Philip Smith's Internet Development Site

User Tools

Site Tools

Trace:
hints:rpki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hints:rpki [2025/10/21 23:41] – [RPKI-client] philiphints:rpki [2026/03/13 05:52] (current) – [Initial Preparation] philip
Line 32: Line 32:
 ===== NLnetLabs Routinator ===== ===== NLnetLabs Routinator =====
  
-Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.14.2, at time of writing.+Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.15.1, at time of writing.
  
 If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. Described in NLnetLabs's [[https://github.com/NLnetLabs/routinator#quick-start-with-debian-and-ubuntu-packages| Github]] repo. If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. Described in NLnetLabs's [[https://github.com/NLnetLabs/routinator#quick-start-with-debian-and-ubuntu-packages| Github]] repo.
Line 190: Line 190:
 **rpki-client** is just a validator - it does not have the functionality to accept connections from a router. We'll come to that later on (we'll need to use [[rpki#stayrtr|StayRTR]], which is a fork of Cloudflare's now unmaintained GoRTR). **rpki-client** is just a validator - it does not have the functionality to accept connections from a router. We'll come to that later on (we'll need to use [[rpki#stayrtr|StayRTR]], which is a fork of Cloudflare's now unmaintained GoRTR).
  
-**rpki-client** has now been packaged and is available across most mainstream Linux/Unix-based platforms. Including as part of the Ubuntu 22.04 and later distributions. However, the packaged version in Ubuntu is old (version 7.6 on 22.04, 9.0 on 24.04). At the time of writing, the current release of **rpki-client** is version 9.6. There is a version of **rpki-client** on the Ubuntu Snap Store, but it is unclear which version of **rpki-client** this is.+**rpki-client** has now been packaged and is available across most mainstream Linux/Unix-based platforms. Including as part of the Ubuntu 22.04 and later distributions. However, the packaged version in Ubuntu is old (version 7.6 on 22.04, 9.0 on 24.04). At the time of writing, the current release of **rpki-client** is version 9.7. There is a version of **rpki-client** on the Ubuntu Snap Store, but it is unclear which version of **rpki-client** this is.
  
 So to stay up to date on Ubuntu, we have to build it ourselves. A pity that the **rpki-client** maintainers don't build their own deb package, or pre-build packages like NLnetLabs do with Routinator, given that Ubuntu maintainers seem to be unable to keep the software current. Oh well. So to stay up to date on Ubuntu, we have to build it ourselves. A pity that the **rpki-client** maintainers don't build their own deb package, or pre-build packages like NLnetLabs do with Routinator, given that Ubuntu maintainers seem to be unable to keep the software current. Oh well.
Line 204: Line 204:
 The other required package noted in the instructions is **tls** from LibreSSL. LibreSSL is a branch of OpenSSL and is used on OpenBSD - not found on Linux, but seems to be appearing in the latest Debian/Ubuntu beta builds. So we need to download the bits we need and install. The **rpki-client** instructions don't say anything about how to do that. The other required package noted in the instructions is **tls** from LibreSSL. LibreSSL is a branch of OpenSSL and is used on OpenBSD - not found on Linux, but seems to be appearing in the latest Debian/Ubuntu beta builds. So we need to download the bits we need and install. The **rpki-client** instructions don't say anything about how to do that.
  
-First we go to [[https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/|https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/]] and select the latest package, which is libressl-3.9.2.tar.gz at time of writing+First we go to [[https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/|https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/]] and select the latest package, which is libressl-4.2.1.tar.gz at time of writing
 <code> <code>
-wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.9.2.tar.gz+wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.2.1.tar.gz
 </code> </code>
 We then unpack it: We then unpack it:
 <code> <code>
-tar zxf libressl-3.9.2.tar.gz+tar zxf libressl-4.2.1.tar.gz
 </code> </code>
 and then build it: and then build it:
 <code> <code>
-cd libressl-3.9.2+cd libressl-4.2.1
 ./configure --enable-libtls-only ./configure --enable-libtls-only
 make make
Line 221: Line 221:
 Note the option to only build **libtls** - we don't need the rest of LibreSSL and it could well interfere with OpenSSL which will already be on the system. Now that **libtls** is built, the **install** action will put the libraries in **/usr/local/lib** like this: Note the option to only build **libtls** - we don't need the rest of LibreSSL and it could well interfere with OpenSSL which will already be on the system. Now that **libtls** is built, the **install** action will put the libraries in **/usr/local/lib** like this:
 <code> <code>
--rw-r--r-- 1 root root 18679208 Jul 14 10:11 libtls.a +-rw-r--r--  1 root root 19405326 Mar 13 05:52 libtls.a 
--rw-r--r-- 1 root root      923 Jul 14 10:11 libtls.la +-rw-r--r--  1 root root      923 Mar 13 05:52 libtls.la 
-lrwxrwxrwx 1 root root       16 Jul 14 10:11 libtls.so -> libtls.so.29.0.0 +lrwxrwxrwx  1 root root       16 Mar 13 05:52 libtls.so -> libtls.so.33.0.1 
-lrwxrwxrwx 1 root root       16 Jul 14 10:11 libtls.so.29 -> libtls.so.29.0.0 +lrwxrwxrwx  1 root root       16 Mar 13 05:52 libtls.so.33 -> libtls.so.33.0.1 
--rw-r--r-- 1 root root  8721528 Jul 14 10:11 libtls.so.29.0.0+-rw-r--r--  1 root root  9119592 Mar 13 05:52 libtls.so.33.0.1
 </code> </code>
 Run **sudo ldconfig** so that the system knows about the new libraries. Run **sudo ldconfig** so that the system knows about the new libraries.
Line 344: Line 344:
 <code> <code>
 cd dist cd dist
-sudo cp -p stayrtr-v0.6.2-linux-x86_64 /usr/local/bin/stayrtr +sudo cp -p stayrtr-v0.6.3-8-g9586f8f-linux-x86_64 /usr/local/bin/stayrtr 
-sudo cp -p rtrdump-v0.6.2-linux-x86_64 /usr/local/bin/rtrdump +sudo cp -p rtrdump-v0.6.3-8-g9586f8f-linux-x86_64 /usr/local/bin/rtrdump 
-sudo cp -p rtrmon-v0.6.2-linux-x86_64 /usr/local/bin/rtrmon+sudo cp -p rtrmon-v0.6.3-8-g9586f8f-linux-x86_64 /usr/local/bin/rtrmon
 </code> </code>
  
hints/rpki.1761090071.txt.gz · Last modified: by philip