1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# catlfish
catlfish is a Certificate Transparency log server (RFC 6962).
The catlfish software has the following properties:
- Distributed, for fault tolerance under high load
- Layered software design with a generic append-only database below
and public protocol on top, making it useful for buildling other
transparency systems as well
- Cross-organisational operations, enabling scaling beyond what can be
achieved by a single organisation
- Append-only database backend specially designed for this purpose
- HSM support, for keeping sensitive keys off general purpose computers
- Dockerised, for a snazzy deployment option
# Requirements
In order to compile catlfish, the following software packages are
needed:
- A compiled https://git.nordu.net/plop.git in ../plop
- A compiled https://github.com/basho/lager (for logging) in ../lager
- A compiled https://github.com/mochi/mochiweb (for web server
functionality) in ../mochiweb
- A compiled https://github.com/benoitc/hackney.git (http client) in
../hackney
- Debian packages nettle-dev, libbsd-dev, librhash-dev, libpython-dev
(for using the permdb backend)
Note: hackney is dependent on rebar, but doesn't include one. You can
use the rebar from lager by adding "REBAR=../lager/rebar" to the make
command line, or install rebar yourself.
In order to perform merge operations, the following software packages
are needed (Debian): python-ecdsa, python-yaml.
In order to use the tools for submitting certificates, the following
software packages are needed (Debian): python-pyasn1, unzip.
In order to run the tests, the following software packagess are needed
(Debian): curl.
# Compile
$ make release
# Start
This will set up and start a small test system and run some tests on
it:
$ make tests
To submit a test cert and verify the resulting SCT:
$ (cd catlfish; ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts https://localhost:8080/ --publickey=tests/keys/logkey.pem)
# Unit tests
$ make check
# Logs and traces
Logs from the latest test run can be found under catlfish/tests/.
Erlang instances log to files named <nodename>-*.log.
In addition, the console output from each erlang instance is stored
under nodes/<nodename>/log/.
The amount of log sent to the console can be adjusted at runtime using
lager:set_loglevel(lager_console_backend, NewLevel).
where ''NewLevel'' is one of
debug, info, notice, warning, error, critical, alert, emergency
|