witness

module

v0.0.0-...-41c2726 Latest Latest Go to latest Published: Jan 20, 2025 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/transparency-dev/witness

README ¶

Witness

Overview

This repository contains libraries and binaries for running witnesses. A witness verifies that logs are evolving in an append-only manner and counter-signs checkpoints that represent an append-only evolution from any previously witnessed checkpoints. These witnessed checkpoints can be consumed by clients that want protection against split-views.

Users wishing to run this should start with the OmniWitness.

API

The witness is an HTTP service that stores checkpoints it has seen from different verifiable logs in a sqlite database. This is a very lightweight way to help detect or even prevent split-view attacks.

The witness provides three API endpoints (as defined in api/http.go):

/witness/v0/logs returns a list of all logs for which the witness is currently storing a checkpoint.
/witness/v0/logs/<logid>/update acts to update the checkpoint stored for logid.
/witness/v0/logs/<logid>/checkpoint returns the latest checkpoint for logid, signed by the witness.

Running the witness

Most users wanting to run a witness will simply deploy the OmniWitness, which is preconfigured to witness all known logs using the checkpoint format.

Support

Mailing list: https://groups.google.com/forum/#!forum/trillian-transparency

Slack: https://transparency-dev.slack.com/ (invitation)

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
api Package api provides the API endpoints for the witness.	Package api provides the API endpoints for the witness.
client
http Package http is a simple client for interacting with witnesses over HTTP.	Package http is a simple client for interacting with witnesses over HTTP.
cmd
feedbastion feedbastion is a one-shot tool for submitting checkpoints from known logs to witnesses behind bastions.	feedbastion is a one-shot tool for submitting checkpoints from known logs to witnesses behind bastions.
loadtest loadtest is an executable that connects to a witness and determines how many updates it can handle before it is unable to maintain a given latency.	loadtest is an executable that connects to a witness and determines how many updates it can handle before it is unable to maintain a given latency.
omniwitness omniwitness is a single executable that runs all of the feeders and witness in a single process.	omniwitness is a single executable that runs all of the feeders and witness in a single process.
internal
client Package client contains a basic client for the SumDB log.	Package client contains a basic client for the SumDB log.
config Package config provides the descriptor structs and example configs for the different entities.	Package config provides the descriptor structs and example configs for the different entities.
distribute/rest Package rest provides support for pushing witnessed checkpoints to a RESTful API.	Package rest provides support for pushing witnessed checkpoints to a RESTful API.
feeder Package feeder provides support for building witness feeder implementations.	Package feeder provides support for building witness feeder implementations.
feeder/bastion Package bastion is an implementation of a witness feeder which talks to a bastion server.	Package bastion is an implementation of a witness feeder which talks to a bastion server.
feeder/pixelbt Package pixelbt is an implementation of a witness feeder for the Pixel BT log.	Package pixelbt is an implementation of a witness feeder for the Pixel BT log.
feeder/rekor Package rekor is an implementation of a witness feeder for the Sigstore log: Rekór.	Package rekor is an implementation of a witness feeder for the Sigstore log: Rekór.
feeder/serverless Package serverless is an implementation of a witness feeder for serverless logs.	Package serverless is an implementation of a witness feeder for serverless logs.
feeder/sumdb Package sumdb implements a feeder for the Go SumDB log.	Package sumdb implements a feeder for the Go SumDB log.
feeder/tiles Package tiles is an implementation of a witness feeder for C2SP tlog-tiles compatible logs.	Package tiles is an implementation of a witness feeder for C2SP tlog-tiles compatible logs.
http Package http contains private implementation details for the witness server.	Package http contains private implementation details for the witness server.
persistence Package persistence defines interfaces and tests for storing log state.	Package persistence defines interfaces and tests for storing log state.
persistence/inmemory Package inmemory provides a persistence implementation that lives only in memory.	Package inmemory provides a persistence implementation that lives only in memory.
persistence/sql Package sql provides log state persistence backed by a SQL database.	Package sql provides log state persistence backed by a SQL database.
persistence/testonly
witness Package witness is designed to make sure the checkpoints of verifiable logs are consistent and store/serve/sign them if so.	Package witness is designed to make sure the checkpoints of verifiable logs are consistent and store/serve/sign them if so.
monitoring Package monitoring contains interfaces and bindings for collecting metrics about behaviour of the witness.	Package monitoring contains interfaces and bindings for collecting metrics about behaviour of the witness.
prometheus Package prometheus contains bindings to prometheus for the interfaces in the parent monitoring package.	Package prometheus contains bindings to prometheus for the interfaces in the parent monitoring package.
omniwitness Package omniwitness provides a single Main file that runs the omniwitness.	Package omniwitness provides a single Main file that runs the omniwitness.