Differences

This shows you the differences between two versions of the page.

--- hints:rpki [2025/03/15 11:44] – [FORT] philip
+++ hints:rpki [2025/05/04 23:24] (current) – [Building rpki-client] philip
@@ Line 19: / Line 19: @@
   * [[rpki#frrouting_hints|FRR]]
-The tips and tricks for the validator builds discussed below all are for Ubuntu 22.04. They should also work just fine on Ubuntu 18.04 (which is supported until April 2023) and on Ubuntu 20.04 (which is supported until April 2025).
+The tips and tricks for the validator builds discussed below all are for Ubuntu 24.04. They should also work on Ubuntu 18.04 and Ubuntu 20.04 (neither of which is supported), and Ubuntu 22.04 (which is supported until April 2027). If you are installing a fresh container or VM, please use Ubuntu 24.04 (if you are wedded to the Ubuntu family).
 ===== AS0 TALs =====
@@ Line 32: / Line 32: @@
 ===== NLnetLabs Routinator =====
-Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.14.0, at time of writing.
+Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.14.2, at time of writing.
 If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. Described in NLnetLabs's [[https://github.com/NLnetLabs/routinator#quick-start-with-debian-and-ubuntu-packages| Github]] repo.
@@ Line 260: / Line 260: @@
 sudo make install
 </code>
-which will install the client in **/usr/local/sbin** and the 4 TALs in **/etc/rpki**, as well as create the cache and output directories needed. Note that the ARIN TAL requires users to read the disclaimer first so is not provided by default. So you need to do this manually:
+which will install the client in **/usr/local/sbin** and the 5 TALs in **/etc/rpki**, as well as create the cache and output directories needed. It will also copy the 5 RIR "constraints" files into **/etc/rpki**; these prevent [[https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/|overclaiming of resources]] by the 5 RIRs.
-<code>
-wget https://www.arin.net/resources/manage/rpki/arin.tal
-sudo mv arin.tal /etc/rpki
-</code>
 Now the client can be run. There is no daemon option, it simply runs at the command line, and when it has finished downloading all the VRPs (around 10-15 minutes depending on bandwidth) it exits. But that's okay. Try running the client:
 <code>
@@ Line 282: / Line 279: @@
 </code>
 and that's it. Every hour, cron will run **rpki-client** which will produce JSON output of all the VRPs it has collected. As noted above, JSON output is what is used by StayRTR and GoRTR as their input sources. Make sure that the **/etc/cron.hourly/rpki-client** is executable, otherwise it will not run.
+If you would like to include the [[https://bgp4all.com/pfs/hints/rpki#as0_tals|AS0 TALs]] from APNIC and LACNIC it is not sufficient to just place them in your chosen TAL directory. You will also need to include the **-0** option in the command line, like this:
+<code>
+/usr/local/sbin/rpki-client -0j > /tmp/rpki-client.log 2>&1
+</code>
 It's a good idea to check the log file in case **rpki-client** reports issues trying to write local files etc. But mostly what you'll see there are all the transactions with the various CAs, and the problems encountered (there will be lots, unfortunately).