Tutorial walking through tree growth

phbnf · phbnf · commit d5ca4d85a06c · 2024-01-16T11:50:02.000Z
diff --git a/codelab.md b/codelab.md
@@ -0,0 +1,334 @@
+# Codelab
+
+This codelab will walk you trough all the steps required to build a Tiled tree.
+
+The Tiled tree will be stored on disk using the layout described in the [layout
+directory](api/layout/README.md). Its checkpoint uses the [checkpoint format](https://github.com/transparency-dev/formats/blob/main/log/README.md#checkpoint-format).
+
+## Prelimiary setup
+
+The command-line tools in thi repository can generate tile based logs from leaf
+data stored on your file system. Each file will correspond to a single leaf in
+the tree.
+
+Before we start, let's define a few environment variables:
+
+```bash
+export DATA_DIR="/tmp/myfiles"  # where we'll store input data for the tree
+export LOG_DIR="/tmp/mylog"  # where the tree will be stored
+export LOG_ORIGIN="My Log"  # the origin of the log used by the Checkpoint format
+```
+
+Checkpoints are signed, and we need a public/private key pair for this.
+
+Use the `generate_keys` command with `--key_name`, a name
+for the signing entity. You can output the public and private keys to files using
+`--out_pub` path and filename for the public key,
+`--out_priv` path and filename for the private key
+and stdout, private key, then public key, over 2 lines, using `--print`
+
+```bash
+go run ./cmd/generate_keys --key_name=astra --out_pub=key.pub --out_priv=key
+```
+
+### Creating a new log
+
+To create a new log state directory, use the `integrate` command with the `--initialise`
+flag, and either passing key files or with environment variables set:
+
+```bash
+go run ./cmd/integrate --initialise --storage_dir="${LOG_DIR}" --logtostderr --public_key=key.pub --private_key=key --origin="${LOG_ORIGIN}"
+```
+
+After running this command, the log state directory looks like this:
+
+```
+$ tree /tmp/mylog/
+/tmp/mylog/
+├── checkpoint
+├── leaves
+│   └── pending
+├── seq
+└── tile
+
+5 directories, 1 file
+```
+
+See the [layout](api/layout/README.md) documentation for an explanation of what each directory is for.
+
+Let's look at the checkpoint content:
+
+```
+$ cat /tmp/mylog/checkpoint
+My Log
+0
+47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
+
+— astra PlUh/n54e2dSIKi6kHjea5emrGnmC7lJVDgnIfWGIJmgFqp22k0UlnUk97L2ViqrFm986NwV+wJYGnrtRPJTBV0GrA0=
+```
+
+- `My Log` is the origin from above.
+- `0` is the number of leaves in the tree, which currently is 0
+- `47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=` is the [hash of an empty slice of bytes](https://go.dev/play/p/imi_2TM6DyI), since the log is empty.
+- The last line is a signature over this data, using the astra private key we've generated above
+
+
+### Creating log content
+Now let's add some leaves to the log.
+
+Firt, we generate the input data with:
+```bash
+$ mkdir $DATA_DIR
+$ for i in $(seq 0 3); do x=$(printf "%03d" $i); echo "leaf_data_$x" > /tmp/files/leaf_$x; done;
+```
+
+To add the contents of some files to a log, use the `sequence` command with the
+`--entries` flag set to a filename glob of files to add and either passing the public key
+file or with the environment variable set:
+
+```bash
+$ go run ./cmd/sequence --storage_dir="${LOG_DIR}" --entries '/tmp/files/*'  --public_key=key.pub --origin="${LOG_ORIGIN}"
+I1221 13:16:23.940255  923589 main.go:131] 0: /tmp/files/leaf_000
+I1221 13:16:23.940806  923589 main.go:131] 1: /tmp/files/leaf_001
+I1221 13:16:23.941218  923589 main.go:131] 2: /tmp/files/leaf_002
+I1221 13:16:23.941673  923589 main.go:131] 3: /tmp/files/leaf_003
+```
+
+The `sequence` commands stores data in the log directory using convenient
+formats. The `leaves` directory contains the leaf index of each leaf hash.
+Let's take the leaf at index `0`, which happens to contain `leaf_data_0`.
+This tree uses RFC6962's default hasher, where `leaf_hash = sha256(0x + leaf_data)`.
+`8592d6f366d9d1297f44034d649b68afcee74050aa7a55c769130b2f07ecc65d`, the path for
+the leaf at index 0 with forward slashes removed is the [hexadecimal representation
+of this hash](https://go.dev/play/p/POnCQ7IXayk).
+
+```
+$ grep -RH '^' /tmp/mylog/
+/tmp/mylog/checkpoint:My Log
+/tmp/mylog/checkpoint:0
+/tmp/mylog/checkpoint:47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
+/tmp/mylog/checkpoint:
+/tmp/mylog/checkpoint:— astra h5lA3N6MJnmnD1dPLqxeoWbbPAc0XPKuqomvSZPiVNLkdJmPDvF+7BkMIr4KBynVgo/ipGbNijHxdbvTZ4zKVXbyLwU=
+/tmp/mylog/leaves/6c/b0/b1/a3c33114cec1d940b9a6c48b55fb2c73f6efcfd53aeef2644681c9b70a:2
+/tmp/mylog/leaves/b8/71/4f/045c7d5d0201b06004e6939d944a981605c5fcfa5d3353a3084303d4ad:1
+/tmp/mylog/leaves/85/92/d6/f366d9d1297f44034d649b68afcee74050aa7a55c769130b2f07ecc65d:0
+/tmp/mylog/leaves/e0/7c/75/881e1ec1bcad5e45c5cc3d8e2c83cda817a48324514309267ee32ef115:3
+/tmp/mylog/seq/00/00/00/00/02:leaf_data_002
+/tmp/mylog/seq/00/00/00/00/00:leaf_data_000
+/tmp/mylog/seq/00/00/00/00/01:leaf_data_001
+/tmp/mylog/seq/00/00/00/00/03:leaf_data_003
+```
+
+Note that at this point, no internal node of the tree has been computed, and neither
+has the checkpoint been updated. Leaves have only been assigned with a position
+in the log.
+
+Attempting to re-sequence the same file contents will result in the `sequence`
+tool telling you that you're trying to add duplicate entries, along with their
+originally assigned sequence numbers:
+
+```bash
+$ go run ./cmd/sequence --storage_dir="${LOG_DIR}" --entries '/tmp/files/*'  --public_key=key.pub --origin="${LOG_ORIGIN}"
+I1221 13:18:59.735244  924268 main.go:131] 0: /tmp/files/leaf_000 (dupe)
+I1221 13:18:59.735362  924268 main.go:131] 1: /tmp/files/leaf_001 (dupe)
+I1221 13:18:59.735406  924268 main.go:131] 2: /tmp/files/leaf_002 (dupe)
+I1221 13:18:59.735447  924268 main.go:131] 3: /tmp/files/leaf_003 (dupe)
+```
+
+### Integrating sequenced entries
+
+We still need to update the rest of the tree structure to integrate these new entries.
+We use the `integrate` tool for that, again either passing key files or with the
+environment variables set:
+
+```bash
+$ go run ./cmd/integrate  --storage_dir="${LOG_DIR}"  --public_key=key.pub --private_key=key --origin="${LOG_ORIGIN}"
+I1221 13:19:20.190193  924589 integrate.go:94] Loaded state with roothash
+I1221 13:19:20.190432  924589 integrate.go:132] New log state: size 0x4 hash: 0c2e71ac054d92d58b0efd3013d0df235245331f0c0e828bab62a8fe62460c7f
+```
+
+This output says that the integration was successful, and we now have a new log
+tree state which contains `0x08` entries, and has the printed log root hash.
+
+Let's look at the contents of the tree directory:
+
+```bash
+$ grep -RH '^' /tmp/mylog/
+/tmp/mylog/tile/00/0000/00/00/00.04:32
+/tmp/mylog/tile/00/0000/00/00/00.04:4
+/tmp/mylog/tile/00/0000/00/00/00.04:hZLW82bZ0Sl/RANNZJtor87nQFCqelXHaRMLLwfsxl0=
+/tmp/mylog/tile/00/0000/00/00/00.04:McF1R3nScwEJFHQpESACDl9SOdg9uTRLVZaDHzLckI0=
+/tmp/mylog/tile/00/0000/00/00/00.04:uHFPBFx9XQIBsGAE5pOdlEqYFgXF/PpdM1OjCEMD1K0=
+/tmp/mylog/tile/00/0000/00/00/00.04:DC5xrAVNktWLDv0wE9DfI1JFMx8MDoKLq2Ko/mJGDH8=
+/tmp/mylog/tile/00/0000/00/00/00.04:bLCxo8MxFM7B2UC5psSLVfssc/bvz9U67vJkRoHJtwo=
+/tmp/mylog/tile/00/0000/00/00/00.04:jNfnGF6uHUDupKFIaPW/QjZnPkINVKkVYc7cBakvPy4=
+/tmp/mylog/tile/00/0000/00/00/00.04:4Hx1iB4ewbytXkXFzD2OLIPNqBekgyRRQwkmfuMu8RU=
+/tmp/mylog/checkpoint:My Log
+/tmp/mylog/checkpoint:4
+/tmp/mylog/checkpoint:DC5xrAVNktWLDv0wE9DfI1JFMx8MDoKLq2Ko/mJGDH8=
+/tmp/mylog/checkpoint:
+/tmp/mylog/checkpoint:— astra h5lA3GOB547TCfoNMEXxENGJVWmpG6Ynk8C6Oaef5gaFotSVLX9isWdvjnhBek94Is9yVPzIvjQTADF/dk2MhHXiCAY=
+/tmp/mylog/leaves/6c/b0/b1/a3c33114cec1d940b9a6c48b55fb2c73f6efcfd53aeef2644681c9b70a:2
+/tmp/mylog/leaves/b8/71/4f/045c7d5d0201b06004e6939d944a981605c5fcfa5d3353a3084303d4ad:1
+/tmp/mylog/leaves/85/92/d6/f366d9d1297f44034d649b68afcee74050aa7a55c769130b2f07ecc65d:0
+/tmp/mylog/leaves/e0/7c/75/881e1ec1bcad5e45c5cc3d8e2c83cda817a48324514309267ee32ef115:3
+/tmp/mylog/seq/00/00/00/00/02:leaf_data_002
+/tmp/mylog/seq/00/00/00/00/00:leaf_data_000
+/tmp/mylog/seq/00/00/00/00/01:leaf_data_001
+/tmp/mylog/seq/00/00/00/00/03:leaf_data_003
+```
+
+The tile directory has been populated with a file, and the checkpoint has been updated.
+The `leaves/` and `seq/` directories have not changed.
+
+Each tile can store a maximum of 256 leaf hashes. Since we only have 4 for now, they
+fit in a single file. Since it's the first tile of the tree, [its path is 00/0000/00/00/00](api/layout#tile)
+Until the tile is filed with 256 leaves, the tile is "partial",
+that's what the `00.04` notation means: tile `00/0000/00/00/00.04` is the partial
+`00/0000/00/00/00` tile with 4 leaf hashes.
+
+Let's look at each line in the files:
+ - `32` that's the number of bytes used for hashes
+ - `4` the number of leaf hashes in this tile
+ - series of hashes representing the leaf hashes of the tile, and the compact range they
+ cover
+
+```
+              b
+             / \
+            /   \
+           /     \
+          a       c
+         / \     / \
+       h0  h1   h2  h3
+       |   |    |   |
+       0   1    2   3
+
+```
+
+We can spot the [leaves and internal node hashes](https://go.dev/play/p/6guNHqpr388) in the infix tree-traversal order.
+
+```bash
+$ cat /tmp/mylog/tile/00/0000/00/00/00.04
+32
+4
+hZLW82bZ0Sl/RANNZJtor87nQFCqelXHaRMLLwfsxl0= <-- h0 = sha256(0x0 + leaf_data_0)
+McF1R3nScwEJFHQpESACDl9SOdg9uTRLVZaDHzLckI0= <-- a = sha256(0x1 + h0 + h1)
+uHFPBFx9XQIBsGAE5pOdlEqYFgXF/PpdM1OjCEMD1K0= <-- h1 = sha256(0x0 + leaf_data_1)
+DC5xrAVNktWLDv0wE9DfI1JFMx8MDoKLq2Ko/mJGDH8= <-- b = sha256(0x1 + a + c)
+bLCxo8MxFM7B2UC5psSLVfssc/bvz9U67vJkRoHJtwo= <-- h2 = sha256(0x0 + leaf_data_2)
+jNfnGF6uHUDupKFIaPW/QjZnPkINVKkVYc7cBakvPy4= <-- c = sha(0x1 + h2 + h3)
+4Hx1iB4ewbytXkXFzD2OLIPNqBekgyRRQwkmfuMu8RU= <-- h3 = sha256(0x0 + leaf_data_3)
+```
+
+### Adding one more leaf
+```bash
+$ echo "leaf_data_004" > /tmp/files/leaf_004
+
+$ go run ./cmd/sequence --storage_dir="${LOG_DIR}" --entries '/tmp/files/leaf_004'  --public_key=key.pub --origin="${LOG_ORIGIN}"
+I1221 13:23:43.956356  926120 main.go:131] 4: /tmp/files/leaf_004
+
+$ go run ./cmd/integrate  --storage_dir="${LOG_DIR}"  --public_key=key.pub --private_key=key --origin="${LOG_ORIGIN}"
+I1221 13:24:11.168864  926446 integrate.go:94] Loaded state with roothash 0c2e71ac054d92d58b0efd3013d0df235245331f0c0e828bab62a8fe62460c7f
+I1221 13:24:11.169036  926446 integrate.go:132] New log state: size 0x5 hash: 1b26238e581181883c3f51827c58fe9c9e8a4d39383cbbabaabe0662b3c11496
+```
+
+This adds matchin files in `seq`, `leaves`, and updates the checkcpoint, as expected.
+A new tile is availble under `00/0000/00/00/00/00.05`:
+
+```bash
+$ tree /tmp/mylog/tile
+└── 00
+    └── 0000
+        └── 00
+            └── 00
+                ├── 00.04
+                └── 00.05
+
+5 directories, 2 files
+```
+
+Notice that the old tile, `00.04` has not been deleted.
+
+Here's the diff between the two leaves:
+
+```bash
+$ diff /tmp/mylog/tile/00/0000/00/00/00.04 /tmp/mylog/tile/00/0000/00/00/00.05
+2c2
+< 4
+---
+> 5
+9a10,11
+>
+> 6KUzDe4gX/0rZTZCgfgBtaIGOBkOQz4duxjTT+NeM5w=
+```
+
+The number of leaves `4` has been updated to `5`, and a new leaf node hash has appeared.
+Note that even though the tree has changed shape to include this new leaf, no internal
+node was added to the tile. That's because tiles only store non-emphemeral node, and in this
+case, all the new interanl nodes are ephemeral: they will change when new leaves are added to
+the tree.
+
+### Filling up the tile
+Let's fill up the tile, with 256 entries:
+
+```bash
+$ for i in $(seq 5 255); do x=$(printf "%03d" $i); echo "leaf_data_$x" > /tmp/files/leaf_$x; done;
+
+$ go run ./cmd/sequence --storage_dir="${LOG_DIR}" --entries '/tmp/files/*'  --public_key=key.pub --origin="${LOG_ORIGIN}"
+I1221 13:26:19.752225  927458 main.go:131] 0: /tmp/files/leaf_000 (dupe)
+I1221 13:26:19.752350  927458 main.go:131] 1: /tmp/files/leaf_001 (dupe)
+I1221 13:26:19.752398  927458 main.go:131] 2: /tmp/files/leaf_002 (dupe)
+I1221 13:26:19.752442  927458 main.go:131] 3: /tmp/files/leaf_003 (dupe)
+I1221 13:26:19.752499  927458 main.go:131] 4: /tmp/files/leaf_004 (dupe)
+I1221 13:26:19.752859  927458 main.go:131] 5: /tmp/files/leaf_005
+I1221 13:26:19.753301  927458 main.go:131] 6: /tmp/files/leaf_006
+...
+
+$ go run ./cmd/integrate  --storage_dir="${LOG_DIR}"  --public_key=key.pub --private_key=key --origin="${LOG_ORIGIN}"
+I1221 13:26:22.243568  927696 integrate.go:94] Loaded state with roothash 1b26238e581181883c3f51827c58fe9c9e8a4d39383cbbabaabe0662b3c11496
+I1221 13:26:22.250694  927696 integrate.go:132] New log state: size 0x100 hash: dc0d01251026e7138412adf1009ef9ed0fc55e2b9a954438b5762deb8e8519c5
+```
+
+You can check that the `seq` and `leaves` have been updated with new entries, and so has the checkpoint.
+
+The `tile` directory now looks like this:
+
+```bash
+$ tree /tmp/mylog/tile
+/tmp/mylog/tile
+├── 00
+│   └── 0000
+│       └── 00
+│           └── 00
+│               ├── 00
+│               ├── 00.04 -> /tmp/mylog/tile/00/0000/00/00/00
+│               └── 00.05 -> /tmp/mylog/tile/00/0000/00/00/00
+└── 01
+    └── 0000
+        └── 00
+            └── 00
+                └── 00.01
+
+9 directories, 4 files
+```
+
+Since the `00/0000/00/00/00` tile is now full, its partial version have been deleted, and now
+point to the full tile.
+
+A new tile has also appeared, one stratum above. `01/0000/00/00/00.01`. It contains a single
+node, which is the current root node of the tree. To avoid storing duplicate hashes, this
+top level node of the `00/0000/00/00/00` tile has been stripped, and you'll find an
+empty line in this file:
+```
+$ cat /tmp/mylog/tile/00/0000/00/00/00
+...
+ZkeKg5PJFHO3e+TRuTVf4QL7tk9C9NCBkR82ipcsUxw=
+iTG/pTVoZUjBJTfXcdNv2oJjxLQRKUqMOC6zVZoBznk=
+R0G/vzOBrC0IdaP092TEzFn4ksrZB77kIlcAK11J7aw=
+
+SIeXDZcyctFVLLjX3BqTs4SirwpzCezE6yZRq9OIKHw=
+O876VfSKWrJ5MOQrmnO0jVgqs+vonzE/iC1t681gnAA=
+YDrvejyQgwwCB0u+vwiVml4eRbc5CSaJ0rWsieOtRb4=
+...
+```
