This PR implements all log handling with the exception of actual syslog in
Routinator itself. It also implements support for log rotation when logging
into files by re-opening the log file when receiving SIGUSR2.
Error handling for logging is now such that if trying to log to file or
syslog fails, Routinator will exit. It will also exit if it receives SIGUSR2
and can’t open the log file.
The motivation for this is that the log is used by many people to determine
issues with the RPKI repositories, so silently not having logs seems bad.
Also, not being able to log is a good indication for bigger problems to
come.
---------
Co-authored-by: Luuk Hendriks <mail@luukhendriks.eu>
This PR switches the dependencies on rpki-rs to the released 0.16.1 and on
routecore to 0.3.1. As a consequence, the minimum required Rust version can
be lowered to 1.63.
This PR changes renames functions and attributes etc. that refer to
standalone end-entity certificates to refer to them as ‘router certs’ to
better distinguish them from EE certificates that are part of signed
objects.
The only external change is in the HTTP status API where the `validEECerts`
member has been renamed to `validRouterCerts` but the old name has been
retained for now.
This is a breaking change.
This PR adds support for ASPA to Routinator.
The PR adds a new config option ‘enable_aspa’ that is false by default. Only
if it is set to true will ASPAs be added to the payload set.
It adds support for processing ASPA objects to the engine, adds ASPA related
metrics, and completely refactors the payload storage to be able to deal
with the differing semantics of ASPA payload.
The PR adds a new "aspa" member to the jsonext format and the HTTP delta endpoint. It adds new members to the API status and adds new Prometheus
metrics.
It increases the minimum required Rust version to 0.65.
---------
Co-authored-by: Alex Band <alex@nlnetlabs.nl>
Co-authored-by: Luuk Hendriks <mail@luukhendriks.eu>
Bug Fixes
* Allow private keys prefixed both with `BEGIN PRIVATE KEY` and
`BEGIN RSA PRIVATE KEY` in the files referred to by `http-tls-key` and
`rtr-tls-key` configuration options. ([#831], [#832])
This commit changes the code that reads the private key file for both HTTP
and RTR to accept both the PRIVATE KEY items from PKCS#8 and RSA PRIVATE KEY
items from PKCS#1.
This commit changes the behavior on Unix by setting the working directory to
the chroot directory if a chroot is requested but no working directory
is explicitly provided.
Martin Hoffmann
ximon18
Alex Band
Maarten Aertsen
dependabot[bot]
Sander van Delden