The private key that encrypts the file in `https://rpki.cloudflare.com/rpki.json` is being rotated.
In order to avoid any downtime, we created a second file with the new encryption key in `https://rpki.cloudflare.com/v2/rpki.json`.
In this PR, we update the path for the cache file, so we use the newly encrypted v2/rpki.json, and also the new public key in cf.pub that matches it.
The old file will also need to be updated so we can deprecate the old encryption keys.
You need to download this new release to make sure your code does not break when the key is updated. Alternatively, you can continue to use the release you are using now and simply update cf.pub and pass the -cache flag with the correct url.
DEADLINE: 18-03-2024 !!!!
For successful HTTP calls there were cases where no 'rpki_refresh' metric was
exposed, as FetchFile() return'ed without the bool return value set to true.
As the bool return value mainly seems to indicate that a file was successfully
fetch from an HTTP URL, the same behavior can be achieve by using the HTTP
status code to expose the metric.
This also contains some drive-by clean-ups.
Signed-off-by: Maximilian Wilhelm <maximilian@cloudflare.com>
* Set three modes of operating serial:
* Default: serials will start at 0 and increment at every change
* Beginning: serial will be set to the value found in the JSON then increment at every change
* Full: serial will be set based on the value found in the JSON at each refresh
* Also fixes a session ID bug where the variable was never random
* Introduces the following flags: `rtr.sessionid`. `rtr.refresh`, `rtr.retry` and `rtr.expire`
Resolves issue #52
* Possibility to read a slurm file (rfc8416) from an http/https endpoint or from a file
* Filters prefixes and adds new ones contained in the configuration
* Can output a new rpki.json which contains the updated prefixes and sign it (other GoRTR can consome from it)
* Travis-CI now automatically compiles GoRTR for Linux, Mac OS and Windows
* Version number inserted at build time based on tag
* Packages deb/rpm
* Publishes into GitHub Releases
When receiving SIGHUP, trigger a refresh of the cache. This is useful
when we need an immediate update of the cache without having a very
low refresh interval.
* Add SSH support in library.
* GoRTR and RTRdump to use SSH with user/password or without auth
* Updated README with simple compatilibty matrix,
SSH configuration, Cisco configuration.
ASNs are 32-bit unsigned integers. However, `strconv.Atoi` will return
32-bit or 64-bit signed integers depending on the platform. It's best to
use `ParseUint` directly.
talves
Maximilian Wilhelm
Louis Poinsignon
Louis
John Bampton
Ties de Kock
Vincent Bernat
Louis Poinsignon
Zhaofeng Li
Jerome Fleury