Philip Smith's Internet Development Site

User Tools

Site Tools

Trace:
hints:rpki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hints:rpki [2025/07/05 23:34] – [Installing Go] philiphints:rpki [2026/05/10 23:07] (current) – [NLnetLabs Routinator] philip
Line 32: Line 32:
 ===== NLnetLabs Routinator ===== ===== NLnetLabs Routinator =====
  
-Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.14.2, at time of writing.+Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.15.1, at time of writing.
  
-If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. Described in NLnetLabs'[[https://github.com/NLnetLabs/routinator#quick-start-with-debian-and-ubuntu-packages| Github]] repo. +If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. The instructions for how to install are in NLnetLabs excellent [[https://routinator.docs.nlnetlabs.nl/en/stable/installation.htmldocumentation]].
- +
-If the link to the supplied package is added to your package manager, for example **apt** on Ubuntu, then create an entry in **/etc/apt/sources.list.d** called **nlnetlabs.list** and put this in it (which is for Ubuntu 22.04): +
- +
-<code> +
-deb [arch=amd64] https://packages.nlnetlabs.nl/linux/ubuntujammy main +
-</code> +
- +
-(Note: if you are trying this on Ubuntu 24.04, there is no package for ''noble'' as yet, but I found that using the 22.04 setup works fine.) +
- +
-Then run: +
- +
-<code> +
-wget -qO- https://packages.nlnetlabs.nl/aptkey.asc sudo tee /etc/apt/trusted.gpg.d/nlnetlabs.asc +
-</code> +
- +
-And then finally: +
- +
-<code> +
-apt-get update +
-apt install routinator +
-</code> +
- +
-Easy!+
  
 The installer will set up the necessary **systemd** file so that Routinator starts automatically on boot. Remember to modify the **/etc/routinator/routinator.config** file so that Routinator listens on the IPv4 (and IPv6) ports of the system - and you can enable the default statistics pages which listen on port 8323. A working configuration file would look like this: The installer will set up the necessary **systemd** file so that Routinator starts automatically on boot. Remember to modify the **/etc/routinator/routinator.config** file so that Routinator listens on the IPv4 (and IPv6) ports of the system - and you can enable the default statistics pages which listen on port 8323. A working configuration file would look like this:
Line 86: Line 63:
 ===== FORT ===== ===== FORT =====
  
-FORT is the validator developed by NIC Mexico. More about it is on the [[https://fortproject.net/en/validator|Project page]]. At time of writing, version 1.6.has been released and fixes many issues present in previous versions. However from version 1.6.3, FORT requires Ubuntu 24.04 as it requires libjansson4 (>= 2.14). Ubuntu 22.04 only comes with libjansson4 2.13.1-1.1build3 will only support FORT version 1.6.2.+FORT is the validator developed by NIC Mexico. More about it is on the [[https://fortproject.net/en/validator|Project page]]. At time of writing, version 1.6.has been released and fixes many issues present in previous versions. However from version 1.6.3, FORT requires Ubuntu 24.04 as it requires libjansson4 (>= 2.14). Ubuntu 22.04 only comes with libjansson4 2.13.1-1.1build3 will only support FORT version 1.6.2.
  
 FORT is available as part of Ubuntu 22.04 packaging, but it is an older version (1.5.3-1). Likewise for Ubuntu 24.04, the FORT shipped is version 1.6.1-1build3. For this reason we use the latest NIC Mexico produced package. FORT is available as part of Ubuntu 22.04 packaging, but it is an older version (1.5.3-1). Likewise for Ubuntu 24.04, the FORT shipped is version 1.6.1-1build3. For this reason we use the latest NIC Mexico produced package.
Line 95: Line 72:
  
 <code> <code>
-wget https://github.com/NICMx/FORT-validator/releases/download/1.6.6/fort_1.6.6-1_amd64.deb+wget https://github.com/NICMx/FORT-validator/releases/download/1.6.7/fort_1.6.7-1_amd64.deb
 </code> </code>
 and then install it: and then install it:
 <code> <code>
-sudo apt install ./fort_1.6.6-1_amd64.deb+sudo apt install ./fort_1.6.7-1_amd64.deb
 </code> </code>
  
Line 190: Line 167:
 **rpki-client** is just a validator - it does not have the functionality to accept connections from a router. We'll come to that later on (we'll need to use [[rpki#stayrtr|StayRTR]], which is a fork of Cloudflare's now unmaintained GoRTR). **rpki-client** is just a validator - it does not have the functionality to accept connections from a router. We'll come to that later on (we'll need to use [[rpki#stayrtr|StayRTR]], which is a fork of Cloudflare's now unmaintained GoRTR).
  
-**rpki-client** has now been packaged and is available as part of the Ubuntu 22.04 distribution. However, the packaged version is old (version 7.6). At the time of writing, the current release of **rpki-client** is version 8.7.+**rpki-client** has now been packaged and is available across most mainstream Linux/Unix-based platforms. Including as part of the Ubuntu 22.04 and later distributions. However, the packaged version in Ubuntu is old (version 7.6 on 22.04, 9.0 on 24.04). At the time of writing, the current release of **rpki-client** is version 9.7. There is a version of **rpki-client** on the Ubuntu Snap Store, but it is unclear which version of **rpki-client** this is. 
 + 
 +So to stay up to date on Ubuntu, we have to build it ourselves. A pity that the **rpki-client** maintainers don't build their own deb package, or pre-build packages like NLnetLabs do with Routinator, given that Ubuntu maintainers seem to be unable to keep the software current. Oh well. 
  
-So for this reason, and to stay up to date, at least on Ubuntu, we have to build it ourselves. A pity that the **rpki-client** maintainers don't build their own deb package, or pre-build packages like NLnetLabs do with Routinator. Oh well. 
  
 ==== Initial Preparation ==== ==== Initial Preparation ====
Line 202: Line 181:
 The other required package noted in the instructions is **tls** from LibreSSL. LibreSSL is a branch of OpenSSL and is used on OpenBSD - not found on Linux, but seems to be appearing in the latest Debian/Ubuntu beta builds. So we need to download the bits we need and install. The **rpki-client** instructions don't say anything about how to do that. The other required package noted in the instructions is **tls** from LibreSSL. LibreSSL is a branch of OpenSSL and is used on OpenBSD - not found on Linux, but seems to be appearing in the latest Debian/Ubuntu beta builds. So we need to download the bits we need and install. The **rpki-client** instructions don't say anything about how to do that.
  
-First we go to [[https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/|https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/]] and select the latest package, which is libressl-3.9.2.tar.gz at time of writing+First we go to [[https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/|https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/]] and select the latest package, which is libressl-4.2.1.tar.gz at time of writing
 <code> <code>
-wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.9.2.tar.gz+wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.2.1.tar.gz
 </code> </code>
 We then unpack it: We then unpack it:
 <code> <code>
-tar zxf libressl-3.9.2.tar.gz+tar zxf libressl-4.2.1.tar.gz
 </code> </code>
 and then build it: and then build it:
 <code> <code>
-cd libressl-3.9.2+cd libressl-4.2.1
 ./configure --enable-libtls-only ./configure --enable-libtls-only
 make make
Line 219: Line 198:
 Note the option to only build **libtls** - we don't need the rest of LibreSSL and it could well interfere with OpenSSL which will already be on the system. Now that **libtls** is built, the **install** action will put the libraries in **/usr/local/lib** like this: Note the option to only build **libtls** - we don't need the rest of LibreSSL and it could well interfere with OpenSSL which will already be on the system. Now that **libtls** is built, the **install** action will put the libraries in **/usr/local/lib** like this:
 <code> <code>
--rw-r--r-- 1 root root 18679208 Jul 14 10:11 libtls.a +-rw-r--r--  1 root root 19405326 Mar 13 05:52 libtls.a 
--rw-r--r-- 1 root root      923 Jul 14 10:11 libtls.la +-rw-r--r--  1 root root      923 Mar 13 05:52 libtls.la 
-lrwxrwxrwx 1 root root       16 Jul 14 10:11 libtls.so -> libtls.so.29.0.0 +lrwxrwxrwx  1 root root       16 Mar 13 05:52 libtls.so -> libtls.so.33.0.1 
-lrwxrwxrwx 1 root root       16 Jul 14 10:11 libtls.so.29 -> libtls.so.29.0.0 +lrwxrwxrwx  1 root root       16 Mar 13 05:52 libtls.so.33 -> libtls.so.33.0.1 
--rw-r--r-- 1 root root  8721528 Jul 14 10:11 libtls.so.29.0.0+-rw-r--r--  1 root root  9119592 Mar 13 05:52 libtls.so.33.0.1
 </code> </code>
 Run **sudo ldconfig** so that the system knows about the new libraries. Run **sudo ldconfig** so that the system knows about the new libraries.
Line 342: Line 321:
 <code> <code>
 cd dist cd dist
-sudo cp -p stayrtr-v0.6.2-linux-x86_64 /usr/local/bin/stayrtr +sudo cp -p stayrtr-v0.6.4-1-g4bad963-linux-x86_64 /usr/local/bin/stayrtr 
-sudo cp -p rtrdump-v0.6.2-linux-x86_64 /usr/local/bin/rtrdump +sudo cp -p rtrdump-v0.6.4-1-g4bad963-linux-x86_64 /usr/local/bin/rtrdump 
-sudo cp -p rtrmon-v0.6.2-linux-x86_64 /usr/local/bin/rtrmon+sudo cp -p rtrmon-v0.6.4-1-g4bad963-linux-x86_64 /usr/local/bin/rtrmon
 </code> </code>
  
hints/rpki.1751758474.txt.gz · Last modified: by philip