This release contains a bug in that leaves RTR clients stuck with old data. Please do not use this release if you are using Routinator with RTR and upgrade to 0.6.1 instead.
This release adds support for the RPKI Repository Delta Protocol (RRDP), an alternative method of fetching RPKI data that uses HTTPS instead of rsync. RRDP will speed up synchronisation for frequently updated repositories, for instance when Routinator is running in server mode. For the RRDP implementation, most of the internal logic of Routinator has been rewired. We used this opportunity for extensive refactoring and cleanup of the code base.
One user visible consequence is that the listeners for RTR and HTTP are now started immediately instead of waiting until after the first validation run. They still will report an error message until then, but at least you won’t
have to wonder whether something went wrong anymore.
- Removed the
rsync-countcommand line and configuration file option.
This option is now unused as modules are now rsynced only when they are
actually accessed. (#187)
- The default value for
refreshhas been lowered to 600 seconds.
- The refresh time placed in the RTR End-of-data PDU is now calculated
from the time until the next validation run is expected to finish.
- The listeners for RTR and HTTP in server mode are now started right away
and report an error until the first validation has finished. (#203)
- Routinator now supports RRDP for synchronizing repository content.
- Restructured repository directory. The rsync data now lives in a
rsync. The main repository directory will now be
kept clean and all unexpected files removed. (#187)
- In server mode, the repository will be refreshed and re-validated when
the first object expires. (#191)
- Protection against loops in the CA structure: Routinator checks that any
subject key identifier only appears once in the chain from a trust
anchor to a CA certificate. (#192)
- Routinator now explicitly skips .cer files that aren’t CA certificates
before even trying to validate them. This already happened before
because these files failed validation. (#194)
- New options
groupfor setting the user and group names a
detached server process should be run as. (#213)
- Fixed crash if the TAL directory is empty. Routinator will complain but
run since there could be local exceptions. (#212)