Don't create an RRDP delta for publishers entries without content #1181
Conversation
|
This should prevent empty RRDP deltas from being produced by not staging empty publication (RFC8181) deltas for the publisher and skipping them in the decision process to decide whether to produce a new RRDP delta. As far as I can tell Krill CAs do not send empty publication deltas but issue #1180 shows that empty RRDP deltas were produced possibly because non-Krill publishers sent them. |
|
Notes to self:
|
Ideally, yes. But it was not trivial to do this... There are tests in place (under the tests directory) that have CAs publish at a Krill Server. However, Krill CAs do not send empty publication requests. Setting up an intentionally broken (or well, at least different) publishing CA is not trivial. Unit testing at the current function level is even less trivial because it would require a lot of set up and new code. Extracting Anyway... not saying any of this in protest against adding a test. Just trying to explain why there isn't one.
I am not sure, this kind of leads to formal schema validation in the XML library - which is not supported. Maybe, but it would need case by case evaluation. In this particular case it would not help as the internal state with an empty delta should be prevented. The XML is just a representation of that that state. So failing the XML generation would not help, and could even lead to irrecoverable issues (theoretically). |
|
partim
changed the title
New * Allow overriding the initial manifest number when initializing the TA signer, either by specifying `--initial_manifest_number` in the CLI or by including `ta_mft_nr_override: #nr` in the `ImportTa` JSON. ([#1178]) * Allow overriding the TA manifest number when signing a TA proxy request by specifying `--ta_mft_number_override` in the CLI. ([#1178]) Bug fixes * Prevent empty RRDP delta lists to be produced. ([#1181]) * Correctly encode empty revocation lists in CRLs. (via [rpki-rs#295]) * Allow read access to the RIS dump while downloading a new dump. ([#1179]) * Don’t apply “child revoke key” command if the resource class does not exist. ([#1208]) Other changes * The minimum supported Rust version is now 1.70.0. ([#1198])
New * Allow overriding the initial manifest number when initializing the TA signer, either by specifying `--initial_manifest_number` in the CLI or by including `ta_mft_nr_override: #nr` in the `ImportTa` JSON. ([#1178]) * Allow overriding the TA manifest number when signing a TA proxy request by specifying `--ta_mft_number_override` in the CLI. ([#1178]) Bug fixes * Prevent empty RRDP delta lists to be produced. ([#1181]) * Correctly encode empty revocation lists in CRLs. (via [rpki-rs#295]) * Allow read access to the RIS dump while downloading a new dump. ([#1179]) * Don’t apply “child revoke key” command if the resource class does not exist. ([#1208]) Other changes * The minimum supported Rust version is now 1.70.0. ([#1198])
No description provided.