Bug 250481 - net/routinator: Update to 0.8.0
Summary: net/routinator: Update to 0.8.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL: https://github.com/NLnetLabs/routinat...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-20 08:59 UTC by Jaap Akkerhuis
Modified: 2020-10-24 18:15 UTC (History)
2 users (show)

See Also:
fernape: merge-quarterly?


Attachments
patch to update (48.47 KB, text/plain)
2020-10-20 08:59 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2020-10-20 08:59:50 UTC
Created attachment 218913 [details]
patch to update

0.8.0  trikes and Gutters, Ups and Downs

Breaking Changes

* Validation now follows the rules suggested by draft-ietf-sidrops-6486bis:
  Any invalid object mentioned on the manifest will lead to the
  issuing CA and all its objects being rejected. However, unlike
  suggested by the draft, Routinator currently will not fall back
  to cached older versions of the CA's objects that may still be
  valid. In addition, unknown RPKI object types are currently
  accepted with a warning logged. This behaviour can be changed via
  the unknown-types policy option. (#371, #401)
* Similarly, CRL handling has been tightened significantly. Each
  CA must now have exactly one CRL which must be the one stated in
  the manifest's EE certificate. Any violation will lead to the whole
  CA being rejected with the same consequences as above. (#397)
* The default for dealing with stale objects has been changed to
  reject in accordance with the same draft. (#387)
* Parsing of local exception files is now more strict in accordance
  with RFC 8416. Any additional member in the JSON objects will
  lead to an error. However, error reporting has been greatly
  improved and now the line and column of an error will be indicated.
  (#372)
* The alias --allow-dubios-hosts for the correctly spelled option
  has been removed. (#384)
* The minimal supported Rust version is now 1.42.0.


New

* All VRPs overlapping with resources from rejected CA's dubbed
  'unsafe VRPs' can filtered via the new unsafe-vrps option.  Doing
  so will avoid situations were routes become RPKI invalid if their
  VRPs are split over multiple CAs or there are less specific ROAs.
  By default, unsafe VRPs are only warned about. (#377, #400)
* New metrics for the VRPs produced and filtered on the various
  TALs. (#377)
* The logging output of the latest validation run is now available
  via the HTTP service's /log endpoint. (#396)
* TCP keep-alive is now supported and enabled by default on RTR
  connections as suggested by RFC 8210. It can be disabled and its
  idle time changed from the default 60 seconds via the new
  rtr-tcp-keepalive command line and config file option. (#390)
* The pid-file, working-dir, chroot, user, and group config file
  and server command options now also work without the --detach
  command line option. (#392)
* The init command will now change ownership of the cache directory
  if the user and group options are set via config file or command
  line options. (#392)
* Irrelevant log messages from libraries are now also filtered when
  using syslog logging. (#385)
* Release builds will now abort on panic, i.e., when an unexpected
  internal condition is detected. This ensures that there won't be
  a Routinator in a coma. (#394)
* The feature rta enables the new command rta for validating Resource
  Tagged Assertions as described in draft-michaelson-rpki-rta. This
  feature is not enabled by default and needs to be activated by
  adding the option --features rta to the Cargo build command.



Bug Fixes

* Update start and end times will not change between consecutive
  metrics reports any more. (#389)
* Local exceptions will now be loaded before starting a validation
  run both in vrps and server mode instead of discarding the run
  after it finished when loading fails. In server mode, we now wait
  10 seconds after loading local exceptions fails and try again
  instead of repeatedly starting validation runs and discarding
  them. (594186c)
* EE certificates encountered in the repository are now validated
  as router certificates rather than regular RPKI EE certificates.
  (#398)

Other Changes

* Logging has been cleaned up. The meaning of the four log levels
  is now better defined--see the man page--and all log output has
  been reassigned accordingly. (#396)
Comment 1 Fernando Apesteguía freebsd_committer 2020-10-20 11:01:01 UTC
^Triage: Simplifying title

^Triage: Bugfix release, merge to quarterly branch.


Thanks!
Comment 2 Kurt Jaeger freebsd_committer 2020-10-24 18:13:47 UTC
testbuilds are fine
Comment 3 commit-hook freebsd_committer 2020-10-24 18:14:49 UTC
A commit references this bug:

Author: pi
Date: Sat Oct 24 18:14:35 UTC 2020
New revision: 553212
URL: https://svnweb.freebsd.org/changeset/ports/553212

Log:
  net/routinator: update 0.7.1 -> 0.8.0

  PR:		250481
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  Relnotes:	https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0

Changes:
  head/net/routinator/Makefile
  head/net/routinator/distinfo
Comment 4 Kurt Jaeger freebsd_committer 2020-10-24 18:15:12 UTC
Committed, thanks!