summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile2
-rw-r--r--packaging/docker/README31
-rw-r--r--packaging/docker/base-debian:jessie/Dockerfile4
-rwxr-xr-xpackaging/docker/build-from-source.sh5
-rw-r--r--packaging/docker/catlfish-dev/Dockerfile83
-rwxr-xr-xpackaging/docker/catlfish-dev/merge.sh28
-rwxr-xr-xpackaging/docker/catlfish-dev/start.sh32
-rw-r--r--packaging/docker/erlang/Dockerfile14
-rw-r--r--packaging/docker/onion/Dockerfile11
-rw-r--r--packaging/docker/onion/start.sh20
-rw-r--r--tools/certtools.py7
-rwxr-xr-xtools/check-sth.py2
-rwxr-xr-xtools/merge.py6
13 files changed, 14 insertions, 231 deletions
diff --git a/Makefile b/Makefile
index 2acaee2..0657b43 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ tests-prepare:
mv $(INSTDIR)/tests/privatekeys/merge-1.pem $(INSTDIR)/tests/publickeys/
-test -x $(SOFTHSM) && $(SOFTHSM) --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff
-test -x $(SOFTHSM) && $(SOFTHSM) --import $(INSTDIR)/tests/keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00
- rm $(INSTDIR)/cur-sth.json
+ rm -f $(INSTDIR)/cur-sth.json
tests-start:
@for node in $(NODES); do \
diff --git a/packaging/docker/README b/packaging/docker/README
deleted file mode 100644
index 147fa41..0000000
--- a/packaging/docker/README
+++ /dev/null
@@ -1,31 +0,0 @@
-Information about creating a docker image for running catlfish from a
-binary release or with catlfish built from source.
-
-
-Requirements
-------------
-
-- lack of expectations regarding security -- docker doesn't verify
- downloaded images
-- a 64-bit Linux system
-- lxc-docker version 1.3 or later
-
-
-Building an image
------------------
-
-Run build-from-release.sh or build-from-source.sh to build a docker
-image with catlfish. Note that you will have to cd into this
-directory, catlfish/packaging/docker, in order for docker to find the
-appropriate docker files.
-
-
-Running it
-----------
-
-Run the resulting image in interactive mode.
-
- $ docker run -it --rm catlfish /bin/bash
-
-See catlfish/examples/docker-single-node/README for an example of how
-to set up a single node catlfish instance.
diff --git a/packaging/docker/base-debian:jessie/Dockerfile b/packaging/docker/base-debian:jessie/Dockerfile
deleted file mode 100644
index 864c239..0000000
--- a/packaging/docker/base-debian:jessie/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM debian:jessie
-RUN apt-get update
-RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-RUN apt-get -y -q upgrade
diff --git a/packaging/docker/build-from-source.sh b/packaging/docker/build-from-source.sh
deleted file mode 100755
index 2b47222..0000000
--- a/packaging/docker/build-from-source.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#! /bin/sh
-
-docker build -t base base-debian:jessie
-docker build -t erlang erlang
-docker build -t catlfish catlfish-dev
diff --git a/packaging/docker/catlfish-dev/Dockerfile b/packaging/docker/catlfish-dev/Dockerfile
deleted file mode 100644
index ba90e7b..0000000
--- a/packaging/docker/catlfish-dev/Dockerfile
+++ /dev/null
@@ -1,83 +0,0 @@
-# Catlfish expects to find its configuration in
-# /usr/local/etc/catlfish/catlfish.config so mounting
-# /usr/local/etc/catlfish is recommended. This can be done using the
-# `-v' flag to `docker run'.
-#
-# NOTE: The directory on the host system that's mounted at
-# /var/db/catlfish in the container has to be writable by a host
-# user with uid 147.
-#
-# Example, running a frontend node:
-# $ docker run -v /etc/catlfish:/usr/local/etc/catlfish:ro catlfish
-# frontend /usr/local/catlfish
-#
-# Example, running a merge node:
-# $ docker run -v /etc/catlfish:/usr/local/etc/catlfish:ro catlfish
-# merge /usr/local/catlfish /var/db/catlfish-merge
-
-FROM erlang
-RUN apt-get update
-RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-
-# For building. g++ and OpenSSL is for SoftHSMv2.
-RUN apt-get -y -q install gcc git make curl g++ libssl-dev
-
-# For merge.
-RUN apt-get -y -q install git python-ecdsa python-yaml
-
-# Build all dependencies.
-
-WORKDIR /usr/local/src
-RUN curl https://www.ct.nordu.net/dist/mochiweb-v2.12.2.tar.gz | tar xzf -
-RUN ln -s mochiweb-2.12.2 mochiweb
-RUN make -C mochiweb
-
-WORKDIR /usr/local/src
-RUN curl https://www.ct.nordu.net/dist/lager-2.1.1.tar.gz | tar xzf -
-RUN ln -s lager-2.1.1 lager
-RUN mkdir lager/deps
-RUN curl https://www.ct.nordu.net/dist/goldrush-0.1.6.tar.gz | tar xzf - -C lager/deps && ln -s goldrush-0.1.6 lager/deps/goldrush
-RUN make -C lager
-
-WORKDIR /usr/local/src
-RUN curl https://www.ct.nordu.net/dist/hackney-1.1.0.tar.gz | tar xzf -
-RUN ln -s hackney-1.1.0 hackney
-RUN mkdir hackney/deps
-RUN curl https://www.ct.nordu.net/dist/erlang-idna-1.0.2.tar.gz | tar xzf - -C hackney/deps && ln -s erlang-idna-1.0.2 hackney/deps/idna
-RUN curl https://www.ct.nordu.net/dist/ssl_verify_hostname-1.0.4.tar.gz | tar xzf - -C hackney/deps && ln -s ssl_verify_hostname-1.0.4 hackney/deps/ssl_verify_hostname
-RUN make -C hackney REBAR=../lager/rebar
-
-WORKDIR /usr/local/src
-RUN curl https://www.ct.nordu.net/dist/SoftHSMv2-2.0.0b3-ndn1.tar.gz | tar xzf -
-WORKDIR /usr/local/src/SoftHSMv2-2.0.0b3
-RUN ./configure --prefix=/usr/local && make all install
-ADD softhsm2.conf /usr/local/etc/
-
-# Build plop and catlfish.
-WORKDIR /usr/local/src
-RUN git clone https://git.nordu.net/plop.git
-RUN make -C plop
-
-WORKDIR /usr/local/src
-RUN git clone https://git.nordu.net/catlfish.git
-RUN make -C catlfish PREFIX=/usr/local all release
-
-# Config dir is mounted from host using `-v' to 'docker run'.
-VOLUME /usr/local/etc/catlfish
-
-# Create a catlfish user.
-RUN groupadd --gid 147 catlfish
-RUN useradd --uid 147 --gid 147 catlfish
-
-# Working has to be where catlfish.config is. We want to run in
-# /var/run/catlfish and not in /usr/local/etc/catlfish, so symlink.
-RUN mkdir /var/run/catlfish
-WORKDIR /var/run/catlfish
-RUN mkdir erlang_log sasl_log merge_log
-RUN chown -R catlfish:catlfish /var/run/catlfish
-RUN ln -s /usr/local/etc/catlfish/catlfish.config /var/run/catlfish/
-
-ADD merge.sh /usr/local/catlfish/
-ADD start.sh /var/run/catlfish/
-USER catlfish
-ENTRYPOINT ["/var/run/catlfish/start.sh"]
diff --git a/packaging/docker/catlfish-dev/merge.sh b/packaging/docker/catlfish-dev/merge.sh
deleted file mode 100755
index 40f623c..0000000
--- a/packaging/docker/catlfish-dev/merge.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#! /bin/sh
-
-# Default intervals
-# - 5m before first merge
-# - 20m between subsequent merges
-S1=300; [ -n "$1" ] && S1=$1
-S2=1200; [ -n "$2" ] && S2=$2
-
-DBDIR="$3"
-
-[ -d $DBDIR ] || mkdir $DBDIR
-[ -d $DBDIR/chains ] || mkdir $DBDIR/chains
-[ -e $DBDIR/logorder ] || touch $DBDIR/logorder
-
-date
-echo "merge: waiting $(expr $S1 / 60)m$(expr $S1 % 60)s before merging for the first time"
-sleep $S1
-
-while true; do
- echo "$0: merging"
- date
- python /usr/local/src/catlfish/tools/merge.py \
- --config /usr/local/etc/catlfish/system.cfg \
- --localconfig /usr/local/etc/catlfish/merge.cfg
- date
- echo "merge: waiting $(expr $S2 / 60)m$(expr $S2 % 60)s before merging again"
- sleep $S2
-done
diff --git a/packaging/docker/catlfish-dev/start.sh b/packaging/docker/catlfish-dev/start.sh
deleted file mode 100755
index c232f47..0000000
--- a/packaging/docker/catlfish-dev/start.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#! /bin/sh
-
-role=$1; [ -n "$1" ] && shift
-database=$1; [ -n "$1" ] && shift
-erlbase=$1; [ -n "$1" ] && shift
-
-# Set sane defaults.
-[ -z "$database" ] && database=/var/db/catlfish-merge
-[ -z "$erlbase" ] && erlbase=/usr/local/catlfish
-
-case $role in
- frontend|storage|signing)
- $erlbase/bin/run_erl \
- /var/run/catlfish/ \
- /var/run/catlfish/erlang_log/ \
- "exec $erlbase/bin/erl -config catlfish"
- ;;
- merge)
- # Catlfish version is included in filename of archive and
- # filename in that archive. Example: lib/catlfish-0.6.0.ez
- # contains catlfish-0.6.0.
- ver=$(ls $erlbase/lib/catlfish-*.ez | sed 's/.*catlfish-\(.*\)\.ez/\1/1')
- ERL_LIBS=$erlbase/lib/catlfish-${ver}.ez/catlfish-${ver}
- ERL_LIBS=$ERL_LIBS:$erlbase/lib/lager-2.1.1.ez/lager-2.1.1
- export ERL_LIBS
-
- $erlbase/merge.sh 60 3600 $database > merge_log/stdout 2> merge_log/stderr
- ;;
- *)
- echo "catlfish: unknown role: $role"
- ;;
-esac
diff --git a/packaging/docker/erlang/Dockerfile b/packaging/docker/erlang/Dockerfile
deleted file mode 100644
index 531064d..0000000
--- a/packaging/docker/erlang/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM base
-RUN apt-get update
-RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-RUN apt-get -y -q install \
- erlang-base \
- erlang-crypto \
- erlang-dev \
- erlang-eunit \
- erlang-inets \
- erlang-public-key \
- erlang-reltool \
- erlang-runtime-tools \
- erlang-ssl \
- erlang-xmerl
diff --git a/packaging/docker/onion/Dockerfile b/packaging/docker/onion/Dockerfile
deleted file mode 100644
index c1cadcd..0000000
--- a/packaging/docker/onion/Dockerfile
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM debian:jessie
-RUN apt-get update
-RUN echo 'debconf debconf/frontend select noninteractive' | debconf-set-selections
-RUN apt-get -y -q install tor
-RUN systemctl disable tor
-ADD start.sh /start.sh
-RUN chmod a+rx /start.sh
-VOLUME /etc/tor
-VOLUME /var/lib/tor/hs
-RUN chown -R debian-tor:debian-tor /var/lib/tor/hs
-ENTRYPOINT ["/start.sh"]
diff --git a/packaging/docker/onion/start.sh b/packaging/docker/onion/start.sh
deleted file mode 100644
index dce48af..0000000
--- a/packaging/docker/onion/start.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#! /bin/sh
-
-# BACKEND_PORT is set by `docker run --link BACKEND:foo' on the form
-# tcp://<ip>:<port>. See https://docs.docker.com/userguide/dockerlinks/.
-
-if [ -n "${HSPORT}" ]; then
- HSPORT=80 # Default localhost:80 -> .onion:80
- if [ -n "${BACKEND_PORT}" ]; then
- HSPORT="80 "$(echo ${BACKEND_PORT} | sed 's|^.*://||1')
- fi
-fi
-
-if ! [ -e /etc/tor/torrc ]; then
- echo "SocksPort 0" >> /etc/tor/torrc
- echo "DataDirectory /var/lib/tor" >> /etc/tor/torrc
- echo "HiddenServiceDir /var/lib/tor/hs" >> /etc/tor/torrc
- echo "HiddenServicePort ${HSPORT}" >> /etc/tor/torrc
-fi
-
-/usr/bin/tor -f /etc/tor/torrc --user debian-tor
diff --git a/tools/certtools.py b/tools/certtools.py
index 3a1e582..045bc55 100644
--- a/tools/certtools.py
+++ b/tools/certtools.py
@@ -261,7 +261,12 @@ def encode_signature(hash_alg, signature_alg, unpacked_signature):
def check_signature(baseurl, signature, data, publickey=None):
if publickey == None:
- publickey = base64.decodestring(publickeys[baseurl])
+ if baseurl in publickeys:
+ publickey = base64.decodestring(publickeys[baseurl])
+ else:
+ print >>sys.stderr, "Public key for", baseurl, \
+ "not found, specify key file with --publickey"
+ sys.exit(1)
(hash_alg, signature_alg, unpacked_signature) = decode_signature(signature)
assert hash_alg == 4, \
"hash_alg is %d, expected 4" % (hash_alg,) # sha256
diff --git a/tools/check-sth.py b/tools/check-sth.py
index 0cdc031..dacd8e6 100755
--- a/tools/check-sth.py
+++ b/tools/check-sth.py
@@ -26,8 +26,8 @@ parser.add_argument('--cur-sth',
metavar='file',
default=DEFAULT_CUR_FILE,
help="File containing current STH (default=%s)" % DEFAULT_CUR_FILE)
-parser.add_argument('publickey', help='File containing the public key for the CT log')
parser.add_argument('baseurl', help="Base URL for CT log")
+parser.add_argument('--publickey', default=None, metavar='file', help='Public key for the CT log')
parser.add_argument('--cafile', default=None, metavar='file', help='File containing the CA cert')
parser.add_argument('--allow-lag', action='store_true', help='Allow node to lag behind previous STH')
parser.add_argument('--quiet-ok', action='store_true', help="Don't print status if OK")
diff --git a/tools/merge.py b/tools/merge.py
index b426039..8766491 100755
--- a/tools/merge.py
+++ b/tools/merge.py
@@ -73,6 +73,11 @@ def add_to_logorder(key):
f.write(base64.b16encode(key) + "\n")
f.close()
+def fsync_logorder():
+ f = open(logorderfile, "a")
+ os.fsync(f.fileno())
+ f.close()
+
def get_new_entries(node, baseurl):
try:
result = http_request(baseurl + "ct/storage/fetchnewentries", key=own_key, verifynode=node, publickeydir=paths["publickeys"])
@@ -228,6 +233,7 @@ for storagenode in storagenodes:
logorder.append(hash)
certsinlog.add(hash)
added_entries += 1
+fsync_logorder()
timing_point(timing, "add entries")
print "added", added_entries, "entries"