Skip to content

0.7.0-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@partim partim released this 23 Apr 15:04
v0.7.0-rc1
8dc983f
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Nearing the 1.0 release, we are changing our release cycle slightly. From now on, each release will be preceded by at least one release candidate allowing us and potential package maintainers to preview the changes made by an upcoming release. This is the first such release candidate.

Breaking Changes

  • Routinator now filters out rsync URIs and RRDP URIs that contain dubious host names that should not be present in the public RPKI. In this version they are ‘localhost,’ any IP address, and any URI with the port explicitly specified. This filter can be disabled via the --allow-dubious-hosts command line and config option for test deployments. (#293)
  • Only CRLs mentioned on the manifest are now considered when checking any published objects except for the manifest itself. If the hash of the CRL on the manifest does not match the CRL, it is rejected. Objects
    referencing a CRL that is not on a manifest or has a hash mismatch are rejected. [(#299)]
  • The minimal supported Rust version is now 1.39.0.

New

  • The new option --stale allows selecting a policy for dealing with stale objects – i.e., manifests and CRLs that are past their next-update date. The policies are reject, warn, and accept. The previous hard-coded policy of warn, i.e., accept but log a warning, is the default. (#288)
  • New output formats bird and bird2 which produce a roa table for Bird 1 and a route table for Bird 2, respectively. (#290, by @netravnen)
  • New output format csvcompat which produces CSV output as similar to that of the RIPE NCC Validator as possible. (#292)
  • The new config file option tal-labels allows defining explicit names to be used when TALs are referenced in output. This way, the output can be made to be even more similar to that produced by the RIPE NCC Validator. (#291)
  • The csvext output format is now also available via the HTTP server at the /csvext path. (#294)
  • New metrics for the status of the RTR and HTTP servers. (#298)
  • New metric of the number of stale objects encountered in the last validation run. (#298)

Other Changes

  • Update to Rust’s new asynchronous IO framework for the RTR and HTTP servers. Repository synchronization and validation remain synchronous atop a thread pool. (#282)
  • Changed concurrency strategy for repository update and validation. Previously, each trust anchor was updated and validated synchronously. Now processing of a CA is deferred if its repository publication point hasn’t been updated yet. Processing is then picked up by the next available worker thread. This should guarantee that all worker threads are busy all the time. ([#284)]
  • Optimized what information to keep for each ROA, bringing maximum memory consumption down to about a quarter. (#293)
  • The Docker image now wraps Routinator into tini for properly dealing with signals and child processes. (#277)
Assets 2
Loading