From 5a5e4d2d68601eb9308b4f060a29076aa6852fce Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Mon, 13 Apr 2015 20:22:08 +0200 Subject: catlfish-0.6.0. --- doc/minimalsystem.txt | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) (limited to 'doc') diff --git a/doc/minimalsystem.txt b/doc/minimalsystem.txt index 9a097e5..061b6cc 100644 --- a/doc/minimalsystem.txt +++ b/doc/minimalsystem.txt @@ -25,7 +25,7 @@ Setting up the environment This will configure the servers to run on 127.0.0.1 port 8080, 8081, and 8082. If you want to change that, change the configuration files -in `test/config`. +`test/*.cfg`. Starting the servers -------------------- @@ -35,47 +35,50 @@ Starting the servers Submitting certificates ----------------------- - tools/submitcert.py --store tools/testcerts/cert1.txt --check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/ + tools/submitcert.py --store tools/testcerts/cert1.txt \ + --check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/ This submits the certificate (in PEM format) in the file -`tools/testcerts/cert1.txt` and appends the SCT to the file +`tools/testcerts/cert1.txt` and appends the resulting SCT to the file `/tmp/cert1-sct`. It also checks the signature of the SCT. -If you want to submit all the files in a -directory, use the directory name with a `/` at the end, for example -`tools/testcerts/`. +If you want to submit all the files in a directory, name directory +with a `/` at the end, for example `tools/testcerts/`. -Running merge -------------- +Running merge once +------------------ - tools/merge.py --baseurl https://127.0.0.1:8080/ \ - --frontend https://127.0.0.1:8082/ \ - --storage https://127.0.0.1:8081/ \ - --mergedb rel/mergedb \ - --keyfile rel/test/eckey.pem \ - --own-keyname merge-1 \ - --own-keyfile rel/privatekeys/merge-1-private.pem + tools/merge.py --config test/catlfish-test.cfg + --localconfig test/catlfish-test-local-merge.cfg This will read the submitted certificates from the storage node, decide the order, and publish the certificates to the frontend server. If you want to run the system continuously, run the merge command in -cron or in a while loop. +cron or in a while loop. See `packaging/docker/catlfish-dev/merge.sh` +for an example of the latter. Verifying SCT:s --------------- - tools/verifysct.py --sct-file /tmp/cert1-sct https://127.0.0.1:8080/ + tools/verifysct.py --sct-file /tmp/cert1-sct \ + --publickey=tests/keys/logkey.pem \ + --cafile tests/httpsca/demoCA/cacert.pem \ + https://127.0.0.1:8080/ -This verifies that all the SCT:s in the file `/tmp/cert1-sct` are -actually in the log. +This verifies that all the certs corresponding to the SCT:s in the +file `/tmp/cert1-sct` are actually present in the log. Running a monitor ----------------- An easy way to run a monitor is: - while true; do ./fetchallcerts.py --store /tmp/testcert1 --write-sth https://127.0.0.1:8080/ ; sleep 10; done + while true; do + ./fetchallcerts.py --store /tmp/testcert1 \ + --write-sth https://127.0.0.1:8080/; + sleep 10 + done This will fetch all the certificates in a log, verify the consistency proof between the old and new versions, and save the new STH. -- cgit v1.1