Rename many things to TesseraCT (#268)

* rename top level package to tesseract

# Conflicts:
#	cmd/aws/main.go
#	cmd/gcp/main.go

# Conflicts:
#	doc.go

# Conflicts:
#	cmd/aws/main.go
#	cmd/gcp/main.go

# Conflicts:
#	cmd/gcp/main.go

* rename sctfe to tesseract in docker

* edit comments

* s/scti/tcti

* rename imports in binaries

* dedup

* s/tcti/ct

* remove package renames

* more renames

Author: phbnf

README.md

@@ -1,4 +1,4 @@
-# SCTFE
+# TesseraCT
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/transparency-dev/static-ct)](https://goreportcard.com/report/github.com/transparency-dev/static-ct)
 [![Slack Status](https://img.shields.io/badge/Slack-Chat-blue.svg)](https://transparency-dev.slack.com/)
@@ -11,7 +11,7 @@ to store data. It is based on
 It is under active development.
 
 ## Deployment
-Each Tessera storage backend needs its own SCTFE binary.
+Each Tessera storage backend needs its own TesseraCT binary.
 
 At the moment, these storage backends are supported:
 

cmd/aws/Dockerfile

@@ -15,11 +15,11 @@ RUN go mod download
 COPY . .
 
 # Build the application
-RUN go build -o bin/sctfe-aws ./cmd/aws
+RUN go build -o bin/tesseract-aws ./cmd/aws
 
 # Build release image
 FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 
-COPY --from=builder /build/bin/sctfe-aws /bin/sctfe-aws
+COPY --from=builder /build/bin/tesseract-aws /bin/tesseract-aws
 
-ENTRYPOINT ["/bin/sctfe-aws"]
+ENTRYPOINT ["/bin/tesseract-aws"]

cmd/aws/ci/Dockerfile

@@ -1,12 +1,12 @@
-FROM sctfe-aws:latest AS base
+FROM tesseract-aws:latest AS base
 
 # Build release image
 FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 
 # Copy the hammer test root CA certificate into the container
 COPY ./internal/hammer/testdata/test_root_ca_cert.pem /bin/
 
-# Copy the sctfe-aws binary
-COPY --from=base /bin/sctfe-aws /bin/
+# Copy the tesseract-aws binary
+COPY --from=base /bin/tesseract-aws /bin/
 
-ENTRYPOINT ["/bin/sctfe-aws"]
+ENTRYPOINT ["/bin/tesseract-aws"]

cmd/aws/main.go

@@ -28,12 +28,12 @@ import (
 	"time"
 
 	"github.com/go-sql-driver/mysql"
-	sctfe "github.com/transparency-dev/static-ct"
+	tesseract "github.com/transparency-dev/static-ct"
 	"github.com/transparency-dev/static-ct/storage"
-	awsSCTFE "github.com/transparency-dev/static-ct/storage/aws"
+	"github.com/transparency-dev/static-ct/storage/aws"
 	"github.com/transparency-dev/static-ct/storage/bbolt"
 	tessera "github.com/transparency-dev/trillian-tessera"
-	awsTessera "github.com/transparency-dev/trillian-tessera/storage/aws"
+	taws "github.com/transparency-dev/trillian-tessera/storage/aws"
 	"golang.org/x/mod/sumdb/note"
 	"k8s.io/klog/v2"
 )
@@ -81,7 +81,7 @@ func main() {
 		klog.Exitf("Can't create AWS Secrets Manager signer: %v", err)
 	}
 
-	chainValidationConfig := sctfe.ChainValidationConfig{
+	chainValidationConfig := tesseract.ChainValidationConfig{
 		RootsPEMFile:     *rootsPemFile,
 		RejectExpired:    *rejectExpired,
 		RejectUnexpired:  *rejectUnexpired,
@@ -91,7 +91,7 @@ func main() {
 		NotAfterLimit:    notAfterLimit.t,
 	}
 
-	logHandler, err := sctfe.NewLogHandler(ctx, *origin, signer, chainValidationConfig, newAWSStorage, *httpDeadline, *maskInternalErrors)
+	logHandler, err := tesseract.NewLogHandler(ctx, *origin, signer, chainValidationConfig, newAWSStorage, *httpDeadline, *maskInternalErrors)
 	if err != nil {
 		klog.Exitf("Can't initialize CT HTTP Server: %v", err)
 	}
@@ -143,7 +143,7 @@ func awaitSignal(doneFn func()) {
 
 func newAWSStorage(ctx context.Context, signer note.Signer) (*storage.CTStorage, error) {
 	awsCfg := storageConfigFromFlags()
-	driver, err := awsTessera.New(ctx, awsCfg)
+	driver, err := taws.New(ctx, awsCfg)
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize AWS Tessera storage driver: %v", err)
 	}
@@ -154,7 +154,7 @@ func newAWSStorage(ctx context.Context, signer note.Signer) (*storage.CTStorage,
 		return nil, fmt.Errorf("failed to initialize AWS Tessera storage: %v", err)
 	}
 
-	issuerStorage, err := awsSCTFE.NewIssuerStorage(ctx, *bucket, "fingerprints/", "application/pkix-cert")
+	issuerStorage, err := aws.NewIssuerStorage(ctx, *bucket, "fingerprints/", "application/pkix-cert")
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize AWS issuer storage: %v", err)
 	}
@@ -192,7 +192,7 @@ func (t *timestampFlag) Set(w string) error {
 
 // storageConfigFromFlags returns an aws.Config struct populated with values
 // provided via flags.
-func storageConfigFromFlags() awsTessera.Config {
+func storageConfigFromFlags() taws.Config {
 	if *bucket == "" {
 		klog.Exit("--bucket must be set")
 	}
@@ -223,7 +223,7 @@ func storageConfigFromFlags() awsTessera.Config {
 		AllowNativePasswords:    true,
 	}
 
-	return awsTessera.Config{
+	return taws.Config{
 		Bucket:       *bucket,
 		DSN:          c.FormatDSN(),
 		MaxOpenConns: *dbMaxConns,

cmd/gcp/Dockerfile

@@ -15,11 +15,11 @@ RUN go mod download
 COPY . .
 
 # Build the application
-RUN go build -o bin/sctfe-gcp ./cmd/gcp
+RUN go build -o bin/tesseract-gcp ./cmd/gcp
 
 # Build release image
 FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 
-COPY --from=builder /build/bin/sctfe-gcp /bin/sctfe-gcp
+COPY --from=builder /build/bin/tesseract-gcp /bin/tesseract-gcp
 
-ENTRYPOINT ["/bin/sctfe-gcp"]
+ENTRYPOINT ["/bin/tesseract-gcp"]

cmd/gcp/ci/Dockerfile

@@ -1,12 +1,12 @@
-FROM sctfe-gcp:latest AS base
+FROM tesseract-gcp:latest AS base
 
 # Build release image
 FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 
 # Copy the hammer test root CA certificate into the container
 COPY ./internal/hammer/testdata/test_root_ca_cert.pem /bin/
 
-# Copy the sctfe-gcp binary
-COPY --from=base /bin/sctfe-gcp /bin/
+# Copy the tesseract-gcp binary
+COPY --from=base /bin/tesseract-gcp /bin/
 
-ENTRYPOINT ["/bin/sctfe-gcp"]
+ENTRYPOINT ["/bin/tesseract-gcp"]

cmd/gcp/main.go

@@ -28,11 +28,11 @@ import (
 	"syscall"
 	"time"
 
-	sctfe "github.com/transparency-dev/static-ct"
+	tesseract "github.com/transparency-dev/static-ct"
 	"github.com/transparency-dev/static-ct/storage"
-	gcpSCTFE "github.com/transparency-dev/static-ct/storage/gcp"
+	"github.com/transparency-dev/static-ct/storage/gcp"
 	tessera "github.com/transparency-dev/trillian-tessera"
-	gcpTessera "github.com/transparency-dev/trillian-tessera/storage/gcp"
+	tgcp "github.com/transparency-dev/trillian-tessera/storage/gcp"
 	"golang.org/x/mod/sumdb/note"
 	"k8s.io/klog/v2"
 )
@@ -78,7 +78,7 @@ func main() {
 		klog.Exitf("Can't create secret manager signer: %v", err)
 	}
 
-	chainValidationConfig := sctfe.ChainValidationConfig{
+	chainValidationConfig := tesseract.ChainValidationConfig{
 		RootsPEMFile:     *rootsPemFile,
 		RejectExpired:    *rejectExpired,
 		RejectUnexpired:  *rejectUnexpired,
@@ -88,7 +88,7 @@ func main() {
 		NotAfterLimit:    notAfterLimit.t,
 	}
 
-	logHandler, err := sctfe.NewLogHandler(ctx, *origin, signer, chainValidationConfig, newGCPStorage, *httpDeadline, *maskInternalErrors)
+	logHandler, err := tesseract.NewLogHandler(ctx, *origin, signer, chainValidationConfig, newGCPStorage, *httpDeadline, *maskInternalErrors)
 	if err != nil {
 		klog.Exitf("Can't initialize CT HTTP Server: %v", err)
 	}
@@ -147,12 +147,12 @@ func newGCPStorage(ctx context.Context, signer note.Signer) (*storage.CTStorage,
 		return nil, errors.New("missing spannerDB")
 	}
 
-	gcpCfg := gcpTessera.Config{
+	gcpCfg := tgcp.Config{
 		Bucket:  *bucket,
 		Spanner: *spannerDB,
 	}
 
-	driver, err := gcpTessera.New(ctx, gcpCfg)
+	driver, err := tgcp.New(ctx, gcpCfg)
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize GCP Tessera storage driver: %v", err)
 	}
@@ -168,12 +168,12 @@ func newGCPStorage(ctx context.Context, signer note.Signer) (*storage.CTStorage,
 		return nil, fmt.Errorf("failed to initialize GCP Tessera appender: %v", err)
 	}
 
-	issuerStorage, err := gcpSCTFE.NewIssuerStorage(ctx, *bucket, "fingerprints/", "application/pkix-cert")
+	issuerStorage, err := gcp.NewIssuerStorage(ctx, *bucket, "fingerprints/", "application/pkix-cert")
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize GCP issuer storage: %v", err)
 	}
 
-	beDedupStorage, err := gcpSCTFE.NewDedupeStorage(ctx, *spannerDedupDB)
+	beDedupStorage, err := gcp.NewDedupeStorage(ctx, *spannerDedupDB)
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize GCP Spanner deduplication database: %v", err)
 	}

cmd/gcp/staging/Dockerfile

@@ -1,4 +1,4 @@
-FROM sctfe-gcp:latest AS base
+FROM tesseract-gcp:latest AS base
 
 # Build release image
 FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
@@ -7,7 +7,7 @@ FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff45
 # TODO(phbnf): use a better name without test, right now this is what works with main.tf
 COPY ./deployment/live/gcp/static-ct-staging/logs/arche2025h1/roots.pem /bin/test_root_ca_cert.pem
 
-# Copy the sctfe-gcp binary
-COPY --from=base /bin/sctfe-gcp /bin/
+# Copy the tesseract-gcp binary
+COPY --from=base /bin/tesseract-gcp /bin/
 
-ENTRYPOINT ["/bin/sctfe-gcp"]
+ENTRYPOINT ["/bin/tesseract-gcp"]

ctlog.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package sctfe
+package tesseract
 
 import (
 	"context"
@@ -25,7 +25,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/transparency-dev/static-ct/internal/scti"
+	"github.com/transparency-dev/static-ct/internal/ct"
 	"github.com/transparency-dev/static-ct/internal/x509util"
 	"github.com/transparency-dev/static-ct/storage"
 )
@@ -40,7 +40,7 @@ type ChainValidationConfig struct {
 	// checked against the current time during the validation of submissions.
 	// This will cause expired certificates to be rejected.
 	RejectExpired bool
-	// RejectUnexpired controls if the SCTFE rejects certificates that are
+	// RejectUnexpired controls if TesseraCT rejects certificates that are
 	// either currently valid or not yet valid.
 	// TODO(phboneff): evaluate whether we need to keep this one.
 	RejectUnexpired bool
@@ -62,7 +62,7 @@ type ChainValidationConfig struct {
 	NotAfterLimit *time.Time
 }
 
-// systemTimeSource implments scti.TimeSource.
+// systemTimeSource implements ct.TimeSource.
 type systemTimeSource struct{}
 
 // Now returns the true current local time.
@@ -74,7 +74,7 @@ var sysTimeSource = systemTimeSource{}
 
 // newChainValidator checks that a chain validation config is valid,
 // parses it, and loads resources to validate chains.
-func newChainValidator(cfg ChainValidationConfig) (scti.ChainValidator, error) {
+func newChainValidator(cfg ChainValidationConfig) (ct.ChainValidator, error) {
 	// Load the trusted roots.
 	if cfg.RootsPEMFile == "" {
 		return nil, errors.New("empty rootsPemFile")
@@ -98,7 +98,7 @@ func newChainValidator(cfg ChainValidationConfig) (scti.ChainValidator, error) {
 	// Filter which extended key usages are allowed.
 	if cfg.ExtKeyUsages != "" {
 		lExtKeyUsages := strings.Split(cfg.ExtKeyUsages, ",")
-		extKeyUsages, err = scti.ParseExtKeyUsages(lExtKeyUsages)
+		extKeyUsages, err = ct.ParseExtKeyUsages(lExtKeyUsages)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse ExtKeyUsages: %v", err)
 		}
@@ -108,13 +108,13 @@ func newChainValidator(cfg ChainValidationConfig) (scti.ChainValidator, error) {
 	// Filter which extensions are rejected.
 	if cfg.RejectExtensions != "" {
 		lRejectExtensions := strings.Split(cfg.RejectExtensions, ",")
-		rejectExtIds, err = scti.ParseOIDs(lRejectExtensions)
+		rejectExtIds, err = ct.ParseOIDs(lRejectExtensions)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse RejectExtensions: %v", err)
 		}
 	}
 
-	cv := scti.NewChainValidator(roots, cfg.RejectExpired, cfg.RejectUnexpired, cfg.NotAfterStart, cfg.NotAfterLimit, extKeyUsages, rejectExtIds)
+	cv := ct.NewChainValidator(roots, cfg.RejectExpired, cfg.RejectUnexpired, cfg.NotAfterStart, cfg.NotAfterLimit, extKeyUsages, rejectExtIds)
 	return &cv, nil
 }
 
@@ -126,19 +126,19 @@ func NewLogHandler(ctx context.Context, origin string, signer crypto.Signer, cfg
 	if err != nil {
 		return nil, fmt.Errorf("newCertValidationOpts(): %v", err)
 	}
-	log, err := scti.NewLog(ctx, origin, signer, cv, cs, sysTimeSource)
+	log, err := ct.NewLog(ctx, origin, signer, cv, cs, sysTimeSource)
 	if err != nil {
 		return nil, fmt.Errorf("newLog(): %v", err)
 	}
 
-	opts := &scti.HandlerOptions{
+	opts := &ct.HandlerOptions{
 		Deadline:           httpDeadline,
-		RequestLog:         &scti.DefaultRequestLog{},
+		RequestLog:         &ct.DefaultRequestLog{},
 		MaskInternalErrors: maskInternalErrors,
 		TimeSource:         sysTimeSource,
 	}
 
-	handlers := scti.NewPathHandlers(ctx, opts, log)
+	handlers := ct.NewPathHandlers(ctx, opts, log)
 	mux := http.NewServeMux()
 	// Register handlers for all the configured logs.
 	for path, handler := range handlers {

ctlog_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package sctfe
+package tesseract
 
 import (
 	"strings"

deployment/live/gcp/static-ct-staging/logs/arche2025h1/README.md

@@ -51,7 +51,7 @@ Build and push the Docker image to Artifact Registry repository:
 
 ```sh
 gcloud auth configure-docker ${GOOGLE_REGION}-docker.pkg.dev
-docker build -f ./cmd/gcp/Dockerfile -t sctfe-gcp:latest .
+docker build -f ./cmd/gcp/Dockerfile -t tesseract-gcp:latest .
 docker build -f ./cmd/gcp/staging/Dockerfile -t conformance-gcp:latest .
 docker tag conformance-gcp:latest ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging/conformance-gcp:latest
 docker push ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging/conformance-gcp

deployment/live/gcp/static-ct/logs/ci/README.md

@@ -40,7 +40,7 @@ Build and push the Docker image to Artifact Registry repository:
 
 ```sh
 gcloud auth configure-docker ${GOOGLE_REGION}-docker.pkg.dev
-docker build -f ./cmd/gcp/Dockerfile -t sctfe-gcp:latest .
+docker build -f ./cmd/gcp/Dockerfile -t tesseract-gcp:latest .
 docker build -f ./cmd/gcp/ci/Dockerfile -t conformance-gcp:latest .
 docker tag conformance-gcp:latest ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-ci/conformance-gcp:latest
 docker push ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-ci/conformance-gcp

internal/scti/chain_validation.go renamed to internal/ct/chain_validation.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package scti
+package ct
 
 import (
 	"bytes"

internal/scti/chain_validation_test.go renamed to internal/ct/chain_validation_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package scti
+package ct
 
 import (
 	"crypto/x509"

internal/scti/ctlog.go renamed to internal/ct/ctlog.go

@@ -1,4 +1,4 @@
-package scti
+package ct
 
 import (
 	"context"

internal/scti/ctlog_test.go renamed to internal/ct/ctlog_test.go

@@ -1,4 +1,4 @@
-package scti
+package ct
 
 import (
 	"context"

internal/scti/handlers.go renamed to internal/ct/handlers.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package scti
+package ct
 
 import (
 	"context"

internal/scti/handlers_test.go renamed to internal/ct/handlers_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package scti
+package ct
 
 import (
 	"bufio"