Sebastian Benoit <be...@openbsd.org> wrote: > Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.29 15:34:15 +0200: > > Like for rsync repos files in the RRDP repos should be delayed until after > > the validation finished. As with anything RPKI related there is little > > trust in the repositories and their abilities to not botch an update.
This is also working nicely for me. > You could get a file listing at the start and then remove files from the > list that are referenced, at the end you delete the ones left. That isn't an unreasonable idea. If we go that way, we might need to be careful of >1 rpki-client running against the same repo, because they can confuse their filesystem. Most of these cases will lead to rpki-client aborting since it is pretty paranoid about inconsistancy in the filesystem, but I'm not sure if all potential weirdness can be anticipated and handled. So, that would suggest some sort of lockout against running multiple rpki-client with the correct termination strategy. I don't believe we have such a thing right now. We have the timeout, to ensure rpki-client doesn't run too long which may prevent simultaneous runs, but I'm not sure it covers all cases (imagine a weird case where two rpki-client are "unintentionally" started at the same time)
