Releases: sigstore/rekor
v0.9.1
What's Changed
- feat: add subject URIs to index for x509 certificates by @asraa in #897
- Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #898
- fix: sql syntax in dbcreate script by @xens in #903
- Switch to go 1.18 and pin release-utils to v0.7.1 by @saschagrunert in #904
- Check inactive shards for UUID for /retrieve endpoint by @priyawadhwa in #905
- ensure log messages have requestID where possible by @bobcallaway in #907
- Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1 by @dependabot in #906
- Remove unnecessary lookup of non-existent attestations from storage layer by @bobcallaway in #909
- Fix bug where /retrieve endpoint returns wrong logIndex across shards by @priyawadhwa in #908
- cleanup makefile with generated code; cleanup unused files by @bobcallaway in #910
- add changelog for v0.9.1 by @cpanato in #911
New Contributors
- @xens made their first contribution in #903
- @saschagrunert made their first contribution in #904
Full Changelog: v0.9.0...v0.9.1
Thanks for all contributors!
v0.9.0
What's Changed
- Add COSE support to Rekor by @kommendorkapten in #867
- Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #885
- Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #888
- Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #893
- Fix intoto index keys by @bobcallaway in #889
- Resolve virtual log index when calling /retrieve endpoint by @priyawadhwa in #894
- add changelog for v0.9.0 by @cpanato in #895
New Contributors
- @kommendorkapten made their first contribution in #867
Full Changelog: v0.8.2...v0.9.0
Thanks to all contributors!
v0.8.2
What's Changed
- collect docker-compose logs if sharding tests fail, also trim IDs by @bobcallaway in #869
- ensure fallback logic executes if attestation key is empty when fetching attestation by @bobcallaway in #878
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #881
- Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #880
- add changelog for v0.8.2 by @cpanato in #882
Full Changelog: v0.8.1...v0.8.2
v0.8.1
What's Changed
- Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #868
- Bump actions/dependency-review-action from 1.0.2 to 2 by @dependabot in #871
- Fix indexing bug for intoto attestations by @priyawadhwa in #870
- Bump actions/dependency-review-action from 2.0.0 to 2.0.2 by @dependabot in #875
- Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
- add changelog for v0.8.1 by @cpanato in #874
Full Changelog: v0.8.0...v0.8.1
Thanks for all contributors!
v0.8.0
What's Changed
- Bump gopkg.in/ini.v1 from 1.66.4 to 1.66.5 by @dependabot in #846
- Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
- Bump gopkg.in/ini.v1 from 1.66.5 to 1.66.6 by @dependabot in #848
- Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
- Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.4.0 by @dependabot in #853
- Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #852
- Bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in #857
- Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #858
- update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
- update go.mod to go1.17 by @cpanato in #861
- Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
- Bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 by @dependabot in #863
- Bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #844
- Allow retrieving entryIDs or UUIDs via
/api/v1/log/entries/retrieve
endpoint by @priyawadhwa in #859 - Print total tree size, including inactive shards in
rekor-cli loginfo
by @priyawadhwa in #864 - add changelog for v0.8.0 by @cpanato in #866
New Contributors
Full Changelog: v0.7.0...v0.8.0
v0.7.0
⚠️ Breaking Change
Removed timestamping authority API. This is a breaking API change.
If you are relying on the timestamping authority to issue signed timestamps, create signed timestamps using either OpenSSL or a service such as FreeTSA.
What's Changed
- remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
- Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #776
- Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #777
- Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #778
- Bump anchore/sbom-action from 0.10.0 to 0.11.0 by @dependabot in #779
- Bump github.com/mediocregopher/radix/v4 from 4.0.0 to 4.1.0 by @dependabot in #781
- Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #782
- Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #785
- Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #786
- Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #790
- Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #791
- Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #796
- Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #795
- Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #794
- intoto: add index on materials digest of slsa provenance by @asraa in #793
- Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #799
- chore(deps): Included dependency review by @naveensrinivasan in #788
- Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
- Bump github.com/go-playground/validator/v10 from 10.10.1 to 10.11.0 by @dependabot in #803
- Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
- Bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 by @dependabot in #802
- Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 by @dependabot in #811
- Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
- Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #816
- Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #815
- update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
- Bump github/codeql-action from 03e2e3c45f9f937ffe65a1caa4c9960d420a31f9 to 2.1.10 by @dependabot in #821
- Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #822
- Bump github.com/google/trillian from 1.4.0 to 1.4.1 by @dependabot in #817
- Bump github.com/google/trillian from 1.4.0 to 1.4.1 in /hack/tools by @dependabot in #818
- update go to 1.17.10 in the dockerfile by @cpanato in #819
- Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #827
- Limit the number of certificates parsed in a chain by @haydentherapper in #823
- Bump actions/github-script from 6.0.0 to 6.1.0 by @dependabot in #826
- Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #825
- Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #828
- Bump google-github-actions/auth from 0.7.1 to 0.7.2 by @dependabot in #830
- Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #829
- Breaking change: Remove timestamping authority by @haydentherapper in #813
- Bump google-github-actions/auth from 0.7.2 to 0.7.3 by @dependabot in #832
- Add back owners for rfc3161 package type by @haydentherapper in #833
- all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
- Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #836
- Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #837
- Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #840
- Bump google-github-actions/auth from 0.7.3 to 0.8.0 by @dependabot in #839
- name stored attestations by digest instead of UUID by @bobcallaway in #769
- Bump ossf/scorecard-action from 1.0.4 to 1.1.0 by @dependabot in #843
- Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #842
- add changelog for 0.7.0 release by @cpanato in #835
New Contributors
Full Changelog: v0.6.0...v0.7.0
Thanks for all contributors!
v0.6.0
Notice: The server side remote fetching of resources will be removed in the next release
What's Changed
- attempting to fix codeowners file by @bobcallaway in #653
- Update the warning text for the GA release. by @dlorenc in #654
- Bump github.com/go-openapi/runtime from 0.22.0 to 0.23.0 by @dependabot in #655
- Bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 by @dependabot in #656
- Bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #660
- Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #659
- use upstream k8s version lib by @n3wscott in #657
- Bump golang from
301609e
tofff998d
by @dependabot in #662 - Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #663
- Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 by @dependabot in #664
- Add docs about API stability and deprecation policy by @priyawadhwa in #661
- update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666
- Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #668
- Bump actions/github-script from 5.1.0 to 6 by @dependabot in #669
- Move k8s objects out of the default namespace by @k4leung4 in #674
- add securityContext to deployment. by @k4leung4 in #678
- Add intoto type documentation by @jspeed-meyers in #679
- create namespace for rekor config in yaml. by @k4leung4 in #680
- Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #682
- Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #683
- Set rekor-cli User-Agent header on requests by @bobcallaway in #684
- update security process link by @bobcallaway in #685
- Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 by @dependabot in #686
- explicitly set permissions for github actions by @k4leung4 in #687
- Bump github.com/go-openapi/runtime from 0.23.0 to 0.23.1 by @dependabot in #689
- Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #690
- Bump golangci/golangci-lint-action from 2.5.2 to 3 by @dependabot in #691
- Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0 by @dependabot in #692
- Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 by @dependabot in #693
- Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.0 to 0.3.1 by @dependabot in #695
- Bump actions/setup-go from 2.2.0 to 3.0.0 by @dependabot in #694
- Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1 by @dependabot in #696
- Bump actions/checkout from 2.4.0 to 3 by @dependabot in #698
- Add documentation about Alpine type by @jspeed-meyers in #697
- Add code coverage to pull requests. by @k4leung4 in #676
- Consistent parenthesis use in Makefile by @k4leung4 in #700
- Go update to 1.17.8 and cosign to 1.6.0 by @cpanato in #705
- Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #704
- Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671
- Generate release yaml for non-CI builds. by @k4leung4 in #702
- Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 by @dependabot in #708
- Bump github.com/go-openapi/runtime from 0.23.1 to 0.23.2 by @dependabot in #710
- Bump anchore/sbom-action from 0.6.0 to 0.7.0 by @dependabot in #709
- Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701
- Bump golang from
0168c35
toca70980
by @dependabot in #707 - build trillian container to existing release. by @k4leung4 in #715
- Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #716
- Bump github.com/go-playground/validator/v10 from 10.10.0 to 10.10.1 by @dependabot in #717
- Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718
- Switch to using the swag library for pointer manipulation. by @dlorenc in #719
- Change TreeID to be of type
string
instead ofint64
by @priyawadhwa in #712 - Add sharding e2e test to Github Actions by @priyawadhwa in #714
- fix merge conflict by @priyawadhwa in #720
- Bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #723
- Bump golang from
ca70980
toc7c9458
by @dependabot in #722 - Clearer logging for createAndInitTree by @priyawadhwa in #724
- Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #728
- Return virtual index when creating and getting a log entry by @priyawadhwa in #725
- Fix copy/paste mistake in repo name. by @k4leung4 in #730
- Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729
- Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #736
- Get log proofs by Tree ID by @priyawadhwa in #733
- Refactor rekor-cli loginfo by @priyawadhwa in #734
- Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 by @dependabot in #740
- Update loginfo API endpoint to return information about inactive shards by @priyawadhwa in #738
- Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #744
- Replace
trillian_log_server.log_id_ranges
flag with a config file by @priyawadhwa in #742 - Bump anchore/sbom-action from 0.7.0 to 0.8.0 by @dependabot in #743
- fix build date format for version command by @cpanato in #745
- Require tlog_id when log_id_ranges is passed in by @lkatalin in #739
- Use active tree on server startup by @lkatalin in #727
- Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #748
- Specify public key for inactive shards in shard config by @priyawadhwa in #746
- Add support for providing certificate chain for X509 signature types by @haydentherapper in #747
- Bump google-github-actions/auth from 0.6.0 to 0.7.0 by @dependabot in #751
- Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #752
- Bump codecov/codecov-action from 2.1.0 to 3 by @dependabot in #753
- Bump anchore/sbom-action from 0.8.0 to 0.9.0 by @dependabot in #754
- Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 by @dependabot in #757
- fix typo in filename by @bobcallaway in #758
- Update release jobs and trillian images by @cpanato in #756
- Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #762
- Bump anchore/sbom-action from 0.9.0 to 0.10.0 by @dependabot in #763
- Add the SHA256 digest of the intoto payload into the rekor entry by @bobcallaway in #764
- Add index to hashed intoto envelope by @asraa in #761
- Fix link in types README by @eddiezane in #765
- set p.Block after parsing in helm provenance type by @bobcallaway in #759
- Bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 by @dependabot in #768
- Fix search without sha prefix by @eddiezane in #767
- Add in configmap to release for sharding config by @priyawadhwa in https://github.com/s...
v0.5.0
Highlights
- Add Rekor logo to README (#650)
- update API calls to v5 (#591)
- Refactor helm type to remove intermediate state. (#575)
- Refactor the shard map parsing so we can pass it down into the API object. (#564)
- Refactor the alpine type to reduce intermediate state. (#573)
Enhancements
- Add logic to GET artifacts via old or new UUID (#587)
- helpful error message for hashedrekord types (#605)
- Set Accept header in dynamic counter requests (#594)
- Add sharding package and update validators (#583)
- rekor-cli: show the url in case of error (#581)
- Enable parsing of incomplete minisign keys, to enable re-indexing. (#567)
- Cleanups on the TUF pluggable type. (#563)
- Refactor the RPM type to remove more intermediate state. (#566)
- Do some cleanups of the jar type to remove intermediate state. (#561)
Others
- Update Makefile (#621)
- update version comments since dependabot doesn't do it (#617)
- Use workload identity provider instead of GitHub Secret for GCR access (#600)
- add OSSF scorecard action (#599)
- enable the sbom for rekor releases (#586)
- Point to the official website (instead of a 404) (#580)
- add milestone to closed prs (#574)
- Add a Makefile target for the "ko apply" step. (#572)
- types/README.md: Corrected documentation link (#568)
Dependencies Updates
- Bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 (#636)
- Bump github.com/go-openapi/runtime from 0.21.1 to 0.22.0 (#635)
- Bump github.com/go-openapi/swag from 0.19.15 to 0.20.0 (#634)
- Bump golang from
f71d4ca
to301609e
(#627) - Bump golang from
0fa6504
tof71d4ca
(#624) - Bump google.golang.org/grpc from 1.43.0 to 1.44.0 (#622)
- Bump github/codeql-action from 1.0.29 to 1.0.30 (#619)
- Bump ossf/scorecard-action from 1.0.1 to 1.0.2 (#618)
- bump swagger and go mod tidy (#616)
- Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#614)
- Bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#613)
- Bump google-github-actions/auth from 0.4.4 to 0.5.0 (#612)
- Bump github/codeql-action from 1.0.28 to 1.0.29 (#611)
- Bump gopkg.in/ini.v1 from 1.66.2 to 1.66.3 (#608)
- Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#609)
- Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4 (#606)
- Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 (#607)
- Bump ossf/scorecard-action from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1 (#603)
- Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1 (#602)
- Bump golang from
8c0269d
to0fa6504
(#597) - Pin dependencies in github action workflows and Dockerfile (#595)
- update release image to use go 1.17.6 (#589)
- Bump golang from 1.17.5 to 1.17.6 (#588)
- Bump go.uber.org/goleak from 1.1.11 to 1.1.12 (#585)
- Bump go.uber.org/zap from 1.19.1 to 1.20.0 (#584)
- Bump github.com/go-playground/validator/v10 from 10.9.0 to 10.10.0 (#579)
- Bump actions/github-script from 4 to 5 (#577)
Contributors
- Asra Ali (@asraa)
- Bob Callaway (@bobcallaway)
- Carlos Tadeu Panato Junior (@cpanato)
- Dan Lorenc (@dlorenc)
- Jason Hall (@imjasonh)
- Lily Sturmann (@lkatalin)
- Morten Linderud (@Foxboron)
- Nathan Smith (@nsmith5)
- Sylvestre Ledru (@sylvestre)
- Trishank Karthik Kuppusamy (@trishankatdatadog)
New Contributors
- @Foxboron made their first contribution in #569
- @sylvestre made their first contribution in #580
- @trishankatdatadog made their first contribution in #621
- @obarbier made their first contribution in #644
- @nsmith5 made their first contribution in #650
Thanks to all contributors!
Full Changelog: v0.4.0...v0.5.0
v0.4.0
v0.4.0
Highlights
- Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501)
Enhancements
- Update the schema to match that of Trillian repo. The map specific (#528)
- allow setting the user-agent string sent from the client (#521)
- update key usage for ts cert (#504)
- api/index/retrieve: allow searching on indicies with sha1 hashes (#499)
- Only include Attestation data if attestation storage enabled (#494)
- Fuzzing RequestFromRekor API (#488)
- Included pprof for profiling the application. (#485)
- refactor release and add signing (#483)
- More verbose error message for redis connection failure (#479) (#480)
- Fixed modtime for reproducible goreleaser (#473)
- add goreleaser and cloudbuild for releases (#443)
- Add dynamic JS tree size counter (#468)
- check that entry UUID == leafHash of returned entry (#469)
- chore: upgrade cosign version (#465)
- Reproducible builds with trimpath (#464)
- correct links, add Table of Contents of sorts (#449)
- update go tuf for rsa key impl (#446)
- Canonicalize JSON before inserting into trillian (#445)
- Export search UUIDs field (#438)
- Add a flag to start specifying log index ranges for virtual indices. (#435)
- Cleanup some initialization/flag parsing in rekor-server. (#433)
- Drop 404 errors down to a warning. (#426)
- Cleanup the output of search (the text goes to stderr not stdout). (#421)
- remove extradata field from types (#418)
- Update usage of ./cmd/rekor-cli/ from
rekor
torekor-cli
(#417) - Add TUF type (#383)
- Updates to INSTALLATION.md notes (#415)
- Update snippets to use
console
type for snippets (#410) - version: add way to display a version when using go get or go install (#405)
- Use an in memory timestamping key (#402)
- Links are case sensitive (#401)
- Installation guide (#400)
- Add a SignedTimestampNote (#397)
- Provide instructions on verifying releases (#399)
- rekor-server: add html page when humans reach the server via the browser (#394)
- use go modules to track tools (#395)
Bug Fixes
- fix timestamp addition and unmarshal (#525)
- Correct & parallelize tests (#522)
- Fix fuzz go.sum issue (#509)
- fix validation error (#503)
- Correct Helm index keys (#474)
- Fix a bug in x509 certificate handling. (#461)
- Fix a conflict from parallel dependabot merges. (#456)
- fix tuf metadata marshalling (#447)
- Switch DSSE provider to go-securesystemslib (#442)
- fix unmarshalling sth (#409)
- Fix port flag override (#396)
- makefile: small fix on the makefile for the rekor-server (#393)
Dependencies Updates
- Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (#531)
- Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (#530)
- Bump the DSSE signing library. (#529)
- Bump golang from 1.17.4 to 1.17.5 (#527)
- Bump golang from 1.17.3 to 1.17.4 (#523)
- Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#520)
- Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (#517)
- Bump github.com/secure-systems-lab/go-securesystemslib (#516)
- Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#513)
- Upgraded go-playground/validator module to v10 (#507)
- Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (#495)
- Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#510)
- Bump the trillian import to v1.4.0. (#502)
- Bump the trillian versions to v1.4.0 in our docker-compose setup. (#500)
- update go.mod for go-fuzz (#496)
- Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (#491)
- Bump golang from 1.17.2 to 1.17.3 (#482)
- Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (#478)
- Bump actions/checkout from 2.3.5 to 2.4.0 (#477)
- Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (#470)
- bump go-swagger to v0.28.0 (#463)
- Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (#459)
- Bump actions/checkout from 2.3.4 to 2.3.5 (#458)
- Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (#460)
- Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (#451)
- Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (#454)
- Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (#453)
- Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (#452)
- Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (#450)
- Bump golang from 1.17.1 to 1.17.2 (#448)
- Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (#441)
- Bump golang.org/x/mod from 0.5.0 to 0.5.1 (#440)
- Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (#439)
- Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (#437)
- Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (#436)
- Bump gocloud to v0.24.0. (#434)
- Bump golang from 1.17.0 to 1.17.1 (#432)
- Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#431)
- Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (#429)
- Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (#425)
- Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (#423)
- Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (#422)
- Bump golang from 1.16.7 to 1.17.0 (#413)
- Bump golang.org/x/mod from 0.4.2 to 0.5.0 (#412)
- Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (#411)
- Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (#408)
- Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#407)
- Bump golang from 1.16.6 to 1.16.7 (#403)
- Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (#404)
Contributors
- Aditya Sirish (@adityasaky)
- Andrew Block (@sabre1041)
- Asra Ali (@asraa)
- Axel Simon (@axelsimon)
- Batuhan Apaydın (@developer-guy)
- Bob Callaway (@bobcallaway)
- Carlos Panato (@cpanato)
- Dan Lorenc (@dlorenc)
- Dan Luhring (@luhring)
- Harry Fallows (@harryfallows)
- Hector Fernandez (@hectorj2f)
- Jake Sanders (@dekkagaijin)
- Jason Hall (@imjasonh)
- Lily Sturmann (@lkatalin)
- Luke Hinds (@lukehinds)
- Marina Moore (@mnm678)
- Mikhail Swift (@mikhailswift)
- Naveen Srinivasan (@naveensrinivasan)
- Robert James Hernandez (@sarcasticadmin)
- Santiago Torres (@SantiagoTorres)
- Tiziano Santoro (@tiziano88)
- Trishank Karthik Kuppusamy (@trishankatdatadog)
- Ville Aikas (@vaikas)
- kpcyrd (@kpcyrd)
Images:
- Rekor server: `gcr.i...
Rekor Release v0.3.0
v0.3.0 Release of rekor-cli and rekor-server:
4899332 build containers for both arm64 and amd64 #334
0882cde ci: add job to build the container to validate #335
34caf45 Upload generated timestamps #336
5fb05e1 Add Alpine Package type #337
710784c Add timestamping cert chain to config #338
e5dcf0a base64 encode timestamping cert chain #340
428f264 Update in-toto-golang to pick up the latest interface changes. #341
6c013a5 Move GetRekorClient into util directory #349
9fa4e20 Adopt new signing/verification APIs from sigstore #358
5862799 Added Helm type #354
cb96bc0 Fix help message outputs. #366
5ebdab6 Add index keys for in-toto provenance objects. #361
1c30d2f Fetch attestations from storage in the API. #364
aaca0ae Update trillian dependencies. #368
9995a02 Update the trillian code dependencies. #369
6031d7c update go modules, tidy #371
36ea8ba Update docker go version and github actions #372
e63fe71 Add type-specific usage documentation. #374
53d71cd Improve separation between type implementations and CLI code #339
38d532d Clean up EntryImpl interface #370
5687a24 Stop depending on external jenkins mirror #376
5e005eb Improve error messages for invalid content #377
12077f5 Fix #373: skip openssh tests if ssh-keygen is not in PATH #378
07c8e8f Generalize SignedCheckpoint to take arbitrary Notes #347
d8ac9f8 insert sha256: prefix if not provided #381
03c4917 add readOnly/writeOnly annotations to openapi #382
27be9e7 fix 0 log index #385
19d6519 return exit code of 1 if no results found in searching index #386
70eed2f makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform #391
464970c add timeout flag to rekor-cli #390
e4303a8 fix pre-formed entry upload #392
Releases signed against fulcio root with OpenID Account: [email protected]
rekor-cli-darwin-amd64: https://rekor.sigstore.dev/api/v1/log/entries/8bfbdffec6b9d5bffda06fff52e6bc86b6419d2469839c1ff5a5a3a8816ba711
rekor-cli-darwin-arm64: https://rekor.sigstore.dev/api/v1/log/entries/de960c01d6b772f3630594b4e4fd0540e21481aa4e370f4c52f2f8349df7974e
rekor-cli-linux-amd64: https://rekor.sigstore.dev/api/v1/log/entries/b6fdc91e6af5bdd8df133802b7966aa53c1e59365741ee56e287f11263e02c33
rekor-cli-linux-arm64: https://rekor.sigstore.dev/api/v1/log/entries/0de5733f6333f7de54d01e6e436b1b8e6cf0488e8d272b99c8d2f2f094f0f55b
rekor-cli-windows-amd64.exe: https://rekor.sigstore.dev/api/v1/log/entries/5d5fc116f000d667af2b56881b83bf88c4840d99a8fc82c53f06cb3bda2c940a
rekor-server-linux-amd64: https://rekor.sigstore.dev/api/v1/log/entries/8a4b15939fcac2a62a294157a49778f6eb9aecb1aebf666e49cf9c72dff4e6f6
Contributors
- Andrew Block (@sabre1041)
- Asra Ali (@asraa)
- Bob Callaway (@bobcallaway)
- Carlos Panato (@cpanato)
- Christian Rebischke (@shibumi)
- Dan Lorenc (@dlorenc)
- Jake Sanders (@dekkagaijin)