On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote:
> RPKI repository can only include a few specific files, everything else is
> just ignored and deleted after every fetch. Since openrsync supports
> --exclude-file now we can use this to limit what is actually accepted by
> the client.
>
> I used a config file in /etc/rpki instead of using multiple --exclude /
> --include arguments. Mostly to keep the execvp argv short.
>
> What you think?
It seems using a config file to keep the argv list short is too
controversial and all alternate suggestions are worse.
So just add the include/exclude list as arguments.
--
:wq Claudio
Index: rsync.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving revision 1.24
diff -u -p -r1.24 rsync.c
--- rsync.c 19 Apr 2021 17:04:35 -0000 1.24
+++ rsync.c 1 Sep 2021 09:08:06 -0000
@@ -277,8 +277,14 @@ proc_rsync(char *prog, char *bind_addr,
args[i++] = (char *)prog;
args[i++] = "-rt";
args[i++] = "--no-motd";
- args[i++] = "--timeout";
- args[i++] = "180";
+ args[i++] = "--timeout=180";
+ args[i++] = "--include=*/";
+ args[i++] = "--include=*.cer";
+ args[i++] = "--include=*.crl";
+ args[i++] = "--include=*.gbr";
+ args[i++] = "--include=*.mft";
+ args[i++] = "--include=*.roa";
+ args[i++] = "--exclude=*";
if (bind_addr != NULL) {
args[i++] = "--address";
args[i++] = (char *)bind_addr;
