Skip to content

1.6.0
Compare
Choose a tag to compare
@ydahhrk ydahhrk released this 01 Dec 04:25
· 117 commits to main since this release
1.6.0
This tag was signed with the committer’s verified signature.
ydahhrk Alberto Leiva Popper
GPG key ID: 72160FD57B242967
Learn about vigilant mode.
559b4f2
This commit was signed with the committer’s verified signature.
ydahhrk Alberto Leiva Popper
GPG key ID: 72160FD57B242967
Learn about vigilant mode.

We are happy to announce the most significant upgrade in a while. Version 1.6.0 is an internal overhaul that improves overall stability and will allow us to implement new features more quickly.

This version is a big step in the new direction that we want to take the project, one where we aim for a high standard of quality and security. Version 1.6.0 fixes several bugs, including some of high severity, so we recommend updating.

Finally, we have redoubled our efforts with the FORT project, so we plan to release more frequently and implement the features that the community needs.

Bug fixes:

  • #40: Induce crash on memory allocation failures, to prevent Fort from accidentally advertising incomplete information.
  • #71: Implement HTTP redirects.
  • #76: Reset FILE handle during retries, to prevent HTTP code from dumping unparseable garbage into the local cache.
  • #77: Treat HTTP response 304 as download success.
  • #78: Provide a dedicated namespace for each RRDP notification, to prevent malicious RRDP sources from overriding each other's files.
  • #79: Stop caching RRDP sessions and serials on RAM; extract them from actual cached notification files. (This prevents all RRDP from being considered outdated during startup.)
  • #80: Deprecate and no-op rsync.strategy. (Only root synchronizations are supported now.)
  • #94: Merge ASID.h and ASId.h into a single module. (Likely used to cause issues cloning the code into case-insensitive filesystems.)
  • #98: Reduce severity of some RTR disconnection error messages.
  • #100: Overhaul of default rsync command argument list.
  • Remove ARIN's RPA confirmation from --init-tals, since it's no longer required.
  • Purge old deprecated configuration options:
    • init-locations
    • sync-strategy
    • rrdp.enabled
    • rrdp.priority
    • rrdp.retry.count
    • rrdp.retry.interval
    • http.idle-timeout
  • Deprecate (and no-op) several configuration options:
    • shuffle-uris (It was a seemingly pointless function.)
    • stale-repository-period (The relevant warning no longer exists.)
    • rsync.strategy (See #80 above.)
    • rsync.arguments-flat (Flat rsyncs are no longer employed.)
    • thread-pool.validation.max (It's best if Fort computes this value on its own.)
  • Remove deprecated fort_setup.sh script.
  • 2b2f7c3: Remove SO_REUSEPORT (a portability liability) from the RTR socket bind.
  • 6d8081c: Change RRDP serials from longs to BIGNUMs.
    (The RFCs define these as "unbounded," which made Fort's old implementation incorrect.)
  • Rudimentary startup for automatic cache cleanup.
  • 63e7194: Allow some nulls in the configuration JSON.

In case you're parsing Fort's output, please be aware that several logging messages changed. In particular, the functionality that used to print the following message in the operation logs was removed:

The following repositories URIs couldn't be fetched (it can be a local issue or a server issue), please review previous log messages related to such URIs/servers:

Please complain if this affects you.

In addition to all this, the review revealed several instances of unsafe code that yielded undefined behavior that might have caused some of the crashes people have observed over the years. (#46, #65, #83, #89, #99.)

The directory layout of Fort 1.6.0's cache is incompatible with the one from previous versions. To save some disk space, you might want to empty your existing cache during the upgrade.

Assets 10
Loading