The canonical location for this project is now: https://github.com/google/trillian-examples/tree/master/sumdbaudit
The clone tool downloads all entries from the Go SumDB into a local SQLite database, and verifies that the downloaded data matches the log commitment.
The following command will download all entries and store them in the database file provided:
go run ./cli/clone/clone.go -db ~/sum.dbThe number of leaves downloaded can be queried:
sqlite3 ~/sum.db 'SELECT COUNT(*) FROM leaves;'And the tile hashes at different levels inspected:
sqlite3 ~/sum.db 'SELECT level, COUNT(*) FROM tiles GROUP BY level;'And the processed leaf data can be inspected to ensure that the same module+version does not appear twice:
sqlite3 ~/sum.db 'SELECT module, version, COUNT(*) cnt FROM leafMetadata GROUP BY module, version HAVING cnt > 1;'- This only downloads complete tiles, which means that at any point there could be up to 255 leaves missing from the database. These stragglers should be stored if the root hash checks out.
- The verified Checkpoint should be stored locally.
- Parse the downloaded data to key by module & version, and check no module & version appears twice in the log.