Add a backoff retry mechanism for non-functional CAs
Many non-functional CAs never recover once they become non-functional
causing inefficiency in the operation of relying party instances.
The existing detection mechanism for non-functional CAs is changed into
a stateful backoff retry mechanism, eventually settling on retrying
broken CAs only once per day. Backoff helps reduce load on both the
RP and publication point sides of the house, reduces log clutter, and
improves RP run duration.
The sync schedule is reset if a given non-functional CA is discovered to
be in working order again (i.e., backoff is not applied to healthy CAs).
A few new statistics are exposed in the json & metrics outputs.
An interesting side-effect of this mechanism is that it appears to
obviate some of the need for a manually curated (and therefore, easily
outdated) skiplist.
OK claudio@ tb@
sysutils/reaction: major update to 2.5.1, from Lydia Sobot, Thanks !
was rewritten from go to rust, if you had a custom config in
/etc/reaction.conf you might want to move it to /etc/reaction/.
improvements to run the daemon as an unpriviledged user might come
later.
Switch to imsg_recv_ctl_peer and switch all consumers of struct peer over
to struct ctl_peer.
bgpd no longer dumps the full struct peer over imsg, so adjust here.
OK tb@
Implement imsg_send_ctl_peer() and imsg_recv_ctl_peer and struct ctl_peer
to export peer data to bgpctl.
IMSG_CTL_SHOW_NEIGHBOR exported struct peer with a lot of internal data
which leaks important information and works against our priv-sep model.
The new struct ctl_peer only includes data that is needed by bgpctl.
Triggered by a report from 7ASecurity
OK tb@
Add missing build depends on KF6Declarative
KF6Declarative must be present at the time of cmake configuration task,
as it is a runtime dependency.
Spottedy by tb and naddy
write: some small cleanup
- pledge on start, restricting to stdio later on
- annotate done as __dead and remove unreachable return in main
- use common code to remove the /dev/ prefix from a device name
- wrap the PUTC macro into do {} while (0) to avoid extra empty statement
- use strftime() instead of using an offset into the ctime() string
- pass ttyl as size_t not int in search_utmp() to match the variable
From espie@
Remove current directory from default package search path
This was surprising behavior for many and has a very low probability
of doing anything useful.
manpage changes and "removing . [...] is sane" kili@
Your funeral espie
backout to libplacebo-7.351.0, there are various issues looking like
memory corruption with 7.360.1, some fixed in newer git head but tb@
ran into another one there too. reported by Walter Alejandro Iglesias
and tb, replicated here with repeated plays of a short mkv, typically
within 20 attempts, often less (seem more common with vaapi, but does
happen without too). ok tb brad
