Build the krill and routinator docker images to be multiplatform

platform/docker_images/base/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.20
 
 # Install and configure packages which are required in every container
 # and make bash the default shell.
@@ -8,7 +8,7 @@ RUN apk add --no-cache tini bash bash-completion util-linux coreutils \
     && echo "export PS1=\"\[\033[38;5;2m\]\u@\h \[\033[38;5;75m\]\w\e[m> \"" > /root/.bashrc \
     && sed -i -e "s/bin\/ash/bin\/bash/" /etc/passwd
 
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US:en
-ENV LC_ALL en_US.UTF-8
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US:en
+ENV LC_ALL=en_US.UTF-8
 ENV TZ="Europe/Paris"

platform/docker_images/krill/Dockerfile

@@ -1,29 +1,26 @@
 # -- stage 1: build static krill with musl libc for alpine
-FROM d_base:latest as build
+FROM d_base:latest AS build
 
 # Specify what version of krill should be built.
-ARG KRILL_VERSION=0.9.0-rc2
+ARG KRILL_VERSION=0.14.5
+ARG BUILD_THREADS=2
 
 RUN apk add wget openssl-dev patch rust cargo
 
 WORKDIR /tmp/krill
 
-COPY krill_cli.patch /
-
 RUN wget "https://github.com/NLnetLabs/krill/archive/refs/tags/v${KRILL_VERSION}.tar.gz" -O - | tar -xz --strip-components=1
-RUN patch -p1 < /krill_cli.patch
-RUN cargo build \
-    --target x86_64-alpine-linux-musl \
-    --features multi-user \
-    --release \
-    --locked
+# Build krill based on the krill's docker image build instructions
+RUN CARGO_HTTP_MULTIPLEXING=false cargo install \
+  --jobs ${BUILD_THREADS} \
+  --locked \
+  --features multi-user \
+  --path . \
+  --root /tmp/out/
 
 # -- stage 2: create image with the static krill executable
 FROM d_base_supervisor:latest
-COPY --from=build /tmp/krill/target/x86_64-alpine-linux-musl/release/krill /usr/local/bin/
-COPY --from=build /tmp/krill/target/x86_64-alpine-linux-musl/release/krillc /usr/local/bin/
-COPY --from=build /tmp/krill/target/x86_64-alpine-linux-musl/release/krillpubd /usr/local/bin/
-COPY --from=build /tmp/krill/target/x86_64-alpine-linux-musl/release/krillpubc /usr/local/bin/
+COPY --from=build /tmp/out/bin/* /usr/local/bin/
 
 RUN apk add --no-cache haproxy curl rsync libgcc ca-certificates openssl openssh-server \
     && ssh-keygen -A \

platform/docker_images/routinator/Dockerfile

@@ -1,23 +1,26 @@
 # -- stage 1: build static routinator with musl libc for alpine
-FROM d_base:latest as build
+FROM d_base:latest AS build
 
 # Specify what version of routinator should be built.
-ARG ROUTINATOR_VERSION=0.10.2
+ARG ROUTINATOR_VERSION=0.14.0
+ARG BUILD_THREADS=2
 
 RUN apk add wget openssl-dev rust cargo
 
 WORKDIR /tmp/routinator
 
 RUN wget "https://github.com/NLnetLabs/routinator/archive/refs/tags/v${ROUTINATOR_VERSION}.tar.gz" -O - | tar -xz --strip-components=1
-RUN cargo build \
-    --target x86_64-alpine-linux-musl \
+
+RUN CARGO_HTTP_MULTIPLEXING=false cargo install \
+    --jobs ${BUILD_THREADS} \
     --features socks,native-tls \
-    --release \
-    --locked
+    --locked \
+    --path . \
+    --root /tmp/out/
 
 # -- stage 2: create image with the static routinator executable
 FROM d_base_supervisor:latest
-COPY --from=build /tmp/routinator/target/x86_64-alpine-linux-musl/release/routinator /usr/local/bin/
+COPY --from=build /tmp/out/bin/* /usr/local/bin/
 
 # Install rsync and ca-certificates as routinator depends on it
 # Use Tini to ensure that Routinator responds to CTRL-C when run in the

platform/docker_images/routinator/routinator.conf

@@ -22,7 +22,8 @@ stale = "reject"
 strict = false
 syslog-facility = "daemon"
 systemd-listen = false
-tal-dir = "/root/.rpki-cache/tals"
+extra-tals-dir = "/root/.rpki-cache/tals"
 unknown-objects = "warn"
 unsafe-vrps = "warn"
 validation-threads = 1
+no-rir-tals = true

platform/setup/rpki_config.sh

@@ -240,7 +240,7 @@ for ((j = 0; j < n_groups; j++)); do
                                 # Register CA with local publication server
                                 echo "krillc repo request --server \$KRILL_SERVER \\"
                                 echo "    --ca \"${ca_name}\" > /tmp/${ca_name}_publisher_request.xml"
-                                echo "krillpubc add \\"
+                                echo "krillc pubserver publishers add \\"
                                 echo "    --server \$KRILL_SERVER \\"
                                 echo "    --publisher \"${ca_name}\" \\"
                                 echo "    --request /tmp/${ca_name}_publisher_request.xml > /tmp/${ca_name}_repository_response.xml"

platform/setup/rpki_setup.sh

@@ -81,14 +81,15 @@ for ((j = 0; j < n_krill_containers; j++)); do
         krill_config_location="${krill_group_location}/krill.conf"
 
         # Add one admin account and one readonly account which can see all certificate authorities
-        admin_passwd=$(awk "\$1 == \"admin\" { print \$0 }" "${DIRECTORY}/groups/krill_passwords.txt" | cut -f 2 -d ' ')
-        readonly_passwd=$(awk "\$1 == \"readonly\" { print \$0 }" "${DIRECTORY}/groups/krill_passwords.txt" | cut -f 2 -d ' ')
+        admin_passwd=$(awk '$1 == "admin" { print $2 }' "${DIRECTORY}/groups/krill_passwords.txt")
+        readonly_passwd=$(awk '$1 == "readonly" { print $2 }' "${DIRECTORY}/groups/krill_passwords.txt")
         {
-            echo "${admin_passwd}" | docker exec -i $krill_container_name krillc config user --id "[email protected]" \
-                -a "role=admin" | grep "admin" | tr -d '\r'
-            echo "${readonly_passwd}" | docker exec -i $krill_container_name krillc config user --id "[email protected]" \
-                -a "role=readonly" | grep "readonly" | tr -d '\r'
-        } >> $krill_config_location
+            # Add admin user
+            docker exec -i "$krill_container_name" bash -c "script -q -c 'krillc config user --id \"[email protected]\" -a \"role=admin\"' /dev/null" <<< "${admin_passwd}" | grep "admin" | tr -d '\r'
+
+            # Add readonly user
+            docker exec -i "$krill_container_name" bash -c "script -q -c 'krillc config user --id \"[email protected]\" -a \"role=readonly\"' /dev/null" <<< "${readonly_passwd}" | grep "readonly" | tr -d '\r'
+        } >> "$krill_config_location"
     fi
 done
 
@@ -127,8 +128,7 @@ for ((k = 0; k < group_numbers; k++)); do
                 passwd=$(awk "\$1 == \"${group_number}\" { print \$0 }" "${DIRECTORY}/groups/passwords.txt" | cut -f 2 -d ' ')
                 {
                     # Emulate a fake tty because krillc only reads input from a tty but not STDIN.
-                    echo "${passwd}" | docker exec -i $krill_container_name krillc config user --id "group${group_number}@ethz.ch" \
-                        -a "role=readwrite" -a "inc_cas=group${group_number}" | grep "group${group_number}" | tr -d '\r'
+                    docker exec -i "$krill_container_name" bash -c "script -q -c 'krillc config user --id \"group${group_number}@ethz.ch\" -a \"role=readwrite\" -a \"inc_cas=group${group_number}\"' /dev/null" <<< "${passwd}" | grep "group${group_number}" | tr -d '\r'
                 } >> $krill_config_location
 
                 if [ "$group_config" == "Config" ]; then