From 22ca817fdd32d4cc08710821dad014cf18d1cd85 Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Wed, 1 Sep 2021 12:26:26 +0000
Subject: [PATCH] RPKI only cares about *.{cer,crl,gbr,mft,roa} files. Use
 rsync --include and --exclude to only fetch those files from the CA
 repositories. OK job@

---
 usr.sbin/rpki-client/rsync.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/rpki-client/rsync.c b/usr.sbin/rpki-client/rsync.c
index d2eb4c26c7a..740d0ada53b 100644
--- a/usr.sbin/rpki-client/rsync.c
+++ b/usr.sbin/rpki-client/rsync.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rsync.c,v 1.24 2021/04/19 17:04:35 deraadt Exp $ */
+/*	$OpenBSD: rsync.c,v 1.25 2021/09/01 12:26:26 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -277,8 +277,14 @@ proc_rsync(char *prog, char *bind_addr, int fd)
 			args[i++] = (char *)prog;
 			args[i++] = "-rt";
 			args[i++] = "--no-motd";
-			args[i++] = "--timeout";
-			args[i++] = "180";
+			args[i++] = "--timeout=180";
+			args[i++] = "--include=*/";
+			args[i++] = "--include=*.cer";
+			args[i++] = "--include=*.crl";
+			args[i++] = "--include=*.gbr";
+			args[i++] = "--include=*.mft";
+			args[i++] = "--include=*.roa";
+			args[i++] = "--exclude=*";
 			if (bind_addr != NULL) {
 				args[i++] = "--address";
 				args[i++] = (char *)bind_addr;
-- 
2.20.1