rpki-client is currently not able to to load relative tal files via -t
option. The problem is that the chdir to the cache directory happens
before the tal files are loaded. Move the fchdir down so relative path
work when queue_add_tal() is called. Also make sure that the rsync and
parser process chdir to the cachdir.
--
:wq Claudio
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.120
diff -u -p -r1.120 main.c
--- main.c 18 Mar 2021 14:05:44 -0000 1.120
+++ main.c 19 Mar 2021 08:53:47 -0000
@@ -962,10 +962,6 @@ main(int argc, char *argv[])
if (talsz == 0)
err(1, "no TAL files found in %s", "/etc/rpki");
- /* change working directory to the cache directory */
- if (fchdir(cachefd) == -1)
- err(1, "fchdir");
-
/*
* Create the file reader as a jailed child process.
* It will be responsible for reading all of the files (ROAs,
@@ -980,6 +976,10 @@ main(int argc, char *argv[])
if (procpid == 0) {
close(fd[1]);
+ /* change working directory to the cache directory */
+ if (fchdir(cachefd) == -1)
+ err(1, "fchdir");
+
/* Only allow access to the cache directory. */
if (unveil(".", "r") == -1)
err(1, "%s: unveil", cachedir);
@@ -1009,6 +1009,10 @@ main(int argc, char *argv[])
close(proc);
close(fd[1]);
+ /* change working directory to the cache directory */
+ if (fchdir(cachefd) == -1)
+ err(1, "fchdir");
+
if (pledge("stdio rpath proc exec unveil", NULL) == -1)
err(1, "pledge");
@@ -1086,6 +1090,10 @@ main(int argc, char *argv[])
for (i = 0; i < talsz; i++)
queue_add_tal(tals[i]);
+
+ /* change working directory to the cache directory */
+ if (fchdir(cachefd) == -1)
+ err(1, "fchdir");
while (entity_queue > 0 && !killme) {
pfd[0].events = POLLIN;
