aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ci: Add missing dependency gitmainRasmus Dahlberg2025-10-051-1/+1
|
* ci: Add missing -y in apt installRasmus Dahlberg2025-10-051-1/+1
|
* monitor: Retry get-sth and proof fetchingRasmus Dahlberg2025-10-051-3/+80
| | | | | Should ensure we don't get into a position where we always fail to get 3x queries that succeed in a row when trying to persist chunks.
* metrics: Add human-meaningful log_name labelRasmus Dahlberg2025-05-116-34/+95
| | | | | | | Use log metadata description if available, otherwise fall back on log URL without the https:// suffix. Keeping log_id for now at least - seems useful for scripts.
* cmd/silentct-mon: Remove log list mention from usageRasmus Dahlberg2025-03-021-3/+0
| | | | Part of #21, thanks vexelnet!
* Document log list in READMERasmus Dahlberg2025-03-021-0/+13
| | | | | | | This was only documented in the lengthier design doc before, and the option of doing "remove_logs" and "static_logs" had not been documented. Part of #21, thanks vexelnet!
* cmd/silentct-mon: Clarify -m optionRasmus Dahlberg2025-03-021-1/+2
| | | | Part of #21, thanks vexelnet!
* prometheus: Refine based on input from anarcatRasmus Dahlberg2025-01-188-172/+220
| | | | https://gitlab.torproject.org/tpo/tpa/team/-/issues/40677
* fix: Ensure rate-limits are on for get-entriesRasmus Dahlberg2025-01-063-2/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backoff on 4XX and 5XX. See related issue: https://github.com/google/certificate-transparency-go/issues/898 Test manually hints: ``` $ cat srv.py from http.server import HTTPServer, BaseHTTPRequestHandler class RequestHandler(BaseHTTPRequestHandler): def do_GET(self): self.send_response(429) self.send_header("Content-Type", "text/plain") self.end_headers() self.wfile.write(b"429 something something...") def do_POST(self): self.do_GET() def do_PUT(self): self.do_GET() def do_DELETE(self): self.do_GET() if __name__ == "__main__": server_address = ('localhost', 9090) httpd = HTTPServer(server_address, RequestHandler) print("Server running on http://localhost:9090") httpd.serve_forever() ``` And a transport for http.Client that redirects to localhost: ``` type statusRR struct { inner http.RoundTripper } func (s *statusRR) RoundTrip(req *http.Request) (*http.Response, error) { if strings.Contains(req.URL.Path, "ct/v1/get-entries") { req.URL.Scheme = "http" req.URL.Host = "localhost:9090" } rsp, err := s.inner.RoundTrip(req) return rsp, err } ```
* fix: Ensure backoff for get-sth and proof fetchingRasmus Dahlberg2025-01-051-1/+6
| | | | Our get-entries fetcher already backs-off exponentially.
* fix: Ensure fresh STHs are propagatedRasmus Dahlberg2025-01-051-0/+20
|
* fix: Don't accept timestamps that shrinkRasmus Dahlberg2025-01-051-0/+3
|
* fix: Ensure chunks are sent eventually and on exitRasmus Dahlberg2025-01-052-18/+42
|
* fix: Use correct loggerRasmus Dahlberg2025-01-041-2/+1
|
* docs: Add issue-tracker email addressRasmus Dahlberg2025-01-042-4/+11
|
* Commit parsed certificate as ASCII instead of DERRasmus Dahlberg2025-01-042-3/+4
| | | | | Because openssl wasn't able to parse DER precertificates. And now the user can just view the file rather than fiddling with openssl.
* refactor: Remove redundancy in silentct-checkRasmus Dahlberg2025-01-041-23/+11
|
* prometheus: Add silentct_need_restartRasmus Dahlberg2025-01-044-1/+34
|
* docs: Start documentation on prometheus metricsRasmus Dahlberg2025-01-041-0/+56
|
* prometheus: Add drafty error counterRasmus Dahlberg2025-01-042-1/+16
| | | | Needs tuning, too noisy right now.
* fix: Always run alertJob() on manager startupRasmus Dahlberg2025-01-041-0/+3
| | | | Ensures we alert asap if we have something to alert for.
* prometheus: Add basic metrics for alertingRasmus Dahlberg2025-01-049-1/+238
| | | | | - Detect if we're falling behind while downloading - Detect if there are any found certificates alerting
* ci: Use go verison 1.23Rasmus Dahlberg2025-01-032-3/+1
| | | | | Unfortunately larger than what's in Debian backports, but it appears that github.com/google/certificate-transparency-go requires it.
* chore: Bump github.com/google/certificate-transparency-go to v1.3.0Rasmus Dahlberg2025-01-032-34/+30
| | | | | go get github.com/google/certificate-transparency-go@v1.3.0 go mod tidy
* chore: Bump gitlab.torproject.org/rgdd/ct to v0.0.0Rasmus Dahlberg2025-01-032-3/+3
| | | | | go get gitlab.torproject.org/rgdd/ct@v0.0.0 go mod tidy
* chore: Bump golang.org/x/crypto to v0.3.1Rasmus Dahlberg2025-01-032-10/+10
| | | | | go get golang.org/x/crypto@v0.31.0 go mod tidy
* chore: Tidy go.mod and go.sumRasmus Dahlberg2025-01-032-7/+13
| | | | go mod tidy
* test: Add basic smoke testRasmus Dahlberg2025-01-032-0/+98
|
* Ensure alertJob() runs on the clockRasmus Dahlberg2025-01-031-0/+7
| | | | | Currently it only runs if there are monitor/feedback events. Which is probably fine for the most part, but will be a bit more robust.
* Cleaner notice message on certificate mis-issuanceRasmus Dahlberg2025-01-031-1/+1
|
* Store parsed DER certificates for matching entriesRasmus Dahlberg2025-01-031-2/+5
| | | | | | For convenience. For example, now one can debug issues like this: openssl x509 -inform DER -in /path/to/crt.der -text -noout
* chore: Bump go version to 1.22Rasmus Dahlberg2025-01-032-2/+2
| | | | The Debian-backports version.
* Reference Andrew Ayer's related workRasmus Dahlberg2024-11-011-0/+16
| | | | Closes #2.
* Add drafty NEWS-file entryRasmus Dahlberg2024-11-011-0/+4
|
* Say a few words about beta tags and releasesRasmus Dahlberg2024-11-012-1/+30
|
* Add contact emailRasmus Dahlberg2024-11-011-0/+1
|
* authors: Add Filippo ValsordaRasmus Dahlberg2024-11-011-0/+1
| | | | | Filippo doesn't have a git-commit in this repository yet. That said, he has been an integral part of the silentct design-work. Thank you!
* Improve terminology and documentationRasmus Dahlberg2024-06-028-133/+133
|
* chore: Remove dash in project nameRasmus Dahlberg2024-06-0222-56/+56
| | | | To be consistent with naming of the tools in cmd/.
* build: Install is a separate invocation of makeRasmus Dahlberg2024-05-301-3/+2
|
* Only bootstrap a compact range once per logRasmus Dahlberg2024-05-266-76/+229
| | | | | | | | | | | | | | | As opposed to doing a new bootstrap with get-proof-by-hash every time the next root is constructed. Bootstrapping the compact range from a get-proof-by-hash query works for the most part, but fails if the log included a duplicate entry and gives us the index for that instead. Log operators with duplicate entries include Cloudflare and Digicert. If bootstrap fails (unlucky), we try to bootstrap again once the log's signed tree head moved forward (hoping the last entry has no duplicate). The more reliable way to bootstrap a compact range would be to use the get-entry-and-proof endpoint. This does not work in practise because some logs are not implementing this endpoint. Digicert has such logs.
* chore: Add transparency-dev/merkleRasmus Dahlberg2024-05-262-0/+3
|
* Use "silentct" instead of "silent-ct" in exampleRasmus Dahlberg2024-05-191-2/+2
|
* Sort options in lexicographical orderRasmus Dahlberg2024-05-191-17/+17
|
* Add force flagRasmus Dahlberg2024-05-191-1/+4
| | | | Currently only overrides the number of workers.
* Free up -f so that it can be used for forceRasmus Dahlberg2024-05-192-12/+13
|
* fix: Add loop in feedback's RunForeverRasmus Dahlberg2024-05-171-5/+7
| | | | This fixes the issue of the monitor stopping after the second pull.
* Set /usr/local as default prefixRasmus Dahlberg2024-05-172-2/+2
|
* Don't encourage building with root privilegesRasmus Dahlberg2024-05-172-1/+5
|
* Add man pages and installer MakefileRasmus Dahlberg2024-05-1615-62/+198
| | | | | | Includes renaming of the tools, part one of trying to simplify terminology and letting go of "node" and "moon". Improving the terminology was suggested by Martin H a while back, thank you.