File: README.md

package info (click to toggle)
golang-github-google-certificate-transparency 1.3.2-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 4,764 kB
  • sloc: sh: 606; makefile: 103; sql: 16
file content (60 lines) | stat: -rw-r--r-- 2,567 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# Trillian CT Personality

This directory holds code and scripts for running a Certificate Transparency
(CT) Log based on the [Trillian](https://github.com/google/trillian) general
transparency Log.

 - [Codebase Structure](#codebase-structure)
 - [Deployment](#deployment)
 - [Operation](#operation)


## Codebase Structure

The main code for the CT personality is held in `trillian/ctfe`; this code
responds to HTTP requests on the
[CT API paths](https://tools.ietf.org/html/rfc6962#section-4) and translates
them to the equivalent gRPC API requests to the Trillian Log.

This obviously relies on the gRPC API definitions at
`github.com/google/trillian`; the code also uses common libraries from the
Trillian project for various things including:
 - exposing monitoring and statistics via an `interface` and corresponding
   Prometheus implementation (`github.com/google/trillian/monitoring/...`)
 - dealing with cryptographic keys (`github.com/google/trillian/crypto/...`).

The `trillian/integration/` directory holds scripts and tests for running the whole
system locally.  In particular:
 - `trillian/integration/ct_integration_test.sh` brings up local processes
   running a Trillian Log server, signer and a CT personality, and exercises the
   complete set of RFC 6962 API entrypoints.
 - `trillian/integration/ct_hammer_test.sh` brings up a complete system and runs
   a continuous randomized test of the CT entrypoints.

These scripts require a local database instance to be configured as described
in the [Trillian instructions](https://github.com/google/trillian#mysql-setup).


## Deployment

Deploying a Trillian-based CT Log involves more than just the code contained
in this directory.

The [Manual Deployment document](docs/ManualDeployment.md) describes the
components and process involved in manually setting up a CT Log instance on
individual machines.

The [Containerized Deployment document](docs/ContainerDeployment.md) describes
the sample container scripts which make CT Log deployment easier and more
automatic.  However, if you're planning to operate a trusted CT Log (rather than
simply experimenting/playing with the code) then you should expect to understand all
of the information in the manual version – even if you use the
containerized variant for deployment convenience.


## Operation

Once all of the components for a Trillian-based CT Log have been deployed,
log operators need to monitor and maintain the Log. The
[Operation document](docs/Operation.md) describes key considerations and gotchas
for this ongoing process.