Differences

This shows you the differences between two versions of the page.

--- hints:rpki [2025/11/28 02:56] – [NLnetLabs Routinator] philip
+++ hints:rpki [2026/05/10 23:07] (current) – [NLnetLabs Routinator] philip
@@ Line 34: / Line 34: @@
 Nothing to say here, the instructions just work, the validator installs sweetly, and just runs. As long as the instructions are followed. The current version of Routinator is 0.15.1, at time of writing.
-If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. Described in NLnetLabs's [[https://github.com/NLnetLabs/routinator#quick-start-with-debian-and-ubuntu-packages| Github]] repo.
+If using Debian/Ubuntu as I do, then just use the supplied package and your favourite package manager. The instructions for how to install are in NLnetLabs excellent [[https://routinator.docs.nlnetlabs.nl/en/stable/installation.html| documentation]].
-If the link to the supplied package is added to your package manager, for example **apt** on Ubuntu, then create an entry in **/etc/apt/sources.list.d** called **nlnetlabs.list** and put this in it (which is for Ubuntu 22.04):
-<code>
-deb [arch=amd64] https://packages.nlnetlabs.nl/linux/ubuntu/ jammy main
-</code>
-(Note: if you are trying this on Ubuntu 24.04, there is no package for ''noble'' as yet, but I found that using the 22.04 setup works fine.)
-Then run:
-<code>
-wget -qO- https://packages.nlnetlabs.nl/aptkey.asc | sudo tee /etc/apt/trusted.gpg.d/nlnetlabs.asc
-</code>
-And then finally:
-<code>
-apt-get update
-apt install routinator
-</code>
-Easy!
 The installer will set up the necessary **systemd** file so that Routinator starts automatically on boot. Remember to modify the **/etc/routinator/routinator.config** file so that Routinator listens on the IPv4 (and IPv6) ports of the system - and you can enable the default statistics pages which listen on port 8323. A working configuration file would look like this:
@@ Line 190: / Line 167: @@
 **rpki-client** is just a validator - it does not have the functionality to accept connections from a router. We'll come to that later on (we'll need to use [[rpki#stayrtr|StayRTR]], which is a fork of Cloudflare's now unmaintained GoRTR).
-**rpki-client** has now been packaged and is available across most mainstream Linux/Unix-based platforms. Including as part of the Ubuntu 22.04 and later distributions. However, the packaged version in Ubuntu is old (version 7.6 on 22.04, 9.0 on 24.04). At the time of writing, the current release of **rpki-client** is version 9.6. There is a version of **rpki-client** on the Ubuntu Snap Store, but it is unclear which version of **rpki-client** this is.
+**rpki-client** has now been packaged and is available across most mainstream Linux/Unix-based platforms. Including as part of the Ubuntu 22.04 and later distributions. However, the packaged version in Ubuntu is old (version 7.6 on 22.04, 9.0 on 24.04). At the time of writing, the current release of **rpki-client** is version 9.7. There is a version of **rpki-client** on the Ubuntu Snap Store, but it is unclear which version of **rpki-client** this is.
 So to stay up to date on Ubuntu, we have to build it ourselves. A pity that the **rpki-client** maintainers don't build their own deb package, or pre-build packages like NLnetLabs do with Routinator, given that Ubuntu maintainers seem to be unable to keep the software current. Oh well.
@@ Line 204: / Line 181: @@
 The other required package noted in the instructions is **tls** from LibreSSL. LibreSSL is a branch of OpenSSL and is used on OpenBSD - not found on Linux, but seems to be appearing in the latest Debian/Ubuntu beta builds. So we need to download the bits we need and install. The **rpki-client** instructions don't say anything about how to do that.
-First we go to [[https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/|https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/]] and select the latest package, which is libressl-3.9.2.tar.gz at time of writing
+First we go to [[https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/|https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/]] and select the latest package, which is libressl-4.2.1.tar.gz at time of writing
 <code>
-wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.9.2.tar.gz
+wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.2.1.tar.gz
 </code>
 We then unpack it:
 <code>
-tar zxf libressl-3.9.2.tar.gz
+tar zxf libressl-4.2.1.tar.gz
 </code>
 and then build it:
 <code>
-cd libressl-3.9.2
+cd libressl-4.2.1
 ./configure --enable-libtls-only
 make
@@ Line 221: / Line 198: @@
 Note the option to only build **libtls** - we don't need the rest of LibreSSL and it could well interfere with OpenSSL which will already be on the system. Now that **libtls** is built, the **install** action will put the libraries in **/usr/local/lib** like this:
 <code>
--rw-r--r-- 1 root root 18679208 Jul 14 10:11 libtls.a
+-rw-r--r--  1 root root 19405326 Mar 13 05:52 libtls.a
--rw-r--r-- 1 root root      923 Jul 14 10:11 libtls.la
+-rw-r--r--  1 root root      923 Mar 13 05:52 libtls.la
-lrwxrwxrwx 1 root root       16 Jul 14 10:11 libtls.so -> libtls.so.29.0.0
+lrwxrwxrwx  1 root root       16 Mar 13 05:52 libtls.so -> libtls.so.33.0.1
-lrwxrwxrwx 1 root root       16 Jul 14 10:11 libtls.so.29 -> libtls.so.29.0.0
+lrwxrwxrwx  1 root root       16 Mar 13 05:52 libtls.so.33 -> libtls.so.33.0.1
--rw-r--r-- 1 root root  8721528 Jul 14 10:11 libtls.so.29.0.0
+-rw-r--r--  1 root root  9119592 Mar 13 05:52 libtls.so.33.0.1
 </code>
 Run **sudo ldconfig** so that the system knows about the new libraries.
@@ Line 344: / Line 321: @@
 <code>
 cd dist
-sudo cp -p stayrtr-v0.6.2-linux-x86_64 /usr/local/bin/stayrtr
+sudo cp -p stayrtr-v0.6.4-1-g4bad963-linux-x86_64 /usr/local/bin/stayrtr
-sudo cp -p rtrdump-v0.6.2-linux-x86_64 /usr/local/bin/rtrdump
+sudo cp -p rtrdump-v0.6.4-1-g4bad963-linux-x86_64 /usr/local/bin/rtrdump
-sudo cp -p rtrmon-v0.6.2-linux-x86_64 /usr/local/bin/rtrmon
+sudo cp -p rtrmon-v0.6.4-1-g4bad963-linux-x86_64 /usr/local/bin/rtrmon
 </code>