Remove rpki-client's -f command line option

I haven't come across a use case that requires tricking the software
into accepting out-of-date manifests. Anyone using -f? I think this is a
leftover from the initial debugging era.

OK?

Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.30
diff -u -p -r1.30 extern.h
--- extern.h    24 Jun 2020 14:39:21 -0000      1.30
+++ extern.h    30 Jun 2020 10:21:04 -0000
@@ -289,7 +289,7 @@ struct cert *cert_read(int);
 
 void            mft_buffer(char **, size_t *, size_t *, const struct mft *);
 void            mft_free(struct mft *);
-struct mft     *mft_parse(X509 **, const char *, int);
+struct mft     *mft_parse(X509 **, const char *);
 int             mft_check(const char *, struct mft *);
 struct mft     *mft_read(int);
 
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.71
diff -u -p -r1.71 main.c
--- main.c      24 Jun 2020 14:39:21 -0000      1.71
+++ main.c      30 Jun 2020 10:21:05 -0000
@@ -148,7 +148,7 @@ struct filepath_tree  fpt = RB_INITIALIZ
 /*
  * Mark that our subprocesses will never return.
  */
-static void    proc_parser(int, int) __attribute__((noreturn));
+static void    proc_parser(int) __attribute__((noreturn));
 static void    proc_rsync(char *, char *, int, int)
                    __attribute__((noreturn));
 static void    build_chain(const struct auth *, STACK_OF(X509) **);
@@ -892,8 +892,8 @@ proc_parser_roa(struct entity *entp,
  * Return the mft on success or NULL on failure.
  */
 static struct mft *
-proc_parser_mft(struct entity *entp, int force, X509_STORE *store,
-    X509_STORE_CTX *ctx, struct auth_tree *auths, struct crl_tree *crlt)
+proc_parser_mft(struct entity *entp, X509_STORE *store, X509_STORE_CTX *ctx,
+       struct auth_tree *auths, struct crl_tree *crlt)
 {
        struct mft              *mft;
        X509                    *x509;
@@ -902,7 +902,7 @@ proc_parser_mft(struct entity *entp, int
        STACK_OF(X509)          *chain;
 
        assert(!entp->has_dgst);
-       if ((mft = mft_parse(&x509, entp->uri, force)) == NULL)
+       if ((mft = mft_parse(&x509, entp->uri)) == NULL)
                return NULL;
 
        a = valid_ski_aki(entp->uri, auths, mft->ski, mft->aki);
@@ -1127,7 +1127,7 @@ build_crls(const struct auth *a, struct 
  * The process will exit cleanly only when fd is closed.
  */
 static void
-proc_parser(int fd, int force)
+proc_parser(int fd)
 {
        struct tal      *tal;
        struct cert     *cert;
@@ -1249,8 +1249,7 @@ proc_parser(int fd, int force)
                         */
                        break;
                case RTYPE_MFT:
-                       mft = proc_parser_mft(entp, force,
-                           store, ctx, &auths, &crlt);
+                       mft = proc_parser_mft(entp, store, ctx, &auths, &crlt);
                        c = (mft != NULL);
                        io_simple_buffer(&b, &bsz, &bmax, &c, sizeof(int));
                        if (mft != NULL)
@@ -1500,8 +1499,7 @@ int
 main(int argc, char *argv[])
 {
        int              rc = 1, c, proc, st, rsync,
-                        fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0,
-                        force = 0;
+                        fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0;
        size_t           i, j, eid = 1, outsz = 0, talsz = 0;
        pid_t            procpid, rsyncpid;
        int              fd[2];
@@ -1539,7 +1537,7 @@ main(int argc, char *argv[])
        if (pledge("stdio rpath wpath cpath fattr proc exec unveil", NULL) == 
-1)
                err(1, "pledge");
 
-       while ((c = getopt(argc, argv, "b:Bcd:e:fjnot:T:v")) != -1)
+       while ((c = getopt(argc, argv, "b:Bcd:e:jnot:T:v")) != -1)
                switch (c) {
                case 'b':
                        bind_addr = optarg;
@@ -1556,9 +1554,6 @@ main(int argc, char *argv[])
                case 'e':
                        rsync_prog = optarg;
                        break;
-               case 'f':
-                       force = 1;
-                       break;
                case 'j':
                        outformats |= FORMAT_JSON;
                        break;
@@ -1634,7 +1629,7 @@ main(int argc, char *argv[])
                        err(1, "%s: unveil", cachedir);
                if (pledge("stdio rpath", NULL) == -1)
                        err(1, "pledge");
-               proc_parser(fd[0], force);
+               proc_parser(fd[0]);
                /* NOTREACHED */
        }
 
@@ -1826,7 +1821,7 @@ main(int argc, char *argv[])
 
 usage:
        fprintf(stderr,
-           "usage: rpki-client [-Bcfjnov] [-b sourceaddr] [-d cachedir]"
+           "usage: rpki-client [-Bcjnov] [-b sourceaddr] [-d cachedir]"
            " [-e rsync_prog]\n"
            "                   [-T table] [-t tal] [outputdir]\n");
        return 1;
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
retrieving revision 1.14
diff -u -p -r1.14 mft.c
--- mft.c       11 Apr 2020 15:53:44 -0000      1.14
+++ mft.c       30 Jun 2020 10:21:05 -0000
@@ -61,7 +61,7 @@ gentime2str(const ASN1_GENERALIZEDTIME *
  */
 static time_t
 check_validity(const ASN1_GENERALIZEDTIME *from,
-    const ASN1_GENERALIZEDTIME *until, const char *fn, int force)
+    const ASN1_GENERALIZEDTIME *until, const char *fn)
 {
        time_t now = time(NULL);
 
@@ -82,10 +82,8 @@ check_validity(const ASN1_GENERALIZEDTIM
        }
        /* check that now is not after until */
        if (X509_cmp_time(until, &now) < 0) {
-               warnx("%s: mft expired on %s%s", fn, gentime2str(until),
-                   force ? " (ignoring)" : "");
-               if (!force)
-                       return 0;
+               warnx("%s: mft expired on %s", fn, gentime2str(until));
+               return 0;
        }
 
        return 1;
@@ -237,7 +235,7 @@ out:
  * Returns <0 on failure, 0 on stale, >0 on success.
  */
 static int
-mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p, int 
force)
+mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
 {
        ASN1_SEQUENCE_ANY       *seq;
        const ASN1_TYPE         *t;
@@ -311,7 +309,7 @@ mft_parse_econtent(const unsigned char *
        }
        until = t->value.generalizedtime;
 
-       validity = check_validity(from, until, p->fn, force);
+       validity = check_validity(from, until, p->fn);
        if (validity != 1)
                goto out;
 
@@ -356,7 +354,7 @@ out:
  * The MFT content is otherwise returned.
  */
 struct mft *
-mft_parse(X509 **x509, const char *fn, int force)
+mft_parse(X509 **x509, const char *fn)
 {
        struct parse     p;
        int              c, rc = 0;
@@ -384,7 +382,7 @@ mft_parse(X509 **x509, const char *fn, i
         * references as well as marking it as stale.
         */
 
-       if ((c = mft_parse_econtent(cms, cmsz, &p, force)) == 0) {
+       if ((c = mft_parse_econtent(cms, cmsz, &p)) == 0) {
                /*
                 * FIXME: it should suffice to just mark this as stale
                 * and have the logic around mft_read() simply ignore
Index: rpki-client.8
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
retrieving revision 1.27
diff -u -p -r1.27 rpki-client.8
--- rpki-client.8       14 May 2020 07:12:16 -0000      1.27
+++ rpki-client.8       30 Jun 2020 10:21:05 -0000
@@ -81,9 +81,6 @@ It must accept the
 and
 .Fl -delete
 flags and connect with rsync-protocol locations.
-.It Fl f
-Accept out-of-date manifests.
-This will still report if a manifest has expired.
 .It Fl j
 Create output in the file
 .Pa json

Reply via email to