| Age | Commit message (Collapse) | Author |
|---|
|
|
|
smoketest hasn't worked since we converted to Tornado and Django ORM.
xml-parse-test hasn't worked since we ripped out the massively
redundant XML layer and went to using lxml.etree directly.
old_irdbd hasn't worked since we converted to Django ORM.
rpki.adns hasn't worked since we converted to Tornado.
Various tests in ca/Makefile.in haven't worked since all of the above
happened.
Some day we may want to resurrect a few bits (in particular, the
post-initialization scripting capabilities from smoketest) but for the
moment it just confuses people, so away with it.
|
|
The ROA update and generate methods were parsing the ipv4 and ipv6
instance variables as if they were resource sets, rather than ROA
prefix sets. This works as expected when max-length is not being
used, but when max-length is used, parsing does not succeed and ROAs
cannot be generated or updated. Parsing each variable as if it's a
ROA prefix set, and then converting the result to a resource set,
appears to fix the problem.
Signed-off-by: Rob Austein <sra@hactrn.net>
|
|
|
|
This is nasty, and I still don't entirely understand it why this was
happening. We collect ca_detail objects during bulk ROA processing,
so that we can defer manifest and CRL updates until the end of the
batch. Somehow, Django's caching code was causing the parent CA's
issued serial number to roll back as part of this caching, which
caused us to reuse serial numbers. Which is (very) bad.
Replacing the collection of ca_detail objects with a collection of
primary key values for those same ca_detail objects seems to have
worked, presumably because it lets us force creation of a new queryset
when it's time for us to process the relevant ca_detail objects.
The question is how many other booby traps like this might be lurking.
|
|
The rubber chicken needs to dance around the circle once, widdershins.
Obviously.
For future reference, the syntax for forcing queryset evaluation is
"list(blarg.all())", not "[blarg.all()]". In this case it doesn't
seem to be necessary.
|
|
|
|
closes #838
svn path=/branches/tk705/; revision=6452
|
|
the output is not html escaped
closes #835
svn path=/branches/tk705/; revision=6451
|
|
scripts
see #825
svn path=/branches/tk705/; revision=6450
|
|
add --fake-initial option when doing the migrations so that existing installs will ignore the initial migration
svn path=/branches/tk705/; revision=6449
|
|
svn path=/branches/tk705/; revision=6446
|
|
svn path=/branches/tk705/; revision=6445
|
|
apache log instead.
Make the GUI log level configurable via rpki.conf
svn path=/branches/tk705/; revision=6444
|
|
versions
See #823
svn path=/branches/tk705/; revision=6443
|
|
of rpki.django_settings.gui
Create new rpki.django_settings.gui_script Django settings file with a minimal subset required to use the ORM, to be used in auxillary scripts
Add [rpkigui-import-routes] section to rpki.conf
Change log level of warning about AS value errors in routeviews dumps to DEBUG
svn path=/branches/tk705/; revision=6439
|
|
for XML. Apparently we were carefully changing just the XML files to
use a single "-" to work around this. Enough already, just convert
all copyright year ranges to single "-" and have done with this.
svn path=/branches/tk705/; revision=6427
|
|
svn path=/branches/tk705/; revision=6426
|
|
since copyright holder of record changed.
svn path=/branches/tk705/; revision=6425
|
|
svn path=/branches/tk705/; revision=6421
|
|
svn path=/branches/tk705/; revision=6417
|
|
SIA URI twiddling still needs doing.
svn path=/branches/tk705/; revision=6414
|
|
svn path=/branches/tk705/; revision=6413
|
|
reporting AIA extension of a root certificate. See #809.
svn path=/branches/tk705/; revision=6412
|
|
rpkid.
closes #805
svn path=/branches/tk705/; revision=6394
|
|
commands. Fixes #808.
svn path=/branches/tk705/; revision=6393
|
|
svn path=/branches/tk705/; revision=6391
|
|
and logging setup. Most programs now use the unified mechanism,
although there are still a few holdouts: the GUI, which is a special
case because it has no command line, and the rpki-rtr program, which,
for historical reasons has its own implementation of the logging setup
infrastructure.
svn path=/branches/tk705/; revision=6390
|
|
startup error messages logged properly if at all possible. See #806.
svn path=/branches/tk705/; revision=6387
|
|
.up_down_query() must handle errors signaled by .up_down_query_root() correctly.
svn path=/branches/tk705/; revision=6383
|
|
svn path=/branches/tk705/; revision=6382
|
|
"Try adding .all(), idiot."
svn path=/branches/tk705/; revision=6381
|
|
new scheme. Rewrite pubd code which was whacking top-level
certificate files with names other than "root.cer".
svn path=/branches/tk705/; revision=6380
|
|
svn path=/branches/tk705/; revision=6379
|
|
svn path=/branches/tk705/; revision=6378
|
|
svn path=/branches/tk705/; revision=6377
|
|
worker CA and going straight from the root to certifying children,
which is wrong. However...this is far enough along that we can now
remove all the rootd glorp, which is a worthwhile simplification in
its own right, so checkpoint here, remove rootd glorp, then figure out
what's wrong with the internal certificate hierarchy.
rcynic does validate the current output, given a manually constructed
TAL, even if the current output isn't quite what it should be. So we
should also be able to sort out the new TAL generation code now.
Yes, checking in a version that works for the wrong reasons is weird,
but the current sort-of-broken state lets us confirm that the lower
levels of the tree are still correct as we go, which would be much
harder if the poor thing just sat there and whimpered until we had
the new internal CA code completely finished.
svn path=/branches/tk705/; revision=6376
|
|
into an expanded rpki.irdb.models.Parent, as the two are more alike
than I expected them to be, but archive this version first.
svn path=/branches/tk705/; revision=6375
|
|
the companion Root object.
svn path=/branches/tk705/; revision=6374
|
|
svn path=/branches/tk705/; revision=6373
|
|
subelements in left-right responses, so we don't have to duplicate the
mechanism used for BSC <pkcs10_request/> subelements when handling
Parent <rpki_root_cert/> subelements.
svn path=/branches/tk705/; revision=6372
|
|
left-right schema. Not really using of this stuff yet, but haven't
broken existing code yet either.
svn path=/branches/tk705/; revision=6371
|
|
Parents do, because Roots will be uniquely named by reference to their
associated Parent. So move the handle back to Parent.
svn path=/branches/tk705/; revision=6370
|
|
svn path=/branches/tk705/; revision=6369
|
|
Parent model into base Turtle model and derived Parent model.
svn path=/branches/tk705/; revision=6367
|
|
svn path=/branches/tk705/; revision=6365
|
|
Fixes #804.
svn path=/branches/tk705/; revision=6364
|
|
svn path=/branches/tk705/; revision=6363
|
|
svn path=/branches/tk705/; revision=6361
|
|
I think Subversion's merge tracking data is turning into cream cheese.
svn path=/branches/tk705/; revision=6360
|
