ctlog

package
v0.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2025 License: ISC Imports: 53 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrLogExists = errors.New("checkpoint already exist, refusing to initialize log")
View Source 
var ErrLogNotFound = errors.New("log not found")

Functions

func CreateLog 

func CreateLog(ctx context.Context, config *Config) error

Types

type Backend 

type Backend interface {
	// Upload writes the value for a key. Upload is expected to retry transient
	// errors, and only return an error for unrecoverable errors. When Upload
	// returns, the object must be fully persisted. opts may be nil.
	Upload(ctx context.Context, key string, data []byte, opts *UploadOptions) error

	// Fetch returns the value for a key.
	Fetch(ctx context.Context, key string) ([]byte, error)

	// Discard suggests to the backend that the key can be deleted.
	Discard(ctx context.Context, key string) error

	// Metrics returns the metrics to register for this log. The metrics should
	// not be shared by any other logs.
	Metrics() []prometheus.Collector
}

Backend is an object storage. It is dedicated to a single log instance.

It can be eventually consistent, but writes must be durable once they return.

The Upload and Fetch methods must be usable concurrently.

type Config 

type Config struct {
	Name       string
	Key        *ecdsa.PrivateKey
	WitnessKey ed25519.PrivateKey
	PoolSize   int
	Cache      string

	Backend Backend
	Lock    LockBackend
	Log     *slog.Logger

	NotAfterStart time.Time
	NotAfterLimit time.Time
}

type DynamoDBBackend 

type DynamoDBBackend struct {
	// contains filtered or unexported fields
}

func NewDynamoDBBackend 

func NewDynamoDBBackend(ctx context.Context, region, table, endpoint string, l *slog.Logger) (*DynamoDBBackend, error)

func (*DynamoDBBackend) Create 

func (b *DynamoDBBackend) Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error

func (*DynamoDBBackend) Fetch 

func (b *DynamoDBBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)

func (*DynamoDBBackend) Metrics 

func (b *DynamoDBBackend) Metrics() []prometheus.Collector

func (*DynamoDBBackend) Replace 

func (b *DynamoDBBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)

type ETagBackend added in v0.3.0 

type ETagBackend struct {
	// contains filtered or unexported fields
}

func NewETagBackend added in v0.3.0 

func NewETagBackend(ctx context.Context, region, bucket, endpoint string, l *slog.Logger) (*ETagBackend, error)

func (*ETagBackend) Create added in v0.3.0 

func (b *ETagBackend) Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error

func (*ETagBackend) Fetch added in v0.3.0 

func (b *ETagBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)

func (*ETagBackend) Metrics added in v0.3.0 

func (b *ETagBackend) Metrics() []prometheus.Collector

func (*ETagBackend) Replace added in v0.3.0 

func (b *ETagBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)

type LocalBackend added in v0.4.0 

type LocalBackend struct {
	// contains filtered or unexported fields
}

func NewLocalBackend added in v0.4.0 

func NewLocalBackend(ctx context.Context, dir string, l *slog.Logger) (*LocalBackend, error)

func (*LocalBackend) Discard added in v0.4.0 

func (s *LocalBackend) Discard(ctx context.Context, key string) error

func (*LocalBackend) Fetch added in v0.4.0 

func (s *LocalBackend) Fetch(ctx context.Context, key string) ([]byte, error)

func (*LocalBackend) Metrics added in v0.4.0 

func (s *LocalBackend) Metrics() []prometheus.Collector

func (*LocalBackend) Upload added in v0.4.0 

func (s *LocalBackend) Upload(ctx context.Context, key string, data []byte, opts *UploadOptions) (err error)

type LockBackend 

type LockBackend interface {
	// Fetch obtains the current checkpoint for a given log, as well as the data
	// necessary to perform a compare-and-swap operation.
	//
	// It must return [ErrLogNotFound] if the log doesn't exist.
	Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)

	// Replace uploads a new checkpoint, atomically checking that the old
	// checkpoint is the provided one, and returning the new one. Replace is
	// expected to retry transient errors, and only return an error for
	// unrecoverable errors (such as a conflict).
	Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)

	// Create uploads a new checkpoint, atomically checking that none exist for
	// the log yet.
	Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error
}

A LockBackend is a database that supports compare-and-swap operations.

The behavior of calls with the same logID must be serializable and have read-after-write consistency, even across processes and restarts, and write operations must be durable once they return. Calls with different logID values don't need to be consistent.

It is shared across multiple Log instances, and is used only to store the latest checkpoint before making it publicly available.

All its methods must be usable concurrently.

type LockedCheckpoint 

type LockedCheckpoint interface {
	Bytes() []byte
}

A LockedCheckpoint is a checkpoint, along with the backend-specific information necessary to perform a compare-and-swap operation.

type Log 

type Log struct {
	// contains filtered or unexported fields
}

func LoadLog 

func LoadLog(ctx context.Context, config *Config) (*Log, error)

func (*Log) CloseCache 

func (l *Log) CloseCache() error

func (*Log) Handler 

func (l *Log) Handler() http.Handler

func (*Log) Metrics 

func (l *Log) Metrics() []prometheus.Collector

func (*Log) RootsPEM added in v0.5.0 

func (l *Log) RootsPEM() []byte

func (*Log) RunSequencer 

func (l *Log) RunSequencer(ctx context.Context, period time.Duration) (err error)

func (*Log) SetRootsFromPEM added in v0.5.0 

func (l *Log) SetRootsFromPEM(ctx context.Context, pemBytes []byte) error

type PendingLogEntry added in v0.3.0 

type PendingLogEntry struct {
	Certificate    []byte
	IsPrecert      bool
	IssuerKeyHash  [32]byte
	Issuers        [][]byte
	PreCertificate []byte
}

PendingLogEntry is a subset of sunlight.LogEntry that was not yet sequenced, so doesn't have an index or timestamp.

type S3Backend 

type S3Backend struct {
	// contains filtered or unexported fields
}

func NewS3Backend 

func NewS3Backend(ctx context.Context, region, bucket, endpoint, keyPrefix string, l *slog.Logger) (*S3Backend, error)

func (*S3Backend) Discard added in v0.4.0 

func (s *S3Backend) Discard(ctx context.Context, key string) error

func (*S3Backend) Fetch 

func (s *S3Backend) Fetch(ctx context.Context, key string) ([]byte, error)

func (*S3Backend) Metrics 

func (s *S3Backend) Metrics() []prometheus.Collector

func (*S3Backend) Upload 

func (s *S3Backend) Upload(ctx context.Context, key string, data []byte, opts *UploadOptions) error

type SQLiteBackend added in v0.3.0 

type SQLiteBackend struct {
	// contains filtered or unexported fields
}

func NewSQLiteBackend added in v0.3.0 

func NewSQLiteBackend(ctx context.Context, path string, l *slog.Logger) (*SQLiteBackend, error)

func (*SQLiteBackend) Create added in v0.3.0 

func (b *SQLiteBackend) Create(ctx context.Context, logID [sha256.Size]byte, new []byte) error

func (*SQLiteBackend) Fetch added in v0.3.0 

func (b *SQLiteBackend) Fetch(ctx context.Context, logID [sha256.Size]byte) (LockedCheckpoint, error)

func (*SQLiteBackend) Metrics added in v0.3.0 

func (b *SQLiteBackend) Metrics() []prometheus.Collector

func (*SQLiteBackend) Replace added in v0.3.0 

func (b *SQLiteBackend) Replace(ctx context.Context, old LockedCheckpoint, new []byte) (LockedCheckpoint, error)

type UploadOptions added in v0.2.1 

type UploadOptions struct {
	// ContentType is the MIME type of the data. If empty, defaults to
	// "application/octet-stream".
	ContentType string

	// Compressed is true if the data is compressed with gzip.
	Compressed bool

	// Immutable is true if the data is never changed after being uploaded.
	// Note that the same value may still be re-uploaded, and must succeed.
	// [Backend.Discard] can still be used on immutable entries.
	Immutable bool
}

UploadOptions are used as part of the Backend.Upload method, and are marshaled to JSON and stored in the staging bundles.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.