From ff61415745c861f2020ec6341e427edaad08930a Mon Sep 17 00:00:00 2001
From: RPKI Documentation Robot <docbot@rpki.net>
Date: Mon, 7 Jul 2014 11:00:32 +0000
Subject: Automatic pull of documentation from Wiki.

svn path=/trunk/; revision=5885
---
 doc/doc.RPKI                           |  33 ----
 doc/doc.RPKI.Installation.FreeBSDPorts |  90 -----------
 doc/doc.RPKI.Installation.FromSource   | 277 ---------------------------------
 doc/manual.pdf                         | Bin 757140 -> 730263 bytes
 4 files changed, 400 deletions(-)

diff --git a/doc/doc.RPKI b/doc/doc.RPKI
index fd1a3bbe..e69de29b 100644
--- a/doc/doc.RPKI
+++ b/doc/doc.RPKI
@@ -1,33 +0,0 @@
-****** RPKI Tools Manual ******
-
-This collection of tools implements both the production (CA) and relying party
-(RP) sides of an RPKI environment.
-
-The Subversion repository for the entire project is available for (read-only)
-anonymous access at http://subvert-rpki.hactrn.net/.
-
-If you just want to browse the code you might find the Trac source code browser
-interface more convenient.
-
-***** Download and Install *****
-
-Full source code is available, as are binary packages for a few platforms.
-
-See the installation instructions for how to download the code and install it
-once you've downloaded it.
-
-***** Relying Party Tools *****
-
-If you operate routers and want to use RPKI data to help secure them, you
-should look at the relying party tools.
-
-***** CA Tools *****
-
-If you control RPKI resources and need an engine let you request certificates,
-issue ROAs, or issue certificates to other entities, you should look at the CA
-tools.
-
-***** Thanks *****
-
-This work was funded from 2006 through 2008 by ARIN, in collaboration with the
-other Regional Internet Registries. Current work is funded by DHS.
diff --git a/doc/doc.RPKI.Installation.FreeBSDPorts b/doc/doc.RPKI.Installation.FreeBSDPorts
index 34f924ec..e69de29b 100644
--- a/doc/doc.RPKI.Installation.FreeBSDPorts
+++ b/doc/doc.RPKI.Installation.FreeBSDPorts
@@ -1,90 +0,0 @@
-****** Installation Using FreeBSD Ports ******
-
-Port skeletons are available for FreeBSD from download.rpki.net. To use these,
-you need to download the port skeletons then run them using your favorite
-FreeBSD port installation tool.
-
-***** Manual Download *****
-
-To download the port skeletons manually and install from them, do something
-like this:
-
-  for port in rpki-rp rpki-ca
-  do
-    fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz
-    tar xf ${port}-port.tgz
-    cd ${port}
-    make install
-    cd ..
-    rm -rf ${port}
-  done
-
-After performing initial installation, you should customize the default
-rpki.conf for your environment as necessary. In particular, you want to change
-handle and rpkid_server_host. There are obsessively detailed instructions.
-
-  emacs /usr/local/etc/rpki.conf
-
-Again, you want to change handle and rpkid_server_host at the minimum.
-
-To upgrade, you can perform almost the same steps, but the FreeBSD ports
-system, which doesn't really know about upgrades, will require you to use the
-deinstall and reinstall operations instead of plain install:
-
-  for port in rpki-rp rpki-ca
-  do
-    fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz
-    tar xf ${port}-port.tgz
-    cd ${port}
-    make deinstall
-    make reinstall
-    cd ..
-    rm -rf ${port}
-  done
-
-After an upgrade, you may want to check the newly-installed /usr/local/etc/
-rpki.conf.sample against your existing /usr/local/etc/rpki.conf in case any
-important options have changed. We generally try to keep options stable between
-versions, and provide sane defaults where we can, but if you've done a lot of
-customization to your rpki.conf you will want to keep track of this.
-
-***** Automated Download and Install with portmaster *****
-
-There's a script you can use to automate the download steps above and perform
-the updates using portmaster. First, download the script:
-
-  fetch http://download.rpki.net/FreeBSD_Packages/rpki-portmaster.sh
-
-Then, to install or upgrade, just execute the script:
-
-  sh rpki-portmaster.sh
-
-As with manual download (above) you should customize rpki.conf after initial
-installation.
-
-***** Automated Download and Install with portupgrade *****
-
-There's a script you can use to automate the download steps above and perform
-the updates using portupgrade. First, download the script:
-
-  fetch http://download.rpki.net/FreeBSD_Packages/rpki-portupgrade.sh
-
-Next, you will need to add information about the RPKI ports to two variables in
-/usr/local/etc/pkgtools.conf before portupgrade will know how to deal with
-these ports:
-
-  EXTRA_CATEGORIES = [
-      'rpki',
-  ]
-
-  ALT_INDEX = [
-      ENV['PORTSDIR'] + '/INDEX.rpki',
-  ]
-
-Once you have completed these steps, you can just execute the script to install
-or upgrade the RPKI code:
-
-  sh rpki-portupgrade.sh
-
-As with manual download (above) you should customize rpki.conf after initial
-installation.
diff --git a/doc/doc.RPKI.Installation.FromSource b/doc/doc.RPKI.Installation.FromSource
index b6acdc02..e69de29b 100644
--- a/doc/doc.RPKI.Installation.FromSource
+++ b/doc/doc.RPKI.Installation.FromSource
@@ -1,277 +0,0 @@
-****** Installing From Source Code ******
-
-At present, the entire RPKI tools collection is a single source tree with a
-shared autoconf configuration. This may change in the future, but for now, this
-means that the build process is essentially the same regardless of which tools
-one wants to use. Some of the tools have dependencies on external packages,
-although we've tried to keep this to a minimum.
-
-Most of the tools require an RFC-3779-aware version of the OpenSSL libraries.
-If necessary, the build process will generate its own private copy of the
-OpenSSL libraries for this purpose.
-
-Other than OpenSSL, most of the relying party tools are fairly self-contained.
-The CA tools have a few additional dependencies, described below.
-
-Note that initial development of this code has been on FreeBSD, so installation
-will probably be easiest on FreeBSD. We do, however, test on other platforms,
-such as Fedora, Ubuntu, Debian, and MacOSX.
-
-***** Downloading the Source Code *****
-
-The recommended way to obtain the source code is via subversion. To download,
-do:
-
-  $ svn checkout http://subvert-rpki.hactrn.net/trunk/
-
-Code snapshots are also available from http://download.rpki.net/ as xz-
-compressed tarballs.
-
-***** Prerequisites *****
-
-Before attempting to build the tools from source, you will need to install any
-missing prerequisites.
-
-Some of the relying party tools and most of the CA tools are written in Python.
-Note that the Python code requires Python version 2.6 or 2.7.
-
-On some platforms (particularly MacOSX) the simplest way to install some of the
-Python packages may be the "easy_install" or "pip" tools that comes with
-Python.
-
-Packages you will need:
-
-* You will need a C compiler. gcc is fine, others such as Clang should also
-  work.
-
-* http://www.python.org/, the Python interpreter, libraries, and sources. On
-  some platforms the Python sources (in particular, the header files and
-  libraries needed when building Python extensions) are in a separate
-  "development" package, on other platforms they are all part of a single
-  package. If you get compilation errors trying to build the POW code later in
-  the build process and the error message says something about the file
-  "Python.h" being missing, this is almost certainly your problem.
-
-  o FreeBSD:
-
-    # /usr/ports/lang/python27 (python)
-
-  o Debian & Ubuntu:
-
-    # python
-    # python-dev
-    # python-setuptools
-
-* http://codespeak.net/lxml/, a Pythonic interface to the Gnome LibXML2
-  libraries. lxml in turn requires the LibXML2 C libraries; on some platforms,
-  some of the LibXML2 utilities are packaged separately and may not be pulled
-  in as dependencies.
-
-  o FreeBSD: /usr/ports/devel/py-lxml (py27-lxml)
-  o Fedora: python-lxml.i386
-  o Debian & Ubuntu:
-
-    # python-lxml
-    # libxml2-utils
-
-* http://www.mysql.com/, MySQL client and server. How these are packaged varies
-  by platform, on some platforms the client and server are separate packages,
-  on others they might be a single monolithic package, or installing the server
-  might automatically install the client as a dependency. On MacOSX you might
-  be best off installing a binary package for MySQL. The RPKI CA tools have
-  been tested with MySQL 5.0, 5.1, and 5.5; they will probably work with any
-  other reasonably recent version.
-
-  o FreeBSD:
-
-    # /usr/ports/databases/mysql55-server (mysql55-server)
-    # /usr/ports/databases/mysql55-client (mysql55-client)
-
-  o Debian & Ubuntu:
-
-    # mysql-client
-    # mysql-server
-
-* http://sourceforge.net/projects/mysql-python/, the Python "db" interface to
-  MySQL.
-
-  o FreeBSD: /usr/ports/databases/py-MySQLdb (py27-MySQLdb)
-  o Fedora: MySQL-python.i386
-  o Debian & Ubuntu: python-mysqldb
-
-* http://www.djangoproject.com/, the Django web user interface toolkit. The GUI
-  interface to the CA tools requires this. Django 1.4 is required.
-
-  o FreeBSD: /usr/ports/www/py-django (py27-django)
-  o Debian: python-django
-  o Ubuntu: Do not use the python-django package (Django 1.3.1) in 12.04 LTS,
-    as it is known not to work.
-    Instead, install a recent version using easy_install or pip:
-
-      $ sudo pip install django==1.4.5
-
-* http://vobject.skyhouseconsulting.com/, a Python library for parsing VCards.
-  The GUI uses this to parse the payload of RPKI Ghostbuster objects.
-
-  o FreeBSD: /usr/ports/deskutils/py-vobject (py27-vobject)
-  o Debian & Ubuntu: python-vobject
-
-* Several programs (more as time goes on) use the Python argparse module. This
-  module is part of the Python standard library as of Python 2.7, but you may
-  need to install it separately if you're stuck with Python 2.6. Don't do this
-  unless you must. In cases where this is necessary, you'll probably need to
-  use pip:
-
-    $ python -c 'import argparse' 2>/dev/null || sudo pip install argparse
-
-* http://pyyaml.org/. Several of the test programs use PyYAML to parse a YAML
-  description of a simulated allocation hierarchy to test.
-
-  o FreeBSD: /usr/ports/devel/py-yaml (py27-yaml)
-  o Debian & Ubuntu: python-yaml
-
-* http://xmlsoft.org/XSLT/. Some of the test code uses xsltproc, from the Gnome
-  LibXSLT package.
-
-  o FreeBSD: /usr/ports/textproc/libxslt (libxslt)
-  o Debian & Ubuntu: xsltproc
-
-* http://www.rrdtool.org/. The relying party tools use this to generate
-  graphics which you may find useful in monitoring the behavior of your
-  validator. The rest of the software will work fine without rrdtool, you just
-  won't be able to generate those graphics.
-
-  o FreeBSD: /usr/ports/databases/rrdtool (rrdtool)
-  o Debian & Ubuntu: rrdtool
-
-* http://www.freshports.org/www/mod_wsgi3/ If you intend to run the GUI with
-  wsgi, its default configuration, you will need to install mod_wsgi v3
-
-  o FreeBSD: /usr/ports/www/mod_wsgi3 (app22-mod_wsgi)
-  o Debian & Ubuntu: libapache2-mod-wsgi
-
-* http://south.aeracode.org/ Django South 0.7.6 or later. This tool is used to
-  ease the pain of changes to the web portal database schema.
-
-  o FreeBSD: /usr/ports/databases/py-south (py27-south)
-  o Debian: python-django-south
-  o Ubuntu: Do not use the python-django-south 0.7.3 package in 12.04 LTS, as
-    it is known not to work.
-    Instead, install a recent version using easy_install or pip:
-
-      pip install South>=0.7.6
-
-***** Configure and build *****
-
-Once you have the prerequesite packages installed, you should be able to build
-the toolkit. cd to the top-level directory in the distribution, run the
-configure script, then run "make":
-
-  $ cd $top
-  $ ./configure
-  $ make
-
-This should automatically build everything, in the right order, including
-building a private copy of the OpenSSL libraries with the right options if
-necessary and linking the POW module against either the system OpenSSL
-libraries or the private OpenSSL libraries, as appopriate.
-
-In theory, ./configure will complain about any required packages which might be
-missing.
-
-If you don't intend to run any of the CA tools, you can simplify the build and
-installation process by telling ./configure that you only want to build the
-relying party tools:
-
-  $ cd $top
-  $ ./configure --disable-ca-tools
-  $ make
-
-***** Testing the build *****
-
-Assuming the build stage completed without obvious errors, the next step is to
-run some basic regression tests.
-
-Some of the tests for the CA tools require MySQL databases to store their data.
-To set up all the databases that the tests will need, run the SQL commands in
-ca/tests/smoketest.setup.sql. The MySQL command line client is usually the
-easiest way to do this, eg:
-
-  $ cd $top/ca
-  $ mysql -u root -p <tests/smoketest.setup.sql
-
-To run the tests, run "make test":
-
-  $ cd $top
-  $ make test
-
-To run a more extensive set of tests on the CA tool, run "make all-tests" in
-the ca/ directory:
-
-  $ cd $top/ca
-  $ make all-tests
-
-If nothing explodes, your installation is probably ok. Any Python backtraces in
-the output indicate a problem.
-
-***** Installing *****
-
-Assuming the build and test phases went well, you should be ready to install
-the code. The ./configure script attempts to figure out the "obvious" places to
-install the various programs for your platform: binaries will be installed in /
-usr/local/bin or /usr/local/sbin, Python modules will be installed using the
-standard Python distutils and should end up wherever your system puts locally-
-installed Python libraries, and so forth.
-
-The RPKI validator, rcynic, is a special case, because the install scripts may
-attempt to build a chroot jail and install rcynic in that environment. This is
-straightforward in FreeBSD, somewhat more complicated on other systems,
-primarily due to hidden dependencies on dynamic libraries.
-
-To install the code, become root (su, sudo, whatever), then run "make install":
-
-  $ cd $top
-  $ sudo make install
-
-***** Tools you should not need to install *****
-
-There's a last set of tools that only developers should need, as they're only
-used when modifying schemas or regenerating the documentation. These tools are
-listed here for completeness.
-
-* http://www.doxygen.org/. Doxygen in turn pulls in several other tools,
-  notably Graphviz, pdfLaTeX, and Ghostscript.
-
-  o FreeBSD: /usr/ports/devel/doxygen
-  o Debian & Ubuntu: doxygen
-
-* http://www.mbayer.de/html2text/. The documentation build process uses
-  xsltproc and html2text to dump flat text versions of a few critical
-  documentation pages.
-
-  o FreeBSD: /usr/ports/textproc/html2text
-
-* http://www.thaiopensource.com/relaxng/trang.html. Trang is used to convert
-  RelaxNG schemas from the human-readable "compact" form to the XML form that
-  LibXML2 understands. Trang in turn requires Java.
-
-  o FreeBSD: /usr/ports/textproc/trang
-
-* http://search.cpan.org/dist/SQL-Translator/. SQL-Translator, also known as
-  "SQL Fairy", includes code to parse an SQL schema and dump a description of
-  it as Graphviz input. SQL Fairy in turn requires Perl.
-
-  o FreeBSD: /usr/ports/databases/p5-SQL-Translator
-
-* http://www.easysw.com/htmldoc/. The documentation build process uses htmldoc
-  to generate PDF from the project's Trac wiki.
-
-  o FreeBSD: /usr/ports/textproc/htmldoc
-
-***** Next steps *****
-
-Once you've finished installing the code, you will need to configure it. Since
-CAs are generally also relying parties (if only so that they can check the
-results of their own actions), you will generally want to start by configuring
-the relying party tools, then configure the CA tools if you're planning to use
-them.
diff --git a/doc/manual.pdf b/doc/manual.pdf
index 701bf98f..4011447c 100644
Binary files a/doc/manual.pdf and b/doc/manual.pdf differ
-- 
cgit v1.2.3


From 9d316732c4094d6051b894a7a484a0de5a0640eb Mon Sep 17 00:00:00 2001
From: RPKI Documentation Robot <docbot@rpki.net>
Date: Mon, 7 Jul 2014 12:00:22 +0000
Subject: Automatic pull of documentation from Wiki.

svn path=/trunk/; revision=5886
---
 doc/doc.RPKI                           |  33 ++++
 doc/doc.RPKI.Installation.FreeBSDPorts |  90 +++++++++++
 doc/doc.RPKI.Installation.FromSource   | 277 +++++++++++++++++++++++++++++++++
 doc/manual.pdf                         | Bin 730263 -> 757140 bytes
 4 files changed, 400 insertions(+)

diff --git a/doc/doc.RPKI b/doc/doc.RPKI
index e69de29b..fd1a3bbe 100644
--- a/doc/doc.RPKI
+++ b/doc/doc.RPKI
@@ -0,0 +1,33 @@
+****** RPKI Tools Manual ******
+
+This collection of tools implements both the production (CA) and relying party
+(RP) sides of an RPKI environment.
+
+The Subversion repository for the entire project is available for (read-only)
+anonymous access at http://subvert-rpki.hactrn.net/.
+
+If you just want to browse the code you might find the Trac source code browser
+interface more convenient.
+
+***** Download and Install *****
+
+Full source code is available, as are binary packages for a few platforms.
+
+See the installation instructions for how to download the code and install it
+once you've downloaded it.
+
+***** Relying Party Tools *****
+
+If you operate routers and want to use RPKI data to help secure them, you
+should look at the relying party tools.
+
+***** CA Tools *****
+
+If you control RPKI resources and need an engine let you request certificates,
+issue ROAs, or issue certificates to other entities, you should look at the CA
+tools.
+
+***** Thanks *****
+
+This work was funded from 2006 through 2008 by ARIN, in collaboration with the
+other Regional Internet Registries. Current work is funded by DHS.
diff --git a/doc/doc.RPKI.Installation.FreeBSDPorts b/doc/doc.RPKI.Installation.FreeBSDPorts
index e69de29b..34f924ec 100644
--- a/doc/doc.RPKI.Installation.FreeBSDPorts
+++ b/doc/doc.RPKI.Installation.FreeBSDPorts
@@ -0,0 +1,90 @@
+****** Installation Using FreeBSD Ports ******
+
+Port skeletons are available for FreeBSD from download.rpki.net. To use these,
+you need to download the port skeletons then run them using your favorite
+FreeBSD port installation tool.
+
+***** Manual Download *****
+
+To download the port skeletons manually and install from them, do something
+like this:
+
+  for port in rpki-rp rpki-ca
+  do
+    fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz
+    tar xf ${port}-port.tgz
+    cd ${port}
+    make install
+    cd ..
+    rm -rf ${port}
+  done
+
+After performing initial installation, you should customize the default
+rpki.conf for your environment as necessary. In particular, you want to change
+handle and rpkid_server_host. There are obsessively detailed instructions.
+
+  emacs /usr/local/etc/rpki.conf
+
+Again, you want to change handle and rpkid_server_host at the minimum.
+
+To upgrade, you can perform almost the same steps, but the FreeBSD ports
+system, which doesn't really know about upgrades, will require you to use the
+deinstall and reinstall operations instead of plain install:
+
+  for port in rpki-rp rpki-ca
+  do
+    fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz
+    tar xf ${port}-port.tgz
+    cd ${port}
+    make deinstall
+    make reinstall
+    cd ..
+    rm -rf ${port}
+  done
+
+After an upgrade, you may want to check the newly-installed /usr/local/etc/
+rpki.conf.sample against your existing /usr/local/etc/rpki.conf in case any
+important options have changed. We generally try to keep options stable between
+versions, and provide sane defaults where we can, but if you've done a lot of
+customization to your rpki.conf you will want to keep track of this.
+
+***** Automated Download and Install with portmaster *****
+
+There's a script you can use to automate the download steps above and perform
+the updates using portmaster. First, download the script:
+
+  fetch http://download.rpki.net/FreeBSD_Packages/rpki-portmaster.sh
+
+Then, to install or upgrade, just execute the script:
+
+  sh rpki-portmaster.sh
+
+As with manual download (above) you should customize rpki.conf after initial
+installation.
+
+***** Automated Download and Install with portupgrade *****
+
+There's a script you can use to automate the download steps above and perform
+the updates using portupgrade. First, download the script:
+
+  fetch http://download.rpki.net/FreeBSD_Packages/rpki-portupgrade.sh
+
+Next, you will need to add information about the RPKI ports to two variables in
+/usr/local/etc/pkgtools.conf before portupgrade will know how to deal with
+these ports:
+
+  EXTRA_CATEGORIES = [
+      'rpki',
+  ]
+
+  ALT_INDEX = [
+      ENV['PORTSDIR'] + '/INDEX.rpki',
+  ]
+
+Once you have completed these steps, you can just execute the script to install
+or upgrade the RPKI code:
+
+  sh rpki-portupgrade.sh
+
+As with manual download (above) you should customize rpki.conf after initial
+installation.
diff --git a/doc/doc.RPKI.Installation.FromSource b/doc/doc.RPKI.Installation.FromSource
index e69de29b..b6acdc02 100644
--- a/doc/doc.RPKI.Installation.FromSource
+++ b/doc/doc.RPKI.Installation.FromSource
@@ -0,0 +1,277 @@
+****** Installing From Source Code ******
+
+At present, the entire RPKI tools collection is a single source tree with a
+shared autoconf configuration. This may change in the future, but for now, this
+means that the build process is essentially the same regardless of which tools
+one wants to use. Some of the tools have dependencies on external packages,
+although we've tried to keep this to a minimum.
+
+Most of the tools require an RFC-3779-aware version of the OpenSSL libraries.
+If necessary, the build process will generate its own private copy of the
+OpenSSL libraries for this purpose.
+
+Other than OpenSSL, most of the relying party tools are fairly self-contained.
+The CA tools have a few additional dependencies, described below.
+
+Note that initial development of this code has been on FreeBSD, so installation
+will probably be easiest on FreeBSD. We do, however, test on other platforms,
+such as Fedora, Ubuntu, Debian, and MacOSX.
+
+***** Downloading the Source Code *****
+
+The recommended way to obtain the source code is via subversion. To download,
+do:
+
+  $ svn checkout http://subvert-rpki.hactrn.net/trunk/
+
+Code snapshots are also available from http://download.rpki.net/ as xz-
+compressed tarballs.
+
+***** Prerequisites *****
+
+Before attempting to build the tools from source, you will need to install any
+missing prerequisites.
+
+Some of the relying party tools and most of the CA tools are written in Python.
+Note that the Python code requires Python version 2.6 or 2.7.
+
+On some platforms (particularly MacOSX) the simplest way to install some of the
+Python packages may be the "easy_install" or "pip" tools that comes with
+Python.
+
+Packages you will need:
+
+* You will need a C compiler. gcc is fine, others such as Clang should also
+  work.
+
+* http://www.python.org/, the Python interpreter, libraries, and sources. On
+  some platforms the Python sources (in particular, the header files and
+  libraries needed when building Python extensions) are in a separate
+  "development" package, on other platforms they are all part of a single
+  package. If you get compilation errors trying to build the POW code later in
+  the build process and the error message says something about the file
+  "Python.h" being missing, this is almost certainly your problem.
+
+  o FreeBSD:
+
+    # /usr/ports/lang/python27 (python)
+
+  o Debian & Ubuntu:
+
+    # python
+    # python-dev
+    # python-setuptools
+
+* http://codespeak.net/lxml/, a Pythonic interface to the Gnome LibXML2
+  libraries. lxml in turn requires the LibXML2 C libraries; on some platforms,
+  some of the LibXML2 utilities are packaged separately and may not be pulled
+  in as dependencies.
+
+  o FreeBSD: /usr/ports/devel/py-lxml (py27-lxml)
+  o Fedora: python-lxml.i386
+  o Debian & Ubuntu:
+
+    # python-lxml
+    # libxml2-utils
+
+* http://www.mysql.com/, MySQL client and server. How these are packaged varies
+  by platform, on some platforms the client and server are separate packages,
+  on others they might be a single monolithic package, or installing the server
+  might automatically install the client as a dependency. On MacOSX you might
+  be best off installing a binary package for MySQL. The RPKI CA tools have
+  been tested with MySQL 5.0, 5.1, and 5.5; they will probably work with any
+  other reasonably recent version.
+
+  o FreeBSD:
+
+    # /usr/ports/databases/mysql55-server (mysql55-server)
+    # /usr/ports/databases/mysql55-client (mysql55-client)
+
+  o Debian & Ubuntu:
+
+    # mysql-client
+    # mysql-server
+
+* http://sourceforge.net/projects/mysql-python/, the Python "db" interface to
+  MySQL.
+
+  o FreeBSD: /usr/ports/databases/py-MySQLdb (py27-MySQLdb)
+  o Fedora: MySQL-python.i386
+  o Debian & Ubuntu: python-mysqldb
+
+* http://www.djangoproject.com/, the Django web user interface toolkit. The GUI
+  interface to the CA tools requires this. Django 1.4 is required.
+
+  o FreeBSD: /usr/ports/www/py-django (py27-django)
+  o Debian: python-django
+  o Ubuntu: Do not use the python-django package (Django 1.3.1) in 12.04 LTS,
+    as it is known not to work.
+    Instead, install a recent version using easy_install or pip:
+
+      $ sudo pip install django==1.4.5
+
+* http://vobject.skyhouseconsulting.com/, a Python library for parsing VCards.
+  The GUI uses this to parse the payload of RPKI Ghostbuster objects.
+
+  o FreeBSD: /usr/ports/deskutils/py-vobject (py27-vobject)
+  o Debian & Ubuntu: python-vobject
+
+* Several programs (more as time goes on) use the Python argparse module. This
+  module is part of the Python standard library as of Python 2.7, but you may
+  need to install it separately if you're stuck with Python 2.6. Don't do this
+  unless you must. In cases where this is necessary, you'll probably need to
+  use pip:
+
+    $ python -c 'import argparse' 2>/dev/null || sudo pip install argparse
+
+* http://pyyaml.org/. Several of the test programs use PyYAML to parse a YAML
+  description of a simulated allocation hierarchy to test.
+
+  o FreeBSD: /usr/ports/devel/py-yaml (py27-yaml)
+  o Debian & Ubuntu: python-yaml
+
+* http://xmlsoft.org/XSLT/. Some of the test code uses xsltproc, from the Gnome
+  LibXSLT package.
+
+  o FreeBSD: /usr/ports/textproc/libxslt (libxslt)
+  o Debian & Ubuntu: xsltproc
+
+* http://www.rrdtool.org/. The relying party tools use this to generate
+  graphics which you may find useful in monitoring the behavior of your
+  validator. The rest of the software will work fine without rrdtool, you just
+  won't be able to generate those graphics.
+
+  o FreeBSD: /usr/ports/databases/rrdtool (rrdtool)
+  o Debian & Ubuntu: rrdtool
+
+* http://www.freshports.org/www/mod_wsgi3/ If you intend to run the GUI with
+  wsgi, its default configuration, you will need to install mod_wsgi v3
+
+  o FreeBSD: /usr/ports/www/mod_wsgi3 (app22-mod_wsgi)
+  o Debian & Ubuntu: libapache2-mod-wsgi
+
+* http://south.aeracode.org/ Django South 0.7.6 or later. This tool is used to
+  ease the pain of changes to the web portal database schema.
+
+  o FreeBSD: /usr/ports/databases/py-south (py27-south)
+  o Debian: python-django-south
+  o Ubuntu: Do not use the python-django-south 0.7.3 package in 12.04 LTS, as
+    it is known not to work.
+    Instead, install a recent version using easy_install or pip:
+
+      pip install South>=0.7.6
+
+***** Configure and build *****
+
+Once you have the prerequesite packages installed, you should be able to build
+the toolkit. cd to the top-level directory in the distribution, run the
+configure script, then run "make":
+
+  $ cd $top
+  $ ./configure
+  $ make
+
+This should automatically build everything, in the right order, including
+building a private copy of the OpenSSL libraries with the right options if
+necessary and linking the POW module against either the system OpenSSL
+libraries or the private OpenSSL libraries, as appopriate.
+
+In theory, ./configure will complain about any required packages which might be
+missing.
+
+If you don't intend to run any of the CA tools, you can simplify the build and
+installation process by telling ./configure that you only want to build the
+relying party tools:
+
+  $ cd $top
+  $ ./configure --disable-ca-tools
+  $ make
+
+***** Testing the build *****
+
+Assuming the build stage completed without obvious errors, the next step is to
+run some basic regression tests.
+
+Some of the tests for the CA tools require MySQL databases to store their data.
+To set up all the databases that the tests will need, run the SQL commands in
+ca/tests/smoketest.setup.sql. The MySQL command line client is usually the
+easiest way to do this, eg:
+
+  $ cd $top/ca
+  $ mysql -u root -p <tests/smoketest.setup.sql
+
+To run the tests, run "make test":
+
+  $ cd $top
+  $ make test
+
+To run a more extensive set of tests on the CA tool, run "make all-tests" in
+the ca/ directory:
+
+  $ cd $top/ca
+  $ make all-tests
+
+If nothing explodes, your installation is probably ok. Any Python backtraces in
+the output indicate a problem.
+
+***** Installing *****
+
+Assuming the build and test phases went well, you should be ready to install
+the code. The ./configure script attempts to figure out the "obvious" places to
+install the various programs for your platform: binaries will be installed in /
+usr/local/bin or /usr/local/sbin, Python modules will be installed using the
+standard Python distutils and should end up wherever your system puts locally-
+installed Python libraries, and so forth.
+
+The RPKI validator, rcynic, is a special case, because the install scripts may
+attempt to build a chroot jail and install rcynic in that environment. This is
+straightforward in FreeBSD, somewhat more complicated on other systems,
+primarily due to hidden dependencies on dynamic libraries.
+
+To install the code, become root (su, sudo, whatever), then run "make install":
+
+  $ cd $top
+  $ sudo make install
+
+***** Tools you should not need to install *****
+
+There's a last set of tools that only developers should need, as they're only
+used when modifying schemas or regenerating the documentation. These tools are
+listed here for completeness.
+
+* http://www.doxygen.org/. Doxygen in turn pulls in several other tools,
+  notably Graphviz, pdfLaTeX, and Ghostscript.
+
+  o FreeBSD: /usr/ports/devel/doxygen
+  o Debian & Ubuntu: doxygen
+
+* http://www.mbayer.de/html2text/. The documentation build process uses
+  xsltproc and html2text to dump flat text versions of a few critical
+  documentation pages.
+
+  o FreeBSD: /usr/ports/textproc/html2text
+
+* http://www.thaiopensource.com/relaxng/trang.html. Trang is used to convert
+  RelaxNG schemas from the human-readable "compact" form to the XML form that
+  LibXML2 understands. Trang in turn requires Java.
+
+  o FreeBSD: /usr/ports/textproc/trang
+
+* http://search.cpan.org/dist/SQL-Translator/. SQL-Translator, also known as
+  "SQL Fairy", includes code to parse an SQL schema and dump a description of
+  it as Graphviz input. SQL Fairy in turn requires Perl.
+
+  o FreeBSD: /usr/ports/databases/p5-SQL-Translator
+
+* http://www.easysw.com/htmldoc/. The documentation build process uses htmldoc
+  to generate PDF from the project's Trac wiki.
+
+  o FreeBSD: /usr/ports/textproc/htmldoc
+
+***** Next steps *****
+
+Once you've finished installing the code, you will need to configure it. Since
+CAs are generally also relying parties (if only so that they can check the
+results of their own actions), you will generally want to start by configuring
+the relying party tools, then configure the CA tools if you're planning to use
+them.
diff --git a/doc/manual.pdf b/doc/manual.pdf
index 4011447c..2985cc6a 100644
Binary files a/doc/manual.pdf and b/doc/manual.pdf differ
-- 
cgit v1.2.3


From cea7193a43011bc4d47cffa6a6cd7ac19ccce5ad Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 11 Jul 2014 16:59:27 +0000
Subject: Add check to log a warning if sync_wrapper returns without callback. 
 See #681.

svn path=/trunk/; revision=5890
---
 rpki/async.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/rpki/async.py b/rpki/async.py
index da4b88b4..b17c31ed 100644
--- a/rpki/async.py
+++ b/rpki/async.py
@@ -337,6 +337,7 @@ class sync_wrapper(object):
 
   res = None
   err = None
+  fin = False
 
   def __init__(self, func):
     self.func = func
@@ -347,6 +348,8 @@ class sync_wrapper(object):
     exit the event loop.
     """
     self.res = res
+    self.fin = True
+    logger.debug("%r callback with result %r", self, self.res)
     raise ExitNow
 
   def eb(self, err):
@@ -356,6 +359,8 @@ class sync_wrapper(object):
     """
     exc_info = sys.exc_info()
     self.err = exc_info if exc_info[1] is err else err
+    self.fin = True
+    logger.debug("%r errback with exception %r", self, self.err)
     raise ExitNow
 
   def __call__(self, *args, **kwargs):
@@ -370,6 +375,8 @@ class sync_wrapper(object):
 
     event_defer(thunk)
     event_loop()
+    if not self.fin:
+      logger.warning("%r event_loop terminated without callback or errback", self)
     if self.err is None:
       return self.res
     elif isinstance(self.err, tuple):
-- 
cgit v1.2.3


From 00369f84c1c730094ea33847d08e276181dc76e8 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 11 Jul 2014 18:29:31 +0000
Subject: First cut at a generic rpki-rtr replay script, including support for
 multiple protocol versions.  Not tested yet.

svn path=/trunk/; revision=5893
---
 potpourri/rpki-rtr-replay | 135 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100755 potpourri/rpki-rtr-replay

diff --git a/potpourri/rpki-rtr-replay b/potpourri/rpki-rtr-replay
new file mode 100755
index 00000000..be0de062
--- /dev/null
+++ b/potpourri/rpki-rtr-replay
@@ -0,0 +1,135 @@
+#!/usr/bin/env python
+
+# $Id$
+#
+# Copyright (C) 2014  Dragon Research Labs ("DRL")
+# Portions copyright (C) 2009-2013  Internet Systems Consortium ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notices and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL
+# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL DRL OR
+# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
+# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+import asyncore
+import bisect
+import glob
+import logging
+import os
+import shutil
+import sqlite3
+import subprocess
+import sys
+import time
+
+import rpki.POW
+import rpki.oids
+import rpki.rtr.channels
+import rpki.rtr.client
+import rpki.rtr.generator
+import rpki.rtr.pdus
+import rpki.rtr.server
+
+from rpki.rtr.channels import Timestamp
+
+
+class ReplayClock(object):
+  """
+  Internal clock for replaying a set of rpki-rtr database files.
+
+  This class replaces the normal on-disk serial number mechanism with
+  an in-memory version based on pre-computed data.
+
+  DO NOT USE THIS IN PRODUCTION.
+
+  You have been warned.
+  """
+
+  def __init__(self):
+    self.timestamps = dict((v, sorted(set(Timestamp(int(f.split(".")[0]))
+                                          for f in glob.iglob("*.ax.v%d" % v))))
+                           for v in rpki.rtr.pdus.PDU.version_map)
+    self.offset = min(t[0] for t in self.timestamps.itervalues()) - Timestamp.now()
+    self.nonce = rpki.rtr.generator.new_nonce()
+
+  def __nonzero__(self):
+    return sum(len(t) for t in self.timestamps.itervalues()) > 0
+
+  def now(self):
+    return Timestamp.now(self.offset)
+
+  def read_current(self, version):
+    now = self.now()
+    while len(self.timestamps[version]) > 1 and now >= self.timestamps[version][1]:
+      del self.timestamps[version][0]
+    return self.timestamps[version][0], self.nonce
+
+  def siesta(self):
+    try:
+      when = min(t[1] for t in self.timestamps.itervalues() if len(t) > 1)
+    except ValueError:
+      return None
+    now = self.now()
+    if now < when:
+      return when - now
+    else:
+      return 1
+
+
+def server_main(args):
+  """
+  Reply rpki-data from a historical database.
+
+  This is a clone of server_main() which replaces the external serial
+  number updates triggered via the kickme channel by cronjob_main with
+  an internal clocking mechanism to replay historical test data.
+
+  DO NOT USE THIS IN PRODUCTION.
+
+  You have been warned.
+  """
+
+  logger = logging.LoggerAdapter(logging.root, dict(connection = rpki.rtr.server._hostport_tag()))
+
+  logger.debug("[Starting]")
+
+  if args.rpki_rtr_dir:
+    try:
+      os.chdir(args.rpki_rtr_dir)
+    except OSError, e:
+      sys.exit(e)
+
+  # Yes, this really does replace a global function defined in another
+  # module with a bound method to our clock object.  Fun stuff, huh?
+
+  clock = ReplayClock()
+  rpki.rtr.server.read_current = clock.read_current
+
+  try:
+    server = rpki.rtr.server.ServerChannel(logger = logger, refresh = args.refresh, retry = args.retry, expire = args.expire)
+    old_serial = server.get_serial()
+    logger.debug("[Starting at serial %d (%s)]", old_serial, old_serial)
+    while clock:
+      new_serial = server.get_serial()
+      if old_serial != new_serial:
+        logger.debug("[Serial bumped from %d (%s) to %d (%s)]", old_serial, old_serial, new_serial, new_serial)
+        server.notify()
+        old_serial = new_serial
+      asyncore.loop(timeout = clock.siesta(), count = 1)
+  except KeyboardInterrupt:
+    sys.exit(0)
+
+
+# Splice our extensions into server
+rpki.rtr.server.server_main = server_main
+
+# And run the program
+import rpki.rtr.main
+rpki.rtr.main.main()
-- 
cgit v1.2.3


From 31519e146beaa4e6ac9d8077f82edada35589c26 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 12 Jul 2014 04:32:21 +0000
Subject: Debug rpki-rtr BGPSEC test case and rpki-rtr-replay script.

svn path=/trunk/; revision=5894
---
 ca/tests/bgpsec-yaml.py   | 71 +++++++++++++++++++++++++++++++++++------------
 ca/tests/smoketest.py     | 30 ++++++++++++++++----
 potpourri/rpki-rtr-replay | 12 +++++---
 rpki/rtr/server.py        |  4 +--
 4 files changed, 88 insertions(+), 29 deletions(-)

diff --git a/ca/tests/bgpsec-yaml.py b/ca/tests/bgpsec-yaml.py
index fafaf7bd..49588258 100755
--- a/ca/tests/bgpsec-yaml.py
+++ b/ca/tests/bgpsec-yaml.py
@@ -28,26 +28,61 @@ import yaml
 
 root = "Root"
 
-def kid(n):
-  name = "ISP-%03d" % n
-  ipv4 = "10.%d.0.0/16" % n
-  asn  = n
-  router_id = n * 10000
-
-  return dict(name = name,
-              ipv4 = ipv4,
-              asn  = asn,
-              hosted_by   = root,
-              roa_request = [dict(asn = asn, ipv4 = ipv4)],
-              router_cert = [dict(asn = asn, router_id = router_id)])
+class Kid(object):
+
+  def __init__(self, n):
+    self.name = "ISP-%03d" % n
+    self.ipv4 = "10.%d.0.0/16" % n
+    self.asn  = n
+    self.router_id = n * 10000
+
+  @property
+  def declare(self):
+    return dict(name = self.name,
+                ipv4 = self.ipv4,
+                asn  = self.asn,
+                hosted_by   = root,
+                roa_request = [dict(asn = self.asn, ipv4 = self.ipv4)],
+                router_cert = [dict(asn = self.asn, router_id = self.router_id)])
+
+  @property
+  def del_routercert(self):
+    return dict(name = self.name, router_cert_del = [dict(asn = self.asn, router_id = self.router_id)])
+
+  @property
+  def add_routercert(self):
+    return dict(name = self.name, router_cert_add = [dict(asn = self.asn, router_id = self.router_id)])
+
+
+kids = [Kid(n + 1) for n in xrange(200)]
+
+shell_fmt = "shell set -x; ../../../rp/rpki-rtr/rpki-rtr cronjob rcynic-data/authenticated && tar %svf rpki-rtr.tar *.[ai]x.v*"
+shell_first = shell_fmt % "c"
+shell_next  = shell_fmt % "u"
+
+sleeper = "sleep 30"
+
+docs = [dict(name         = root,
+             valid_for    = "1y",
+             kids         = [kid.declare for kid in kids])]
+
+docs.append([shell_first,
+             sleeper])
+
+gym = kids[50:70]
+
+for kid in gym:
+  docs.append([shell_next, 
+               kid.del_routercert,
+               sleeper])
+
+for kid in gym:
+  docs.append([shell_next, 
+               kid.add_routercert,
+               sleeper])
 
 print '''\
 # This configuration was generated by a script.  Edit at your own risk.
 '''
 
-print yaml.dump(dict(name         = root,
-                     crl_interval = "1h",
-                     regen_margin = "20m",
-                     valid_for    = "1y",
-                     kids         = [kid(n + 1) for n in xrange(200)]))
-
+print yaml.safe_dump_all(docs, default_flow_style = False, allow_unicode = False)
diff --git a/ca/tests/smoketest.py b/ca/tests/smoketest.py
index 7f56843f..32f11cc3 100644
--- a/ca/tests/smoketest.py
+++ b/ca/tests/smoketest.py
@@ -162,6 +162,8 @@ def main():
                                                    log_handler = lambda: logging.StreamHandler(sys.stdout)))
   logger.info("Starting")
 
+  rpki.http.http_client.timeout = rpki.sundial.timedelta(hours = 1)
+
   pubd_process = None
   rootd_process = None
   rsyncd_process = None
@@ -383,6 +385,9 @@ class router_cert(object):
   """
 
   _ecparams = None
+  _keypair  = None
+  _pkcs10   = None
+  _gski     = None
 
   @classmethod
   def ecparams(cls):
@@ -393,18 +398,33 @@ class router_cert(object):
   def __init__(self, asn, router_id):
     self.asn = rpki.resource_set.resource_set_as("".join(str(asn).split()))
     self.router_id = router_id
-    self.keypair = rpki.x509.ECDSA.generate(self.ecparams())
-    self.pkcs10 = rpki.x509.PKCS10.create(keypair = self.keypair)
-    self.gski = self.pkcs10.gSKI()
     self.cn   = "ROUTER-%08x" % self.asn[0].min
     self.sn   = "%08x" % self.router_id
     self.eku  = rpki.oids.id_kp_bgpsec_router
 
+  @property
+  def keypair(self):
+    if self._keypair is None:
+       self._keypair = rpki.x509.ECDSA.generate(self.ecparams())
+    return self._keypair
+
+  @property
+  def pkcs10(self):
+    if self._pkcs10 is None:
+      self._pkcs10 = rpki.x509.PKCS10.create(keypair = self.keypair)
+    return self._pkcs10
+
+  @property
+  def gski(self):
+    if self._gski is None:
+      self._gski = self.pkcs10.gSKI()
+    return self._gski
+
   def __eq__(self, other):
-    return self.asn == other.asn and self.sn == other.sn and self.gski == other.gski
+    return self.asn == other.asn and self.sn == other.sn
 
   def __hash__(self):
-    return tuple(self.asn).__hash__() + self.cn.__hash__() + self.sn.__hash__() + self.gski.__hash__()
+    return tuple(self.asn).__hash__() + self.cn.__hash__() + self.sn.__hash__()
 
   def __str__(self):
     return "%s: %s,%s: %s" % (self.asn, self.cn, self.sn, self.gski)
diff --git a/potpourri/rpki-rtr-replay b/potpourri/rpki-rtr-replay
index be0de062..6f8de99e 100755
--- a/potpourri/rpki-rtr-replay
+++ b/potpourri/rpki-rtr-replay
@@ -56,17 +56,21 @@ class ReplayClock(object):
     self.timestamps = dict((v, sorted(set(Timestamp(int(f.split(".")[0]))
                                           for f in glob.iglob("*.ax.v%d" % v))))
                            for v in rpki.rtr.pdus.PDU.version_map)
-    self.offset = min(t[0] for t in self.timestamps.itervalues()) - Timestamp.now()
-    self.nonce = rpki.rtr.generator.new_nonce()
+    self.epoch =  min(t[0] for t in self.timestamps.itervalues())
+    self.offset = self.epoch - Timestamp.now()
+    self.nonce = rpki.rtr.generator.AXFRSet.new_nonce(0)
 
   def __nonzero__(self):
     return sum(len(t) for t in self.timestamps.itervalues()) > 0
 
   def now(self):
-    return Timestamp.now(self.offset)
+    now = Timestamp.now(self.offset)
+    return now
 
   def read_current(self, version):
     now = self.now()
+    if version is None:
+      return self.epoch, self.nonce
     while len(self.timestamps[version]) > 1 and now >= self.timestamps[version][1]:
       del self.timestamps[version][0]
     return self.timestamps[version][0], self.nonce
@@ -120,7 +124,7 @@ def server_main(args):
       new_serial = server.get_serial()
       if old_serial != new_serial:
         logger.debug("[Serial bumped from %d (%s) to %d (%s)]", old_serial, old_serial, new_serial, new_serial)
-        server.notify()
+        server.notify(force = True)
         old_serial = new_serial
       asyncore.loop(timeout = clock.siesta(), count = 1)
   except KeyboardInterrupt:
diff --git a/rpki/rtr/server.py b/rpki/rtr/server.py
index b3e4fd7c..1c7a5e78 100644
--- a/rpki/rtr/server.py
+++ b/rpki/rtr/server.py
@@ -324,7 +324,7 @@ class ServerChannel(rpki.rtr.channels.PDUChannel):
     old_serial = self.current_serial
     return old_serial != self.get_serial()
 
-  def notify(self, data = None):
+  def notify(self, data = None, force = False):
     """
     Cronjob instance kicked us: check whether our serial number has
     changed, and send a notify message if so.
@@ -335,7 +335,7 @@ class ServerChannel(rpki.rtr.channels.PDUChannel):
     whether we care about a particular change set or not.
     """
 
-    if self.check_serial():
+    if force or self.check_serial():
       self.push_pdu(SerialNotifyPDU(version = self.version,
                                     serial  = self.current_serial,
                                     nonce   = self.current_nonce))
-- 
cgit v1.2.3


From b3a6a36b0ba3fbe7dd4d5bc5ddf98a36b6f87a56 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 12 Jul 2014 15:41:55 +0000
Subject: Tweak tar command in test script.

svn path=/trunk/; revision=5895
---
 ca/tests/bgpsec-yaml.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ca/tests/bgpsec-yaml.py b/ca/tests/bgpsec-yaml.py
index 49588258..1562f86e 100755
--- a/ca/tests/bgpsec-yaml.py
+++ b/ca/tests/bgpsec-yaml.py
@@ -56,7 +56,7 @@ class Kid(object):
 
 kids = [Kid(n + 1) for n in xrange(200)]
 
-shell_fmt = "shell set -x; ../../../rp/rpki-rtr/rpki-rtr cronjob rcynic-data/authenticated && tar %svf rpki-rtr.tar *.[ai]x.v*"
+shell_fmt = "shell set -x; ../../../rp/rpki-rtr/rpki-rtr cronjob rcynic-data/authenticated && tar %svf rpki-rtr.tar *.[ai]x*.v*"
 shell_first = shell_fmt % "c"
 shell_next  = shell_fmt % "u"
 
-- 
cgit v1.2.3