Permalink
Commits on Aug 26, 2018
  1. Clean up old code which has been obsolete for years.

    sraustein committed Aug 26, 2018
    smoketest hasn't worked since we converted to Tornado and Django ORM.
    
    xml-parse-test hasn't worked since we ripped out the massively
    redundant XML layer and went to using lxml.etree directly.
    
    old_irdbd hasn't worked since we converted to Django ORM.
    
    rpki.adns hasn't worked since we converted to Tornado.
    
    Various tests in ca/Makefile.in haven't worked since all of the above
    happened.
    
    Some day we may want to resurrect a few bits (in particular, the
    post-initialization scripting capabilities from smoketest) but for the
    moment it just confuses people, so away with it.
Commits on Jun 27, 2018
Commits on Jan 9, 2018
  1. Merge branch 'APNIC-net-apnic-deprecated-tas'

    sraustein committed Jan 9, 2018
    Pull request from APNIC deleting obsolete APNIC TALs.
Commits on May 17, 2017
Commits on Jan 27, 2017
  1. Accumulate primary keys instead of objects to work around Django cach…

    sraustein committed Jan 27, 2017
    …ing.
    
    This is nasty, and I still don't entirely understand it why this was
    happening.  We collect ca_detail objects during bulk ROA processing,
    so that we can defer manifest and CRL updates until the end of the
    batch.  Somehow, Django's caching code was causing the parent CA's
    issued serial number to roll back as part of this caching, which
    caused us to reuse serial numbers.  Which is (very) bad.
    
    Replacing the collection of ca_detail objects with a collection of
    primary key values for those same ca_detail objects seems to have
    worked, presumably because it lets us force creation of a new queryset
    when it's time for us to process the relevant ca_detail objects.
    
    The question is how many other booby traps like this might be lurking.
Commits on Jan 15, 2017
  1. Wrong Django voodoo in previous fix.

    sraustein committed Jan 15, 2017
    The rubber chicken needs to dance around the circle once, widdershins.
    Obviously.
    
    For future reference, the syntax for forcing queryset evaluation is
    "list(blarg.all())", not "[blarg.all()]".  In this case it doesn't
    seem to be necessary.
Commits on Jan 14, 2017
Commits on Jan 13, 2017
Commits on Oct 10, 2016
  1. Update to OpenSSL 1.0.2j.

    sraustein committed Oct 10, 2016
    There would (probably) be no security issue with continuing to use
    OpenSSL 1.0.2h for RPKI, but it's usually best to stay current.
    
    Update the update-snapshot script to use git instead of svn.
Commits on Aug 9, 2016
  1. Jessie comments; spelling/typo/trailing-whitespace cleanup.

    sraustein committed Aug 9, 2016
    Randy accidently pushed a bunch of unsigned commits.  I reviewed
    them before signing this one.  Randy's knuckles have been whacked.
Commits on Aug 8, 2016
Commits on Aug 7, 2016
Commits on Aug 4, 2016
Commits on Aug 3, 2016
  1. Start adding back links that were lost in translation, updated as app…

    sraustein committed Aug 3, 2016
    …ropriate.
    
    This is by no means a complete overhaul, just a fix for the most
    obviously broken links in the Installation pages.
  2. Add a few more links to documentation and installation instructions.

    sraustein committed Aug 3, 2016
    Documentation needs a general overhaul and some manual cleanup of
    things that the Wiki extraction process got wrong, but it's probably
    simplest to finish converting all the external stuff (eg, APT
    repositories) first.
Commits on Aug 2, 2016
Commits on Jul 29, 2016
Commits on Jul 28, 2016
Commits on Jul 19, 2016
  1. Implement new recommendation for HTTPS validation: try with validation

    sraustein committed Jul 19, 2016
    enabled, if that fails, whine and retry with validation disabled.
    
    svn path=/branches/tk705/; revision=6448
  2. Simplistic hack for versioning with git.

    sraustein committed Jul 19, 2016
    svn path=/branches/tk705/; revision=6447
Commits on Jul 18, 2016
  1. Remove "import url from future" from Django templates. Fixes #823.

    sraustein committed Jul 18, 2016
    svn path=/branches/tk705/; revision=6446
Commits on Jun 26, 2016
  1. Log resynchronization details.

    sraustein committed Jun 26, 2016
    svn path=/branches/tk705/; revision=6445
Commits on Jun 9, 2016
  1. Fix badly written XXX_Driver.execute() methods: calling sequence is

    sraustein committed Jun 9, 2016
    specified by DB API, just use it, rather than getting clever with
    variable-length argument sequences.
    
    svn path=/branches/tk705/; revision=6442
Commits on Jun 8, 2016
  1. Bugfixes from Andrew Bradford (thanks!).

    sraustein committed Jun 8, 2016
    svn path=/branches/tk705/; revision=6441
Commits on May 26, 2016
  1. Remove gratuitous None values from status database -- this appears to

    sraustein committed May 26, 2016
    have been incomplete conversion from an older internal API, back when
    we still had Generation objects.  In any case, status="None" in
    rcynic.xml is wrong, and has been giving rcynic-html indigestion.
    
    svn path=/branches/tk705/; revision=6440
Commits on May 25, 2016
  1. New script to install an RPKI root key salvaged from an old rootd

    sraustein committed May 25, 2016
    installation on top of the active CADetail of a new-style rootd-less
    rpkid configuration.
    
    This has been tested, but only lightly, and only in the lab.
    
    This script is dangerous.  Do not run it unless you really know what
    you are doing, and even then you probably do not want to run it on
    anything but a brand new installation with no existing RPKI data.
    
    See #816.
    
    svn path=/branches/tk705/; revision=6438
Commits on May 24, 2016
  1. More http:// => https:// changes in documentation links.

    sraustein committed May 24, 2016
    svn path=/branches/tk705/; revision=6436
Commits on May 10, 2016
  1. Debian requires explicit runtime dependency on sudo, and rpki-rp needs

    sraustein committed May 10, 2016
    to make sure that /var/log/rpki exists.
    
    svn path=/branches/tk705/; revision=6433
Commits on May 9, 2016
  1. Add `--root-handle` argument to ca-unpickle to allow manual

    sraustein committed May 9, 2016
    specification of a handle for the new root entity instead of the
    default of using a randomly-generated UUID as the name.
    
    svn path=/branches/tk705/; revision=6432
Commits on May 7, 2016
  1. Exclude root certificate serial number from last_serial calculation,

    sraustein committed May 7, 2016
    as including it ends very badly when the root certificate serial is a
    randomly-generated 64-bit value.  See #814.
    
    svn path=/branches/tk705/; revision=6430