pool/rekor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 983852 from home:msmeissn:branches:security

Browse Source 
- Updated to rekor 0.8.1
  - Fix indexing bug for intoto attestations by @priyawadhwa in #870
  - Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
- Updated to rekor 0.8.0
  - Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
  - Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
  - update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
  - update go.mod to go1.17 by @cpanato in #861
  - Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
  - Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859
  - Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864
- Updated to rekor 0.7.0
  - remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
  - intoto: add index on materials digest of slsa provenance by @asraa in #793
  - chore(deps): Included dependency review by @naveensrinivasan in #788
  - Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
  - Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
  - Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
  - update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
  - update go to 1.17.10 in the dockerfile by @cpanato in #819
  - Limit the number of certificates parsed in a chain by @haydentherapper in #823
  - Breaking change: Remove timestamping authority by @haydentherapper in #813
  - Add back owners for rfc3161 package type by @haydentherapper in #833
  - all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
  - name stored attestations by digest instead of UUID by @bobcallaway in #769

OBS-URL: https://build.opensuse.org/request/show/983852
OBS-URL: https://build.opensuse.org/package/show/security/rekor?expand=0&rev=9
This commit is contained in:
Marcus Meissner 2022-06-20 07:17:29 +00:00 committed by Git OBS Bridge
parent 65092aae15
commit 6c1414acb5
5 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rekor-0.6.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:79cc4ec912d2862a21d25916855c00fbf0ffdecd016d5ac27944fc5c869e0fb8
size 692070

3
rekor-0.8.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f4b2f4f8cdf1f38abdff7d4e1d9bdbfa5937fded00c04ebc33fd76c2d3b641ba
size 686912

29
rekor.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Mon Jun 20 06:54:51 UTC 2022 - Marcus Meissner <meissner@suse.com>
- Updated to rekor 0.8.1
- Fix indexing bug for intoto attestations by @priyawadhwa in #870
- Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
- Updated to rekor 0.8.0
- Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
- Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
- update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
- update go.mod to go1.17 by @cpanato in #861
- Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
- Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859
- Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864
- Updated to rekor 0.7.0
- remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
- intoto: add index on materials digest of slsa provenance by @asraa in #793
- chore(deps): Included dependency review by @naveensrinivasan in #788
- Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
- Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
- Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
- update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
- update go to 1.17.10 in the dockerfile by @cpanato in #819
- Limit the number of certificates parsed in a chain by @haydentherapper in #823
- Breaking change: Remove timestamping authority by @haydentherapper in #813
- Add back owners for rfc3161 package type by @haydentherapper in #833
- all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
- name stored attestations by digest instead of UUID by @bobcallaway in #769
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 26 09:41:49 UTC 2022 - Marcus Meissner <meissner@suse.com> Tue Apr 26 09:41:49 UTC 2022 - Marcus Meissner <meissner@suse.com>

4
rekor.spec
View File

@ -19,9 +19,9 @@
%define apps cli server %define apps cli server
Name: rekor Name: rekor
Version: 0.6.0 Version: 0.8.1
Release: 0 Release: 0
%define revision 5c52ad228cb698ea4320dada5cd0a7cd31a5eb9a %define revision e981811726530c70ec707902022c336d1f1c37b4
Summary: Supply Chain Transparency Log Summary: Supply Chain Transparency Log
License: Apache-2.0 License: Apache-2.0
URL: https://github.com/sigstore/rekor URL: https://github.com/sigstore/rekor

4
vendor.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:34d71486e32bee6b3c7afa141deb2f03e1b4e09e501e982c7a1868e03c2abfa2 oid sha256:dc4c3578f4edc4d79cba0d5e1aa7d069472599d55c739418e0dc4e07f8b28808
size 5989551 size 3900716