| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The rationale behind not allowing --bootstrap-log and
--generate-signing-key when they don't make any difference is that it
should be impossible to use them in scripts that run multiple times
since they're meant for manual "bootstrapping" procedures.
Another reason is that they require user intervention but not until
specific conditions arise (tree head missing, keyfile missing) which
may happen only "after some time". Failing early is helpful.
|
| |
|
|
|
|
|
|
|
| |
Given the importance of sane entropy and other operational security
issues, it makes sense to require --generate-signing-key and user
intervention to generate signing keys.
For automated tests and deployment, a key can be pre-generated by
other means.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also, create base_dir in time, if it doesn't exist.
Also also, set permission on base_dir when creating it.
|
| |
|
|
|
| |
Since it's devastating to the value of the signature to not require a
consistency proof, make it less likely that it's done inadvertently.
|
| |
|
|
|
|
| |
Also, make the code that is doing hex encoding in ASCII more readable
by splitting up hashing and signing on the one side and hex encoding
and converting bytes to ASCII on the other.
|
|
|
First stab, rough edges, unstable interfaces, will break things, you
don't want to use it.
|
