Releases: google/trillian
GetLeavesByRange. 403 Permission Errors. Signer Metrics.
A new log server RPC API has been added to get leaves in a range. This is a more natural fit for CT type applications as it more closely follows the CT HTTP API.
The server now returns 403 for permission denied where it used to return 500 errors. This follows the behaviour of the C++ implementation.
The log signer binary now reports metrics for the number it has signed and the number of errors that have occurred. This is intended to give more insight into the state of the queue and integration processing.
TLS, Merge Delay Metrics, Easier Admin Tests
The API protos have been rebuilt with gRPC 1.3.
Timestamps have been added to the log leaves in the MySQL database. Before upgrading to this version you must make the following schema changes:
-
Add the following column to the
LeafData
table. If you have existing data in the queue you might have to remove the NOT NULL clause:QueueTimestampNanos BIGINT NOT NULL
-
Add the following column to the
SequencedLeafData
table:IntegrateTimestampNanos BIGINT NOT NULL
The above timestamps are used to export metrics via monitoring that give the merge delay for each tree that is in use. This is a good metric to use for alerting on.
The Log and Map RPC servers now support TLS.
AdminServer tests have been improved.
Fix election issue. Large vendor updates.
An issue has been fixed where the master for a log could resign from the election while it was in the process of integrating a batch of leaves. We do not believe this could cause any issues with data integrity because of the versioned tree storage.
This release includes a large number of vendor commits merged to catch up with etcd 3.2.10 and gRPC v1.3.
Auth API. Interceptor fixes. Request validation + More
An authorization API has been added to the interceptors. This is intended for future development and integration.
Issues where the interceptor would not time out on PutTokens
have been fixed. This should make the quota system more robust.
A bug has been fixed where the interceptor did not pass the context deadline through to other requests it made. This would cause some failing requests to do so after longer than the deadline with a misleading reason in the log. It did not cause request failures if they would otherwise succeed.
Metalinter has been added and the code has been cleaned up where appropriate.
Docker and Kubernetes scripts have been available and images are now built with Go 1.9.
Sqlite has been introduced for unit tests where possible. Note that it is not multi threaded and cannot support all our testing scenarios. We still require MySQL for integration tests. Please note that Sqlite must not be used for production deployments as RPC servers are multi threaded database clients.
The Log RPC server now applies tighter validation to request parameters than before. It's possible that some requests will be rejected. This should not affect valid requests.
The admin server will only create trees for the log type it is hosted in. For example the admin server running in the Log server will not create Map trees. This may be reviewed in future as applications can legitimately use both tree types.
TreeGC, Go 1.9, Update Private Keys.
Go 1.9 is required.
It is now possible to update private keys via the admin API and this was added to the available field masks. The key storage format has not changed so we believe this change is transparent.
Deleted trees are now garbage collected after an interval. This hard deletes them and they cannot be recovered. Be aware of this before upgrading if you have any that are in a soft deleted state.
The Admin RPC API has been extended to allow trees to be undeleted - up to the point where they are hard deleted as set out above.
Batched Queue Option Added
Apart from fixes this release includes the option for a batched queue. This has been reported to allow faster sequencing but is not enabled by default.
If you want to switch to this you must build the code with the --tags batched_queue
option. You must then also apply a schema change if you are running with a previous version of the database. Add the following column to the Unsequenced
table:
QueueID VARBINARY(32) DEFAULT NULL
If you don't plan to switch to the batched_queue
mode then you don't need to make the above change.
First Log version we believe was ready for use. To support CT.
Quota metrics published. Quota admin api + server implemented. Improvements to local / AWS deployment. Map fixes and further development. ECDSA key handling improvements. Key factory improvements. Code coverage added. Quota integration test added. Etcd quota support in log and map connected up. Incompatibility with C++ code fixed where consistency proof requests for first == second == 0 were rejected.
etcd based Quotas. PKCS#11 Support. CONIKS hasher.
Monitoring fixes split log / map hashers and add CONIKS hasher. Algorithm / cipher related changes. Sign map roots in server now. Add a hasher registry. Quota fixes and etcd based implementation. Add PKCS#11 signer. Refactor to add a MapEnv similar to LogEnv.
Monitoring. Key / Multi Node fixes.
Monitoring APIs and Prometheus implementation. Log and map servers instrumented. Fixes for KT development. Improvements to key management and some admin things. Add root signing at intervals back to the log server code.
Split CT to separate Repo. Rate Limiting. Docker.
All CT related code has moved to a new repo https://github.com/google/certificate-transparency.go.
Add quota APIs and rate limiting via a time based quota system. Add Dockerfiles. Lots more fixes and development.