[Bug 250481] net/routinator: Update to version 0.8.0

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Oct 20 08:59:52 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250481

            Bug ID: 250481
           Summary: net/routinator: Update to version 0.8.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/NLnetLabs/routinator/releases/tag/v
                    0.8.0
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: jaap at NLnetLabs.nl
 Attachment #218913 maintainer-approval+
             Flags:

Created attachment 218913
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=218913&action=edit
patch to update

0.8.0  trikes and Gutters, Ups and Downs

Breaking Changes

* Validation now follows the rules suggested by draft-ietf-sidrops-6486bis:
  Any invalid object mentioned on the manifest will lead to the
  issuing CA and all its objects being rejected. However, unlike
  suggested by the draft, Routinator currently will not fall back
  to cached older versions of the CA's objects that may still be
  valid. In addition, unknown RPKI object types are currently
  accepted with a warning logged. This behaviour can be changed via
  the unknown-types policy option. (#371, #401)
* Similarly, CRL handling has been tightened significantly. Each
  CA must now have exactly one CRL which must be the one stated in
  the manifest's EE certificate. Any violation will lead to the whole
  CA being rejected with the same consequences as above. (#397)
* The default for dealing with stale objects has been changed to
  reject in accordance with the same draft. (#387)
* Parsing of local exception files is now more strict in accordance
  with RFC 8416. Any additional member in the JSON objects will
  lead to an error. However, error reporting has been greatly
  improved and now the line and column of an error will be indicated.
  (#372)
* The alias --allow-dubios-hosts for the correctly spelled option
  has been removed. (#384)
* The minimal supported Rust version is now 1.42.0.


New

* All VRPs overlapping with resources from rejected CA's dubbed
  'unsafe VRPs' can filtered via the new unsafe-vrps option.  Doing
  so will avoid situations were routes become RPKI invalid if their
  VRPs are split over multiple CAs or there are less specific ROAs.
  By default, unsafe VRPs are only warned about. (#377, #400)
* New metrics for the VRPs produced and filtered on the various
  TALs. (#377)
* The logging output of the latest validation run is now available
  via the HTTP service's /log endpoint. (#396)
* TCP keep-alive is now supported and enabled by default on RTR
  connections as suggested by RFC 8210. It can be disabled and its
  idle time changed from the default 60 seconds via the new
  rtr-tcp-keepalive command line and config file option. (#390)
* The pid-file, working-dir, chroot, user, and group config file
  and server command options now also work without the --detach
  command line option. (#392)
* The init command will now change ownership of the cache directory
  if the user and group options are set via config file or command
  line options. (#392)
* Irrelevant log messages from libraries are now also filtered when
  using syslog logging. (#385)
* Release builds will now abort on panic, i.e., when an unexpected
  internal condition is detected. This ensures that there won't be
  a Routinator in a coma. (#394)
* The feature rta enables the new command rta for validating Resource
  Tagged Assertions as described in draft-michaelson-rpki-rta. This
  feature is not enabled by default and needs to be activated by
  adding the option --features rta to the Cargo build command.



Bug Fixes

* Update start and end times will not change between consecutive
  metrics reports any more. (#389)
* Local exceptions will now be loaded before starting a validation
  run both in vrps and server mode instead of discarding the run
  after it finished when loading fails. In server mode, we now wait
  10 seconds after loading local exceptions fails and try again
  instead of repeatedly starting validation runs and discarding
  them. (594186c)
* EE certificates encountered in the repository are now validated
  as router certificates rather than regular RPKI EE certificates.
  (#398)

Other Changes

* Logging has been cleaned up. The meaning of the four log levels
  is now better defined--see the man page--and all log output has
  been reassigned accordingly. (#396)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list