[RPKI] Krill 0.9.0-rc2

Tim Bruijnzeels tim at nlnetlabs.nl
Wed May 12 11:06:51 UTC 2021


Dear Krill users on this list,

We just released Krill 0.9.0-rc2.

We have been testing the Krill 0.9.0-rc1 release over the past weeks. We tested the automated data migration with data sets provided by big Krill users, interactions under various parent CAs (Krill itself, APNIC and RIPE NCC), and the UI.

We believe that this new release candidate can be promoted to the 0.9.0 release on Monday 17 May, unless of course any remaining issues are found before then.

Krill 0.9.0-rc2 fixes a number of issues introduced in 0.9.0-rc1:

- Log migration progress and speed up process (#503)
- Rename auto-renewal commands in history (#501)
- Re-issue objects properly during a key rollover (#509)
- Withdraw objects when removing a parent (#508)

Furthermore we made the following improvements:

- Report *which* file/dir was involved in case of I/O errors (#495)
- Change HTTP access log to 'debug'. Use KRILL_HTTP_LOG_INFO=1 if you want 'info' (#513)
- Refine logging command / change logging (#518)
- Improve certificate request logic and logging (#514)

Regarding certificate request logic and logging. Krill CAs will now report *which* new resources were received from, or removed by a parent. As part of this change we also fixed a harmless, but annoying, bug in certificate request logic. Krill would wrongfully report that a parent had reduced the  eligible 'not after' time, when in fact it had extended it, and then request the new certificate regardless. Krill will now report correctly, and will only request a new certificate if the new 'not after' time is more than 10% further into the future compared to the current certificate. This is safe and will reduce noise levels where parent CAs use a simple strategy which returns a new 'not after' time for every request.

The UI also received some fixes:
- Show the repository status properly (introduced in 0.9.0-rc1)
- Update the link to documentation
- Show the alert banner for new versions only for 'production' version

Note that we will still need to do a bit of work on some translations in the UI, but this should not introduce any logic change and therefore we believe it's safe to introduce these as part of the 0.9.0 release.


On behalf of the NLnet Labs RPKI Team,


Tim



More information about the RPKI mailing list