Releases: FiloSottile/sunlight
Sunlight v0.6.0
Names tiles
Sunlight now implements the names tiles Static CT extension.
The new Client.UnauthenticatedTrimmedEntries method automatically fetches names tiles if available, and falls back to full Static CT data tiles otherwise.
Client
ClientConfig.Cache now actually works. Thank you @jwcranford.
The library version is now included in the User-Agent.
Client.Issuer now checks the issuer hashes. Thank you @AGWA.
Client.CheckInclusion now returns an error wrapping ErrWrongLogID if the SCT is not issued by the configured log.
New since v0.5.0, ICYMI
sunlight.Client now has Checkpoint, CheckInclusion, Issuer, and Fetcher methods.
The prefix argument to NewClient has moved to ClientConfig.MonitoringPrefix.
Contributors
Assets 2
Sunlight v0.5.1
sunlight.Client now has Checkpoint and CheckInclusion methods.
The prefix argument to NewClient has moved to ClientConfig.MonitoringPrefix.
Sunlight v0.5.0
This release is focused on providing better documentation and usability for new log operators.
A number of config options were removed or deprecated.
Breaking changes
name, httphost, and httpprefix are now derived from submissionprefix and must match it if set.
They will be removed in a future release.
Seeds must now be exactly 32 bytes long, as suggested in #35.
(If any existing log uses longer seeds, please open an issue to revert this change.)
The CLI of sunlight-keygen has changed. It now generates the seed if not existing.
The homeredirect option of Skylight logs has moved to the global config, and is now optional.
Deprecations
seed was renamed to secret. The seed name is still supported but will be removed in a future release.
publickey was removed as redundant with the existing key consistency checks. See #38.
acme.email was removed.
New
Roots are now reloaded on SIGHUP.
If roots are not specified, they are now fetched automatically from CCADB.
The sequencing period is now configurable.
Sunlight now includes an experimental implementation of https://c2sp.org/tlog-witness.
Changed
ACME hosts now automatically include the hostname of submissionprefix (for Sunlight) or monitoringprefix (for Skylight).
The partial data tile rate limit was removed from Skylight following community feedback.
The Sunlight local directory is now created if it doesn't exist.
Sunlight v0.4.0
Breaking changes
LogConfig.PublicKey is now required.
New option LogConfig.MonitoringPrefix is required.
Config.ACME.Hosts and Config.Listen are now lists.
New
Local POSIX filesystem backend with durable filesystem operations.
Skylight, a read-path server for the local backend.
partial-aftersun, a cleanup tool to remove partial tiles from the local backend.
The /log.v3.json endpoint on both monitoring and submission prefixes lists the details of the log (with an MMD of 60 seconds).
Top 100 heavy-hitter User-Agent and IP tracking are available at /debug/heavyhitter/useragents and /debug/heavyhitter/ips on the localhost port.
SSLKEYLOGFILE logging can be started with at /debug/keylog/on and stopped with /debug/keylog/on on the localhost port. It stops automatically after 15 minutes.
A Static CT client is exposed as part of package sunlight.
LogConfig.HTTPHost allows hosting logs on different HTTP hosts.
The web page includes a link to download the public key in DER format, as required for Chrome CT Log submissions.
Changed
The sequencing timeout is now 15s, but non-fatal uploads (staging bundle and checkpoint) have a timeout of 1s.
The staging bundles path is now staging/1234-HASH instead of staging/x001/234/HASH. Always terminate Sunlight cleanly before upgrading. If a legacy staging bundle is present and recovery is attemped, Sunlight will fail closed.
Staging bundles are now marked immutable.
Debug logging is now controlled with /debug/logs/on and /debug/logs/off on the localhost port.
The seed must be at least 32 bytes.
Submission endpoints now have permissive CORS headers.
Various logging and documentation improvements.
The go.mod specifies Go 1.24.2.