Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
SDP--PKI-CyberSec-/SDP_Logger_Scripts/ctfe_setup.sh
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
41 lines (33 sloc)
1.75 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Made to automate logger setup outlined here: | |
# https://github.com/google/certificate-transparency-go/blob/master/trillian/docs/ManualDeployment.md#ctfe-start-up | |
# # 1. LOGGER KEYPAIR (SKIPPING CURRENTLY TO USE INTEGRATION TEST KEYS (in keys.cfg)) | |
# # I couldn't figure out how to get .pem keys into the form neccessary for them to be included in the .cfg file. | |
# Builds the logger's keypair (Skipped for now, as we are using the hex-encoded der-format keys below.) | |
# openssl ecparam -name prime256v1 > privkey.pem | |
# openssl ecparam -in privkey.pem -genkey -noout >> privkey.pem | |
# openssl ec -in privkey.pem -pubout -out pubkey.pem | |
# openssl ec -in privkey.pem -noout -text | |
# # 2. BUILDING NECCESSARY EXECUTABLES | |
# Build CTFE locally into this directory | |
go build -o ./ct_server ../trillian/ctfe/ct_server/main.go; | |
# OR Build CTFE from the repo. | |
# go build -o ./ct_server github.com/google/certificate-transparency-go/trillian/ctfe | |
# Generates a new tree in Trillian for our logger. Assumes the logger is running locally and the RPC port is 8090 (The default) | |
go build github.com/google/trillian/cmd/createtree/ | |
ID=$(./createtree -admin_server localhost:8090) | |
# # 3. Creating CA root cert files | |
# Gets Mozilla's default CA root certs. | |
# Currently, it seems like this might not contain _all_ the certs that google's logger uses. | |
# Though we have access to google's certs. | |
curl https://curl.se/ca/cacert.pem >> cacert.pem | |
# # 4. Config file creation. | |
# Write the following to a file: | |
echo "config { | |
log_id: $ID | |
prefix: \"sdp\" | |
roots_pem_file: \"$PWD/cacert.pem\"" > sdp_config.cfg | |
cat keys.cfg >> sdp_config.cfg | |
echo "max_merge_delay_sec: 86400 | |
expected_merge_delay_sec: 120 # Note: 120s is unrealistically fast for a real log, but OK for testing. | |
}" >> sdp_config.cfg |