diff options
Diffstat (limited to 'doc/minimalsystem.txt')
| -rw-r--r-- | doc/minimalsystem.txt | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/doc/minimalsystem.txt b/doc/minimalsystem.txt deleted file mode 100644 index 061b6cc..0000000 --- a/doc/minimalsystem.txt +++ /dev/null @@ -1,92 +0,0 @@ -<!-- -*- markdown -*- --> - -Setting up a minimal system -=========================== - -To setup a minimal system, first make sure you have the "Requirements" -from README.md and then do: - - make - make release - - -Removing files from your previous session ---------------------------------------- - - rm -f /tmp/cert1-sct - rm -rf /tmp/testcert1 - - -Setting up the environment ----------------------- - - mkdir /tmp/testcert1 - make tests-prepare - -This will configure the servers to run on 127.0.0.1 port 8080, 8081, -and 8082. If you want to change that, change the configuration files -`test/*.cfg`. - -Starting the servers --------------------- - - make tests-start - -Submitting certificates ------------------------ - - tools/submitcert.py --store tools/testcerts/cert1.txt \ - --check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/ - -This submits the certificate (in PEM format) in the file -`tools/testcerts/cert1.txt` and appends the resulting SCT to the file -`/tmp/cert1-sct`. It also checks the signature of the SCT. - -If you want to submit all the files in a directory, name directory -with a `/` at the end, for example `tools/testcerts/`. - - -Running merge once ------------------- - - tools/merge.py --config test/catlfish-test.cfg - --localconfig test/catlfish-test-local-merge.cfg - -This will read the submitted certificates from the storage node, -decide the order, and publish the certificates to the frontend server. - -If you want to run the system continuously, run the merge command in -cron or in a while loop. See `packaging/docker/catlfish-dev/merge.sh` -for an example of the latter. - -Verifying SCT:s ---------------- - - tools/verifysct.py --sct-file /tmp/cert1-sct \ - --publickey=tests/keys/logkey.pem \ - --cafile tests/httpsca/demoCA/cacert.pem \ - https://127.0.0.1:8080/ - -This verifies that all the certs corresponding to the SCT:s in the -file `/tmp/cert1-sct` are actually present in the log. - -Running a monitor ------------------ -An easy way to run a monitor is: - - while true; do - ./fetchallcerts.py --store /tmp/testcert1 \ - --write-sth https://127.0.0.1:8080/; - sleep 10 - done - -This will fetch all the certificates in a log, verify the consistency -proof between the old and new versions, and save the new STH. - -Stopping the system -------------------- - - make tests-stop - -It is important that the system is stopped before running `make -release` again, or the release build will fail. |