From: claudio <claudio@openbsd.org>
Date: Wed, 1 Sep 2021 12:26:26 +0000 (+0000)
Subject: RPKI only cares about *.{cer,crl,gbr,mft,roa} files. Use rsync --include
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=22ca817fdd32d4cc08710821dad014cf18d1cd85;p=openbsd

RPKI only cares about *.{cer,crl,gbr,mft,roa} files. Use rsync --include
and --exclude to only fetch those files from the CA repositories.
OK job@
---

diff --git a/usr.sbin/rpki-client/rsync.c b/usr.sbin/rpki-client/rsync.c
index d2eb4c26c7a..740d0ada53b 100644
--- a/usr.sbin/rpki-client/rsync.c
+++ b/usr.sbin/rpki-client/rsync.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsync.c,v 1.24 2021/04/19 17:04:35 deraadt Exp $ */
+/*	$OpenBSD: rsync.c,v 1.25 2021/09/01 12:26:26 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -277,8 +277,14 @@ proc_rsync(char *prog, char *bind_addr, int fd)
 			args[i++] = (char *)prog;
 			args[i++] = "-rt";
 			args[i++] = "--no-motd";
-			args[i++] = "--timeout";
-			args[i++] = "180";
+			args[i++] = "--timeout=180";
+			args[i++] = "--include=*/";
+			args[i++] = "--include=*.cer";
+			args[i++] = "--include=*.crl";
+			args[i++] = "--include=*.gbr";
+			args[i++] = "--include=*.mft";
+			args[i++] = "--include=*.roa";
+			args[i++] = "--exclude=*";
 			if (bind_addr != NULL) {
 				args[i++] = "--address";
 				args[i++] = (char *)bind_addr;