-/* $OpenBSD: parser.c,v 1.95 2023/05/30 12:14:48 claudio Exp $ */
+/* $OpenBSD: parser.c,v 1.96 2023/05/30 16:02:28 job Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
* Load the most recent MFT by opening both options and comparing the two.
*/
static char *
-proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile)
+proc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
+ time_t *crlmtime)
{
struct mft *mft1 = NULL, *mft2 = NULL;
struct crl *crl, *crl1, *crl2;
const char *err1, *err2;
*mp = NULL;
+ *crlmtime = 0;
mft1 = proc_parser_mft_pre(entp, DIR_VALID, &file1, &crl1, &crl1file,
&err1);
}
if (*mp != NULL) {
+ *crlmtime = crl->lastupdate;
if (!crl_insert(&crlt, crl)) {
warnx("%s: duplicate AKI %s", file, crl->aki);
crl_free(crl);
/*
* Parse a ghostbuster record
*/
-static void
+static struct gbr *
proc_parser_gbr(char *file, const unsigned char *der, size_t len,
const char *mftaki)
{
const char *errstr;
if ((gbr = gbr_parse(&x509, file, der, len)) == NULL)
- return;
+ return NULL;
a = valid_ski_aki(file, &auths, gbr->ski, gbr->aki, mftaki);
crl = crl_get(&crlt, a);
/* return value can be ignored since nothing happens here */
- if (!valid_x509(file, ctx, x509, a, crl, &errstr))
+ if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
warnx("%s: %s", file, errstr);
-
+ X509_free(x509);
+ gbr_free(gbr);
+ return NULL;
+ }
X509_free(x509);
- gbr_free(gbr);
+
+ gbr->talid = a->cert->talid;
+
+ return gbr;
}
/*
struct mft *mft;
struct roa *roa;
struct aspa *aspa;
+ struct gbr *gbr;
+ struct tak *tak;
struct ibuf *b;
unsigned char *f;
+ time_t mtime, crlmtime;
size_t flen;
char *file, *crlfile;
int c;
file = NULL;
f = NULL;
+ mtime = 0;
+ crlmtime = 0;
+
switch (entp->type) {
case RTYPE_TAL:
io_str_buffer(b, entp->file);
+ io_simple_buffer(b, &mtime, sizeof(mtime));
if ((tal = tal_parse(entp->file, entp->data,
entp->datasz)) == NULL)
errx(1, "%s: could not parse tal file",
else
cert = proc_parser_cert(file, f, flen,
entp->mftaki);
+ if (cert != NULL)
+ mtime = cert->notbefore;
+ io_simple_buffer(b, &mtime, sizeof(mtime));
c = (cert != NULL);
io_simple_buffer(b, &c, sizeof(int));
if (cert != NULL) {
*/
break;
case RTYPE_MFT:
- file = proc_parser_mft(entp, &mft, &crlfile);
+ file = proc_parser_mft(entp, &mft, &crlfile, &crlmtime);
io_str_buffer(b, file);
+ if (mft != NULL)
+ mtime = mft->signtime;
+ io_simple_buffer(b, &mtime, sizeof(mtime));
c = (mft != NULL);
io_simple_buffer(b, &c, sizeof(int));
if (mft != NULL)
io_simple_buffer(b2, &entp->talid,
sizeof(entp->talid));
io_str_buffer(b2, crlfile);
+ io_simple_buffer(b2, &crlmtime,
+ sizeof(crlmtime));
free(crlfile);
io_close_buffer(msgq, b2);
file = parse_load_file(entp, &f, &flen);
io_str_buffer(b, file);
roa = proc_parser_roa(file, f, flen, entp->mftaki);
+ if (roa != NULL)
+ mtime = roa->signtime;
+ io_simple_buffer(b, &mtime, sizeof(mtime));
c = (roa != NULL);
io_simple_buffer(b, &c, sizeof(int));
if (roa != NULL)
case RTYPE_GBR:
file = parse_load_file(entp, &f, &flen);
io_str_buffer(b, file);
- proc_parser_gbr(file, f, flen, entp->mftaki);
+ gbr = proc_parser_gbr(file, f, flen, entp->mftaki);
+ if (gbr != NULL)
+ mtime = gbr->signtime;
+ io_simple_buffer(b, &mtime, sizeof(mtime));
+ gbr_free(gbr);
break;
case RTYPE_ASPA:
file = parse_load_file(entp, &f, &flen);
io_str_buffer(b, file);
aspa = proc_parser_aspa(file, f, flen, entp->mftaki);
+ if (aspa != NULL)
+ mtime = aspa->signtime;
+ io_simple_buffer(b, &mtime, sizeof(mtime));
c = (aspa != NULL);
io_simple_buffer(b, &c, sizeof(int));
if (aspa != NULL)
case RTYPE_TAK:
file = parse_load_file(entp, &f, &flen);
io_str_buffer(b, file);
- proc_parser_tak(file, f, flen, entp->mftaki);
+ tak = proc_parser_tak(file, f, flen, entp->mftaki);
+ if (tak != NULL)
+ mtime = tak->signtime;
+ io_simple_buffer(b, &mtime, sizeof(mtime));
+ tak_free(tak);
break;
case RTYPE_CRL:
default:
file = parse_filepath(entp->repoid, entp->path,
entp->file, entp->location);
io_str_buffer(b, file);
+ io_simple_buffer(b, &mtime, sizeof(mtime));
warnx("%s: unhandled type %d", file, entp->type);
break;
}
-/* $OpenBSD: repo.c,v 1.46 2023/05/25 12:49:39 claudio Exp $ */
+/* $OpenBSD: repo.c,v 1.47 2023/05/30 16:02:28 job Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
struct filepath {
RB_ENTRY(filepath) entry;
char *file;
+ time_t mtime;
};
static inline int
* Functions to lookup which files have been accessed during computation.
*/
int
-filepath_add(struct filepath_tree *tree, char *file)
+filepath_add(struct filepath_tree *tree, char *file, time_t mtime)
{
struct filepath *fp;
if ((fp = malloc(sizeof(*fp))) == NULL)
err(1, NULL);
+ fp->mtime = mtime;
if ((fp->file = strdup(file)) == NULL)
err(1, NULL);
/* write new content or mark uri as deleted. */
if (pt == PUB_DEL) {
- filepath_add(&rr->deleted, uri);
+ filepath_add(&rr->deleted, uri, 0);
} else {
fp = filepath_find(&rr->deleted, uri);
if (fp != NULL)
base = strchr(fp->file + rrdpsz, '/');
assert(base != NULL);
fn = base + 1;
+
+ /*
+ * Adjust file last modification time in order to
+ * minimize RSYNC synchronization load after transport
+ * failover.
+ * While serializing RRDP datastructures to disk, set
+ * the last modified timestamp to the CMS signing-time,
+ * the X.509 notBefore, or CRL lastUpdate timestamp.
+ */
+ if (fp->mtime != 0) {
+ int ret;
+ struct timespec ts[2];
+
+ ts[0].tv_nsec = UTIME_OMIT;
+ ts[1].tv_sec = fp->mtime;
+ ts[1].tv_nsec = 0;
+ ret = utimensat(AT_FDCWD, fp->file, ts, 0);
+ if (ret == -1) {
+ warn("utimensat %s", fp->file);
+ continue;
+ }
+ }
}
if (repo_mkpath(AT_FDCWD, fn) == -1)
projects / openbsd / commitdiff