Index | Thread | Search

From:
Theo Buehler <tb@theobuehler.org>
Subject:
Re: rpki-client: exclude hidden files/directories when rsyncing
To:
Job Snijders <job@bsd.nl>
Cc:
tech@openbsd.org
Date:
Sat, 16 May 2026 13:50:41 +0200

Download raw body.

Thread 
On Sat, May 16, 2026 at 11:39:37AM +0000, Job Snijders wrote:
> Got a report:
> 
> On Sat, May 16, 2026 at 11:59:17AM +0100, Ben Cartwright-Cox wrote:
> > rsync: executing rsync -rtO --no-motd --min-size=100 --max-size=8000000
> > --contimeout=15 --timeout=30 --include=*/ --include=*.cer --include=*.crl
> > --include=*.mft --include=*.roa --include=*.asa --include=*.tak
> > --include=*.spl --include=*.gbr --exclude=* rsync://rpki-rps.cnnic.cn/repo/ cache/rpki-rps.cnnic.cn/repo
> > directory has vanished: "A1065585389265289217/0/.~tmp~" (in repo)
> > file has vanished: "A1065583221972402179/0/.~tmp~/1BF077990B3EF2F79478B657B4C3AF7BDEB8F260.crl" (in repo)
> > file has vanished: "A1065583221972402179/0/.~tmp~/1BF077990B3EF2F79478B657B4C3AF7BDEB8F260.mft" (in repo)
> > file has vanished: "A1065583221972402179/0/.~tmp~/3130332e3135322e3138362e302f32332d3233203d3e20313339313339.roa" (in repo)
> > file has vanished: "A1065583221972402179/0/.~tmp~/3130332e3135322e3138362e302f32332d3233203d3e2034353338.roa" (in repo)
> > ...
> > rsync warning: some files vanished before they could be transferred (code 24) at main.c(1852) [generator=3.4.1]
> 
> Looking at the RPKI standards for guidance on the topic of "dot",
> according to RFC 9286 section 4.2.2, filenames in the RPKI cannot start
> with a dot. RFC 6481 section 1.1 describes the concept of a publication
> point as a "directory in a publicly accessible filesystem". And of
> course, common sense also suggests that downloading hidden directories
> is unlikely to spark joy, as evidenced by the above log transcript.
> 
> I think it would be good to disallow both hidden files and directories
> earlier on. Perhaps like so?

Makes sense to me.

ok tb

> 
> Index: rsync.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
> diff -u -p -r1.60 rsync.c
> --- rsync.c	13 Nov 2025 15:18:53 -0000	1.60
> +++ rsync.c	16 May 2026 11:26:22 -0000
> @@ -153,6 +153,7 @@ exec_rsync(const char *prog, const char 
>  		args[i++] = "--max-size=" STRINGIFY(MAX_FILE_SIZE);
>  		args[i++] = "--contimeout=" STRINGIFY(MAX_CONN_TIMEOUT);
>  		args[i++] = "--timeout=" STRINGIFY(MAX_IO_TIMEOUT);
> +		args[i++] = "--exclude=.*";
>  		args[i++] = "--include=*/";
>  		args[i++] = "--include=*.cer";
>  		args[i++] = "--include=*.crl";
>