Skip to content

Comments

Refactor createtree command#788

Merged
RJPercival merged 4 commits intogoogle:masterfrom
RJPercival:cmd_createtree_refactor
Aug 11, 2017
Merged

Refactor createtree command#788
RJPercival merged 4 commits intogoogle:masterfrom
RJPercival:cmd_createtree_refactor

Conversation

@RJPercival
Copy link
Contributor

@RJPercival RJPercival commented Aug 10, 2017

This simplifies PR #734, which requires putting the PKCS#11 flag used by createtree behind a build tag.

@RJPercival RJPercival self-assigned this Aug 10, 2017
@RJPercival RJPercival force-pushed the cmd_createtree_refactor branch from e3ec3ab to 389f383 Compare August 10, 2017 15:13
@RJPercival RJPercival mentioned this pull request Aug 10, 2017
Merged
@codingllama codingllama self-requested a review August 10, 2017 15:21
codingllama
codingllama approved these changes Aug 10, 2017
View reviewed changes
cmd/createtree/main_test.go Outdated
TreeType: trillian.TreeType_LOG,
HashStrategy: trillian.HashStrategy_RFC6962_SHA256,
HashAlgorithm: sigpb.DigitallySigned_SHA256,
SignatureAlgorithm: sigpb.DigitallySigned_RSA,
Copy link
Contributor

@codingllama codingllama Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: default to ECDSA? Isn't that what the cool kids use? ;)

Ps: don't forget about nonDefaultTree below.

Copy link
Contributor Author

@RJPercival RJPercival Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that ECDSA should be the default, but is it reasonable to change the default given that this flag has existed for a while? It could surprise some people if they're currently assuming that they'll get RSA trees if they don't provide this flag.

Copy link
Contributor

@codingllama codingllama Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we would like to do it, better now than later. I expect that, if you care about the key type, you'll state it explicitly.

It's only a suggestion, though. Don't worry too much about it.

Copy link
Contributor Author

@RJPercival RJPercival Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

cmd/createtree/pem_test.go Outdated
pemPath, pemPassword := "../../testdata/log-rpc-server.privkey.pem", "towel"

wantTree := *defaultTree
keyProto, err := ptypes.MarshalAny(&keyspb.PEMKeyFile{
Copy link
Contributor

@codingllama codingllama Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: wantTree.PrivateKey = mustMarshalAny(...)

Copy link
Contributor Author

@RJPercival RJPercival Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

cmd/createtree/pem_test.go Outdated
if err != nil {
t.Fatalf("MarshalAny(PrivateKey): %v", err)
}
wantTree.PrivateKey = keyProto
Copy link
Contributor

@codingllama codingllama Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto (mustMarshalAny).

So on for other tests.

Copy link
Contributor Author

@RJPercival RJPercival Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

util/flagsaver/flagsaver_test.go Outdated
import (
"testing"
"time"

Copy link
Contributor

@codingllama codingllama Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Remove blank line and gofmt.

Copy link
Contributor Author

@RJPercival RJPercival Aug 10, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

RJPercival pushed a commit to RJPercival/trillian that referenced this pull request Aug 10, 2017
Change createtree's default signature algorithm from RSA to ECDSA
027c264 
As requested by
google#788 (comment).
Rob Percival added 2 commits August 11, 2017 12:53
Add flagsaver package
16f72af 
This makes it easy to save and restore flag values, e.g. during a test.
See https://github.com/gflags/gflags/blob/652651b421ca5ac7b722a34a301fb656deca5198/src/gflags.h.in#L251
for prior art (a C++ implementation in GFlags).
Refactor cmd/createtree to use flags directly
2d8b534 
The createOpts struct makes it difficult to have some flags/features
behind build tags. This change also breaks out the key-format-specific
test cases into their own files, so that they can be placed behind a
build tag if necessary (e.g. to remove the PKCS#11 dependency).
@RJPercival RJPercival force-pushed the cmd_createtree_refactor branch from 027c264 to d22dc8f Compare August 11, 2017 11:54
RJPercival pushed a commit to RJPercival/trillian that referenced this pull request Aug 11, 2017
Change createtree's default signature algorithm from RSA to ECDSA
d22dc8f 
As requested by
google#788 (comment).
@RJPercival RJPercival force-pushed the cmd_createtree_refactor branch from d22dc8f to 26f59cf Compare August 11, 2017 12:32
@RJPercival RJPercival merged commit 7931f3d into google:master Aug 11, 2017
@RJPercival RJPercival deleted the cmd_createtree_refactor branch August 11, 2017 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@codingllama codingllama codingllama approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@RJPercival RJPercival

Labels

cla: yes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RJPercival @codingllama @googlebot