diff options
| -rw-r--r-- | doc/doc.RPKI.Installation.FreeBSDPorts | 23 | ||||
| -rw-r--r-- | doc/doc.RPKI.RP.rcynic | 6 | ||||
| -rw-r--r-- | doc/manual.pdf | bin | 752189 -> 752826 bytes |
3 files changed, 26 insertions, 3 deletions
diff --git a/doc/doc.RPKI.Installation.FreeBSDPorts b/doc/doc.RPKI.Installation.FreeBSDPorts index 1a5073e9..34f924ec 100644 --- a/doc/doc.RPKI.Installation.FreeBSDPorts +++ b/doc/doc.RPKI.Installation.FreeBSDPorts @@ -19,8 +19,6 @@ like this: rm -rf ${port} done -To upgrade, perform the same steps. - After performing initial installation, you should customize the default rpki.conf for your environment as necessary. In particular, you want to change handle and rpkid_server_host. There are obsessively detailed instructions. @@ -29,6 +27,27 @@ handle and rpkid_server_host. There are obsessively detailed instructions. Again, you want to change handle and rpkid_server_host at the minimum. +To upgrade, you can perform almost the same steps, but the FreeBSD ports +system, which doesn't really know about upgrades, will require you to use the +deinstall and reinstall operations instead of plain install: + + for port in rpki-rp rpki-ca + do + fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz + tar xf ${port}-port.tgz + cd ${port} + make deinstall + make reinstall + cd .. + rm -rf ${port} + done + +After an upgrade, you may want to check the newly-installed /usr/local/etc/ +rpki.conf.sample against your existing /usr/local/etc/rpki.conf in case any +important options have changed. We generally try to keep options stable between +versions, and provide sane defaults where we can, but if you've done a lot of +customization to your rpki.conf you will want to keep track of this. + ***** Automated Download and Install with portmaster ***** There's a script you can use to automate the download steps above and perform diff --git a/doc/doc.RPKI.RP.rcynic b/doc/doc.RPKI.RP.rcynic index ec05c478..186fe1c4 100644 --- a/doc/doc.RPKI.RP.rcynic +++ b/doc/doc.RPKI.RP.rcynic @@ -393,9 +393,13 @@ Default: false Allow use of otherwise valid objects which are not listed in the manifest. This is not supposed to happen, but is probably harmless. +Enabling this does, however, often result in noisier logs, as it increases the +chance that rcynic will attempt to validate data which a CA removed from the +manifest but did not completely remove and revoke from the repository. + Values: true or false -Default: true +Default: false **** allow-digest-mismatch **** diff --git a/doc/manual.pdf b/doc/manual.pdf Binary files differindex 1930e7cb..3cc6a567 100644 --- a/doc/manual.pdf +++ b/doc/manual.pdf |