diff options
-rw-r--r-- | doc/minimalsystem.txt | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/doc/minimalsystem.txt b/doc/minimalsystem.txt new file mode 100644 index 0000000..d0a5cee --- /dev/null +++ b/doc/minimalsystem.txt @@ -0,0 +1,83 @@ +<!-- -*- markdown -*- --> + +Setting up a minimal system +=========================== + +To setup a minimal system, first make sure you have the "Requirements" +from README.md and then do: + + make + make release + + +Removing files from your previous session +--------------------------------------- + + rm -f /tmp/cert1-sct + rm -rf /tmp/testcert1 + + +Setting up the environment +---------------------- + + mkdir /tmp/testcert1 + make tests-prepare + +This will configure the servers to run on 127.0.0.1 port 8080, 8081, +and 8082. If you want to change that, change the configuration files +in `test/config`. + +Starting the servers +-------------------- + + make tests-start + +Submitting certificates +----------------------- + + tools/submitcert.py --store tools/testcerts/cert1.txt --check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/ + +This submits the certificate (in PEM format) in the file +`tools/testcerts/cert1.txt` and appends the SCT to the file +`/tmp/cert1-sct`. It also checks the signature of the SCT. + +If you want to submit all the files in a +directory, use the directory name with a `/` at the end, for example +`tools/testcerts/`. + + +Running merge +------------- + + tools/merge.py --baseurl https://127.0.0.1:8080/ --frontend https://127.0.0.1:8082/ --storage https://127.0.0.1:8081/ --mergedb rel/mergedb --keyfile rel/test/eckey.pem + +This will read the submitted certificates from the storage node, +decide the order, and publish the certificates to the frontend server. + +If you want to run the system continuously, run the merge command in +cron or in a while loop. + +Verifying SCT:s +--------------- + + tools/verifysct.py --sct-file /tmp/cert1-sct https://127.0.0.1:8080/ + +This verifies that all the SCT:s in the file `/tmp/cert1-sct` are +actually in the log. + +Running a monitor +----------------- +An easy way to run a monitor is: + + while true; do ./fetchallcerts.py --store /tmp/testcert1 --write-sth https://127.0.0.1:8080/ ; sleep 10; done + +This will fetch all the certificates in a log, verify the consistency +proof between the old and new versions, and save the new STH. + +Stopping the system +------------------- + + make tests-stop + +It is important that the system is stopped before running `make +release` again, or the release build will fail. |