Krill 0.15.0 ‘But I Digress’ Released

We are pleased to announce the release of Krill, versions 0.15.0 ‘But I Digress.’

Krill is a daemon for running delegated RPKI, featuring a Certificate Authority and a publication server that allows you to create and publish signed statements about routing intent.

This release primarily contains a lot of changes under the hood – refactoring of code and update of dependencies – most of which shouldn’t be visible to users. There are, however, two breaking changes that may be important.

First, we refactored command line parsing of the krillc and krillta tools. As a result, the options that are common to all subcommands have shifted to before the subcommand. This concerns the --server, --token, --format and --api options. If you have written scripts that use krillc or krillta, you may have to adjust them.

Secondly, the configuration for multi-user authentication with OpenID Connect has changed. We unfortunately had to do this because a library we have been using has not been updated in a long time and doesn’t work any more. The good news is that we think the new scheme is much simpler and configuration should be easier. It is, however, not quite as flexible as the old scheme. If the new scheme doesn’t work for your use case, please let us know!

More details of the new OpenID Connect configuration can be found in the manual.

In addition, we have replaced downloading the full RISwhois file for ROA analysis with calls to an API. This will decrease the memory usage of Krill since it doesn’t need to hold the content of the entire file in memory. If you don’t want your Krill to use this API run by us, you can disable the use entirely or run your own version of the Roto API.

Finally, there have been a number of smaller changes. The complete list can be found in the release notes.