From 6c1414acb56b55e26628710c2d947c400fe6829c8ebc3873c9b9c6d067da1343 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 20 Jun 2022 07:17:29 +0000 Subject: [PATCH] Accepting request 983852 from home:msmeissn:branches:security - Updated to rekor 0.8.1 - Fix indexing bug for intoto attestations by @priyawadhwa in #870 - Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873 - Updated to rekor 0.8.0 - Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847 - Configure rekor server in e2e tests via env variable by @priyawadhwa in #850 - update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860 - update go.mod to go1.17 by @cpanato in #861 - Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862 - Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859 - Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864 - Updated to rekor 0.7.0 - remove URL fetch of keys/artifacts server-side by @bobcallaway in #735 - intoto: add index on materials digest of slsa provenance by @asraa in #793 - chore(deps): Included dependency review by @naveensrinivasan in #788 - Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800 - Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807 - Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810 - update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820 - update go to 1.17.10 in the dockerfile by @cpanato in #819 - Limit the number of certificates parsed in a chain by @haydentherapper in #823 - Breaking change: Remove timestamping authority by @haydentherapper in #813 - Add back owners for rfc3161 package type by @haydentherapper in #833 - all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834 - name stored attestations by digest instead of UUID by @bobcallaway in #769 OBS-URL: https://build.opensuse.org/request/show/983852 OBS-URL: https://build.opensuse.org/package/show/security/rekor?expand=0&rev=9 --- rekor-0.6.0.tar.gz | 3 --- rekor-0.8.1.tar.gz | 3 +++ rekor.changes | 29 +++++++++++++++++++++++++++++ rekor.spec | 4 ++-- vendor.tar.xz | 4 ++-- 5 files changed, 36 insertions(+), 7 deletions(-) delete mode 100644 rekor-0.6.0.tar.gz create mode 100644 rekor-0.8.1.tar.gz diff --git a/rekor-0.6.0.tar.gz b/rekor-0.6.0.tar.gz deleted file mode 100644 index 519ed67..0000000 --- a/rekor-0.6.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:79cc4ec912d2862a21d25916855c00fbf0ffdecd016d5ac27944fc5c869e0fb8 -size 692070 diff --git a/rekor-0.8.1.tar.gz b/rekor-0.8.1.tar.gz new file mode 100644 index 0000000..ea3049a --- /dev/null +++ b/rekor-0.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4b2f4f8cdf1f38abdff7d4e1d9bdbfa5937fded00c04ebc33fd76c2d3b641ba +size 686912 diff --git a/rekor.changes b/rekor.changes index 4200bbb..469d868 100644 --- a/rekor.changes +++ b/rekor.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Mon Jun 20 06:54:51 UTC 2022 - Marcus Meissner + +- Updated to rekor 0.8.1 + - Fix indexing bug for intoto attestations by @priyawadhwa in #870 + - Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873 +- Updated to rekor 0.8.0 + - Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847 + - Configure rekor server in e2e tests via env variable by @priyawadhwa in #850 + - update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860 + - update go.mod to go1.17 by @cpanato in #861 + - Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862 + - Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859 + - Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864 +- Updated to rekor 0.7.0 + - remove URL fetch of keys/artifacts server-side by @bobcallaway in #735 + - intoto: add index on materials digest of slsa provenance by @asraa in #793 + - chore(deps): Included dependency review by @naveensrinivasan in #788 + - Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800 + - Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807 + - Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810 + - update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820 + - update go to 1.17.10 in the dockerfile by @cpanato in #819 + - Limit the number of certificates parsed in a chain by @haydentherapper in #823 + - Breaking change: Remove timestamping authority by @haydentherapper in #813 + - Add back owners for rfc3161 package type by @haydentherapper in #833 + - all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834 + - name stored attestations by digest instead of UUID by @bobcallaway in #769 + ------------------------------------------------------------------- Tue Apr 26 09:41:49 UTC 2022 - Marcus Meissner diff --git a/rekor.spec b/rekor.spec index 4fe21c2..39560ce 100644 --- a/rekor.spec +++ b/rekor.spec @@ -19,9 +19,9 @@ %define apps cli server Name: rekor -Version: 0.6.0 +Version: 0.8.1 Release: 0 -%define revision 5c52ad228cb698ea4320dada5cd0a7cd31a5eb9a +%define revision e981811726530c70ec707902022c336d1f1c37b4 Summary: Supply Chain Transparency Log License: Apache-2.0 URL: https://github.com/sigstore/rekor diff --git a/vendor.tar.xz b/vendor.tar.xz index 10c2cc1..c8f6dec 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:34d71486e32bee6b3c7afa141deb2f03e1b4e09e501e982c7a1868e03c2abfa2 -size 5989551 +oid sha256:dc4c3578f4edc4d79cba0d5e1aa7d069472599d55c739418e0dc4e07f8b28808 +size 3900716