From: Theo Buehler Subject: Re: rpki-client: exclude hidden files/directories when rsyncing To: Job Snijders Cc: tech@openbsd.org Date: Sat, 16 May 2026 13:50:41 +0200 On Sat, May 16, 2026 at 11:39:37AM +0000, Job Snijders wrote: > Got a report: > > On Sat, May 16, 2026 at 11:59:17AM +0100, Ben Cartwright-Cox wrote: > > rsync: executing rsync -rtO --no-motd --min-size=100 --max-size=8000000 > > --contimeout=15 --timeout=30 --include=*/ --include=*.cer --include=*.crl > > --include=*.mft --include=*.roa --include=*.asa --include=*.tak > > --include=*.spl --include=*.gbr --exclude=* rsync://rpki-rps.cnnic.cn/repo/ cache/rpki-rps.cnnic.cn/repo > > directory has vanished: "A1065585389265289217/0/.~tmp~" (in repo) > > file has vanished: "A1065583221972402179/0/.~tmp~/1BF077990B3EF2F79478B657B4C3AF7BDEB8F260.crl" (in repo) > > file has vanished: "A1065583221972402179/0/.~tmp~/1BF077990B3EF2F79478B657B4C3AF7BDEB8F260.mft" (in repo) > > file has vanished: "A1065583221972402179/0/.~tmp~/3130332e3135322e3138362e302f32332d3233203d3e20313339313339.roa" (in repo) > > file has vanished: "A1065583221972402179/0/.~tmp~/3130332e3135322e3138362e302f32332d3233203d3e2034353338.roa" (in repo) > > ... > > rsync warning: some files vanished before they could be transferred (code 24) at main.c(1852) [generator=3.4.1] > > Looking at the RPKI standards for guidance on the topic of "dot", > according to RFC 9286 section 4.2.2, filenames in the RPKI cannot start > with a dot. RFC 6481 section 1.1 describes the concept of a publication > point as a "directory in a publicly accessible filesystem". And of > course, common sense also suggests that downloading hidden directories > is unlikely to spark joy, as evidenced by the above log transcript. > > I think it would be good to disallow both hidden files and directories > earlier on. Perhaps like so? Makes sense to me. ok tb > > Index: rsync.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v > diff -u -p -r1.60 rsync.c > --- rsync.c 13 Nov 2025 15:18:53 -0000 1.60 > +++ rsync.c 16 May 2026 11:26:22 -0000 > @@ -153,6 +153,7 @@ exec_rsync(const char *prog, const char > args[i++] = "--max-size=" STRINGIFY(MAX_FILE_SIZE); > args[i++] = "--contimeout=" STRINGIFY(MAX_CONN_TIMEOUT); > args[i++] = "--timeout=" STRINGIFY(MAX_IO_TIMEOUT); > + args[i++] = "--exclude=.*"; > args[i++] = "--include=*/"; > args[i++] = "--include=*.cer"; > args[i++] = "--include=*.crl"; >