Commit 3a62c38e2ef943e305a94bbe395fb170dfdd180a - rpki-client

New upstream version 6.7p0 Marco d'Itri 3 years ago

25 changed file(s) with 979 addition(s) and 540 deletion(s). Raw diff Collapse all Expand all

-13

~~COPYING~~ less more

0		/*
1		* Permission to use, copy, modify, and distribute this software for any
2		* purpose with or without fee is hereby granted, provided that the above
3		* copyright notice and this permission notice appear in all copies.
4		*
5		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
6		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
7		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
8		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
9		* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
10		* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
11		* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
12		*/

+13

-0

LICENSE less more

	0	/*
	1	* Permission to use, copy, modify, and distribute this software for any
	2	* purpose with or without fee is hereby granted, provided that the above
	3	* copyright notice and this permission notice appear in all copies.
	4	*
	5	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	6	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	7	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	8	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	9	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	10	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	11	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	12	*/

+15

-3

Makefile.am less more

18	18	taldir = $(RPKI_TAL_DIR)
19	19	tal_DATA = afrinic.tal apnic.tal lacnic.tal ripe.tal
20	20
21		EXTRA_DIST = README.md VERSION $(tal_DATA)
	21	EXTRA_DIST = README.md VERSION LICENSE $(tal_DATA)
22	22
23	23	install-data-hook:
24	24	-@if [ ! -d "$(DESTDIR)$(RPKI_BASE_DIR)" ]; then \
25		$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_BASE_DIR)"; \
	25	if [ "`id -u`" = "0" ]; then \
	26	$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_BASE_DIR)"; \
	27	else \
	28	$(INSTALL) -m 755 -d "$(DESTDIR)$(RPKI_BASE_DIR)"; \
	29	echo "Warning: Unprivileged permissions, remember to run" \
	30	"'chown $(RPKI_USER) $(DESTDIR)$(RPKI_BASE_DIR)'"; \
	31	fi \
26	32	fi
27	33	-@if [ ! -d "$(DESTDIR)$(RPKI_OUT_DIR)" ]; then \
28		$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_OUT_DIR)"; \
	34	if [ "`id -u`" = "0" ]; then \
	35	$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_OUT_DIR)"; \
	36	else \
	37	$(INSTALL) -m 755 -d "$(DESTDIR)$(RPKI_OUT_DIR)"; \
	38	echo "Warning: Unprivileged permissions, remember to run" \
	39	"'chown $(RPKI_USER) $(DESTDIR)$(RPKI_OUT_DIR)'"; \
	40	fi \
29	41	fi

+41

-20

Makefile.in less more

0		# Makefile.in generated by automake 1.16.1 from Makefile.am.
	0	# Makefile.in generated by automake 1.16.2 from Makefile.am.
1	1	# @configure_input@
2	2
3		# Copyright (C) 1994-2018 Free Software Foundation, Inc.
	3	# Copyright (C) 1994-2020 Free Software Foundation, Inc.
4	4
5	5	# This Makefile.in is free software; the Free Software Foundation
6	6	# gives unlimited permission to copy and/or distribute it,

202	202	CTAGS = ctags
203	203	CSCOPE = cscope
204	204	DIST_SUBDIRS = $(SUBDIRS)
205		am__DIST_COMMON = $(srcdir)/Makefile.in AUTHORS COPYING INSTALL TODO \
206		compile config.guess config.sub depcomp install-sh ltmain.sh \
207		missing
	205	am__DIST_COMMON = $(srcdir)/Makefile.in AUTHORS INSTALL TODO compile \
	206	config.guess config.sub depcomp install-sh ltmain.sh missing
208	207	DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
209	208	distdir = $(PACKAGE)-$(VERSION)
210	209	top_distdir = $(distdir)

249	248	distcleancheck_listfiles = find . -type f -print
250	249	ACLOCAL = @ACLOCAL@
251	250	AMTAR = @AMTAR@
	251	AM_CFLAGS = @AM_CFLAGS@
252	252	AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
	253	AM_LDFLAGS = @AM_LDFLAGS@
253	254	AR = @AR@
254	255	AUTOCONF = @AUTOCONF@
255	256	AUTOHEADER = @AUTOHEADER@

293	294	NMEDIT = @NMEDIT@
294	295	OBJDUMP = @OBJDUMP@
295	296	OBJEXT = @OBJEXT@
	297	OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
	298	OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@
296	299	OTOOL = @OTOOL@
297	300	OTOOL64 = @OTOOL64@
298	301	PACKAGE = @PACKAGE@

370	373	ACLOCAL_AMFLAGS = -I m4
371	374	taldir = $(RPKI_TAL_DIR)
372	375	tal_DATA = afrinic.tal apnic.tal lacnic.tal ripe.tal
373		EXTRA_DIST = README.md VERSION $(tal_DATA)
	376	EXTRA_DIST = README.md VERSION LICENSE $(tal_DATA)
374	377	all: all-recursive
375	378
376	379	.SUFFIXES:

627	630	tardir=$(distdir) && $(am__tar) \| XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
628	631	$(am__post_remove_distdir)
629	632
	633	dist-zstd: distdir
	634	tardir=$(distdir) && $(am__tar) \| zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
	635	$(am__post_remove_distdir)
	636
630	637	dist-tarZ: distdir
631	638	@echo WARNING: "Support for distribution archives compressed with" \
632	639	"legacy program 'compress' is deprecated." >&2

669	676	eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz \| unshar ;;\
670	677	.zip) \
671	678	unzip $(distdir).zip ;;\
	679	.tar.zst) \
	680	zstd -dc $(distdir).tar.zst \| $(am__untar) ;;\
672	681	esac
673	682	chmod -R a-w $(distdir)
674	683	chmod u+w $(distdir)

851	860	am--refresh check check-am clean clean-cscope clean-generic \
852	861	clean-libtool cscope cscopelist-am ctags ctags-am dist \
853	862	dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
854		dist-xz dist-zip distcheck distclean distclean-generic \
855		distclean-libtool distclean-tags distcleancheck distdir \
856		distuninstallcheck dvi dvi-am html html-am info info-am \
857		install install-am install-data install-data-am \
858		install-data-hook install-dvi install-dvi-am install-exec \
859		install-exec-am install-html install-html-am install-info \
860		install-info-am install-man install-pdf install-pdf-am \
861		install-ps install-ps-am install-strip install-talDATA \
862		installcheck installcheck-am installdirs installdirs-am \
863		maintainer-clean maintainer-clean-generic mostlyclean \
864		mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
865		tags tags-am uninstall uninstall-am uninstall-talDATA
	863	dist-xz dist-zip dist-zstd distcheck distclean \
	864	distclean-generic distclean-libtool distclean-tags \
	865	distcleancheck distdir distuninstallcheck dvi dvi-am html \
	866	html-am info info-am install install-am install-data \
	867	install-data-am install-data-hook install-dvi install-dvi-am \
	868	install-exec install-exec-am install-html install-html-am \
	869	install-info install-info-am install-man install-pdf \
	870	install-pdf-am install-ps install-ps-am install-strip \
	871	install-talDATA installcheck installcheck-am installdirs \
	872	installdirs-am maintainer-clean maintainer-clean-generic \
	873	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
	874	ps ps-am tags tags-am uninstall uninstall-am uninstall-talDATA
866	875
867	876	.PRECIOUS: Makefile
868	877
869	878
870	879	install-data-hook:
871	880	-@if [ ! -d "$(DESTDIR)$(RPKI_BASE_DIR)" ]; then \
872		$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_BASE_DIR)"; \
	881	if [ "`id -u`" = "0" ]; then \
	882	$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_BASE_DIR)"; \
	883	else \
	884	$(INSTALL) -m 755 -d "$(DESTDIR)$(RPKI_BASE_DIR)"; \
	885	echo "Warning: Unprivileged permissions, remember to run" \
	886	"'chown $(RPKI_USER) $(DESTDIR)$(RPKI_BASE_DIR)'"; \
	887	fi \
873	888	fi
874	889	-@if [ ! -d "$(DESTDIR)$(RPKI_OUT_DIR)" ]; then \
875		$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_OUT_DIR)"; \
	890	if [ "`id -u`" = "0" ]; then \
	891	$(INSTALL) -m 755 -o $(RPKI_USER) -d "$(DESTDIR)$(RPKI_OUT_DIR)"; \
	892	else \
	893	$(INSTALL) -m 755 -d "$(DESTDIR)$(RPKI_OUT_DIR)"; \
	894	echo "Warning: Unprivileged permissions, remember to run" \
	895	"'chown $(RPKI_USER) $(DESTDIR)$(RPKI_OUT_DIR)'"; \
	896	fi \
876	897	fi
877	898
878	899	# Tell versions [3.59,3.63) of GNU make to not export all variables.

-1

VERSION less more

0		6.6p2
	0	6.7p0

+26

-24

aclocal.m4 less more

0		# generated automatically by aclocal 1.16.1 -- Autoconf --
1
2		# Copyright (C) 1996-2018 Free Software Foundation, Inc.
	0	# generated automatically by aclocal 1.16.2 -- Autoconf --
	1
	2	# Copyright (C) 1996-2020 Free Software Foundation, Inc.
3	3
4	4	# This file is free software; the Free Software Foundation
5	5	# gives unlimited permission to copy and/or distribute it,

19	19	If you have problems, you may need to regenerate the build system entirely.
20	20	To do so, use the procedure documented by the package, typically 'autoreconf'.])])
21	21
22		# Copyright (C) 2002-2018 Free Software Foundation, Inc.
	22	# Copyright (C) 2002-2020 Free Software Foundation, Inc.
23	23	#
24	24	# This file is free software; the Free Software Foundation
25	25	# gives unlimited permission to copy and/or distribute it,

34	34	[am__api_version='1.16'
35	35	dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
36	36	dnl require some minimum version. Point them to the right macro.
37		m4_if([$1], [1.16.1], [],
	37	m4_if([$1], [1.16.2], [],
38	38	[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
39	39	])
40	40

50	50	# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
51	51	# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
52	52	AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
53		[AM_AUTOMAKE_VERSION([1.16.1])dnl
	53	[AM_AUTOMAKE_VERSION([1.16.2])dnl
54	54	m4_ifndef([AC_AUTOCONF_VERSION],
55	55	[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
56	56	_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
57	57
58	58	# AM_AUX_DIR_EXPAND -- Autoconf --
59	59
60		# Copyright (C) 2001-2018 Free Software Foundation, Inc.
	60	# Copyright (C) 2001-2020 Free Software Foundation, Inc.
61	61	#
62	62	# This file is free software; the Free Software Foundation
63	63	# gives unlimited permission to copy and/or distribute it,

109	109
110	110	# AM_CONDITIONAL -- Autoconf --
111	111
112		# Copyright (C) 1997-2018 Free Software Foundation, Inc.
	112	# Copyright (C) 1997-2020 Free Software Foundation, Inc.
113	113	#
114	114	# This file is free software; the Free Software Foundation
115	115	# gives unlimited permission to copy and/or distribute it,

140	140	Usually this means the macro was only invoked conditionally.]])
141	141	fi])])
142	142
143		# Copyright (C) 1999-2018 Free Software Foundation, Inc.
	143	# Copyright (C) 1999-2020 Free Software Foundation, Inc.
144	144	#
145	145	# This file is free software; the Free Software Foundation
146	146	# gives unlimited permission to copy and/or distribute it,

331	331
332	332	# Generate code to set up dependency tracking. -- Autoconf --
333	333
334		# Copyright (C) 1999-2018 Free Software Foundation, Inc.
	334	# Copyright (C) 1999-2020 Free Software Foundation, Inc.
335	335	#
336	336	# This file is free software; the Free Software Foundation
337	337	# gives unlimited permission to copy and/or distribute it,

370	370	done
371	371	if test $am_rc -ne 0; then
372	372	AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
373		for automatic dependency tracking. Try re-running configure with the
	373	for automatic dependency tracking. If GNU make was not used, consider
	374	re-running the configure script with MAKE="gmake" (or whatever is
	375	necessary). You can also try re-running configure with the
374	376	'--disable-dependency-tracking' option to at least be able to build
375	377	the package (albeit without support for automatic dependency tracking).])
376	378	fi

397	399
398	400	# Do all the work for Automake. -- Autoconf --
399	401
400		# Copyright (C) 1996-2018 Free Software Foundation, Inc.
	402	# Copyright (C) 1996-2020 Free Software Foundation, Inc.
401	403	#
402	404	# This file is free software; the Free Software Foundation
403	405	# gives unlimited permission to copy and/or distribute it,

594	596	done
595	597	echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
596	598
597		# Copyright (C) 2001-2018 Free Software Foundation, Inc.
	599	# Copyright (C) 2001-2020 Free Software Foundation, Inc.
598	600	#
599	601	# This file is free software; the Free Software Foundation
600	602	# gives unlimited permission to copy and/or distribute it,

615	617	fi
616	618	AC_SUBST([install_sh])])
617	619
618		# Copyright (C) 2003-2018 Free Software Foundation, Inc.
	620	# Copyright (C) 2003-2020 Free Software Foundation, Inc.
619	621	#
620	622	# This file is free software; the Free Software Foundation
621	623	# gives unlimited permission to copy and/or distribute it,

636	638
637	639	# Check to see how 'make' treats includes. -- Autoconf --
638	640
639		# Copyright (C) 2001-2018 Free Software Foundation, Inc.
	641	# Copyright (C) 2001-2020 Free Software Foundation, Inc.
640	642	#
641	643	# This file is free software; the Free Software Foundation
642	644	# gives unlimited permission to copy and/or distribute it,

679	681
680	682	# Fake the existence of programs that GNU maintainers use. -- Autoconf --
681	683
682		# Copyright (C) 1997-2018 Free Software Foundation, Inc.
	684	# Copyright (C) 1997-2020 Free Software Foundation, Inc.
683	685	#
684	686	# This file is free software; the Free Software Foundation
685	687	# gives unlimited permission to copy and/or distribute it,

718	720
719	721	# Helper functions for option handling. -- Autoconf --
720	722
721		# Copyright (C) 2001-2018 Free Software Foundation, Inc.
	723	# Copyright (C) 2001-2020 Free Software Foundation, Inc.
722	724	#
723	725	# This file is free software; the Free Software Foundation
724	726	# gives unlimited permission to copy and/or distribute it,

747	749	AC_DEFUN([_AM_IF_OPTION],
748	750	[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
749	751
750		# Copyright (C) 1999-2018 Free Software Foundation, Inc.
	752	# Copyright (C) 1999-2020 Free Software Foundation, Inc.
751	753	#
752	754	# This file is free software; the Free Software Foundation
753	755	# gives unlimited permission to copy and/or distribute it,

794	796	# For backward compatibility.
795	797	AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
796	798
797		# Copyright (C) 2001-2018 Free Software Foundation, Inc.
	799	# Copyright (C) 2001-2020 Free Software Foundation, Inc.
798	800	#
799	801	# This file is free software; the Free Software Foundation
800	802	# gives unlimited permission to copy and/or distribute it,

813	815
814	816	# Check to make sure that the build environment is sane. -- Autoconf --
815	817
816		# Copyright (C) 1996-2018 Free Software Foundation, Inc.
	818	# Copyright (C) 1996-2020 Free Software Foundation, Inc.
817	819	#
818	820	# This file is free software; the Free Software Foundation
819	821	# gives unlimited permission to copy and/or distribute it,

894	896	rm -f conftest.file
895	897	])
896	898
897		# Copyright (C) 2009-2018 Free Software Foundation, Inc.
	899	# Copyright (C) 2009-2020 Free Software Foundation, Inc.
898	900	#
899	901	# This file is free software; the Free Software Foundation
900	902	# gives unlimited permission to copy and/or distribute it,

954	956	_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
955	957	])
956	958
957		# Copyright (C) 2001-2018 Free Software Foundation, Inc.
	959	# Copyright (C) 2001-2020 Free Software Foundation, Inc.
958	960	#
959	961	# This file is free software; the Free Software Foundation
960	962	# gives unlimited permission to copy and/or distribute it,

982	984	INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
983	985	AC_SUBST([INSTALL_STRIP_PROGRAM])])
984	986
985		# Copyright (C) 2006-2018 Free Software Foundation, Inc.
	987	# Copyright (C) 2006-2020 Free Software Foundation, Inc.
986	988	#
987	989	# This file is free software; the Free Software Foundation
988	990	# gives unlimited permission to copy and/or distribute it,

1001	1003
1002	1004	# Check how to create a tarball. -- Autoconf --
1003	1005
1004		# Copyright (C) 2004-2018 Free Software Foundation, Inc.
	1006	# Copyright (C) 2004-2020 Free Software Foundation, Inc.
1005	1007	#
1006	1008	# This file is free software; the Free Software Foundation
1007	1009	# gives unlimited permission to copy and/or distribute it,

-2

compat/Makefile.in less more

0		# Makefile.in generated by automake 1.16.1 from Makefile.am.
	0	# Makefile.in generated by automake 1.16.2 from Makefile.am.
1	1	# @configure_input@
2	2
3		# Copyright (C) 1994-2018 Free Software Foundation, Inc.
	3	# Copyright (C) 1994-2020 Free Software Foundation, Inc.
4	4
5	5	# This Makefile.in is free software; the Free Software Foundation
6	6	# gives unlimited permission to copy and/or distribute it,

218	218	DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
219	219	ACLOCAL = @ACLOCAL@
220	220	AMTAR = @AMTAR@
	221	AM_CFLAGS = @AM_CFLAGS@
221	222	AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
	223	AM_LDFLAGS = @AM_LDFLAGS@
222	224	AR = @AR@
223	225	AUTOCONF = @AUTOCONF@
224	226	AUTOHEADER = @AUTOHEADER@

262	264	NMEDIT = @NMEDIT@
263	265	OBJDUMP = @OBJDUMP@
264	266	OBJEXT = @OBJEXT@
	267	OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
	268	OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@
265	269	OTOOL = @OTOOL@
266	270	OTOOL64 = @OTOOL64@
267	271	PACKAGE = @PACKAGE@

-3

compile less more

2	2
3	3	scriptversion=2018-03-07.03; # UTC
4	4
5		# Copyright (C) 1999-2018 Free Software Foundation, Inc.
	5	# Copyright (C) 1999-2020 Free Software Foundation, Inc.
6	6	# Written by Tom Tromey <tromey@cygnus.com>.
7	7	#
8	8	# This program is free software; you can redistribute it and/or modify

52	52	MINGW*)
53	53	file_conv=mingw
54	54	;;
55		CYGWIN*)
	55	CYGWIN* \| MSYS*)
56	56	file_conv=cygwin
57	57	;;
58	58	*)

66	66	mingw/*)
67	67	file=`cmd //C echo "$file " \| sed -e 's/"$.$ " $/\1/'`
68	68	;;
69		cygwin/*)
	69	cygwin/* \| msys/*)
70	70	file=`cygpath -m "$file" \|\| echo "$file"`
71	71	;;
72	72	wine/*)

+320

-149

configure less more

0	0	#! /bin/sh
1	1	# Guess values for system-dependent variables and create Makefiles.
2		# Generated by GNU Autoconf 2.69 for rpki-client 6.6p2.
	2	# Generated by GNU Autoconf 2.69 for rpki-client 6.7p0.
3	3	#
4	4	#
5	5	# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.

195	195	as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
196	196	eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
197	197	test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' \|\| exit 1
	198	test \$(( 1 + 1 )) = 2 \|\| exit 1
198	199
199	200	test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" \|\| (
200	201	ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'

202	203	ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
203	204	PATH=/empty FPATH=/empty; export PATH FPATH
204	205	test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
205		\|\| test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) \|\| exit 1
206		test \$(( 1 + 1 )) = 2 \|\| exit 1"
	206	\|\| test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) \|\| exit 1"
207	207	if (eval "$as_required") 2>/dev/null; then :
208	208	as_have_required=yes
209	209	else

586	586	# Identity of this package.
587	587	PACKAGE_NAME='rpki-client'
588	588	PACKAGE_TARNAME='rpki-client'
589		PACKAGE_VERSION='6.6p2'
590		PACKAGE_STRING='rpki-client 6.6p2'
	589	PACKAGE_VERSION='6.7p0'
	590	PACKAGE_STRING='rpki-client 6.7p0'
591	591	PACKAGE_BUGREPORT=''
592	592	PACKAGE_URL=''
593	593

636	636	RPKI_TAL_DIR
637	637	RSYNC
638	638	RPKI_USER
	639	OPENSSL_LDFLAGS
	640	OPENSSL_CFLAGS
639	641	HAVE_UNVEIL_FALSE
640	642	HAVE_UNVEIL_TRUE
641	643	HAVE_PLEDGE_FALSE

656	658	HAVE_RECALLOCARRAY_TRUE
657	659	HAVE_REALLOCARRAY_FALSE
658	660	HAVE_REALLOCARRAY_TRUE
	661	AM_LDFLAGS
	662	AM_CFLAGS
659	663	CPP
660	664	OTOOL64
661	665	OTOOL

676	680	FGREP
677	681	EGREP
678	682	GREP
	683	LIBTOOL
679	684	SED
680		LIBTOOL
681	685	HOST_SOLARIS_FALSE
682	686	HOST_SOLARIS_TRUE
683	687	HOST_NETBSD_FALSE

790	794	with_gnu_ld
791	795	with_sysroot
792	796	enable_libtool_lock
	797	enable_warnings
	798	with_openssl
	799	with_openssl_cflags
	800	with_openssl_ldflags
793	801	with_user
794	802	with_rsync
795	803	with_tal_dir

1345	1353	# Omit some internal or obsolete options to make the list less imposing.
1346	1354	# This message is too long to be a string in the A/UX 3.1 sh.
1347	1355	cat <<_ACEOF
1348		\`configure' configures rpki-client 6.6p2 to adapt to many kinds of systems.
	1356	\`configure' configures rpki-client 6.7p0 to adapt to many kinds of systems.
1349	1357
1350	1358	Usage: $0 [OPTION]... [VAR=VALUE]...
1351	1359

1415	1423
1416	1424	if test -n "$ac_init_help"; then
1417	1425	case $ac_init_help in
1418		short \| recursive ) echo "Configuration of rpki-client 6.6p2:";;
	1426	short \| recursive ) echo "Configuration of rpki-client 6.7p0:";;
1419	1427	esac
1420	1428	cat <<\_ACEOF
1421	1429

1434	1442	--enable-fast-install[=PKGS]
1435	1443	optimize for fast installation [default=yes]
1436	1444	--disable-libtool-lock avoid locking (might break parallel builds)
	1445	--disable-warnings enable compiler warnings [default=enabled]
1437	1446
1438	1447	Optional Packages:
1439	1448	--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]

1443	1452	--with-gnu-ld assume the C compiler uses GNU ld [default=no]
1444	1453	--with-sysroot=DIR Search for dependent libraries within DIR
1445	1454	(or the compiler's sysroot if not specified).
	1455	--with-openssl=pkg-name Use pkg-config(1) pkg-name to find OpenSSL files
	1456	--with-openssl-cflags=STRING
	1457	Extra compiler flags to build with OpenSSL
	1458	--with-openssl-ldflags=STRING
	1459	Extra flags for linker to link with OpenSSL
	1460	libraries
1446	1461	--with-user=user User for rpki-client to use when run as root
1447	1462	--with-rsync=command Rsync command to use
1448	1463	--with-tal-dir=path Path to the default TAL directory

1525	1540	test -n "$ac_init_help" && exit $ac_status
1526	1541	if $ac_init_version; then
1527	1542	cat <<\_ACEOF
1528		rpki-client configure 6.6p2
	1543	rpki-client configure 6.7p0
1529	1544	generated by GNU Autoconf 2.69
1530	1545
1531	1546	Copyright (C) 2012 Free Software Foundation, Inc.

1623	1638
1624	1639	} # ac_fn_c_try_link
1625	1640
1626		# ac_fn_c_check_func LINENO FUNC VAR
1627		# ----------------------------------
1628		# Tests whether FUNC exists, setting the cache variable VAR accordingly
1629		ac_fn_c_check_func ()
1630		{
1631		as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1632		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1633		$as_echo_n "checking for $2... " >&6; }
1634		if eval \${$3+:} false; then :
1635		$as_echo_n "(cached) " >&6
1636		else
1637		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1638		/* end confdefs.h. */
1639		/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
1640		For example, HP-UX 11i <limits.h> declares gettimeofday. */
1641		#define $2 innocuous_$2
1642
1643		/* System header to define __stub macros and hopefully few prototypes,
1644		which can conflict with char $2 (); below.
1645		Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
1646		<limits.h> exists even on freestanding compilers. */
1647
1648		#ifdef __STDC__
1649		# include <limits.h>
1650		#else
1651		# include <assert.h>
1652		#endif
1653
1654		#undef $2
1655
1656		/* Override any GCC internal prototype to avoid an error.
1657		Use char because int might match the return type of a GCC
1658		builtin and then its argument prototype would still apply. */
1659		#ifdef __cplusplus
1660		extern "C"
1661		#endif
1662		char $2 ();
1663		/* The GNU C library defines this for functions which it implements
1664		to always fail with ENOSYS. Some functions are actually named
1665		something starting with __ and the normal name is an alias. */
1666		#if defined __stub_$2 \|\| defined __stub___$2
1667		choke me
1668		#endif
1669
1670		int
1671		main ()
1672		{
1673		return $2 ();
1674		;
1675		return 0;
1676		}
1677		_ACEOF
1678		if ac_fn_c_try_link "$LINENO"; then :
1679		eval "$3=yes"
1680		else
1681		eval "$3=no"
1682		fi
1683		rm -f core conftest.err conftest.$ac_objext \
1684		conftest$ac_exeext conftest.$ac_ext
1685		fi
1686		eval ac_res=\$$3
1687		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1688		$as_echo "$ac_res" >&6; }
1689		eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1690
1691		} # ac_fn_c_check_func
1692
1693	1641	# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
1694	1642	# -------------------------------------------------------
1695	1643	# Tests whether HEADER exists and can be compiled using the include files in

1800	1748
1801	1749	} # ac_fn_c_try_run
1802	1750
	1751	# ac_fn_c_check_func LINENO FUNC VAR
	1752	# ----------------------------------
	1753	# Tests whether FUNC exists, setting the cache variable VAR accordingly
	1754	ac_fn_c_check_func ()
	1755	{
	1756	as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
	1757	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
	1758	$as_echo_n "checking for $2... " >&6; }
	1759	if eval \${$3+:} false; then :
	1760	$as_echo_n "(cached) " >&6
	1761	else
	1762	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	1763	/* end confdefs.h. */
	1764	/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
	1765	For example, HP-UX 11i <limits.h> declares gettimeofday. */
	1766	#define $2 innocuous_$2
	1767
	1768	/* System header to define __stub macros and hopefully few prototypes,
	1769	which can conflict with char $2 (); below.
	1770	Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
	1771	<limits.h> exists even on freestanding compilers. */
	1772
	1773	#ifdef __STDC__
	1774	# include <limits.h>
	1775	#else
	1776	# include <assert.h>
	1777	#endif
	1778
	1779	#undef $2
	1780
	1781	/* Override any GCC internal prototype to avoid an error.
	1782	Use char because int might match the return type of a GCC
	1783	builtin and then its argument prototype would still apply. */
	1784	#ifdef __cplusplus
	1785	extern "C"
	1786	#endif
	1787	char $2 ();
	1788	/* The GNU C library defines this for functions which it implements
	1789	to always fail with ENOSYS. Some functions are actually named
	1790	something starting with __ and the normal name is an alias. */
	1791	#if defined __stub_$2 \|\| defined __stub___$2
	1792	choke me
	1793	#endif
	1794
	1795	int
	1796	main ()
	1797	{
	1798	return $2 ();
	1799	;
	1800	return 0;
	1801	}
	1802	_ACEOF
	1803	if ac_fn_c_try_link "$LINENO"; then :
	1804	eval "$3=yes"
	1805	else
	1806	eval "$3=no"
	1807	fi
	1808	rm -f core conftest.err conftest.$ac_objext \
	1809	conftest$ac_exeext conftest.$ac_ext
	1810	fi
	1811	eval ac_res=\$$3
	1812	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
	1813	$as_echo "$ac_res" >&6; }
	1814	eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
	1815
	1816	} # ac_fn_c_check_func
	1817
1803	1818	# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
1804	1819	# -------------------------------------------------------
1805	1820	# Tests whether HEADER exists, giving a warning if it cannot be compiled using

1890	1905	This file contains any messages produced by compilers while
1891	1906	running configure, to aid debugging if configure makes a mistake.
1892	1907
1893		It was created by rpki-client $as_me 6.6p2, which was
	1908	It was created by rpki-client $as_me 6.7p0, which was
1894	1909	generated by GNU Autoconf 2.69. Invocation command line was
1895	1910
1896	1911	$ $0 $@

2825	2840
2826	2841	# Define the identity of the package.
2827	2842	PACKAGE='rpki-client'
2828		VERSION='6.6p2'
	2843	VERSION='6.7p0'
2829	2844
2830	2845
2831	2846	cat >>confdefs.h <<_ACEOF

3881	3896	fi
3882	3897
3883	3898
3884
3885		ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr"
3886		if test "x$ac_cv_func_dl_iterate_phdr" = xyes; then :
3887
3888		else
3889		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dl_iterate_phdr" >&5
3890		$as_echo_n "checking for library containing dl_iterate_phdr... " >&6; }
3891		if ${ac_cv_search_dl_iterate_phdr+:} false; then :
	3899	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
	3900	$as_echo_n "checking for a sed that does not truncate output... " >&6; }
	3901	if ${ac_cv_path_SED+:} false; then :
3892	3902	$as_echo_n "(cached) " >&6
3893	3903	else
3894		ac_func_search_save_LIBS=$LIBS
3895		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3896		/* end confdefs.h. */
3897
3898		/* Override any GCC internal prototype to avoid an error.
3899		Use char because int might match the return type of a GCC
3900		builtin and then its argument prototype would still apply. */
3901		#ifdef __cplusplus
3902		extern "C"
3903		#endif
3904		char dl_iterate_phdr ();
3905		int
3906		main ()
3907		{
3908		return dl_iterate_phdr ();
3909		;
3910		return 0;
3911		}
3912		_ACEOF
3913		for ac_lib in '' dl; do
3914		if test -z "$ac_lib"; then
3915		ac_res="none required"
3916		else
3917		ac_res=-l$ac_lib
3918		LIBS="-l$ac_lib $ac_func_search_save_LIBS"
	3904	ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
	3905	for ac_i in 1 2 3 4 5 6 7; do
	3906	ac_script="$ac_script$as_nl$ac_script"
	3907	done
	3908	echo "$ac_script" 2>/dev/null \| sed 99q >conftest.sed
	3909	{ ac_script=; unset ac_script;}
	3910	if test -z "$SED"; then
	3911	ac_path_SED_found=false
	3912	# Loop through the user's path and test for each of PROGNAME-LIST
	3913	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
	3914	for as_dir in $PATH
	3915	do
	3916	IFS=$as_save_IFS
	3917	test -z "$as_dir" && as_dir=.
	3918	for ac_prog in sed gsed; do
	3919	for ac_exec_ext in '' $ac_executable_extensions; do
	3920	ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
	3921	as_fn_executable_p "$ac_path_SED" \|\| continue
	3922	# Check for GNU ac_path_SED and select it if it is found.
	3923	# Check for GNU $ac_path_SED
	3924	case `"$ac_path_SED" --version 2>&1` in
	3925	GNU)
	3926	ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
	3927	*)
	3928	ac_count=0
	3929	$as_echo_n 0123456789 >"conftest.in"
	3930	while :
	3931	do
	3932	cat "conftest.in" "conftest.in" >"conftest.tmp"
	3933	mv "conftest.tmp" "conftest.in"
	3934	cp "conftest.in" "conftest.nl"
	3935	$as_echo '' >> "conftest.nl"
	3936	"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null \|\| break
	3937	diff "conftest.out" "conftest.nl" >/dev/null 2>&1 \|\| break
	3938	as_fn_arith $ac_count + 1 && ac_count=$as_val
	3939	if test $ac_count -gt ${ac_path_SED_max-0}; then
	3940	# Best one so far, save it but keep looking for a better one
	3941	ac_cv_path_SED="$ac_path_SED"
	3942	ac_path_SED_max=$ac_count
	3943	fi
	3944	# 10*(2^10) chars as input seems more than enough
	3945	test $ac_count -gt 10 && break
	3946	done
	3947	rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
	3948	esac
	3949
	3950	$ac_path_SED_found && break 3
	3951	done
	3952	done
	3953	done
	3954	IFS=$as_save_IFS
	3955	if test -z "$ac_cv_path_SED"; then
	3956	as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
3919	3957	fi
3920		if ac_fn_c_try_link "$LINENO"; then :
3921		ac_cv_search_dl_iterate_phdr=$ac_res
3922		fi
3923		rm -f core conftest.err conftest.$ac_objext \
3924		conftest$ac_exeext
3925		if ${ac_cv_search_dl_iterate_phdr+:} false; then :
3926		break
3927		fi
3928		done
3929		if ${ac_cv_search_dl_iterate_phdr+:} false; then :
3930
3931		else
3932		ac_cv_search_dl_iterate_phdr=no
3933		fi
3934		rm conftest.$ac_ext
3935		LIBS=$ac_func_search_save_LIBS
3936		fi
3937		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dl_iterate_phdr" >&5
3938		$as_echo "$ac_cv_search_dl_iterate_phdr" >&6; }
3939		ac_res=$ac_cv_search_dl_iterate_phdr
3940		if test "$ac_res" != no; then :
3941		test "$ac_res" = "none required" \|\| LIBS="$ac_res $LIBS"
3942
3943		fi
3944
3945		fi
3946
	3958	else
	3959	ac_cv_path_SED=$SED
	3960	fi
	3961
	3962	fi
	3963	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
	3964	$as_echo "$ac_cv_path_SED" >&6; }
	3965	SED="$ac_cv_path_SED"
	3966	rm -f conftest.sed
3947	3967
3948	3968	ac_ext=c
3949	3969	ac_cpp='$CPP $CPPFLAGS'

6476	6496	$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
6477	6497	sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
6478	6498	test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
	6499
6479	6500
6480	6501
6481	6502

12475	12496
12476	12497
12477	12498
12478		save_cflags="$CFLAGS"
12479		CFLAGS=-Wno-pointer-sign
12480		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether CC supports -Wno-pointer-sign" >&5
	12499	# Check whether --enable-warnings was given.
	12500	if test "${enable_warnings+set}" = set; then :
	12501	enableval=$enable_warnings; case $enableval in
	12502	yes) enable_warnings=yes;;
	12503	no) enable_warnings=no;;
	12504	*) enable_warnings=yes;; esac
	12505	else
	12506	enable_warnings=yes
	12507	fi
	12508
	12509
	12510	if test "$enable_warnings" = yes; then
	12511	AM_CFLAGS="$AM_CFLAGS -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith -Wsign-compare -Werror-implicit-function-declaration"
	12512	#AC_SUBST(AM_CFLAGS, ["-Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith -Wsign-compare -Werror-implicit-function-declaration"])
	12513
	12514	save_cflags="$CFLAGS"
	12515	CFLAGS=-Wno-pointer-sign
	12516	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether CC supports -Wno-pointer-sign" >&5
12481	12517	$as_echo_n "checking whether CC supports -Wno-pointer-sign... " >&6; }
12482		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	12518	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12483	12519	/* end confdefs.h. */
12484	12520
12485	12521	int

12493	12529	if ac_fn_c_try_compile "$LINENO"; then :
12494	12530	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12495	12531	$as_echo "yes" >&6; }
12496		AM_CFLAGS=-Wno-pointer-sign
	12532	WARN_CFLAGS=-Wno-pointer-sign
12497	12533	else
12498	12534	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12499	12535	$as_echo "no" >&6; }
12500	12536
12501	12537	fi
12502	12538	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12503		CFLAGS="$save_cflags $AM_CFLAGS"
	12539	AM_CFLAGS="$AM_CFLAGS $WARN_CFLAGS"
	12540	CFLAGS="$save_cflags"
	12541	fi
12504	12542
12505	12543	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiling with clang" >&5
12506	12544	$as_echo_n "checking if compiling with clang... " >&6; }

12529	12567
12530	12568	fi
12531	12569	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12532		CFLAGS="$CFLAGS $CLANG_CFLAGS"
12533		LDFLAGS="$LDFLAGS $CLANG_FLAGS"
	12570	AM_CFLAGS="$AM_CFLAGS $CLANG_FLAGS"
	12571	AM_LDFLAGS="$LDFLAGS $CLANG_FLAGS"
	12572
	12573
12534	12574
12535	12575	# check functions that are expected to be in libc
12536	12576	for ac_func in reallocarray recallocarray

12757	12797	done
12758	12798
12759	12799
	12800
	12801	# Check whether --with-openssl was given.
	12802	if test "${with_openssl+set}" = set; then :
	12803	withval=$with_openssl; PKG_NAME="$withval"
	12804
	12805	fi
	12806
	12807	if test X"$PKG_NAME" != X; then
	12808	OPENSSL_CFLAGS=`pkg-config --cflags-only-I $PKG_NAME 2>/dev/null`
	12809	OPENSSL_LDFLAGS=`pkg-config --libs-only-L $PKG_NAME 2>/dev/null`
	12810	fi
	12811
	12812
	12813	# Check whether --with-openssl-cflags was given.
	12814	if test "${with_openssl_cflags+set}" = set; then :
	12815	withval=$with_openssl_cflags; OPENSSL_CFLAGS="$withval"
	12816
	12817	fi
	12818
	12819
	12820	# Check whether --with-openssl-ldflags was given.
	12821	if test "${with_openssl_ldflags+set}" = set; then :
	12822	withval=$with_openssl_ldflags; OPENSSL_LDFLAGS="$withval"
	12823
	12824	fi
	12825
	12826
	12827
	12828
	12829	CFLAGS="$CFLAGS $OPENSSL_CFLAGS"
	12830	CPPFLAGS="$CPPFLAGS $OPENSSL_CFLAGS"
	12831	LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
	12832
12760	12833	for ac_header in openssl/cms.h openssl/err.h openssl/evp.h openssl/ssl.h openssl/x509.h openssl/x509v3.h
12761	12834	do :
12762	12835	as_ac_Header=`$as_echo "ac_cv_header_$ac_header" \| $as_tr_sh`

12766	12839	#define `$as_echo "HAVE_$ac_header" \| $as_tr_cpp` 1
12767	12840	_ACEOF
12768	12841
	12842	else
	12843	as_fn_error $? "OpenSSL headers required" "$LINENO" 5
12769	12844	fi
12770	12845
12771	12846	done
	12847
	12848	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ASN1_STRING_get0_data in -lcrypto" >&5
	12849	$as_echo_n "checking for ASN1_STRING_get0_data in -lcrypto... " >&6; }
	12850	if ${ac_cv_lib_crypto_ASN1_STRING_get0_data+:} false; then :
	12851	$as_echo_n "(cached) " >&6
	12852	else
	12853	ac_check_lib_save_LIBS=$LIBS
	12854	LIBS="-lcrypto $LIBS"
	12855	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	12856	/* end confdefs.h. */
	12857
	12858	/* Override any GCC internal prototype to avoid an error.
	12859	Use char because int might match the return type of a GCC
	12860	builtin and then its argument prototype would still apply. */
	12861	#ifdef __cplusplus
	12862	extern "C"
	12863	#endif
	12864	char ASN1_STRING_get0_data ();
	12865	int
	12866	main ()
	12867	{
	12868	return ASN1_STRING_get0_data ();
	12869	;
	12870	return 0;
	12871	}
	12872	_ACEOF
	12873	if ac_fn_c_try_link "$LINENO"; then :
	12874	ac_cv_lib_crypto_ASN1_STRING_get0_data=yes
	12875	else
	12876	ac_cv_lib_crypto_ASN1_STRING_get0_data=no
	12877	fi
	12878	rm -f core conftest.err conftest.$ac_objext \
	12879	conftest$ac_exeext conftest.$ac_ext
	12880	LIBS=$ac_check_lib_save_LIBS
	12881	fi
	12882	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_ASN1_STRING_get0_data" >&5
	12883	$as_echo "$ac_cv_lib_crypto_ASN1_STRING_get0_data" >&6; }
	12884	if test "x$ac_cv_lib_crypto_ASN1_STRING_get0_data" = xyes; then :
	12885	cat >>confdefs.h <<_ACEOF
	12886	#define HAVE_LIBCRYPTO 1
	12887	_ACEOF
	12888
	12889	LIBS="-lcrypto $LIBS"
	12890
	12891	else
	12892	as_fn_error $? "OpenSSL libraries required" "$LINENO" 5
	12893	fi
	12894
	12895	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for X509_up_ref in -lcrypto" >&5
	12896	$as_echo_n "checking for X509_up_ref in -lcrypto... " >&6; }
	12897	if ${ac_cv_lib_crypto_X509_up_ref+:} false; then :
	12898	$as_echo_n "(cached) " >&6
	12899	else
	12900	ac_check_lib_save_LIBS=$LIBS
	12901	LIBS="-lcrypto $LIBS"
	12902	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
	12903	/* end confdefs.h. */
	12904
	12905	/* Override any GCC internal prototype to avoid an error.
	12906	Use char because int might match the return type of a GCC
	12907	builtin and then its argument prototype would still apply. */
	12908	#ifdef __cplusplus
	12909	extern "C"
	12910	#endif
	12911	char X509_up_ref ();
	12912	int
	12913	main ()
	12914	{
	12915	return X509_up_ref ();
	12916	;
	12917	return 0;
	12918	}
	12919	_ACEOF
	12920	if ac_fn_c_try_link "$LINENO"; then :
	12921	ac_cv_lib_crypto_X509_up_ref=yes
	12922	else
	12923	ac_cv_lib_crypto_X509_up_ref=no
	12924	fi
	12925	rm -f core conftest.err conftest.$ac_objext \
	12926	conftest$ac_exeext conftest.$ac_ext
	12927	LIBS=$ac_check_lib_save_LIBS
	12928	fi
	12929	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_X509_up_ref" >&5
	12930	$as_echo "$ac_cv_lib_crypto_X509_up_ref" >&6; }
	12931	if test "x$ac_cv_lib_crypto_X509_up_ref" = xyes; then :
	12932	cat >>confdefs.h <<_ACEOF
	12933	#define HAVE_LIBCRYPTO 1
	12934	_ACEOF
	12935
	12936	LIBS="-lcrypto $LIBS"
	12937
	12938	else
	12939	as_fn_error $? "OpenSSL libraries required" "$LINENO" 5
	12940	fi
12772	12941
12773	12942
12774	12943

13513	13682	# report actual input values of CONFIG_FILES etc. instead of their
13514	13683	# values after options handling.
13515	13684	ac_log="
13516		This file was extended by rpki-client $as_me 6.6p2, which was
	13685	This file was extended by rpki-client $as_me 6.7p0, which was
13517	13686	generated by GNU Autoconf 2.69. Invocation command line was
13518	13687
13519	13688	CONFIG_FILES = $CONFIG_FILES

13570	13739	cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1
13571	13740	ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
13572	13741	ac_cs_version="\\
13573		rpki-client config.status 6.6p2
	13742	rpki-client config.status 6.7p0
13574	13743	configured by $0, generated by GNU Autoconf 2.69,
13575	13744	with options \\"\$ac_cs_config\\"
13576	13745

14482	14651	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14483	14652	$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14484	14653	as_fn_error $? "Something went wrong bootstrapping makefile fragments
14485		for automatic dependency tracking. Try re-running configure with the
	14654	for automatic dependency tracking. If GNU make was not used, consider
	14655	re-running the configure script with MAKE=\"gmake\" (or whatever is
	14656	necessary). You can also try re-running configure with the
14486	14657	'--disable-dependency-tracking' option to at least be able to build
14487	14658	the package (albeit without support for automatic dependency tracking).
14488	14659	See \`config.log' for more details" "$LINENO" 5; }

+59

-15

configure.ac less more

54	54	AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
55	55	AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
56	56
57		AC_CHECK_FUNC([dl_iterate_phdr],,
58		[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
59
	57	AC_PROG_SED
60	58	AC_PROG_CC
61	59	AC_PROG_CC_STDC
62	60	AM_PROG_CC_C_O
63	61	AC_PROG_LIBTOOL
64	62
65		save_cflags="$CFLAGS"
66		CFLAGS=-Wno-pointer-sign
67		AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
68		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
69		[AC_MSG_RESULT([yes])]
70		[AM_CFLAGS=-Wno-pointer-sign],
71		[AC_MSG_RESULT([no])]
72		)
73		CFLAGS="$save_cflags $AM_CFLAGS"
	63	AC_ARG_ENABLE(warnings,
	64	AS_HELP_STRING([--disable-warnings],
	65	[ enable compiler warnings [default=enabled]]),
	66	[case $enableval in
	67	yes) enable_warnings=yes;;
	68	no) enable_warnings=no;;
	69	*) enable_warnings=yes;; esac],
	70	enable_warnings=yes)
	71
	72	if test "$enable_warnings" = yes; then
	73	AM_CFLAGS="$AM_CFLAGS -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith -Wsign-compare -Werror-implicit-function-declaration"
	74	#AC_SUBST(AM_CFLAGS, ["-Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -Wpointer-arith -Wsign-compare -Werror-implicit-function-declaration"])
	75
	76	save_cflags="$CFLAGS"
	77	CFLAGS=-Wno-pointer-sign
	78	AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
	79	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
	80	[AC_MSG_RESULT([yes])]
	81	[WARN_CFLAGS=-Wno-pointer-sign],
	82	[AC_MSG_RESULT([no])]
	83	)
	84	AM_CFLAGS="$AM_CFLAGS $WARN_CFLAGS"
	85	CFLAGS="$save_cflags"
	86	fi
74	87
75	88	AC_MSG_CHECKING([if compiling with clang])
76	89	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[

82	95	[CLANG_FLAGS=-Qunused-arguments],
83	96	[AC_MSG_RESULT([no])]
84	97	)
85		CFLAGS="$CFLAGS $CLANG_CFLAGS"
86		LDFLAGS="$LDFLAGS $CLANG_FLAGS"
	98	AM_CFLAGS="$AM_CFLAGS $CLANG_FLAGS"
	99	AM_LDFLAGS="$LDFLAGS $CLANG_FLAGS"
	100	AC_SUBST(AM_CFLAGS)
	101	AC_SUBST(AM_LDFLAGS)
87	102
88	103	# check functions that are expected to be in libc
89	104	AC_CHECK_FUNCS([reallocarray recallocarray])

109	124
110	125	AC_CHECK_HEADERS([err.h sha2.h])
111	126
112		AC_CHECK_HEADERS([openssl/cms.h openssl/err.h openssl/evp.h openssl/ssl.h openssl/x509.h openssl/x509v3.h])
	127	AC_ARG_WITH([openssl],
	128	AS_HELP_STRING([--with-openssl=pkg-name],
	129	[Use pkg-config(1) pkg-name to find OpenSSL files]),
	130	PKG_NAME="$withval"
	131	)
	132	if test X"$PKG_NAME" != X; then
	133	OPENSSL_CFLAGS=`pkg-config --cflags-only-I $PKG_NAME 2>/dev/null`
	134	OPENSSL_LDFLAGS=`pkg-config --libs-only-L $PKG_NAME 2>/dev/null`
	135	fi
	136
	137	AC_ARG_WITH([openssl-cflags],
	138	AS_HELP_STRING([--with-openssl-cflags=STRING],
	139	[Extra compiler flags to build with OpenSSL]),
	140	OPENSSL_CFLAGS="$withval"
	141	)
	142	AC_ARG_WITH([openssl-ldflags],
	143	AS_HELP_STRING([--with-openssl-ldflags=STRING],
	144	[Extra flags for linker to link with OpenSSL libraries]),
	145	OPENSSL_LDFLAGS="$withval"
	146	)
	147	AC_SUBST(OPENSSL_CFLAGS)
	148	AC_SUBST(OPENSSL_LDFLAGS)
	149
	150	CFLAGS="$CFLAGS $OPENSSL_CFLAGS"
	151	CPPFLAGS="$CPPFLAGS $OPENSSL_CFLAGS"
	152	LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
	153
	154	AC_CHECK_HEADERS([openssl/cms.h openssl/err.h openssl/evp.h openssl/ssl.h openssl/x509.h openssl/x509v3.h], [], [AC_MSG_ERROR([OpenSSL headers required])])
	155	AC_CHECK_LIB([crypto], [ASN1_STRING_get0_data], [], [AC_MSG_ERROR([OpenSSL libraries required])])
	156	AC_CHECK_LIB([crypto], [X509_up_ref], [], [AC_MSG_ERROR([OpenSSL libraries required])])
113	157
114	158	AC_ARG_WITH([user],
115	159	AS_HELP_STRING([--with-user=user],

-1

depcomp less more

2	2
3	3	scriptversion=2018-03-07.03; # UTC
4	4
5		# Copyright (C) 1999-2018 Free Software Foundation, Inc.
	5	# Copyright (C) 1999-2020 Free Software Foundation, Inc.
6	6
7	7	# This program is free software; you can redistribute it and/or modify
8	8	# it under the terms of the GNU General Public License as published by

-2

include/Makefile.in less more

0		# Makefile.in generated by automake 1.16.1 from Makefile.am.
	0	# Makefile.in generated by automake 1.16.2 from Makefile.am.
1	1	# @configure_input@
2	2
3		# Copyright (C) 1994-2018 Free Software Foundation, Inc.
	3	# Copyright (C) 1994-2020 Free Software Foundation, Inc.
4	4
5	5	# This Makefile.in is free software; the Free Software Foundation
6	6	# gives unlimited permission to copy and/or distribute it,

143	143	DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
144	144	ACLOCAL = @ACLOCAL@
145	145	AMTAR = @AMTAR@
	146	AM_CFLAGS = @AM_CFLAGS@
146	147	AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
	148	AM_LDFLAGS = @AM_LDFLAGS@
147	149	AR = @AR@
148	150	AUTOCONF = @AUTOCONF@
149	151	AUTOHEADER = @AUTOHEADER@

187	189	NMEDIT = @NMEDIT@
188	190	OBJDUMP = @OBJDUMP@
189	191	OBJEXT = @OBJEXT@
	192	OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
	193	OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@
190	194	OTOOL = @OTOOL@
191	195	OTOOL64 = @OTOOL64@
192	196	PACKAGE = @PACKAGE@

+12

-1

install-sh less more

450	450	trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
451	451
452	452	# Copy the file name to the temp name.
453		(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
	453	(umask $cp_umask &&
	454	{ test -z "$stripcmd" \|\| {
	455	# Create $dsttmp read-write so that cp doesn't create it read-only,
	456	# which would cause strip to fail.
	457	if test -z "$doit"; then
	458	: >"$dsttmp" # No need to fork-exec 'touch'.
	459	else
	460	$doit touch "$dsttmp"
	461	fi
	462	}
	463	} &&
	464	$doit_exec $cpprog "$src" "$dsttmp") &&
454	465
455	466	# and set any options; do chmod last to preserve setuid bits.
456	467	#

-1

missing less more

2	2
3	3	scriptversion=2018-03-07.03; # UTC
4	4
5		# Copyright (C) 1996-2018 Free Software Foundation, Inc.
	5	# Copyright (C) 1996-2020 Free Software Foundation, Inc.
6	6	# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
7	7
8	8	# This program is free software; you can redistribute it and/or modify

+15

-2

src/Makefile.am less more

18	18	ACLOCAL_AMFLAGS = -Im4
19	19
20	20	sbin_PROGRAMS = rpki-client
21		dist_man_MANS = rpki-client.8
	21	man_MANS = rpki-client.8
22	22
23		rpki_client_CFLAGS = $(CFLAGS)
	23	EXTRA_DIST = rpki-client.8.in
	24	CLEANFILES = rpki-client.8
	25
	26	rpki_client_CFLAGS = $(AM_CFLAGS)
24	27	rpki_client_CFLAGS += -DRPKI_PATH_TAL_DIR=\"$(RPKI_TAL_DIR)\"
25	28	rpki_client_CFLAGS += -DRPKI_PATH_BASE_DIR=\"$(RPKI_BASE_DIR)\"
26	29	rpki_client_CFLAGS += -DRPKI_PATH_OUT_DIR=\"$(RPKI_OUT_DIR)\"

49	52	rpki_client_SOURCES += validate.c
50	53	rpki_client_SOURCES += x509.c
51	54
	55	rpki_client_DEPENDENCIES = rpki-client.8
	56
52	57	noinst_HEADERS = extern.h
	58
	59	rpki-client.8: rpki-client.8.in
	60	$(SED) \
	61	-e 's\|@RPKI_TAL_DIR[@]\|$(RPKI_TAL_DIR)\|g' \
	62	-e 's\|@RPKI_BASE_DIR[@]\|$(RPKI_BASE_DIR)\|g' \
	63	-e 's\|@RPKI_OUT_DIR[@]\|$(RPKI_OUT_DIR)\|g' \
	64	-e 's\|@RSYNC[@]\|$(RSYNC)\|g' \
	65	'$(srcdir)/rpki-client.8.in' >$@

+26

-12

src/Makefile.in less more

0		# Makefile.in generated by automake 1.16.1 from Makefile.am.
	0	# Makefile.in generated by automake 1.16.2 from Makefile.am.
1	1	# @configure_input@
2	2
3		# Copyright (C) 1994-2018 Free Software Foundation, Inc.
	3	# Copyright (C) 1994-2020 Free Software Foundation, Inc.
4	4
5	5	# This Makefile.in is free software; the Free Software Foundation
6	6	# gives unlimited permission to copy and/or distribute it,

131	131	rpki_client-rsync.$(OBJEXT) rpki_client-tal.$(OBJEXT) \
132	132	rpki_client-validate.$(OBJEXT) rpki_client-x509.$(OBJEXT)
133	133	rpki_client_OBJECTS = $(am_rpki_client_OBJECTS)
134		rpki_client_DEPENDENCIES = $(top_builddir)/compat/libcompat.la \
135		$(top_builddir)/compat/libcompatnoopt.la
136	134	AM_V_lt = $(am__v_lt_@AM_V@)
137	135	am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
138	136	am__v_lt_0 = --silent

225	223	}
226	224	man8dir = $(mandir)/man8
227	225	NROFF = nroff
228		MANS = $(dist_man_MANS)
	226	MANS = $(man_MANS)
229	227	HEADERS = $(noinst_HEADERS)
230	228	am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
231	229	# Read a list of newline-separated strings from the standard input,

246	244	done \| $(am__uniquify_input)`
247	245	ETAGS = etags
248	246	CTAGS = ctags
249		am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
250		$(top_srcdir)/depcomp
	247	am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
251	248	DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
252	249	ACLOCAL = @ACLOCAL@
253	250	AMTAR = @AMTAR@
	251	AM_CFLAGS = @AM_CFLAGS@
254	252	AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
	253	AM_LDFLAGS = @AM_LDFLAGS@
255	254	AR = @AR@
256	255	AUTOCONF = @AUTOCONF@
257	256	AUTOHEADER = @AUTOHEADER@

295	294	NMEDIT = @NMEDIT@
296	295	OBJDUMP = @OBJDUMP@
297	296	OBJEXT = @OBJEXT@
	297	OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
	298	OPENSSL_LDFLAGS = @OPENSSL_LDFLAGS@
298	299	OTOOL = @OTOOL@
299	300	OTOOL64 = @OTOOL64@
300	301	PACKAGE = @PACKAGE@

370	371	top_srcdir = @top_srcdir@
371	372	AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
372	373	ACLOCAL_AMFLAGS = -Im4
373		dist_man_MANS = rpki-client.8
374		rpki_client_CFLAGS = $(CFLAGS) -DRPKI_PATH_TAL_DIR=\"$(RPKI_TAL_DIR)\" \
	374	man_MANS = rpki-client.8
	375	EXTRA_DIST = rpki-client.8.in
	376	CLEANFILES = rpki-client.8
	377	rpki_client_CFLAGS = $(AM_CFLAGS) \
	378	-DRPKI_PATH_TAL_DIR=\"$(RPKI_TAL_DIR)\" \
375	379	-DRPKI_PATH_BASE_DIR=\"$(RPKI_BASE_DIR)\" \
376	380	-DRPKI_PATH_OUT_DIR=\"$(RPKI_OUT_DIR)\"
377	381	rpki_client_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) -lcrypto \

380	384	rpki_client_SOURCES = as.c cert.c cms.c crl.c io.c ip.c log.c main.c \
381	385	mft.c output.c output-bgpd.c output-bird.c output-csv.c \
382	386	output-json.c roa.c rsync.c tal.c validate.c x509.c
	387	rpki_client_DEPENDENCIES = rpki-client.8
383	388	noinst_HEADERS = extern.h
384	389	all: all-am
385	390

795	800
796	801	clean-libtool:
797	802	-rm -rf .libs _libs
798		install-man8: $(dist_man_MANS)
	803	install-man8: $(man_MANS)
799	804	@$(NORMAL_INSTALL)
800	805	@list1=''; \
801		list2='$(dist_man_MANS)'; \
	806	list2='$(man_MANS)'; \
802	807	test -n "$(man8dir)" \
803	808	&& test -n "`echo $$list1$$list2`" \
804	809	\|\| exit 0; \

833	838	@$(NORMAL_UNINSTALL)
834	839	@list=''; test -n "$(man8dir)" \|\| exit 0; \
835	840	files=`{ for i in $$list; do echo "$$i"; done; \
836		l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done \| \
	841	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done \| \
837	842	sed -n '/\.8[a-z]*$$/p'; \
838	843	} \| sed -e 's,./,,;h;s,.\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
839	844	-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \

953	958	mostlyclean-generic:
954	959
955	960	clean-generic:
	961	-test -z "$(CLEANFILES)" \|\| rm -f $(CLEANFILES)
956	962
957	963	distclean-generic:
958	964	-test -z "$(CONFIG_CLEAN_FILES)" \|\| rm -f $(CONFIG_CLEAN_FILES)

1090	1096	.PRECIOUS: Makefile
1091	1097
1092	1098
	1099	rpki-client.8: rpki-client.8.in
	1100	$(SED) \
	1101	-e 's\|@RPKI_TAL_DIR[@]\|$(RPKI_TAL_DIR)\|g' \
	1102	-e 's\|@RPKI_BASE_DIR[@]\|$(RPKI_BASE_DIR)\|g' \
	1103	-e 's\|@RPKI_OUT_DIR[@]\|$(RPKI_OUT_DIR)\|g' \
	1104	-e 's\|@RSYNC[@]\|$(RSYNC)\|g' \
	1105	'$(srcdir)/rpki-client.8.in' >$@
	1106
1093	1107	# Tell versions [3.59,3.63) of GNU make to not export all variables.
1094	1108	# Otherwise a system limit (for SysV at least) may be exceeded.
1095	1109	.NOEXPORT:

+34

-8

src/extern.h less more

0		/* $OpenBSD: extern.h,v 1.27 2020/04/01 14:15:49 claudio Exp $ */
	0	/* $OpenBSD: extern.h,v 1.29 2020/04/30 13:46:39 deraadt Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
3	3	*

17	17	#define EXTERN_H
18	18
19	19	#include <sys/tree.h>
	20	#include <sys/time.h>
20	21
21	22	enum cert_as_type {
22	23	CERT_AS_ID, /* single identifier */

241	242	RTYPE_ROA,
242	243	RTYPE_CER,
243	244	RTYPE_CRL
	245	};
	246
	247	/*
	248	* Statistics collected during run-time.
	249	*/
	250	struct stats {
	251	size_t tals; /* total number of locators */
	252	size_t mfts; /* total number of manifests */
	253	size_t mfts_fail; /* failing syntactic parse */
	254	size_t mfts_stale; /* stale manifests */
	255	size_t certs; /* certificates */
	256	size_t certs_fail; /* failing syntactic parse */
	257	size_t certs_invalid; /* invalid resources */
	258	size_t roas; /* route origin authorizations */
	259	size_t roas_fail; /* failing syntactic parse */
	260	size_t roas_invalid; /* invalid resources */
	261	size_t repos; /* repositories */
	262	size_t crls; /* revocation lists */
	263	size_t vrps; /* total number of vrps */
	264	size_t uniqs; /* number of unique vrps */
	265	char *talnames;
	266	struct timeval elapsed_time;
	267	struct timeval user_time;
	268	struct timeval system_time;
244	269	};
245	270
246	271	/* global variables */

369	394	#define FORMAT_JSON 0x08
370	395	extern char* outputdir;
371	396
372		int outputfiles(struct vrp_tree *v);
373		int output_bgpd(FILE , struct vrp_tree );
374		int output_bird1v4(FILE , struct vrp_tree );
375		int output_bird1v6(FILE , struct vrp_tree );
376		int output_bird2(FILE , struct vrp_tree );
377		int output_csv(FILE , struct vrp_tree );
378		int output_json(FILE , struct vrp_tree );
	397	int outputfiles(struct vrp_tree v, struct stats );
	398	int outputheader(FILE , struct stats );
	399	int output_bgpd(FILE , struct vrp_tree , struct stats *);
	400	int output_bird1v4(FILE , struct vrp_tree , struct stats *);
	401	int output_bird1v6(FILE , struct vrp_tree , struct stats *);
	402	int output_bird2(FILE , struct vrp_tree , struct stats *);
	403	int output_csv(FILE , struct vrp_tree , struct stats *);
	404	int output_json(FILE , struct vrp_tree , struct stats *);
379	405
380	406	void logx(const char *fmt, ...)
381	407	__attribute__((format(printf, 1, 2)));

+59

-57

src/main.c less more

0		/* $OpenBSD: main.c,v 1.62 2020/04/16 11:25:43 claudio Exp $ */
	0	/* $OpenBSD: main.c,v 1.69.4.1 2020/05/18 18:52:08 benno Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
3	3	*

43	43
44	44	#include <sys/queue.h>
45	45	#include <sys/socket.h>
	46	#include <sys/resource.h>
46	47	#include <sys/stat.h>
47	48	#include <sys/tree.h>
48	49	#include <sys/types.h>

76	77	#define TALSZ_MAX 8
77	78
78	79	/*
79		* Statistics collected during run-time.
80		*/
81		struct stats {
82		size_t tals; /* total number of locators */
83		size_t mfts; /* total number of manifests */
84		size_t mfts_fail; /* failing syntactic parse */
85		size_t mfts_stale; /* stale manifests */
86		size_t certs; /* certificates */
87		size_t certs_fail; /* failing syntactic parse */
88		size_t certs_invalid; /* invalid resources */
89		size_t roas; /* route origin authorizations */
90		size_t roas_fail; /* failing syntactic parse */
91		size_t roas_invalid; /* invalid resources */
92		size_t repos; /* repositories */
93		size_t crls; /* revocation lists */
94		size_t vrps; /* total number of vrps */
95		size_t uniqs; /* number of unique vrps */
96		};
97
98		/*
99	80	* An rsync repository.
100	81	*/
101	82	struct repo {

159	140
160	141	int verbose;
161	142
	143	struct stats stats;
	144
162	145	/*
163	146	* Log a message to stderr if and only if "verbose" is non-zero.
164	147	* This uses the err(3) functionality.

267	250
268	251	i = rt->reposz - 1;
269	252
270		logx("%s/%s: loading", rp->host, rp->module);
	253	logx("%s/%s: pulling from network", rp->host, rp->module);
271	254	io_simple_write(fd, &i, sizeof(size_t));
272	255	io_str_write(fd, rp->host);
273	256	io_str_write(fd, rp->module);

489	472	if ((nfile = strdup(file)) == NULL)
490	473	err(1, "strdup");
491	474	buf = tal_read_file(file);
	475
	476	/* Record tal for later reporting */
	477	if (stats.talnames == NULL)
	478	stats.talnames = strdup(file);
	479	else {
	480	char *tmp;
	481	asprintf(&tmp, "%s %s", stats.talnames, file);
	482	free(stats.talnames);
	483	stats.talnames = tmp;
	484	}
492	485
493	486	/* Not in a repository, so directly add to queue. */
494	487	entityq_add(fd, q, nfile, RTYPE_TAL, NULL, NULL, NULL, 0, buf, eid);

655	648	* Then we respond to the parent.
656	649	*/
657	650
658		if ((pid = waitpid(WAIT_ANY, &st, 0)) == -1)
	651	while ((pid = waitpid(WAIT_ANY, &st, WNOHANG)) > 0) {
	652	for (i = 0; i < idsz; i++)
	653	if (ids[i].pid == pid)
	654	break;
	655	assert(i < idsz);
	656
	657	if (!WIFEXITED(st)) {
	658	warnx("rsync %s terminated abnormally",
	659	ids[i].uri);
	660	rc = 1;
	661	} else if (WEXITSTATUS(st) != 0) {
	662	warnx("rsync %s failed", ids[i].uri);
	663	}
	664
	665	io_simple_write(fd, &ids[i].id, sizeof(size_t));
	666	free(ids[i].uri);
	667	ids[i].uri = NULL;
	668	ids[i].pid = 0;
	669	ids[i].id = 0;
	670	}
	671	if (pid == -1 && errno != ECHILD)
659	672	err(1, "waitpid");
660
661		for (i = 0; i < idsz; i++)
662		if (ids[i].pid == pid)
663		break;
664		assert(i < idsz);
665
666		if (!WIFEXITED(st)) {
667		warnx("rsync %s terminated abnormally",
668		ids[i].uri);
669		rc = 1;
670		} else if (WEXITSTATUS(st) != 0) {
671		warnx("rsync %s failed", ids[i].uri);
672		}
673
674		io_simple_write(fd, &ids[i].id, sizeof(size_t));
675		free(ids[i].uri);
676		ids[i].uri = NULL;
677		ids[i].pid = 0;
678		ids[i].id = 0;
679	673	continue;
680	674	}
681	675

728	722	err(1, "pledge");
729	723	i = 0;
730	724	args[i++] = (char *)prog;
731		args[i++] = "-rlt";
	725	args[i++] = "-rt";
732	726	args[i++] = "--delete";
733	727	if (bind_addr != NULL) {
734	728	args[i++] = "--address";

1246	1240	X509_STORE_free(store);
1247	1241
1248	1242	free(b);
1249
1250		EVP_cleanup();
1251		CRYPTO_cleanup_all_ex_data();
1252		ERR_remove_thread_state(NULL);
1253		ERR_free_strings();
1254	1243
1255	1244	exit(rc);
1256	1245	}

1388	1377	struct entity *ent;
1389	1378	struct pollfd pfd[2];
1390	1379	struct repotab rt;
1391		struct stats stats;
1392	1380	struct roa **out = NULL;
1393	1381	char *rsync_prog = RPKI_RSYNC_CMD;
1394	1382	char *bind_addr = NULL;
1395	1383	const char *cachedir = NULL;
1396	1384	const char *tals[TALSZ_MAX];
1397	1385	struct vrp_tree v = RB_INITIALIZER(&v);
	1386	struct rusage ru;
	1387	struct timeval start_time, now_time;
	1388
	1389	gettimeofday(&start_time, NULL);
1398	1390
1399	1391	/* If started as root, priv-drop to _rpki-client */
1400	1392	if (getuid() == 0) {

1402	1394
1403	1395	pw = getpwnam(RPKI_CLIENT_USER);
1404	1396	if (!pw)
1405		errx(1, "no _rpki-client user to revoke to");
	1397	errx(1, "no %s user to revoke to", RPKI_CLIENT_USER);
1406	1398	if (setgroups(1, &pw->pw_gid) == -1 \|\|
1407	1399	setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 \|\|
1408	1400	setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
1409	1401	err(1, "unable to revoke privs");
1410	1402
1411		cachedir = RPKI_PATH_BASE_DIR;
1412		outputdir = RPKI_PATH_OUT_DIR;
1413		}
	1403	}
	1404	cachedir = RPKI_PATH_BASE_DIR;
	1405	outputdir = RPKI_PATH_OUT_DIR;
1414	1406
1415	1407	if (pledge("stdio rpath wpath cpath fattr proc exec unveil", NULL) == -1)
1416	1408	err(1, "pledge");

1485	1477	err(1, "no TAL files found in %s", RPKI_PATH_TAL_DIR);
1486	1478
1487	1479	memset(&rt, 0, sizeof(struct repotab));
1488		memset(&stats, 0, sizeof(struct stats));
1489	1480	TAILQ_INIT(&q);
1490	1481
1491	1482	/*

1613	1604	assert(i < rt.reposz);
1614	1605	assert(!rt.repos[i].loaded);
1615	1606	rt.repos[i].loaded = 1;
1616		logx("%s/%s: loaded", rt.repos[i].host,
	1607	logx("%s/%s: loaded from cache", rt.repos[i].host,
1617	1608	rt.repos[i].module);
1618	1609	stats.repos++;
1619	1610	entityq_flush(proc, &q, &rt.repos[i]);

1660	1651	rc = 1;
1661	1652	}
1662	1653
1663		if (outputfiles(&v))
	1654	gettimeofday(&now_time, NULL);
	1655	timersub(&now_time, &start_time, &stats.elapsed_time);
	1656	if (getrusage(RUSAGE_SELF, &ru) == 0) {
	1657	stats.user_time = ru.ru_utime;
	1658	stats.system_time = ru.ru_stime;
	1659	}
	1660	if (getrusage(RUSAGE_CHILDREN, &ru) == 0) {
	1661	timeradd(&stats.user_time, &ru.ru_utime, &stats.user_time);
	1662	timeradd(&stats.system_time, &ru.ru_stime, &stats.system_time);
	1663	}
	1664
	1665	if (outputfiles(&v, &stats))
1664	1666	rc = 1;
1665	1667
1666	1668	logx("Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)",

1692	1694	fprintf(stderr,
1693	1695	"usage: rpki-client [-Bcfjnov] [-b sourceaddr] [-d cachedir]"
1694	1696	" [-e rsync_prog]\n"
1695		" [-T table] [-t tal] [outputdir]\n");
	1697	" [-T table] [-t tal] [outputdir]\n");
1696	1698	return 1;
1697	1699	}

-2

src/output-bgpd.c less more

0		/* $OpenBSD: output-bgpd.c,v 1.16 2019/12/04 23:03:05 benno Exp $ */
	0	/* $OpenBSD: output-bgpd.c,v 1.17 2020/04/28 13:41:35 deraadt Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
3	3	*

20	20	#include "extern.h"
21	21
22	22	int
23		output_bgpd(FILE out, struct vrp_tree vrps)
	23	output_bgpd(FILE out, struct vrp_tree vrps, struct stats *st)
24	24	{
25	25	char buf1[64], buf2[32];
26	26	struct vrp *v;
	27
	28	if (outputheader(out, st) < 0)
	29	return -1;
27	30
28	31	if (fprintf(out, "roa-set {\n") < 0)
29	32	return -1;

+16

-7

src/output-bird.c less more

0		/* $OpenBSD: output-bird.c,v 1.7 2020/03/06 17:36:42 benno Exp $ */
	0	/* $OpenBSD: output-bird.c,v 1.9 2020/04/28 15:03:39 deraadt Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
3	3	* Copyright (c) 2020 Robert Scheck <robert@fedoraproject.org>

21	21	#include "extern.h"
22	22
23	23	int
24		output_bird1v4(FILE out, struct vrp_tree vrps)
	24	output_bird1v4(FILE out, struct vrp_tree vrps, struct stats *st)
25	25	{
26	26	extern const char *bird_tablename;
27	27	char buf[64];
28	28	struct vrp *v;
29	29
30		if (fprintf(out, "roa table %s {\n", bird_tablename) < 0)
	30	if (outputheader(out, st) < 0)
	31	return -1;
	32
	33	if (fprintf(out, "\nroa table %s {\n", bird_tablename) < 0)
31	34	return -1;
32	35
33	36	RB_FOREACH(v, vrp_tree, vrps) {

45	48	}
46	49
47	50	int
48		output_bird1v6(FILE out, struct vrp_tree vrps)
	51	output_bird1v6(FILE out, struct vrp_tree vrps, struct stats *st)
49	52	{
50	53	extern const char *bird_tablename;
51	54	char buf[64];
52	55	struct vrp *v;
53	56
54		if (fprintf(out, "roa table %s {\n", bird_tablename) < 0)
	57	if (outputheader(out, st) < 0)
	58	return -1;
	59
	60	if (fprintf(out, "\nroa table %s {\n", bird_tablename) < 0)
55	61	return -1;
56	62
57	63	RB_FOREACH(v, vrp_tree, vrps) {

69	75	}
70	76
71	77	int
72		output_bird2(FILE out, struct vrp_tree vrps)
	78	output_bird2(FILE out, struct vrp_tree vrps, struct stats *st)
73	79	{
74	80	extern const char *bird_tablename;
75	81	char buf[64];
76	82	struct vrp *v;
77	83	time_t now = time(NULL);
78	84
79		if (fprintf(out, "define force_roa_table_update = %lld;\n\n"
	85	if (outputheader(out, st) < 0)
	86	return -1;
	87
	88	if (fprintf(out, "\ndefine force_roa_table_update = %lld;\n\n"
80	89	"roa4 table %s4;\nroa6 table %s6;\n\n"
81	90	"protocol static {\n\troa4 { table %s4; };\n\n",
82	91	(long long) now, bird_tablename, bird_tablename,

-2

src/output-csv.c less more

0		/* $OpenBSD: output-csv.c,v 1.6 2019/12/04 23:03:05 benno Exp $ */
	0	/* $OpenBSD: output-csv.c,v 1.7 2020/04/28 13:41:35 deraadt Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
3	3	*

20	20	#include "extern.h"
21	21
22	22	int
23		output_csv(FILE out, struct vrp_tree vrps)
	23	output_csv(FILE out, struct vrp_tree vrps, struct stats *st)
24	24	{
25	25	char buf[64];
26	26	struct vrp *v;

+59

-3

src/output-json.c less more

0		/* $OpenBSD: output-json.c,v 1.6 2019/12/04 23:03:05 benno Exp $ */
	0	/* $OpenBSD: output-json.c,v 1.12 2020/05/03 20:24:02 deraadt Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
3	3	*

15	15	*/
16	16
17	17	#include <stdlib.h>
	18	#include <unistd.h>
	19	#include <time.h>
	20	#include <netdb.h>
18	21	#include <openssl/ssl.h>
19	22
20	23	#include "extern.h"
21	24
	25	static int
	26	outputheader_json(FILE out, struct stats st)
	27	{
	28	char hn[NI_MAXHOST], tbuf[26];
	29	struct tm *tp;
	30	time_t t;
	31
	32	time(&t);
	33	setenv("TZ", "UTC", 1);
	34	tp = localtime(&t);
	35	strftime(tbuf, sizeof tbuf, "%FT%TZ", tp);
	36
	37	gethostname(hn, sizeof hn);
	38
	39	if (fprintf(out,
	40	"{\n\t\"metadata\": {\n"
	41	"\t\t\"buildmachine\": \"%s\",\n"
	42	"\t\t\"buildtime\": \"%s\",\n"
	43	"\t\t\"elapsedtime\": \"%lld\",\n"
	44	"\t\t\"usertime\": \"%lld\",\n"
	45	"\t\t\"systemtime\": \"%lld\",\n"
	46	"\t\t\"roas\": %zu,\n"
	47	"\t\t\"failedroas\": %zu,\n"
	48	"\t\t\"invalidroas\": %zu,\n"
	49	"\t\t\"certificates\": %zu,\n"
	50	"\t\t\"failcertificates\": %zu,\n"
	51	"\t\t\"invalidcertificates\": %zu,\n"
	52	"\t\t\"tals\": %zu,\n"
	53	"\t\t\"talfiles\": \"%s\",\n"
	54	"\t\t\"manifests\": %zu,\n"
	55	"\t\t\"failedmanifests\": %zu,\n"
	56	"\t\t\"stalemanifests\": %zu,\n"
	57	"\t\t\"crls\": %zu,\n"
	58	"\t\t\"repositories\": %zu,\n"
	59	"\t\t\"vrps\": %zu,\n"
	60	"\t\t\"uniquevrps\": %zu\n"
	61	"\t},\n\n",
	62	hn, tbuf, (long long)st->elapsed_time.tv_sec,
	63	(long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
	64	st->roas, st->roas_fail, st->roas_invalid,
	65	st->certs, st->certs_fail, st->certs_invalid,
	66	st->tals, st->talnames,
	67	st->mfts, st->mfts_fail, st->mfts_stale,
	68	st->crls,
	69	st->repos,
	70	st->vrps, st->uniqs) < 0)
	71	return -1;
	72	return 0;
	73	}
	74
22	75	int
23		output_json(FILE out, struct vrp_tree vrps)
	76	output_json(FILE out, struct vrp_tree vrps, struct stats *st)
24	77	{
25	78	char buf[64];
26	79	struct vrp *v;
27	80	int first = 1;
28	81
29		if (fprintf(out, "{\n\t\"roas\": [\n") < 0)
	82	if (outputheader_json(out, st) < 0)
	83	return -1;
	84
	85	if (fprintf(out, "\t\"roas\": [\n") < 0)
30	86	return -1;
31	87
32	88	RB_FOREACH(v, vrp_tree, vrps) {

+44

-4

src/output.c less more

0		/* $OpenBSD: output.c,v 1.10 2020/04/11 15:23:23 benno Exp $ */
	0	/* $OpenBSD: output.c,v 1.15 2020/05/03 20:24:02 deraadt Exp $ */
1	1	/*
2	2	* Copyright (c) 2019 Theo de Raadt <deraadt@openbsd.org>
3	3	*

18	18
19	19	#include <err.h>
20	20	#include <fcntl.h>
	21	#include <unistd.h>
	22	#include <netdb.h>
21	23	#include <signal.h>
22	24	#include <string.h>
23	25	#include <limits.h>
24	26	#include <unistd.h>
	27	#include <time.h>
25	28
26	29	#include <openssl/x509v3.h>
27	30

36	39	static const struct outputs {
37	40	int format;
38	41	char *name;
39		int (fn)(FILE , struct vrp_tree *);
	42	int (fn)(FILE , struct vrp_tree , struct stats );
40	43	} outputs[] = {
41	44	{ FORMAT_OPENBGPD, "openbgpd", output_bgpd },
42	45	{ FORMAT_BIRD, "bird1v4", output_bird1v4 },

54	57	static void set_signal_handler(void);
55	58
56	59	int
57		outputfiles(struct vrp_tree *v)
	60	outputfiles(struct vrp_tree v, struct stats st)
58	61	{
59	62	int i, rc = 0;
60	63

73	76	rc = 1;
74	77	continue;
75	78	}
76		if ((*outputs[i].fn)(fout, v) != 0) {
	79	if ((*outputs[i].fn)(fout, v, st) != 0) {
77	80	warn("output for %s format failed", outputs[i].name);
78	81	fclose(fout);
79	82	output_cleantmp();

166	169	}
167	170	}
168	171	}
	172
	173	int
	174	outputheader(FILE out, struct stats st)
	175	{
	176	char hn[NI_MAXHOST], tbuf[80];
	177	struct tm *tp;
	178	time_t t;
	179
	180	time(&t);
	181	setenv("TZ", "UTC", 1);
	182	tp = localtime(&t);
	183	strftime(tbuf, sizeof tbuf, "%a %b %e %H:%M:%S %Z %Y", tp);
	184
	185	gethostname(hn, sizeof hn);
	186
	187	if (fprintf(out,
	188	"# Generated on host %s at %s\n"
	189	"# Processing time %lld seconds (%lld seconds user, %lld seconds system)\n"
	190	"# Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)\n"
	191	"# Certificates: %zu (%zu failed parse, %zu invalid)\n"
	192	"# Trust Anchor Locators: %zu (%s)\n"
	193	"# Manifests: %zu (%zu failed parse, %zu stale)\n"
	194	"# Certificate revocation lists: %zu\n"
	195	"# Repositories: %zu\n"
	196	"# VRP Entries: %zu (%zu unique)\n",
	197	hn, tbuf, (long long)st->elapsed_time.tv_sec,
	198	(long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec,
	199	st->roas, st->roas_fail, st->roas_invalid,
	200	st->certs, st->certs_fail, st->certs_invalid,
	201	st->tals, st->talnames,
	202	st->mfts, st->mfts_fail, st->mfts_stale,
	203	st->crls,
	204	st->repos,
	205	st->vrps, st->uniqs) < 0)
	206	return -1;
	207	return 0;
	208	}

-208

~~src/rpki-client.8~~ less more

0		.\" $OpenBSD: rpki-client.8,v 1.22 2020/03/06 22:22:31 job Exp $
1		.\"
2		.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
3		.\"
4		.\" Permission to use, copy, modify, and distribute this software for any
5		.\" purpose with or without fee is hereby granted, provided that the above
6		.\" copyright notice and this permission notice appear in all copies.
7		.\"
8		.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9		.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10		.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11		.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12		.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13		.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14		.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15		.\"
16		.Dd $Mdocdate: March 6 2020 $
17		.Dt RPKI-CLIENT 8
18		.Os
19		.Sh NAME
20		.Nm rpki-client
21		.Nd RPKI validator to support BGP Origin Validation in bgpd
22		.Sh SYNOPSIS
23		.Nm
24		.Op Fl Bcfjnov
25		.Op Fl b Ar sourceaddr
26		.Op Fl d Ar cachedir
27		.Op Fl e Ar rsync_prog
28		.Op Fl T Ar table
29		.Op Fl t Ar tal
30		.Op Ar outputdir
31		.Sh DESCRIPTION
32		The
33		.Nm
34		utility queries the RPKI repository system with
35		.Xr openrsync 1
36		to fetch all X.509 certificates, manifests, and revocation lists under a given
37		.Em Trust Anchor .
38		.Nm
39		subsequently validates each
40		.Em Route Origin Authorization Pq ROA
41		by constructing and verifying a certification path for the certificate
42		associated with the ROA (including checking relevant CRLs).
43		.Nm
44		produces lists of the
45		.Em Validated ROA Payloads Pq VRPs
46		in various formats.
47		.Pp
48		The options are as follows:
49		.Bl -tag -width Ds
50		.It Fl B
51		Create output in the file
52		.Pa bird
53		in the output directory which is suitable for the BIRD internet routing daemon.
54		.It Fl b Ar sourceaddr
55		Tell the rsync client to use
56		.Ar sourceaddr
57		as the source address for connections, which is useful on machines
58		with multiple interfaces.
59		.It Fl c
60		Create output in the file
61		.Pa csv
62		in the output directory as comma-separated values of the prefix in slash notation,
63		the maximum prefix length, the autonomous system number, and an abbreviation
64		for the trust anchor the entry is derived from.
65		.It Fl d Ar cachedir
66		The directory where
67		.Nm
68		will store the cached repository data.
69		Defaults to
70		.Pa /var/db/rpki-client/ .
71		.It Fl e Ar rsync_prog
72		Use
73		.Ar rsync_prog
74		instead of
75		.Xr openrsync 1
76		to fetch repositories.
77		It must accept the
78		.Fl rlt ,
79		.Fl -address
80		and
81		.Fl -delete
82		flags and connect with rsync-protocol locations.
83		.It Fl f
84		Accept out-of-date manifests.
85		This will still report if a manifest has expired.
86		.It Fl j
87		Create output in the file
88		.Pa json
89		in the output directory as JSON object.
90		This format is identical to that
91		produced by the RIPE NCC RPKI Validator and NLnet Labs routinator.
92		.It Fl n
93		Assume that all requested repositories exist: don't update.
94		.It Fl o
95		Create output in the file
96		.Pa openbgpd
97		in the output directory as
98		.Xr bgpd 8
99		compatible input.
100		If the
101		.Fl B ,
102		.Fl c ,
103		and
104		.Fl j
105		options are not specified this is the default.
106		.It Fl T Ar table
107		For BIRD output generated with the
108		.Fl B
109		option use
110		.Ar table
111		as roa table name instead of the default 'ROAS'.
112		.It Fl t Ar tal
113		Specify a
114		.Em Trust Anchor Location Pq TAL
115		file to be used.
116		This option can be used multiple times to load multiple TALs.
117		By default
118		.Nm
119		will load all TAL files in
120		.Pa /etc/rpki .
121		.It Fl v
122		Specified once, prints information about status.
123		Twice, prints each filename as it's processed.
124		.It Ar outputdir
125		The directory where
126		.Nm
127		will write the output files.
128		Defaults to
129		.Pa /var/db/rpki-client/ .
130		.El
131		.Pp
132		By default
133		.Nm
134		produces a list of unique
135		.Li roa-set
136		statements in
137		.Fl o
138		(OpenBGPD compatible) output.
139		.\" .Sh ENVIRONMENT
140		.\" For sections 1, 6, 7, and 8 only.
141		.Sh FILES
142		.Bl -tag -width "/var/db/rpki-client/openbgpd" -compact
143		.It Pa /etc/rpki/*.tal
144		default TAL files used unless
145		.Fl t Ar tal
146		is specified.
147		.It Pa /var/cache/rpki-client
148		cached repository data.
149		.It Pa /var/db/rpki-client/openbgpd
150		default roa-set output file.
151		.El
152		.Sh EXIT STATUS
153		.Ex -std
154		.\" For sections 1, 6, and 8 only.
155		.\" .Sh EXAMPLES
156		.\" .Sh DIAGNOSTICS
157		.\" For sections 1, 4, 6, 7, 8, and 9 printf/stderr messages only.
158		.Sh SEE ALSO
159		.Xr openrsync 1 ,
160		.Xr bgpd.conf 5
161		.Sh STANDARDS
162		The following standards are used or referenced in
163		.Nm :
164		.Bl -tag -width -Ds
165		.It RFC 3370
166		Cryptographic Message Syntax (CMS) Algorithms.
167		.It RFC 3779
168		X.509 Extensions for IP Addresses and AS Identifiers.
169		.It RFC 4291
170		IP Version 6 Addressing Architecture.
171		.It RFC 4631
172		Classless Inter-domain Routing (CIDR): The Internet Address Assignment
173		and Aggregation Plan.
174		.It RFC 5280
175		Internet X.509 Public Key Infrastructure Certificate and Certificate
176		Revocation List (CRL) Profile.
177		.It RFC 5652
178		Cryptographic Message Syntax (CMS).
179		.It RFC 5781
180		The rsync URI Scheme.
181		.It RFC 5952
182		A Recommendation for IPv6 Address Text Representation.
183		.It RFC 6480
184		An Infrastructure to Support Secure Internet Routing.
185		.It RFC 6482
186		A Profile for Route Origin Authorizations (ROAs).
187		.It RFC 6485
188		The Profile for Algorithms and Key Sizes for Use in the Resource Public Key
189		Infrastructure (RPKI).
190		.It RFC 6486
191		Manifests for the Resource Public Key Infrastructure (RPKI).
192		.It RFC 6487
193		A Profile for X.509 PKIX Resource Certificates.
194		.It RFC 6488
195		Signed Object Template for the Resource Public Key Infrastructure
196		(RPKI).
197		.It RFC 7730
198		Resource Public Key Infrastructure (RPKI) Trust Anchor Locator.
199		.El
200		.\" .Sh HISTORY
201		.Sh AUTHORS
202		The
203		.Nm
204		utility was written by
205		.An Kristaps Dzonsons Aq Mt kristaps@bsd.lv .
206		.\" .Sh CAVEATS
207		.\" .Sh BUGS

+215

-0

src/rpki-client.8.in less more

	0	.\" $OpenBSD: rpki-client.8,v 1.26 2020/04/21 05:36:04 jmc Exp $
	1	.\"
	2	.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
	3	.\"
	4	.\" Permission to use, copy, modify, and distribute this software for any
	5	.\" purpose with or without fee is hereby granted, provided that the above
	6	.\" copyright notice and this permission notice appear in all copies.
	7	.\"
	8	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	9	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	10	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	11	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	12	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	13	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	14	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	15	.\"
	16	.Dd $Mdocdate: April 21 2020 $
	17	.Dt RPKI-CLIENT 8
	18	.Os
	19	.Sh NAME
	20	.Nm rpki-client
	21	.Nd RPKI validator to support BGP Origin Validation
	22	.Sh SYNOPSIS
	23	.Nm
	24	.Op Fl Bcfjnov
	25	.Op Fl b Ar sourceaddr
	26	.Op Fl d Ar cachedir
	27	.Op Fl e Ar rsync_prog
	28	.Op Fl T Ar table
	29	.Op Fl t Ar tal
	30	.Op Ar outputdir
	31	.Sh DESCRIPTION
	32	The
	33	.Nm
	34	utility queries the RPKI repository system with
	35	.Xr @RSYNC@ 1
	36	to fetch all X.509 certificates, manifests, and revocation lists under a given
	37	.Em Trust Anchor .
	38	.Nm
	39	subsequently validates each
	40	.Em Route Origin Authorization Pq ROA
	41	by constructing and verifying a certification path for the certificate
	42	associated with the ROA (including checking relevant CRLs).
	43	.Nm
	44	produces lists of the
	45	.Em Validated ROA Payloads Pq VRPs
	46	in various formats.
	47	.Pp
	48	The options are as follows:
	49	.Bl -tag -width Ds
	50	.It Fl B
	51	Create output in the file
	52	.Pa bird
	53	in the output directory which is suitable for the BIRD internet routing daemon.
	54	.It Fl b Ar sourceaddr
	55	Tell the rsync client to use
	56	.Ar sourceaddr
	57	as the source address for connections, which is useful on machines
	58	with multiple interfaces.
	59	.It Fl c
	60	Create output in the file
	61	.Pa csv
	62	in the output directory as comma-separated values of the prefix in slash notation,
	63	the maximum prefix length, the autonomous system number, and an abbreviation
	64	for the trust anchor the entry is derived from.
	65	.It Fl d Ar cachedir
	66	The directory where
	67	.Nm
	68	will store the cached repository data.
	69	Defaults to
	70	.Pa @RPKI_BASE_DIR@ .
	71	.It Fl e Ar rsync_prog
	72	Use
	73	.Ar rsync_prog
	74	instead of
	75	.Xr @RSYNC@ 1
	76	to fetch repositories.
	77	It must accept the
	78	.Fl rlt ,
	79	.Fl -address
	80	and
	81	.Fl -delete
	82	flags and connect with rsync-protocol locations.
	83	.It Fl f
	84	Accept out-of-date manifests.
	85	This will still report if a manifest has expired.
	86	.It Fl j
	87	Create output in the file
	88	.Pa json
	89	in the output directory as JSON object.
	90	This format is identical to that
	91	produced by the RIPE NCC RPKI Validator and NLnet Labs routinator.
	92	.It Fl n
	93	Assume that all requested repositories exist: don't update.
	94	.It Fl o
	95	Create output in the file
	96	.Pa openbgpd
	97	in the output directory as
	98	.Xr bgpd 8
	99	compatible input.
	100	If the
	101	.Fl B ,
	102	.Fl c ,
	103	and
	104	.Fl j
	105	options are not specified this is the default.
	106	.It Fl T Ar table
	107	For BIRD output generated with the
	108	.Fl B
	109	option use
	110	.Ar table
	111	as roa table name instead of the default 'ROAS'.
	112	.It Fl t Ar tal
	113	Specify a
	114	.Em Trust Anchor Location Pq TAL
	115	file to be used.
	116	This option can be used multiple times to load multiple TALs.
	117	By default
	118	.Nm
	119	will load all TAL files in
	120	.Pa @RPKI_TAL_DIR@ .
	121	.It Fl v
	122	Specified once, prints information about status.
	123	Twice, prints each filename as it's processed.
	124	.It Ar outputdir
	125	The directory where
	126	.Nm
	127	will write the output files.
	128	Defaults to
	129	.Pa @RPKI_OUT_DIR@ .
	130	.El
	131	.Pp
	132	By default
	133	.Nm
	134	produces a list of unique
	135	.Li roa-set
	136	statements in
	137	.Fl o
	138	(OpenBGPD compatible) output.
	139	.Pp
	140	.Nm
	141	should be run hourly by
	142	.Xr cron 8 :
	143	use
	144	.Xr crontab 1
	145	to uncomment the entry in root's crontab.
	146	.\" .Sh ENVIRONMENT
	147	.\" For sections 1, 6, 7, and 8 only.
	148	.Sh FILES
	149	.Bl -tag -width "@RPKI_OUT_DIR@/openbgpd" -compact
	150	.It Pa @RPKI_TAL_DIR@/*.tal
	151	default TAL files used unless
	152	.Fl t Ar tal
	153	is specified.
	154	.It Pa @RPKI_BASE_DIR@
	155	cached repository data.
	156	.It Pa @RPKI_OUT_DIR@/openbgpd
	157	default roa-set output file.
	158	.El
	159	.Sh EXIT STATUS
	160	.Ex -std
	161	.\" For sections 1, 6, and 8 only.
	162	.\" .Sh EXAMPLES
	163	.\" .Sh DIAGNOSTICS
	164	.\" For sections 1, 4, 6, 7, 8, and 9 printf/stderr messages only.
	165	.Sh SEE ALSO
	166	.Xr @RSYNC@ 1 ,
	167	.Xr bgpd.conf 5
	168	.Sh STANDARDS
	169	The following standards are used or referenced in
	170	.Nm :
	171	.Bl -tag -width -Ds
	172	.It RFC 3370
	173	Cryptographic Message Syntax (CMS) Algorithms.
	174	.It RFC 3779
	175	X.509 Extensions for IP Addresses and AS Identifiers.
	176	.It RFC 4291
	177	IP Version 6 Addressing Architecture.
	178	.It RFC 4631
	179	Classless Inter-domain Routing (CIDR): The Internet Address Assignment
	180	and Aggregation Plan.
	181	.It RFC 5280
	182	Internet X.509 Public Key Infrastructure Certificate and Certificate
	183	Revocation List (CRL) Profile.
	184	.It RFC 5652
	185	Cryptographic Message Syntax (CMS).
	186	.It RFC 5781
	187	The rsync URI Scheme.
	188	.It RFC 5952
	189	A Recommendation for IPv6 Address Text Representation.
	190	.It RFC 6480
	191	An Infrastructure to Support Secure Internet Routing.
	192	.It RFC 6482
	193	A Profile for Route Origin Authorizations (ROAs).
	194	.It RFC 6485
	195	The Profile for Algorithms and Key Sizes for Use in the Resource Public Key
	196	Infrastructure (RPKI).
	197	.It RFC 6486
	198	Manifests for the Resource Public Key Infrastructure (RPKI).
	199	.It RFC 6487
	200	A Profile for X.509 PKIX Resource Certificates.
	201	.It RFC 6488
	202	Signed Object Template for the Resource Public Key Infrastructure
	203	(RPKI).
	204	.It RFC 7730
	205	Resource Public Key Infrastructure (RPKI) Trust Anchor Locator.
	206	.El
	207	.\" .Sh HISTORY
	208	.Sh AUTHORS
	209	The
	210	.Nm
	211	utility was written by
	212	.An Kristaps Dzonsons Aq Mt kristaps@bsd.lv .
	213	.\" .Sh CAVEATS
	214	.\" .Sh BUGS