| Age | Commit message (Collapse) | Author |
|---|
|
svn path=/branches/tk705/; revision=6378
|
|
svn path=/branches/tk705/; revision=6377
|
|
worker CA and going straight from the root to certifying children,
which is wrong. However...this is far enough along that we can now
remove all the rootd glorp, which is a worthwhile simplification in
its own right, so checkpoint here, remove rootd glorp, then figure out
what's wrong with the internal certificate hierarchy.
rcynic does validate the current output, given a manually constructed
TAL, even if the current output isn't quite what it should be. So we
should also be able to sort out the new TAL generation code now.
Yes, checking in a version that works for the wrong reasons is weird,
but the current sort-of-broken state lets us confirm that the lower
levels of the tree are still correct as we go, which would be much
harder if the poor thing just sat there and whimpered until we had
the new internal CA code completely finished.
svn path=/branches/tk705/; revision=6376
|
|
into an expanded rpki.irdb.models.Parent, as the two are more alike
than I expected them to be, but archive this version first.
svn path=/branches/tk705/; revision=6375
|
|
the companion Root object.
svn path=/branches/tk705/; revision=6374
|
|
svn path=/branches/tk705/; revision=6373
|
|
subelements in left-right responses, so we don't have to duplicate the
mechanism used for BSC <pkcs10_request/> subelements when handling
Parent <rpki_root_cert/> subelements.
svn path=/branches/tk705/; revision=6372
|
|
left-right schema. Not really using of this stuff yet, but haven't
broken existing code yet either.
svn path=/branches/tk705/; revision=6371
|
|
Parents do, because Roots will be uniquely named by reference to their
associated Parent. So move the handle back to Parent.
svn path=/branches/tk705/; revision=6370
|
|
svn path=/branches/tk705/; revision=6369
|
|
Still need equivalent hack for plain git, later.
svn path=/branches/tk705/; revision=6368
|
|
Parent model into base Turtle model and derived Parent model.
svn path=/branches/tk705/; revision=6367
|
|
This is a transitional version of rpki-nanny: in the long run, the
daemons it runs should take care of reading their own log
configuration from rpki.conf, but that's a yak for another day.
svn path=/branches/tk705/; revision=6366
|
|
svn path=/branches/tk705/; revision=6365
|
|
Fixes #804.
svn path=/branches/tk705/; revision=6364
|
|
svn path=/branches/tk705/; revision=6363
|
|
svn path=/branches/tk705/; revision=6361
|
|
I think Subversion's merge tracking data is turning into cream cheese.
svn path=/branches/tk705/; revision=6360
|
|
svn path=/branches/tk705/; revision=6352
|
|
OpenSSL 1.1 will include some backwards-compatible API changes. In
some cases, the new API won't be available until OpenSSL 1.1, but a
lot of the new API already exists in OpenSSL 1.0.2.
This commit switches the parts that can be switched with OpenSSL 1.0.
Other changes deferred until OpenSSL 1.1 public release.
svn path=/branches/tk705/; revision=6351
|
|
svn path=/branches/tk705/; revision=6350
|
|
OpenSSL API at a time.
svn path=/branches/tk705/; revision=6349
|
|
svn path=/branches/tk705/; revision=6348
|
|
files to something from the current decade. Let them, but as a
separate commit, so we can back this out if it breaks something.
svn path=/branches/tk705/; revision=6347
|
|
svn path=/branches/tk705/; revision=6346
|
|
this takes the form of new rpki.config.parser methods which we may
want to use in other programs, particularly the daemons.
svn path=/branches/tk705/; revision=6345
|
|
svn path=/branches/tk705/; revision=6344
|
|
is now handled in the outermost script, before rpki.rpkic is even
loaded; rpki.rpkic just assumes that euid and ruid have been set up
correctly and swaps them temporarily when it needs to do file I/O.
svn path=/branches/tk705/; revision=6340
|
|
GUI no longer uses (an additional layer of) temporary files between
itself and zookeeper. Zookeeper file read methods now take file-like
objects. rpkic now opens input files as the real UID, then reverts
back to the effective UID before handing the resulting file off to the
zookeeper.
This caught several more instances of rpkic file I/O that were not
doing the real/effective UID swap properly while loading CSV and VCard
files.
As far as I can tell from testing, this didn't break anything that
worked before. Whether it fixed all the file I/O problems remains to
be seen.
svn path=/branches/tk705/; revision=6339
|
|
rpki.irdb.zookeeper.etree_read(), the functions that call it, and the
functions that call them, could all use a bit of refactoring. At this
point pretty much ever caller is jumping through some hoop or another
due to the way the code has evolved, and most of it could be simpler.
svn path=/branches/tk705/; revision=6338
|
|
more interesting way now.
svn path=/branches/tk705/; revision=6335
|
|
cron job stuff while we're at this.
svn path=/branches/tk705/; revision=6334
|
|
Django settings with those of all the other ORM-using programs.
svn path=/branches/tk705/; revision=6333
|
|
svn path=/branches/tk705/; revision=6330
|
|
remove all the other copies to prevent confusion.
svn path=/branches/tk705/; revision=6329
|
|
stop recent Debian and Ubuntu from whining at the user on
installation.
svn path=/branches/tk705/; revision=6327
|
|
other engines.
svn path=/branches/tk705/; revision=6326
|
|
"unstable" where there is no numeric version available (yet, or ever,
as the case may be).
Debian Stretch picked up the mandatory ".conf" suffix for Apache site
files; don't (yet) know whether that was already present in Jessie,
won't much care until we have working backports of our dependencies
for Jessie.
svn path=/branches/tk705/; revision=6325
|
|
svn path=/branches/tk705/; revision=6324
|
|
when RPKI_USER not found.
svn path=/branches/tk705/; revision=6323
|
|
svn path=/branches/tk705/; revision=6322
|
|
rcynic-cron.
NB: rpkigui-rcynic is currently broken and is therefore disabled in rcynic-cron.
This needs to be fixed, but it was broken on this branch in any case, no real
point in holding up the rest of this waiting for it.
svn path=/branches/tk705/; revision=6321
|
|
of having to include them as build dependencies just so that
./configure can figure out their locations.
svn path=/branches/tk705/; revision=6320
|
|
svn path=/branches/tk705/; revision=6319
|
|
svn path=/branches/tk705/; revision=6318
|
|
svn path=/branches/tk705/; revision=6317
|
|
svn path=/branches/tk705/; revision=6316
|
|
rpki.autoconf gets the right values. Better fix would be to set these
on the ./configure command line in debian/rules, try that later.
svn path=/branches/tk705/; revision=6314
|
|
control over precisely what this rsync client is allowed to do.
svn path=/branches/tk705/; revision=6313
|
|
svn path=/branches/tk705/; revision=6312
|
