Missing error message during TA HTTP request

[ydahhrk]

I'm building a test suite (notice the "routinator" branch) that starts Apache2 and rsyncd instances and feeds them fake RPKI trees.

Routinator is then kickstarted in vrps mode, using this configuration. It's fed a TAL that points to the local Apache2 and rsync.

If I leave rsync enabled (by toggling disable-rsync), the test run succeeds. However, the log conveys it's because it's falling back to rsync. Furthermore, it prints an error message during the notification download attempting to state why:

$ mkdir -p custom/
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
	-subj "/C=AU/ST=Some-State/O=IWPL/CN=localhost" \
	-keyout "custom/rpt.key" -out "custom/rpt.crt"
...
$ sed -i 's/disable-rsync = true/disable-rsync = false/g' routinator.conf
$ ./2-test.sh | grep -F "Failures"
Failures : 0
$ cat sandbox/tests/simple/routinator.log
[2025-10-22T15:31:43] [WARN] Using config file /home/ahhrk/git/rapport/routinator.conf.
[2025-10-22T15:31:43] [INFO] Using the following TALs:
[2025-10-22T15:31:43] [INFO]   * simple
[2025-10-22T15:31:43] [DEBUG] rsync rsync://localhost:8873/rpki/: running command Command { std: "rsync" "--no-motd" "-z" "--contimeout=10" "--max-size=20000000" "-rtO" "--delete" "rsync://localhost:8873/rpki/" "/home/ahhrk/git/rapport/sandbox/tests/simple/workdir/rsync/localhost:8873/rpki/", kill_on_drop: false }
[2025-10-22T15:31:43] [DEBUG] Found valid trust anchor rsync://localhost:8873/rpki/simple/ta.cer. Processing.
[2025-10-22T15:31:43] [INFO] RRDP https://localhost:8443/simple/notification.xml: error sending request for url (https://localhost:8443/simple/notification.xml) (client error (Connect))
[2025-10-22T15:31:43] [INFO] RRDP https://localhost:8443/simple/notification.xml: Update failed and there is no current copy.

Granted, "client error (Connect)" is not the most helpful error message, but at least narrows the problem down to HTTP.

If I disable rsync, Routinator fails completely. More importantly, it doesn't print an error message:

$ sed -i 's/disable-rsync = false/disable-rsync = true/g' routinator.conf
$ ./2-test.sh | grep -F "Failures"
Failures : 1
$ cat sandbox/tests/simple/routinator.log 
[2025-10-22T15:32:24] [WARN] Using config file /home/ahhrk/git/rapport/routinator.conf.
[2025-10-22T15:32:24] [INFO] Using the following TALs:
[2025-10-22T15:32:24] [INFO]   * simple
[2025-10-22T15:32:24] [WARN] No valid trust anchor for TAL simple

I think the lack of error message is a bug.

[partim]

Thank you for the report!

I think if you add log-repository-issues = true to your Routinator config, it should print the error message in both cases. I’m not entirely sure why it does print it in the first case – the rsync output should also not be there.

But I think you are right that it should log issues with fetching the TA certificates to the log rather than keep it in the separate repository issue log.

[ydahhrk]

I think if you add log-repository-issues = true to your Routinator config

But it's right there