| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
This is nasty, and I still don't entirely understand it why this was
happening. We collect ca_detail objects during bulk ROA processing,
so that we can defer manifest and CRL updates until the end of the
batch. Somehow, Django's caching code was causing the parent CA's
issued serial number to roll back as part of this caching, which
caused us to reuse serial numbers. Which is (very) bad.
Replacing the collection of ca_detail objects with a collection of
primary key values for those same ca_detail objects seems to have
worked, presumably because it lets us force creation of a new queryset
when it's time for us to process the relevant ca_detail objects.
The question is how many other booby traps like this might be lurking.
|
|
The rubber chicken needs to dance around the circle once, widdershins.
Obviously.
For future reference, the syntax for forcing queryset evaluation is
"list(blarg.all())", not "[blarg.all()]". In this case it doesn't
seem to be necessary.
|
|
|
|
|
|
|
|
|
|
There would (probably) be no security issue with continuing to use
OpenSSL 1.0.2h for RPKI, but it's usually best to stay current.
Update the update-snapshot script to use git instead of svn.
|
|
Signed-off-by: Randy Bush <randy@psg.com>
|
|
Signed-off-by: Randy Bush <randy@psg.com>
|
|
Randy accidently pushed a bunch of unsigned commits. I reviewed
them before signing this one. Randy's knuckles have been whacked.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is by no means a complete overhaul, just a fix for the most
obviously broken links in the Installation pages.
|
|
Documentation needs a general overhaul and some manual cleanup of
things that the Wiki extraction process got wrong, but it's probably
simplest to finish converting all the external stuff (eg, APT
repositories) first.
|
|
|
|
|
|
environment).
|
|
|
|
closes #838
svn path=/branches/tk705/; revision=6452
|
|
the output is not html escaped
closes #835
svn path=/branches/tk705/; revision=6451
|
|
scripts
see #825
svn path=/branches/tk705/; revision=6450
|
|
add --fake-initial option when doing the migrations so that existing installs will ignore the initial migration
svn path=/branches/tk705/; revision=6449
|
|
enabled, if that fails, whine and retry with validation disabled.
svn path=/branches/tk705/; revision=6448
|
|
svn path=/branches/tk705/; revision=6447
|
|
svn path=/branches/tk705/; revision=6446
|
|
svn path=/branches/tk705/; revision=6445
|
|
apache log instead.
Make the GUI log level configurable via rpki.conf
svn path=/branches/tk705/; revision=6444
|
|
versions
See #823
svn path=/branches/tk705/; revision=6443
|
|
specified by DB API, just use it, rather than getting clever with
variable-length argument sequences.
svn path=/branches/tk705/; revision=6442
|
|
svn path=/branches/tk705/; revision=6441
|
|
have been incomplete conversion from an older internal API, back when
we still had Generation objects. In any case, status="None" in
rcynic.xml is wrong, and has been giving rcynic-html indigestion.
svn path=/branches/tk705/; revision=6440
|
|
of rpki.django_settings.gui
Create new rpki.django_settings.gui_script Django settings file with a minimal subset required to use the ORM, to be used in auxillary scripts
Add [rpkigui-import-routes] section to rpki.conf
Change log level of warning about AS value errors in routeviews dumps to DEBUG
svn path=/branches/tk705/; revision=6439
|
|
installation on top of the active CADetail of a new-style rootd-less
rpkid configuration.
This has been tested, but only lightly, and only in the lab.
This script is dangerous. Do not run it unless you really know what
you are doing, and even then you probably do not want to run it on
anything but a brand new installation with no existing RPKI data.
See #816.
svn path=/branches/tk705/; revision=6438
|
|
svn path=/branches/tk705/; revision=6436
|
