Releases · sigstore/rekor

28 Dec 16:44

sigstore-bot

v0.4.0

e55259d

v0.4.0

Highlights

Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501)

Enhancements

Update the schema to match that of Trillian repo. The map specific (#528)
allow setting the user-agent string sent from the client (#521)
update key usage for ts cert (#504)
api/index/retrieve: allow searching on indicies with sha1 hashes (#499)
Only include Attestation data if attestation storage enabled (#494)
Fuzzing RequestFromRekor API (#488)
Included pprof for profiling the application. (#485)
refactor release and add signing (#483)
More verbose error message for redis connection failure (#479) (#480)
Fixed modtime for reproducible goreleaser (#473)
add goreleaser and cloudbuild for releases (#443)
Add dynamic JS tree size counter (#468)
check that entry UUID == leafHash of returned entry (#469)
chore: upgrade cosign version (#465)
Reproducible builds with trimpath (#464)
correct links, add Table of Contents of sorts (#449)
update go tuf for rsa key impl (#446)
Canonicalize JSON before inserting into trillian (#445)
Export search UUIDs field (#438)
Add a flag to start specifying log index ranges for virtual indices. (#435)
Cleanup some initialization/flag parsing in rekor-server. (#433)
Drop 404 errors down to a warning. (#426)
Cleanup the output of search (the text goes to stderr not stdout). (#421)
remove extradata field from types (#418)
Update usage of ./cmd/rekor-cli/ from rekor to rekor-cli (#417)
Add TUF type (#383)
Updates to INSTALLATION.md notes (#415)
Update snippets to use console type for snippets (#410)
version: add way to display a version when using go get or go install (#405)
Use an in memory timestamping key (#402)
Links are case sensitive (#401)
Installation guide (#400)
Add a SignedTimestampNote (#397)
Provide instructions on verifying releases (#399)
rekor-server: add html page when humans reach the server via the browser (#394)
use go modules to track tools (#395)

Bug Fixes

fix timestamp addition and unmarshal (#525)
Correct & parallelize tests (#522)
Fix fuzz go.sum issue (#509)
fix validation error (#503)
Correct Helm index keys (#474)
Fix a bug in x509 certificate handling. (#461)
Fix a conflict from parallel dependabot merges. (#456)
fix tuf metadata marshalling (#447)
Switch DSSE provider to go-securesystemslib (#442)
fix unmarshalling sth (#409)
Fix port flag override (#396)
makefile: small fix on the makefile for the rekor-server (#393)

Dependencies Updates

Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (#531)
Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (#530)
Bump the DSSE signing library. (#529)
Bump golang from 1.17.4 to 1.17.5 (#527)
Bump golang from 1.17.3 to 1.17.4 (#523)
Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#520)
Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (#517)
Bump github.com/secure-systems-lab/go-securesystemslib (#516)
Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#513)
Upgraded go-playground/validator module to v10 (#507)
Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (#495)
Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#510)
Bump the trillian import to v1.4.0. (#502)
Bump the trillian versions to v1.4.0 in our docker-compose setup. (#500)
update go.mod for go-fuzz (#496)
Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (#491)
Bump golang from 1.17.2 to 1.17.3 (#482)
Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (#478)
Bump actions/checkout from 2.3.5 to 2.4.0 (#477)
Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (#470)
bump go-swagger to v0.28.0 (#463)
Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (#459)
Bump actions/checkout from 2.3.4 to 2.3.5 (#458)
Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (#460)
Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (#451)
Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (#454)
Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (#453)
Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (#452)
Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (#450)
Bump golang from 1.17.1 to 1.17.2 (#448)
Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (#441)
Bump golang.org/x/mod from 0.5.0 to 0.5.1 (#440)
Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (#439)
Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (#437)
Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (#436)
Bump gocloud to v0.24.0. (#434)
Bump golang from 1.17.0 to 1.17.1 (#432)
Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#431)
Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (#429)
Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (#425)
Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (#423)
Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (#422)
Bump golang from 1.16.7 to 1.17.0 (#413)
Bump golang.org/x/mod from 0.4.2 to 0.5.0 (#412)
Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (#411)
Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (#408)
Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#407)
Bump golang from 1.16.6 to 1.16.7 (#403)
Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (#404)

Contributors

Aditya Sirish (@adityasaky)
Andrew Block (@sabre1041)
Asra Ali (@asraa)
Axel Simon (@axelsimon)
Batuhan Apaydın (@developer-guy)
Bob Callaway (@bobcallaway)
Carlos Panato (@cpanato)
Dan Lorenc (@dlorenc)
Dan Luhring (@luhring)
Harry Fallows (@harryfallows)
Hector Fernandez (@hectorj2f)
Jake Sanders (@dekkagaijin)
Jason Hall (@imjasonh)
Lily Sturmann (@lkatalin)
Luke Hinds (@lukehinds)
Marina Moore (@mnm678)
Mikhail Swift (@mikhailswift)
Naveen Srinivasan (@naveensrinivasan)
Robert James Hernandez (@sarcasticadmin)
Santiago Torres (@SantiagoTorres)
Tiziano Santoro (@tiziano88)
Trishank Karthik Kuppusamy (@trishankatdatadog)
Ville Aikas (@vaikas)
kpcyrd (@kpcyrd)

Images:

Rekor server: `gcr.i...

Contributors

naveensrinivasan, imjasonh, and 22 other contributors

Assets 43

28 Jul 08:42

cpanato

v0.3.0

e4303a8

Rekor Release v0.3.0

v0.3.0 Release of rekor-cli and rekor-server:

4899332 build containers for both arm64 and amd64 #334
0882cde ci: add job to build the container to validate #335
34caf45 Upload generated timestamps #336
5fb05e1 Add Alpine Package type #337
710784c Add timestamping cert chain to config #338
e5dcf0a base64 encode timestamping cert chain #340
428f264 Update in-toto-golang to pick up the latest interface changes. #341
6c013a5 Move GetRekorClient into util directory #349
9fa4e20 Adopt new signing/verification APIs from sigstore #358
5862799 Added Helm type #354
cb96bc0 Fix help message outputs. #366
5ebdab6 Add index keys for in-toto provenance objects. #361
1c30d2f Fetch attestations from storage in the API. #364
aaca0ae Update trillian dependencies. #368
9995a02 Update the trillian code dependencies. #369
6031d7c update go modules, tidy #371
36ea8ba Update docker go version and github actions #372
e63fe71 Add type-specific usage documentation. #374
53d71cd Improve separation between type implementations and CLI code #339
38d532d Clean up EntryImpl interface #370
5687a24 Stop depending on external jenkins mirror #376
5e005eb Improve error messages for invalid content #377
12077f5 Fix #373: skip openssh tests if ssh-keygen is not in PATH #378
07c8e8f Generalize SignedCheckpoint to take arbitrary Notes #347
d8ac9f8 insert sha256: prefix if not provided #381
03c4917 add readOnly/writeOnly annotations to openapi #382
27be9e7 fix 0 log index #385
19d6519 return exit code of 1 if no results found in searching index #386
70eed2f makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform #391
464970c add timeout flag to rekor-cli #390
e4303a8 fix pre-formed entry upload #392