Bug 240560 - net/routinator: Update to 0.6.2
Summary: net/routinator: Update to 0.6.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Raphael Kubo da Costa
Depends on:
Blocks: 239899
  Show dependency treegraph
Reported: 2019-09-13 12:44 UTC by Jaap Akkerhuis
Modified: 2019-11-28 10:57 UTC (History)
2 users (show)

See Also:
jaap: maintainer-feedback+

Patch to update (43.46 KB, patch)
2019-09-13 12:44 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details | Diff
patch to Upggrade to 6.2 (49.64 KB, patch)
2019-11-27 13:36 UTC, Jaap Akkerhuis
no flags Details | Diff
Patch UIDs and GIDs files to insert routinator pseudo user (849 bytes, patch)
2019-11-27 13:41 UTC, Jaap Akkerhuis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2019-09-13 12:44:56 UTC
Created attachment 207460 [details]
Patch to update

Changes in the Port:

This update is actually combined with a bug fix.
I also aidded the feature request as discussed in PR #239899

Release notes:

                           0.6.1  `Philosophy Is Tricky'

This is a bug fix release that primarily fixes an issue in 0.6.0
whereby the serial number for RTR was not updated when new data
became available resulting in RTR clients getting stuck with old


* RRDP access statistics are now also shown in the /status HTTP
  endpoint. They were already part of the Prometheus metrics. (#218)

Bug Fixes

* The RTR serial number was not increased when new data became
  available. (#215)

Other changes

* The RRDP client will not complain if it can  read a non-existing
  state file anymore as this is a completely normal situation.  (#217)

                              0.6.0  `Pink Sombrero'

This release adds support for the RPKI Repository Delta Protocol
(RRDP), an alternative method of fetching RPKI data that uses HTTPS
instead of rsync. RRDP will speed up synchronisation for frequently
updated repositories, for instance when Routinator is running in
server mode. For the RRDP implementation, most of the internal logic
of Routinator has been rewired. We used this opportunity for extensive
refactoring and cleanup of the code base.

One user visible consequence is that the listeners for RTR and HTTP
are now started immediately instead of waiting until after the first
validation run. They still will report an error message until then,
but at least you won have to wonder whether something went wrong

Breaking Changes

* Removed the rsync-count command line and configuration file option.
  This option is now unused as modules are now rsynced only when
  they are actually accessed. (#187)

* The default value for refresh has been lowered to 600 seconds.  (#191)

* The refresh time placed in the RTR End-of-data PDU is now calculated
  from the time until the next validation run is expected to finish.  (#193)

* The listeners for RTR and HTTP in server mode are now started
  right away and report an error until the first validation has
  finished. (#203)


* Routinator now supports RRDP for synchronizing repository content.  (#187)

* Restructured repository directory. The rsync data now lives in a
  sub-directory called rsync. The main repository directory will
  now be kept clean and all unexpected files removed. (#187)

* In server mode, the repository will be refreshed and re-validated
  when the first object expires. (#191)

* Protection against loops in the CA structure: Routinator checks
  that any subject key identifier only appears once in the chain
  from a trust anchor to a CA certificate. (#192)

* Routinator now explicitly skips .cer files that aren  CA certificates
  before even trying to validate them. This already happened before
  because these files failed validation. (#194)

* New options user and group for setting the user and group names
  a detached server process should be run as. (#213)

Bug Fixes

* Fixed crash if the TAL directory is empty. Routinator will complain
  but run since there could be local exceptions. (#212)
Comment 1 C 2019-09-24 19:36:24 UTC
I believe the importance can be changed from 'Affects Only Me' 
to something more serious, maybe that helps to move this forward.
Comment 2 Jaap Akkerhuis 2019-09-29 21:10:13 UTC
(In reply to C from comment #1)
I don't really understand what this "Importance setting" does. I've seen that committers changed in from "affects many people" to "only affects me" without explaining why.

But now you asked, changed the setting.
Comment 3 C 2019-10-20 15:57:11 UTC
It's been a while with no progress on this.

Jaap, what to you think about becoming the maintainer of this port?

Maybe that would help move this forward?
Comment 4 Jaap Akkerhuis 2019-10-21 01:11:32 UTC
(In reply to C from comment #3)
I am actually the maintainer for this port so that is nit the problem. Somtimes the committers are busy. I have learned to be patient.

Sometimes people prod on the ports mail list...
Comment 5 Raphael Kubo da Costa freebsd_committer 2019-11-03 12:41:03 UTC
Hi Jaap. I've run portlint on the port after applying this patch, and got

FATAL: PLIST_FILES: files cannot contain %%FOO%% variables.  Use make variables and logic instead
FATAL: PLIST_FILES: files cannot contain %%FOO%% variables.  Use make variables and logic instead

Since you're setting the plist in the Makefile, you shouldn't be using %%FOO%% expansions, but rather the variables that actually set those substitutions. In this case, ${ETCDIR_REL}. Alternatively, you could just add a pkg-plist.

You also need to add entries to UIDs and GIDs for the new user/group you're adding, see https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/users-and-groups.html.
Comment 6 Jaap Akkerhuis 2019-11-21 14:31:26 UTC
(In reply to Raphael Kubo da Costa from comment #5)
Apologies for the brokenness of the port patch. I whipped it up quickly before some extensive traveling. (something I should probably not have done).

Meanwhile there an update to 0.62 as well happened. So I will send a new version ASAP. Or do you prefer I clode this one and create a new one? Let me know.
Comment 7 Raphael Kubo da Costa freebsd_committer 2019-11-21 14:43:07 UTC
No worries! It's fine to reuse this bug, just make you sure you retitle it as well.
Comment 8 Jaap Akkerhuis 2019-11-27 13:36:54 UTC
Created attachment 209480 [details]
patch to Upggrade to 6.2

Routinator 0.6.2 ‘Distiller’s Edition’ released

We are delighted to announce the latest release of Routinator,
version 0.6.2 ’Distiller’s Edition.’

Routinator is an RPKI relying party software that collects and
validates statements in the Resource Public Key Infrastructure
(RPKI) about allowed route origins and makes them available to the
BGP workflow.

There aren’t any new features in this release. Rather, it is a
collection of bug fixes and minor improvements that have been
implemented over the last weeks. You can read the detailed list of
these in the release notes.
Comment 9 Jaap Akkerhuis 2019-11-27 13:41:59 UTC
Created attachment 209481 [details]
Patch UIDs and GIDs files to insert routinator pseudo user

The routinator daemon has now its own user and group ID. This patch is to change the /usr/port/UIDs and GIDs file accordingly.
Comment 10 commit-hook freebsd_committer 2019-11-28 10:57:06 UTC
A commit references this bug:

Author: rakuco
Date: Thu Nov 28 10:57:01 UTC 2019
New revision: 518574
URL: https://svnweb.freebsd.org/changeset/ports/518574

  Update to 0.6.2.

  Release notes:

  Port changes:
  - Add a startup script.
  - Add a separate user/group for the daemon to use.

  PR:		240560
  PR:		239899
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

Comment 11 Raphael Kubo da Costa freebsd_committer 2019-11-28 10:57:34 UTC
Committed, thank you very much!