1 files changed, 29 insertions, 23 deletions

diff --git a/rpki/irdb/zookeeper.py b/rpki/irdb/zookeeper.py
index 1e163a4d..c9f7d78e 100644
--- a/rpki/irdb/zookeeper.py
+++ b/rpki/irdb/zookeeper.py
@@ -35,6 +35,7 @@ import rpki.left_right
 import rpki.x509
 import rpki.async
 import rpki.irdb
+import rpki.publication_control
 import django.db.transaction
 
 from lxml.etree import (Element, SubElement, ElementTree,
@@ -148,7 +149,6 @@ class etree_wrapper(object):
   """
   Wrapper for ETree objects so we can return them as function results
   without requiring the caller to understand much about them.
-
   """
 
   def __init__(self, e, msg = None, debug = False):
@@ -533,13 +533,8 @@ class Zookeeper(object):
     if self.run_pubd:
       updates = []
 
-      updates.append(
-        rpki.publication.config_elt.make_pdu(
-          action = "set",
-          bpki_crl = self.server_ca.latest_crl))
-
       updates.extend(
-        rpki.publication.client_elt.make_pdu(
+        rpki.publication_control.client_elt.make_pdu(
           action = "set",
           client_handle = client.handle,
           bpki_cert = client.certificate)
@@ -1141,9 +1136,9 @@ class Zookeeper(object):
                                                       clear_replay_protection = "yes")
                     for ca in rpki.irdb.ResourceHolderCA.objects.all())
     if self.run_pubd:
-      self.call_pubd(rpki.publication.client_elt.make_pdu(action = "set",
-                                                          client_handle = client.handle,
-                                                          clear_replay_protection = "yes")
+      self.call_pubd(rpki.publication_control.client_elt.make_pdu(action = "set",
+                                                                  client_handle = client.handle,
+                                                                  clear_replay_protection = "yes")
                      for client in self.server_ca.clients.all())
 
 
@@ -1170,7 +1165,7 @@ class Zookeeper(object):
       pdus = pdus[0]
 
     call_pubd = rpki.async.sync_wrapper(rpki.http.caller(
-      proto       = rpki.publication,
+      proto       = rpki.publication_control,
       client_key  = irbe.private_key,
       client_cert = irbe.certificate,
       server_ta   = self.server_ca.certificate,
@@ -1187,11 +1182,11 @@ class Zookeeper(object):
     throw exceptions as needed.
     """
 
-    if any(isinstance(pdu, (rpki.left_right.report_error_elt, rpki.publication.report_error_elt)) for pdu in pdus):
+    if any(isinstance(pdu, (rpki.left_right.report_error_elt, rpki.publication_control.report_error_elt)) for pdu in pdus):
       for pdu in pdus:
         if isinstance(pdu, rpki.left_right.report_error_elt):
           self.log("rpkid reported failure: %s" % pdu.error_code)
-        elif isinstance(pdu, rpki.publication.report_error_elt):
+        elif isinstance(pdu, rpki.publication_control.report_error_elt):
           self.log("pubd reported failure: %s" % pdu.error_code)
         else:
           continue
@@ -1527,16 +1522,10 @@ class Zookeeper(object):
     if not self.run_pubd:
       return
 
-    # Make sure that pubd's BPKI CRL is up to date.
-
-    self.call_pubd(rpki.publication.config_elt.make_pdu(
-      action = "set",
-      bpki_crl = self.server_ca.latest_crl))
-
     # See what pubd already has on file
 
-    pubd_reply = self.call_pubd(rpki.publication.client_elt.make_pdu(action = "list"))
-    client_pdus = dict((x.client_handle, x) for x in pubd_reply if isinstance(x, rpki.publication.client_elt))
+    pubd_reply = self.call_pubd(rpki.publication_control.client_elt.make_pdu(action = "list"))
+    client_pdus = dict((x.client_handle, x) for x in pubd_reply if isinstance(x, rpki.publication_control.client_elt))
     pubd_query = []
 
     # Check all clients
@@ -1548,15 +1537,32 @@ class Zookeeper(object):
       if (client_pdu is None or
           client_pdu.base_uri != client.sia_base or
           client_pdu.bpki_cert != client.certificate):
-        pubd_query.append(rpki.publication.client_elt.make_pdu(
+        pubd_query.append(rpki.publication_control.client_elt.make_pdu(
           action = "create" if client_pdu is None else "set",
           client_handle = client.handle,
           bpki_cert = client.certificate,
           base_uri = client.sia_base))
 
+    # rootd instances are also a weird sort of client
+
+    for rootd in rpki.irdb.Rootd.objects.all():
+
+      client_handle = rootd.issuer.handle + "-root"
+      client_pdu = client_pdus.pop(client_handle, None)
+      sia_base = "rsync://%s/%s/%s/" % (self.rsync_server, self.rsync_module, client_handle)
+
+      if (client_pdu is None or
+          client_pdu.base_uri != sia_base or
+          client_pdu.bpki_cert != rootd.issuer.certificate):
+        pubd_query.append(rpki.publication_control.client_elt.make_pdu(
+          action = "create" if client_pdu is None else "set",
+          client_handle = client_handle,
+          bpki_cert = rootd.issuer.certificate,
+          base_uri = sia_base))
+
     # Delete any unknown clients
 
-    pubd_query.extend(rpki.publication.client_elt.make_pdu(
+    pubd_query.extend(rpki.publication_control.client_elt.make_pdu(
             action = "destroy", client_handle = p) for p in client_pdus)
 
     # If we changed anything, ship updates off to pubd