Ockam 0.70.0
This release introduces forwarders and tcp inlets/outlets that allow us to create end-to-end encrypted tunnels for our application traffic. With this topology we can even break through NATs.
Here's an example of these in action:
# Install Ockam
$ brew install build-trust/ockam/ockam
# Create an Ockam node that will relay end-to-end encrypted messages.
# This node must be reachable from our application service and client sidecars.
# Later we'll see how you can get this as a managed service in Ockam Orchestrator.
$ ockam node create cloud-private-relay
# --- APPLICATION SERVICE ----
# A target service, listening on a local ip and port,that we want accessible to
# clients through the cloud relay. We'll use a simple http server for our example.
$ python3 -m http.server --bind 127.0.0.1 5000
# Setup an Ockam node, next to our target service.
# Create a TCP outlet on the service sidecar to send raw Tcp traffic
# to the target service. Then create a forwading relay on the cloud node for it.
$ ockam node create service-sidecar
$ ockam tcp-outlet create --at /node/service-sidecar --from /service/outlet --to 127.0.0.1:5000
$ ockam forwarder create --at /node/cloud-private-relay --from /service/forwarder-to-service-sidecar --for /node/service-sidecar
# --- APPLICATION CLIENT ----
# Setup an Ockam node for use by an application client.
# Then create an end-to-end encrypted and mutually authenticated secure channel
# with the application service, through the cloud relay.
# Then tunnel tcp traffic from an local inlet through this end-to-end secure channel.
$ ockam node create client-sidecar
$ ockam secure-channel create --from /node/client-sidecar --to /node/cloud-private-relay/service/forwarder-to-service-sidecar/service/api \
| ockam tcp-inlet create --at /node/client-sidecar --from 127.0.0.1:7000 --to -/service/outlet
# Access the application service though our end-to-end encrypted relay
$ curl 127.0.0.1:7000Homebrew
To install this release using Homebrew:
brew install build-trust/ockam/ockamDocker
To use the Docker OCI package:
docker pull ghcr.io/build-trust/ockam:0.70.0Precompiled Binaries
# download ockam command binary for your architecture
curl --proto '=https' --tlsv1.2 -sSfL -O \
https://github.com/build-trust/ockam/releases/download/ockam_v0.70.0/ockam.x86_64-unknown-linux-gnu
# rename the download binary and give it permission to execure
mv ockam.x86_64-unknown-linux-gnu ockam
chmod u+x ockamVerify
# download sha256sums.txt
curl --proto '=https' --tlsv1.2 -sSfL -O \
https://github.com/build-trust/ockam/releases/download/ockam_v0.70.0/sha256sums.txt
# download sha256sums.txt.sig
curl --proto '=https' --tlsv1.2 -sSfL -O \
https://github.com/build-trust/ockam/releases/download/ockam_v0.70.0/sha256sums.txt.sig
# download our release public key
curl --proto '=https' --tlsv1.2 -sSfL -o ockam.pub \
https://raw.githubusercontent.com/build-trust/ockam/develop/tools/docker/cosign.pub
# verify signatures
cosign verify-blob --key ockam.pub --signature sha256sums.txt.sig sha256sums.txt
# download ockam command binary for your architecture
curl --proto '=https' --tlsv1.2 -sSfL -O \
https://github.com/build-trust/ockam/releases/download/ockam_v0.70.0/ockam.x86_64-unknown-linux-gnu
# verify that the sha256 hash of the downloaded binary is the same as
# the corresponding hash mentioned in sha256sums.txt
cat sha256sums.txt | grep ockam.x86_64-unknown-linux-gnu | sha256sum -c
# rename the download binary and give it permission to execure
mv ockam.x86_64-unknown-linux-gnu ockam
chmod u+x ockamTerraform
To install the Ockam Terraform Provider, copy and paste this code into your Terraform configuration. Then, run terraform init.
terraform {
required_providers {
ockam = {
source = "build-trust/ockam"
version = "0.70.0"
}
}
}
provider ockam {}
Rust Crates
To use Ockam as a Rust library, run the following command within your project directory:
cargo add ockam@0.70.0The following crates were published as part of this release:
ockam 0.70.0(Documentation, CHANGELOG)ockam_abac 0.4.0(Documentation, CHANGELOG)ockam_api 0.13.0(Documentation, CHANGELOG)ockam_channel 0.64.0(Documentation, CHANGELOG)ockam_command 0.70.0(Documentation, CHANGELOG)ockam_core 0.64.0(Documentation, CHANGELOG)ockam_examples 0.37.0(Documentation, CHANGELOG)ockam_executor 0.32.0(Documentation, CHANGELOG)ockam-ffi 0.56.0(Documentation, CHANGELOG)ockam_identity 0.58.0(Documentation, CHANGELOG)ockam_key_exchange_core 0.55.0(Documentation, CHANGELOG)ockam_key_exchange_x3dh 0.59.0(Documentation, CHANGELOG)ockam_key_exchange_xx 0.60.0(Documentation, CHANGELOG)ockam_macros 0.18.0(Documentation, CHANGELOG)ockam_multiaddr 0.4.0(Documentation, CHANGELOG)ockam_node 0.67.0(Documentation, CHANGELOG)ockam_transport_ble 0.25.0(Documentation, CHANGELOG)ockam_transport_core 0.37.0(Documentation, CHANGELOG)ockam_transport_tcp 0.65.0(Documentation, CHANGELOG)ockam_transport_udp 0.12.0(Documentation, CHANGELOG)ockam_transport_websocket 0.56.0(Documentation, CHANGELOG)ockam_vault 0.60.0(Documentation, CHANGELOG)