| Age | Commit message (Collapse) | Author |
|---|
|
installation on top of the active CADetail of a new-style rootd-less
rpkid configuration.
This has been tested, but only lightly, and only in the lab.
This script is dangerous. Do not run it unless you really know what
you are doing, and even then you probably do not want to run it on
anything but a brand new installation with no existing RPKI data.
See #816.
svn path=/branches/tk705/; revision=6438
|
|
specification of a handle for the new root entity instead of the
default of using a randomly-generated UUID as the name.
svn path=/branches/tk705/; revision=6432
|
|
as including it ends very badly when the root certificate serial is a
randomly-generated 64-bit value. See #814.
svn path=/branches/tk705/; revision=6430
|
|
compatability hack which allows irdbd's server host and port to be
expressed as a URL. No big deal, except that I wonder how many other
relics we're going to find in The Config File That Time Forgot.
See #813.
svn path=/branches/tk705/; revision=6428
|
|
for XML. Apparently we were carefully changing just the XML files to
use a single "-" to work around this. Enough already, just convert
all copyright year ranges to single "-" and have done with this.
svn path=/branches/tk705/; revision=6427
|
|
svn path=/branches/tk705/; revision=6426
|
|
since copyright holder of record changed.
svn path=/branches/tk705/; revision=6425
|
|
We were building the correct management object structure in rpkidb,
but not in irdb, so the irdb kept breaking things when it tried to
bring them into alignment. What we get for trying to perform an
upgrade which requires pushing on a rope.
Anyway, result now appears to work. Committing, but letting it run
for a while before handing off to the usual alpha testers.
svn path=/branches/tk705/; revision=6422
|
|
svn path=/branches/tk705/; revision=6421
|
|
No longer throwing nasty errors, but resources still not propegating
correctly down from constructed root (yet).
svn path=/branches/tk705/; revision=6420
|
|
rsync URIs in too many places, we had been inconsistent about updating
them to match the new environment.
In theory, the URI updating code now knows to touch only URIs that
refer back to this same set of servers, while leaving URIs referencing
external services alone, but this has not (yet) been tested.
svn path=/branches/tk705/; revision=6419
|
|
svn path=/branches/tk705/; revision=6418
|
|
isn't working quite right yet (can't extract root certificate/TAL, so
not useful yet), but most of the up-down/left-right/publication
protocol now looks to be working with the translated data.
svn path=/branches/tk705/; revision=6416
|
|
engine to reset SQL SEQUENCEs after we've been fiddling with primary
keys directly. OK, I can understand why we ahve to do something, but
why does the official API for this expect us to cut and paste (with
color control escape sequences, no less)?
svn path=/branches/tk705/; revision=6415
|
|
SIA URI twiddling still needs doing.
svn path=/branches/tk705/; revision=6414
|
|
there yet, but general approach is starting to become clear.
svn path=/branches/tk705/; revision=6411
|
|
svn path=/branches/tk705/; revision=6410
|
|
smoketest.1.yaml. Not yet tested in a live server. Rootd transition
not yet written, so far just some diagnostics showing some of the data
we'll need to use to move the root CA state we must keep into the new
internal root object (keys, serial numbers, etc).
svn path=/branches/tk705/; revision=6409
|
|
svn path=/branches/tk705/; revision=6408
|
|
svn path=/branches/tk705/; revision=6407
|
|
Still have irdb and pubd to do.
svn path=/branches/tk705/; revision=6406
|
|
that anybody is likely to care.
svn path=/branches/tk705/; revision=6405
|
|
svn path=/branches/tk705/; revision=6404
|
|
results, of course, but Django behavior so far suggests that this
approach will probably work.
svn path=/branches/tk705/; revision=6403
|
|
svn path=/branches/tk705/; revision=6402
|
|
svn path=/branches/tk705/; revision=6400
|
|
svn path=/branches/tk705/; revision=6398
|
|
svn path=/branches/tk705/; revision=6396
|
|
encapsulate all (well, we hope) relevant configuration and state from
a trunk/ CA in a form we can easily load on another machine, or on the
same machine after a software upgrade, or ....
Transfer format is an ad hoc Python dictionary, encoded in Python's
native "Pickle" format, compressed by "xz" with SHA-256 integrity
checking enabled. See #807.
svn path=/trunk/; revision=6395
|
|
svn path=/branches/tk705/; revision=6308
|
|
svn path=/branches/tk705/; revision=6284
|
|
svn path=/branches/tk705/; revision=6264
|
|
or commenting conventions should be shot. If it so happens that it is
inconvenient to shoot him, then he is to be politely requested to recode
his program in adherence to the above standard."
-- Michael Spier, Digital Equipment Corporation
svn path=/branches/tk705/; revision=6152
|
|
presence of namespace-using content: removes unnecessary prefixes,
while retaining those required for this particular output.
svn path=/branches/tk705/; revision=6133
|
|
"myrpki" to new IETF standards track I-D syntax.
svn path=/branches/tk705/; revision=6131
|
|
svn path=/branches/tk705/; revision=6124
|
|
"From " line in case that's what's been giving the IRR code indigestion.
svn path=/trunk/; revision=6111
|
|
RIRs and AltCA for now. Perhaps this script should use argparse?
svn path=/trunk/; revision=6104
|
|
See #768.
svn path=/trunk/; revision=6090
|
|
svn path=/branches/tk705/; revision=6081
|
|
days ago, but forgot to check in changes at the time).
svn path=/branches/tk705/; revision=6024
|
|
svn path=/branches/tk705/; revision=6021
|
|
delta rather than a range.
svn path=/branches/tk705/; revision=6010
|
|
legacy rpki and pubd databases.
svn path=/branches/tk705/; revision=5987
|
|
svn path=/branches/tk705/; revision=5956
|
|
svn path=/branches/tk713/; revision=5948
|
|
svn path=/branches/tk705/; revision=5936
|
|
May have finally gotten the right balance of indexes for basic use.
Use various optimizations to let us load large data sets before the
heat death of the universe. Some of these optimizations are
dangerous, in the sense that if this script crashes while constructing
the database, you'll have to rebuild the database from scratch.
Probably ought to offer both this and the slow-but-safe approach as
command line options, but:
- The speed improvements look to be worth at least an order of
magnitude in the runtime,
- The speed improvements also prevent all the fsync() calls in the
safe approach from turning the underlying filesystem into cream
cheese while the script is running, and
- This script is just a research anlysis tool to begin with.
So I think the risk is justified in this case.
svn path=/trunk/; revision=5934
|
|
seconds-since-epoch.
svn path=/trunk/; revision=5933
|
|
svn path=/branches/tk705/; revision=5931
|
