On Fri, Apr 30, 2021 at 10:58:25PM -0600, Theo de Raadt wrote:
> Sebastian Benoit <be...@openbsd.org> wrote:
> 
> > Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.04.29 15:34:15 +0200:
> > > Like for rsync repos files in the RRDP repos should be delayed until after
> > > the validation finished. As with anything RPKI related there is little
> > > trust in the repositories and their abilities to not botch an update.
> 
> This is also working nicely for me.
> 
> > You could get a file listing at the start and then remove files from the
> > list that are referenced, at the end you delete the ones left.
> 
> That isn't an unreasonable idea.
> 
> If we go that way, we might need to be careful of >1 rpki-client running
> against the same repo, because they can confuse their filesystem.  Most
> of these cases will lead to rpki-client aborting since it is pretty paranoid
> about inconsistancy in the filesystem, but I'm not sure if all potential 
> weirdness
> can be anticipated and handled.
> 
> So, that would suggest some sort of lockout against running multiple
> rpki-client with the correct termination strategy.  I don't believe we
> have such a thing right now.  We have the timeout, to ensure rpki-client
> doesn't run too long which may prevent simultaneous runs, but I'm not
> sure it covers all cases (imagine a weird case where two rpki-client are
> "unintentionally" started at the same time)
> 

We currently depend on cron to do the right thing and not start two
rpki-client at the same time. I would prefer to leave it up to cron (or
whatever other method people use to run rpki-client) and not add
complicated locking into rpki-client itself.

-- 
:wq Claudio

Reply via email to