Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add option to change the metrics port | Grégoire Détrez | 2022-08-19 | 1 | -3/+11 |
| | |||||
* | Don't count an already-signed tree-head as an error | Grégoire Détrez | 2022-08-19 | 1 | -1/+6 |
| | |||||
* | Daemonize witness | Grégoire Détrez | 2022-08-19 | 1 | -23/+112 |
| | |||||
* | add assert for consistency in testsHEADmain | Rasmus Dahlberg | 2022-07-05 | 1 | -1/+1 |
| | |||||
* | Change ERR_USAGE exit code | Grégoire Détrez | 2022-06-28 | 1 | -1/+1 |
| | | | | | Cpython already uses exit code 1 for uncaught exception, this uses the vaguely-standardized value of 64 from `os.EX_USAGE` instead. | ||||
* | Catch requests' ConnectionError | Grégoire Détrez | 2022-06-28 | 1 | -3/+12 |
| | | | | | | This is a tentative fix for #44: catch exceptions raised by requests if it cannot connect to the log so that the witness can return the expected exit codes. | ||||
* | Allow --sigkey-file to be a symlink | Grégoire Détrez | 2022-06-28 | 3 | -8/+95 |
| | | | | | Also adds the first tests (using pytest) & a short paragraph to the README on how to run them. | ||||
* | change get-consistency-proof HTTP method to GET | Linus Nordberg | 2022-04-29 | 1 | -3/+2 |
| | | | | Following API changes in log. | ||||
* | s/get-tree-head-to-sign/get-tree-head-to-cosign | Linus Nordberg | 2022-04-28 | 1 | -1/+1 |
| | | | | Following changes in log API. | ||||
* | move issues to a common pad | Rasmus Dahlberg | 2022-03-30 | 2 | -8/+0 |
| | |||||
* | sign tree head using SSHSIG | Linus Nordberg | 2022-03-25 | 1 | -8/+9 |
| | |||||
* | change default signing algo to sha256 | Linus Nordberg | 2022-03-25 | 2 | -2/+2 |
| | |||||
* | add issue | Linus Nordberg | 2021-12-30 | 1 | -0/+3 |
| | |||||
* | split armored ssh signature blob on column 70 | Linus Nordberg | 2021-12-09 | 1 | -2/+2 |
| | | | | This is what ssh-keygen -Y sign does. | ||||
* | follow spec wrt tree head age | Linus Nordberg | 2021-12-08 | 2 | -14/+5 |
| | | | | | | Allow for 10s of clock drift too. Bug reported by rgdd. | ||||
* | added issue | Rasmus Dahlberg | 2021-12-08 | 1 | -0/+10 |
| | |||||
* | Merge branch 'main' of git.sigsum.org:sigsum-witness-py | Linus Nordberg | 2021-12-08 | 1 | -0/+5 |
|\ | |||||
| * | added issue about strict hex parsing | Rasmus Dahlberg | 2021-10-12 | 1 | -0/+5 |
| | | |||||
* | | add tooling for signing | Linus Nordberg | 2021-12-08 | 5 | -0/+252 |
|/ | | | | | | | | There's tools for key generation and conversion and there's tools for signing and verifying a tree leaf. Note that the leaf signing tools use the yet to be decided about SSH signing format, with message (ie signers checksum) being hashed with SHA-512 to match SSH tooling (ssh-keygen -Y). | ||||
* | we're sigsum nowv0.2.1 | Linus Nordberg | 2021-09-14 | 1 | -0/+0 |
| | |||||
* | s/siglog/sigsum/g | Linus Nordberg | 2021-09-14 | 1 | -6/+10 |
| | | | | | | NOTE: default config directory is now ~/.config/sigsum-witness/ Also, change default log endpoint to poc.sigsum.org. | ||||
* | v0/get-consistency-proof don't return the sizes anymorev0.2.0 | Linus Nordberg | 2021-09-14 | 1 | -7/+7 |
| | |||||
* | follow more API changes in v0.2.0 | Linus Nordberg | 2021-09-14 | 1 | -8/+9 |
| | | | | | | Signed Tree Heads binary format now contains a hash of the log pubkey. v0/add-cosignature takes cosignatures in 'cosignature='. | ||||
* | signed tree head wire format doesn't include `key_hash` anymore | Linus Nordberg | 2021-09-14 | 1 | -3/+1 |
| | |||||
* | base url is now sigsum/v0 | Linus Nordberg | 2021-09-14 | 1 | -3/+3 |
| | |||||
* | adapted README.md to use sigsum terminology | Rasmus Dahlberg | 2021-06-24 | 1 | -1/+2 |
| | |||||
* | added BSD 2-Clause License | Rasmus Dahlberg | 2021-06-24 | 1 | -18/+19 |
| | |||||
* | fixed copyright | Rasmus Dahlberg | 2021-06-23 | 1 | -1/+1 |
| | |||||
* | add README and LICENSEv0.1.0 | Linus Nordberg | 2021-06-16 | 2 | -0/+34 |
| | |||||
* | rename files signed_tree_head and signing_key | Linus Nordberg | 2021-06-16 | 1 | -7/+5 |
| | | | | | | | | | | | NOTE: BREAKING COMPATIBILITY with old filenames To keep a config working after applying this change, do mv signed_tree_head signed-tree-head mv signing_key signing-key in the config directory. | ||||
* | be explicit when we return None | Linus Nordberg | 2021-06-16 | 1 | -0/+1 |
| | |||||
* | don't fetch consistency proof when tree hasn't grown | Linus Nordberg | 2021-06-16 | 1 | -1/+7 |
| | |||||
* | use @properties in TreeHead | Linus Nordberg | 2021-06-16 | 1 | -38/+50 |
| | |||||
* | refactoring log history validation | Linus Nordberg | 2021-06-16 | 1 | -63/+63 |
| | |||||
* | fix --base-dir | Linus Nordberg | 2021-06-16 | 1 | -10/+10 |
| | |||||
* | validate tree heads harder | Linus Nordberg | 2021-06-16 | 1 | -6/+37 |
| | | | | | | | | Disallow time travel, tree shrinkage, new tree hash for same sized tree, new tree size with same tree hash. Consider an STH seen iff all three attributes -- timestamp, size, hash -- are identical. | ||||
* | a too old or too new tree head is not an error | Linus Nordberg | 2021-06-16 | 1 | -4/+5 |
| | | | | | | | | | | We return !0 for critical errors that need human intervention. Let's consider a stale log and a log with a bad clock an intermittent and non critical error for now. We might want to change requirements on logs to separate freshness from clock skew. We should reconsider the severeness of those errors if that change happens. | ||||
* | don't sign a tree head that's too old or too far in the future | Linus Nordberg | 2021-06-15 | 1 | -12/+26 |
| | |||||
* | be less permissive of --bootstrap-log | Linus Nordberg | 2021-06-15 | 1 | -0/+4 |
| | | | | | | | | | | | The rationale behind not allowing --bootstrap-log and --generate-signing-key when they don't make any difference is that it should be impossible to use them in scripts that run multiple times since they're meant for manual "bootstrapping" procedures. Another reason is that they require user intervention but not until specific conditions arise (tree head missing, keyfile missing) which may happen only "after some time". Failing early is helpful. | ||||
* | don't generate signing key just like that | Linus Nordberg | 2021-06-15 | 1 | -17/+44 |
| | | | | | | | | | Given the importance of sane entropy and other operational security issues, it makes sense to require --generate-signing-key and user intervention to generate signing keys. For automated tests and deployment, a key can be pre-generated by other means. | ||||
* | handle empty response | Linus Nordberg | 2021-06-15 | 1 | -1/+2 |
| | |||||
* | readability: more explanatory variable names | Linus Nordberg | 2021-06-03 | 1 | -18/+18 |
| | |||||
* | remove spurious assignment | Linus Nordberg | 2021-06-03 | 1 | -1/+0 |
| | |||||
* | readability | Linus Nordberg | 2021-06-03 | 1 | -1/+2 |
| | |||||
* | get the logic for --bootstrap-log right | Linus Nordberg | 2021-06-03 | 1 | -57/+93 |
| | |||||
* | error handling cleaned up a bit | Linus Nordberg | 2021-06-03 | 1 | -70/+98 |
| | | | | | Also, create base_dir in time, if it doesn't exist. Also also, set permission on base_dir when creating it. | ||||
* | disallow the short form for --bootstrap-log | Linus Nordberg | 2021-06-03 | 1 | -1/+1 |
| | | | | | Since it's devastating to the value of the signature to not require a consistency proof, make it less likely that it's done inadvertently. | ||||
* | exit with error if uploading the signature fails | Linus Nordberg | 2021-06-03 | 1 | -13/+15 |
| | | | | | | Also, make the code that is doing hex encoding in ASCII more readable by splitting up hashing and signing on the one side and hex encoding and converting bytes to ASCII on the other. | ||||
* | implement witness | Linus Nordberg | 2021-06-02 | 1 | -0/+341 |
First stab, rough edges, unstable interfaces, will break things, you don't want to use it. |