id: myrpki.rnc 5757 2014-04-05 22:42:12Z sra $ - - RelaxNG schema for MyRPKI XML messages. - - This message protocol is on its way out, as we're in the process of - moving on from the user interface model that produced it, but even - after we finish replacing it we'll still need the schema for a while - to validate old messages when upgrading. - - libxml2 (including xmllint) only groks the XML syntax of RelaxNG, so - run the compact syntax through trang to get XML syntax. - - Copyright (C) 2009-2011 Internet Systems Consortium ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. ---> -<grammar ns="http://www.hactrn.net/uris/rpki/myrpki/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> - <define name="version"> - <value>2</value> - </define> - <define name="base64"> - <data type="base64Binary"> - <param name="maxLength">512000</param> - </data> - </define> - <define name="object_handle"> - <data type="string"> - <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9]+</param> - </data> - </define> - <define name="pubd_handle"> - <data type="string"> - <param name="maxLength">255</param> - <param name="pattern">[\-_A-Za-z0-9/]+</param> - </data> - </define> - <define name="uri"> - <data type="anyURI"> - <param name="maxLength">4096</param> - </data> - </define> - <define name="asn"> - <data type="positiveInteger"/> - </define> - <define name="asn_list"> - <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9]+</param> - </data> - </define> - <define name="ipv4_list"> - <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9/.]+</param> - </data> - </define> - <define name="ipv6_list"> - <data type="string"> - <param name="maxLength">512000</param> - <param name="pattern">[\-,0-9/:a-fA-F]+</param> - </data> - </define> - <define name="timestamp"> - <data type="dateTime"> - <param name="pattern">.*Z</param> - </data> - </define> - <!-- - Message formate used between configure_resources and - configure_daemons. - --> - <start combine="choice"> - <element name="myrpki"> - <attribute name="version"> - <ref name="version"/> - </attribute> - <attribute name="handle"> - <ref name="object_handle"/> - </attribute> - <optional> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> - </optional> - <zeroOrMore> - <element name="roa_request"> - <attribute name="asn"> - <ref name="asn"/> - </attribute> - <attribute name="v4"> - <ref name="ipv4_list"/> - </attribute> - <attribute name="v6"> - <ref name="ipv6_list"/> - </attribute> - </element> - </zeroOrMore> - <zeroOrMore> - <element name="child"> - <attribute name="handle"> - <ref name="object_handle"/> - </attribute> - <attribute name="valid_until"> - <ref name="timestamp"/> - </attribute> - <optional> - <attribute name="asns"> - <ref name="asn_list"/> - </attribute> - </optional> - <optional> - <attribute name="v4"> - <ref name="ipv4_list"/> - </attribute> - </optional> - <optional> - <attribute name="v6"> - <ref name="ipv6_list"/> - </attribute> - </optional> - <optional> - <element name="bpki_certificate"> - <ref name="base64"/> - </element> - </optional> - </element> - </zeroOrMore> - <zeroOrMore> - <element name="parent"> - <attribute name="handle"> - <ref name="object_handle"/> - </attribute> - <optional> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> - </optional> - <optional> - <attribute name="myhandle"> - <ref name="object_handle"/> - </attribute> - </optional> - <optional> - <attribute name="sia_base"> - <ref name="uri"/> - </attribute> - </optional> - <optional> - <element name="bpki_cms_certificate"> - <ref name="base64"/> - </element> - </optional> - </element> - </zeroOrMore> - <zeroOrMore> - <element name="repository"> - <attribute name="handle"> - <ref name="object_handle"/> - </attribute> - <optional> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> - </optional> - <optional> - <element name="bpki_certificate"> - <ref name="base64"/> - </element> - </optional> - </element> - </zeroOrMore> - <optional> - <element name="bpki_ca_certificate"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="bpki_crl"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="bpki_bsc_certificate"> - <ref name="base64"/> - </element> - </optional> - <optional> - <element name="bpki_bsc_pkcs10"> - <ref name="base64"/> - </element> - </optional> - </element> - </start> - <!-- Format of an identity.xml file. --> - <start combine="choice"> - <element name="identity"> - <attribute name="version"> - <ref name="version"/> - </attribute> - <attribute name="handle"> - <ref name="object_handle"/> - </attribute> - <element name="bpki_ta"> - <ref name="base64"/> - </element> - </element> - </start> - <!-- - Format of <authorization/> element used in referrals. The Base64 - text is a <referral/> (q. v.) element signed with CMS. - --> - <define name="authorization"> - <element name="authorization"> - <attribute name="referrer"> - <ref name="pubd_handle"/> - </attribute> - <ref name="base64"/> - </element> - </define> - <!-- Format of <contact_info/> element used in referrals. --> - <define name="contact_info"> - <element name="contact_info"> - <optional> - <attribute name="uri"> - <ref name="uri"/> - </attribute> - </optional> - <data type="string"/> - </element> - </define> - <!-- Variant payload portion of a <repository/> element. --> - <define name="repository_payload"> - <choice> - <attribute name="type"> - <value>none</value> - </attribute> - <attribute name="type"> - <value>offer</value> - </attribute> - <group> - <attribute name="type"> - <value>referral</value> - </attribute> - <ref name="authorization"/> - <ref name="contact_info"/> - </group> - </choice> - </define> - <!-- <parent/> element (response from configure_child). --> - <start combine="choice"> - <element name="parent"> - <attribute name="version"> - <ref name="version"/> - </attribute> - <optional> - <attribute name="valid_until"> - <ref name="timestamp"/> - </attribute> - </optional> - <optional> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> - </optional> - <attribute name="child_handle"> - <ref name="object_handle"/> - </attribute> - <attribute name="parent_handle"> - <ref name="object_handle"/> - </attribute> - <element name="bpki_resource_ta"> - <ref name="base64"/> - </element> - <element name="bpki_child_ta"> - <ref name="base64"/> - </element> - <optional> - <element name="repository"> - <ref name="repository_payload"/> - </element> - </optional> - </element> - </start> - <!-- - <repository/> element, types offer and referral - (input to configure_publication_client). - --> - <start combine="choice"> - <element name="repository"> - <attribute name="version"> - <ref name="version"/> - </attribute> - <attribute name="handle"> - <ref name="object_handle"/> - </attribute> - <attribute name="parent_handle"> - <ref name="object_handle"/> - </attribute> - <ref name="repository_payload"/> - <element name="bpki_client_ta"> - <ref name="base64"/> - </element> - </element> - </start> - <!-- - <repository/> element, confirmation type (output of - configure_publication_client). - --> - <start combine="choice"> - <element name="repository"> - <attribute name="version"> - <ref name="version"/> - </attribute> - <attribute name="type"> - <value>confirmed</value> - </attribute> - <attribute name="parent_handle"> - <ref name="object_handle"/> - </attribute> - <attribute name="client_handle"> - <ref name="pubd_handle"/> - </attribute> - <attribute name="service_uri"> - <ref name="uri"/> - </attribute> - <attribute name="sia_base"> - <ref name="uri"/> - </attribute> - <element name="bpki_server_ta"> - <ref name="base64"/> - </element> - <element name="bpki_client_ta"> - <ref name="base64"/> - </element> - <optional> - <ref name="authorization"/> - </optional> - <optional> - <ref name="contact_info"/> - </optional> - </element> - </start> - <!-- - <referral/> element. This is the entirety of a separate message - which is signed with CMS then included ase the Base64 content of an - <authorization/> element in the main message. - --> - <start combine="choice"> - <element name="referral"> - <attribute name="version"> - <ref name="version"/> - </attribute> - <attribute name="authorized_sia_base"> - <ref name="uri"/> - </attribute> - <ref name="base64"/> - </element> - </start> -</grammar> -<!-- - Local Variables: - indent-tabs-mode: nil - comment-start: "# " - comment-start-skip: "#[ \t]*" - End: ---> -''')) - -## @var relaxng/router_certificate -## Parsed RelaxNG relaxng/router_certificate schema -relaxng/router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> +## @var router_certificate +## Parsed RelaxNG router_certificate schema +router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> <!-- $Id: router-certificate-schema.rnc 5757 2014-04-05 22:42:12Z sra $ @@ -2439,3 +2158,284 @@ relaxng/router_certificate = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml --> ''')) +## @var up_down +## Parsed RelaxNG up_down schema +up_down = lxml.etree.RelaxNG(lxml.etree.fromstring(r'''<?xml version="1.0" encoding="UTF-8"?> +<!-- + $Id: up-down-schema.rnc 5757 2014-04-05 22:42:12Z sra $ + + RelaxNG schema for the up-down protocol, extracted from RFC 6492. + + Copyright (c) 2012 IETF Trust and the persons identified as authors + of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + * Neither the name of Internet Society, IETF or IETF Trust, nor the + names of specific contributors, may be used to endorse or promote + products derived from this software without specific prior written + permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +--> +<grammar ns="http://www.apnic.net/specs/rescerts/up-down/" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <define name="resource_set_as"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,0-9]*</param> + </data> + </define> + <define name="resource_set_ip4"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,/.0-9]*</param> + </data> + </define> + <define name="resource_set_ip6"> + <data type="string"> + <param name="maxLength">512000</param> + <param name="pattern">[\-,/:0-9a-fA-F]*</param> + </data> + </define> + <define name="class_name"> + <data type="token"> + <param name="minLength">1</param> + <param name="maxLength">1024</param> + </data> + </define> + <define name="ski"> + <data type="token"> + <param name="minLength">27</param> + <param name="maxLength">1024</param> + </data> + </define> + <define name="label"> + <data type="token"> + <param name="minLength">1</param> + <param name="maxLength">1024</param> + </data> + </define> + <define name="cert_url"> + <data type="string"> + <param name="minLength">10</param> + <param name="maxLength">4096</param> + </data> + </define> + <define name="base64_binary"> + <data type="base64Binary"> + <param name="minLength">4</param> + <param name="maxLength">512000</param> + </data> + </define> + <start> + <element name="message"> + <attribute name="version"> + <data type="positiveInteger"> + <param name="maxInclusive">1</param> + </data> + </attribute> + <attribute name="sender"> + <ref name="label"/> + </attribute> + <attribute name="recipient"> + <ref name="label"/> + </attribute> + <ref name="payload"/> + </element> + </start> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>list</value> + </attribute> + <ref name="list_request"/> + </define> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>list_response</value> + </attribute> + <ref name="list_response"/> + </define> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>issue</value> + </attribute> + <ref name="issue_request"/> + </define> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>issue_response</value> + </attribute> + <ref name="issue_response"/> + </define> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>revoke</value> + </attribute> + <ref name="revoke_request"/> + </define> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>revoke_response</value> + </attribute> + <ref name="revoke_response"/> + </define> + <define name="payload" combine="choice"> + <attribute name="type"> + <value>error_response</value> + </attribute> + <ref name="error_response"/> + </define> + <define name="list_request"> + <empty/> + </define> + <define name="list_response"> + <zeroOrMore> + <ref name="class"/> + </zeroOrMore> + </define> + <define name="class"> + <element name="class"> + <attribute name="class_name"> + <ref name="class_name"/> + </attribute> + <attribute name="cert_url"> + <ref name="cert_url"/> + </attribute> + <attribute name="resource_set_as"> + <ref name="resource_set_as"/> + </attribute> + <attribute name="resource_set_ipv4"> + <ref name="resource_set_ip4"/> + </attribute> + <attribute name="resource_set_ipv6"> + <ref name="resource_set_ip6"/> + </attribute> + <attribute name="resource_set_notafter"> + <data type="dateTime"/> + </attribute> + <optional> + <attribute name="suggested_sia_head"> + <data type="anyURI"> + <param name="maxLength">1024</param> + <param name="pattern">rsync://.+</param> + </data> + </attribute> + </optional> + <zeroOrMore> + <element name="certificate"> + <attribute name="cert_url"> + <ref name="cert_url"/> + </attribute> + <optional> + <attribute name="req_resource_set_as"> + <ref name="resource_set_as"/> + </attribute> + </optional> + <optional> + <attribute name="req_resource_set_ipv4"> + <ref name="resource_set_ip4"/> + </attribute> + </optional> + <optional> + <attribute name="req_resource_set_ipv6"> + <ref name="resource_set_ip6"/> + </attribute> + </optional> + <ref name="base64_binary"/> + </element> + </zeroOrMore> + <element name="issuer"> + <ref name="base64_binary"/> + </element> + </element> + </define> + <define name="issue_request"> + <element name="request"> + <attribute name="class_name"> + <ref name="class_name"/> + </attribute> + <optional> + <attribute name="req_resource_set_as"> + <ref name="resource_set_as"/> + </attribute> + </optional> + <optional> + <attribute name="req_resource_set_ipv4"> + <ref name="resource_set_ip4"/> + </attribute> + </optional> + <optional> + <attribute name="req_resource_set_ipv6"> + <ref name="resource_set_ip6"/> + </attribute> + </optional> + <ref name="base64_binary"/> + </element> + </define> + <define name="issue_response"> + <ref name="class"/> + </define> + <define name="revoke_request"> + <ref name="revocation"/> + </define> + <define name="revoke_response"> + <ref name="revocation"/> + </define> + <define name="revocation"> + <element name="key"> + <attribute name="class_name"> + <ref name="class_name"/> + </attribute> + <attribute name="ski"> + <ref name="ski"/> + </attribute> + </element> + </define> + <define name="error_response"> + <element name="status"> + <data type="positiveInteger"> + <param name="maxInclusive">9999</param> + </data> + </element> + <zeroOrMore> + <element name="description"> + <attribute name="xml:lang"> + <data type="language"/> + </attribute> + <data type="string"> + <param name="maxLength">1024</param> + </data> + </element> + </zeroOrMore> + </define> +</grammar> +<!-- + Local Variables: + indent-tabs-mode: nil + comment-start: "# " + comment-start-skip: "#[ \t]*" + End: +--> +''')) + diff --git a/schemas/Makefile.in b/schemas/Makefile.in index 6d2a34b0..80ba3b17 100644 --- a/schemas/Makefile.in +++ b/schemas/Makefile.in @@ -43,7 +43,7 @@ RNGS = relaxng/left-right-schema.rng \ SQLS = sql/rpkid.sql sql/pubd.sql ${abs_top_srcdir}/rpki/relaxng.py: ${abs_top_srcdir}/buildtools/make-relaxng.py ${RNGS} - ${PYTHON} ${abs_top_srcdir}/buildtools/make-relaxng.py ${RNGS} >$@.tmp + cd relaxng; ${PYTHON} ${abs_top_srcdir}/buildtools/make-relaxng.py *.rng >$@.tmp mv $@.tmp $@ ${abs_top_srcdir}/rpki/sql_schemas.py: ${abs_top_srcdir}/buildtools/make-sql-schemas.py ${SQLS} |