summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/minimalsystem.txt83
1 files changed, 83 insertions, 0 deletions
diff --git a/doc/minimalsystem.txt b/doc/minimalsystem.txt
new file mode 100644
index 0000000..d0a5cee
--- /dev/null
+++ b/doc/minimalsystem.txt
@@ -0,0 +1,83 @@
+<!-- -*- markdown -*- -->
+
+Setting up a minimal system
+===========================
+
+To setup a minimal system, first make sure you have the "Requirements"
+from README.md and then do:
+
+ make
+ make release
+
+
+Removing files from your previous session
+---------------------------------------
+
+ rm -f /tmp/cert1-sct
+ rm -rf /tmp/testcert1
+
+
+Setting up the environment
+----------------------
+
+ mkdir /tmp/testcert1
+ make tests-prepare
+
+This will configure the servers to run on 127.0.0.1 port 8080, 8081,
+and 8082. If you want to change that, change the configuration files
+in `test/config`.
+
+Starting the servers
+--------------------
+
+ make tests-start
+
+Submitting certificates
+-----------------------
+
+ tools/submitcert.py --store tools/testcerts/cert1.txt --check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/
+
+This submits the certificate (in PEM format) in the file
+`tools/testcerts/cert1.txt` and appends the SCT to the file
+`/tmp/cert1-sct`. It also checks the signature of the SCT.
+
+If you want to submit all the files in a
+directory, use the directory name with a `/` at the end, for example
+`tools/testcerts/`.
+
+
+Running merge
+-------------
+
+ tools/merge.py --baseurl https://127.0.0.1:8080/ --frontend https://127.0.0.1:8082/ --storage https://127.0.0.1:8081/ --mergedb rel/mergedb --keyfile rel/test/eckey.pem
+
+This will read the submitted certificates from the storage node,
+decide the order, and publish the certificates to the frontend server.
+
+If you want to run the system continuously, run the merge command in
+cron or in a while loop.
+
+Verifying SCT:s
+---------------
+
+ tools/verifysct.py --sct-file /tmp/cert1-sct https://127.0.0.1:8080/
+
+This verifies that all the SCT:s in the file `/tmp/cert1-sct` are
+actually in the log.
+
+Running a monitor
+-----------------
+An easy way to run a monitor is:
+
+ while true; do ./fetchallcerts.py --store /tmp/testcert1 --write-sth https://127.0.0.1:8080/ ; sleep 10; done
+
+This will fetch all the certificates in a log, verify the consistency
+proof between the old and new versions, and save the new STH.
+
+Stopping the system
+-------------------
+
+ make tests-stop
+
+It is important that the system is stopped before running `make
+release` again, or the release build will fail.