Protocolary updates for release 1.5.2

docs/_config.yml

@@ -8,7 +8,7 @@ defaults:
       layout: "default"
       image: "/img/logo_validador_og.png"
 
-fort-latest-version: 1.5.1
+fort-latest-version: 1.5.2
 plugins:
   - jekyll-seo-tag
   - jekyll-sitemap

docs/intro-fort.md

@@ -32,7 +32,7 @@ Further information can be found in the subsections below.
 | [7318](https://tools.ietf.org/html/rfc7318) (Policy Qualifiers)            | 100%        |
 | [7935](https://tools.ietf.org/html/rfc7935) (RPKI algorithms)              | 100%        |
 | [8182](https://tools.ietf.org/html/rfc8182) (RRDP)                         | 100%        |
-| [8209](https://tools.ietf.org/html/rfc8209) (BGPSec Certificates)          | 100%        |
+| [8209](https://tools.ietf.org/html/rfc8209) (BGPSec Certificates)          | 0% (This code was [disabled](https://github.com/NICMx/FORT-validator/issues/58#issuecomment-941977925) in version 1.5.2) |
 | [8210](https://tools.ietf.org/html/rfc8210) (RTR Version 1)                | 100%        |
 | [8360](https://tools.ietf.org/html/rfc8360) (Validation Reconsidered)      | 100%        |
 | [8416](https://tools.ietf.org/html/rfc8416) (SLURM)                        | 100%        |

docs/usage.md

@@ -762,18 +762,6 @@ The value specified is utilized in libcurl's option [CURLOPT_CAPATH](https://cur
 - **Type:** String (Path to file)
 - **Availability:** `argv` and JSON
 
-> Note: The paragraphs below apply to [Fort 1.5.0](https://github.com/NICMx/FORT-validator/releases/tag/v1.5.0).
-
-File where the ROAs (found during each validation run) will be stored (in CSV format).
-
-If the file already exists, it will be overwritten. If it doesn't exist, it will be created. To print to standard output, use a hyphen (`-`). If the RTR server is [enabled](#--mode), then the ROAs will be printed every [`--server.interval.validation`](#--serverintervalvalidation) seconds.
-
-Each line of the result is printed in the following order: _AS, Prefix, Max prefix length_. The first line contains the column names.
-
-If `--output.roa` is omitted, the ROAs are not printed.
-
-> Note: The paragraphs below apply to [Fort master](https://github.com/NICMx/FORT-validator).
-
 File where the ROAs (found during each validation run) will be stored. See [`--output.format`](#--outputformat).
 
 If the file already exists, it will be overwritten. If it doesn't exist, it will be created. To print to standard output, use a hyphen (`-`). If the RTR server is [enabled](#--mode), then the ROAs will be printed every [`--server.interval.validation`](#--serverintervalvalidation) secs.
@@ -806,19 +794,7 @@ If `--output.roa` is omitted, the ROAs are not printed.
 - **Type:** String (Path to file)
 - **Availability:** `argv` and JSON
 
-> Note: The paragraphs below apply to [Fort 1.5.0](https://github.com/NICMx/FORT-validator/releases/tag/v1.5.0).
-
-File where the BGPsec Router Keys (found during each validation run) will be stored (in CSV format).
-
-Since most of the data (Subject Key Identifier and Subject Public Key Info) is binary, it is base64url-encoded, without trailing pads.
-
-If the file already exists, it will be overwritten. If it doesn't exist, it will be created. To print to standard output console, use a hyphen (`-`). If the RTR server is [enabled](#--mode), the BGPsec Router Keys will be printed every [`--server.interval.validation`](#--serverintervalvalidation) seconds.
-
-Each line of the result is printed in the following order: _AS, Subject Key Identifier, Subject Public Key Info_. The first line contains the column names.
-
-If `--output.bgpsec` is ommited, then the BGPsec Router Keys are not printed.
-
-> Note: The paragraphs below apply to [Fort master](https://github.com/NICMx/FORT-validator).
+> ![Warning!](img/warn.svg) BGPsec certificate validation has been disabled in version 1.5.2 because of [this bug](https://github.com/NICMx/FORT-validator/issues/58). It will be restored in version 1.5.3.
 
 File where the BGPsec Router Keys (found during each validation run) will be stored. See [`--output.format`](#--outputformat).
 
@@ -855,8 +831,6 @@ If `--output.bgpsec` is ommited, then the BGPsec Router Keys are not printed.
 - **Availability:** `argv` and JSON
 - **Default:** `csv`
 
-> Note: This flag only exists in [Fort master](https://github.com/NICMx/FORT-validator).
-
 Output format for [`--output.roa`](#--outputroa) and [`--output.bgpsec`](#--outputbgpsec).
 
 ### `--asn1-decode-max-stack`

man/fort.8

@@ -1,4 +1,4 @@
-.TH fort 8 "2021-08-05" "v1.5.1" "FORT validator"
+.TH fort 8 "2021-10-19" "v1.5.2" "FORT validator"
 
 .SH NAME
 fort \- RPKI validator and RTR server
@@ -488,6 +488,16 @@ maximum allowed value \fI172800\fR. It must be larger than
 .RE
 .P
 
+.B \-\-server.deltas.lifetime=\fIUNSIGNED_INTEGER\fR
+.RS 4
+When routers first connect to Fort, they request a snapshot of the validation results. (ROAs and Router Keys.) Because they need to keep their validated objects updated, and snapshots tend to be relatively large amounts of information, they request deltas afterwards over configurable intervals. ("Deltas" being the differences between snapshots.)
+.P
+During each validation cycle, Fort generates a new snapshot, as well as the deltas needed to build the new snapshot from the previous one. These are all stored in RAM. \fI--server.deltas.lifetime\fR is the number of iterations a set of deltas will be kept before being deallocated. (Recall that every iteration lasts \fI--server.interval.validation\fR seconds, plus however long the validation takes.)
+.P
+If a router lags behind, to the point Fort has already deleted the deltas it needs to update the router’s snapshot, Fort will have to fall back to fetch the entire latest snapshot instead.
+.RE
+.P
+
 .B \-\-log.enabled=\fItrue\fR|\fIfalse\fR
 .RS 4
 Enables the operation logs.

src/object/certificate.c

@@ -1853,6 +1853,7 @@ get_certificate_type(X509 *cert, bool is_ta, enum cert_type *result)
 		return 0;
 	}
 
+	*result = EE; /* Shuts up nonsense gcc 8.3 warning */
 	return pr_val_err("Certificate is not TA, CA nor BGPsec. Ignoring...");
 }