2022-09-27 14:37:10 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 27 12:22:57 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- updated to rekor 0.12.1 (jsc#SLE-23476):
|
|
|
|
|
- ** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version
|
|
|
|
|
The addition of the intotov2 created a breaking change for the rekor-cli
|
|
|
|
|
- What's Changed
|
|
|
|
|
- fix: fix harness tests with intoto v0.0.2 by @asraa in #1052
|
|
|
|
|
- feat: add file based signer and password by @asraa in #1049
|
|
|
|
|
- Adds new rekor metrics for latency and QPS. by @var-sdk in #1059
|
|
|
|
|
|
2022-09-15 15:15:19 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 15 12:33:21 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- updated to rekor 0.12.0 (jsc#SLE-23476):
|
|
|
|
|
- check supportedVersions list rather than directly reading from version map by @bobcallaway in #1003
|
|
|
|
|
- enable blocking specific pluggable type versions from being inserted into the log by @bobcallaway in #1004
|
|
|
|
|
- api.SearchLogQueryHandler thread safety by @cdris in #1006
|
|
|
|
|
- 'docker compose' to 'docker-compose' by @bobcallaway in #1009
|
|
|
|
|
- Intoto v0.0.2 by @pxp928 in #973
|
|
|
|
|
- Add bounds on number of elements in api/v1/log/entries/retrieve by @priyawadhwa in #1011
|
|
|
|
|
- Change Checkpoint origin to be "Hostname - Tree ID" by @haydentherapper in #1013
|
|
|
|
|
- feat: add verification functions by @asraa in #986
|
|
|
|
|
- Validate tree ID on calls to /api/v1/log/entries/retrieve by @priyawadhwa in #1017
|
|
|
|
|
- Include checkpoint (STH) in entry upload and retrieve responses by @haydentherapper in #1015
|
|
|
|
|
- fix: use entry uuid uniformly in return responses by @asraa in #1012
|
|
|
|
|
- remove /api/v1/version endpoint by @bobcallaway in #1022
|
|
|
|
|
- Fix rekor-cli backwards incompatibility & run harness tests against HEAD by @priyawadhwa in #1030
|
|
|
|
|
- Fix harness tests @ main by @priyawadhwa in #1038
|
|
|
|
|
- Fetch all tags in harness tests by @priyawadhwa in #1039
|
|
|
|
|
- fix retrieve endpoint response code and add testing by @asraa in #1043
|
|
|
|
|
- updated to rekor 0.11.0:
|
|
|
|
|
- Add rekor harness tests by @priyawadhwa in #945
|
|
|
|
|
- Persist and check attestations across harness tests by @priyawadhwa in #952
|
|
|
|
|
- Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957
|
|
|
|
|
- api: fix inclusion proof verification flake by @asraa in #956
|
|
|
|
|
- change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963
|
|
|
|
|
- fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965
|
|
|
|
|
- Add prometheus summary to track metric latency by @priyawadhwa in #966
|
|
|
|
|
- compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967
|
|
|
|
|
- update field documentation on publicKey for hashedrekord by @bobcallaway in #969
|
|
|
|
|
- Allow sharding config to be written in yaml or json by @priyawadhwa in #974
|
|
|
|
|
- fix incorrect schema id for cose type by @bobcallaway in #979
|
|
|
|
|
- fix: make rekor verify work with sharded uuids by @asraa in #970
|
|
|
|
|
- update builder and cosign images by @cpanato in #981
|
|
|
|
|
- remove trailing slash on directories by @bobcallaway in #984
|
|
|
|
|
- add support for intersection & union in search operations by @dsa0x in #968
|
|
|
|
|
- Update scorecard-action to v2:alpha by @azeemshaikh38 in #987
|
|
|
|
|
- updated to rekor 0.10.0:
|
|
|
|
|
- reuse DSSE signature wrappers instead of a local copy by @bobcallaway in #912
|
|
|
|
|
- Updates on the release job/makefile cleanup by @cpanato in #914
|
|
|
|
|
- Return 404 if entry isn't found in log by @priyawadhwa in #915
|
|
|
|
|
- Update cosign image in validate-release job by @priyawadhwa in #931
|
|
|
|
|
- update go builder and cosign image by @cpanato in #934
|
|
|
|
|
- Drop application/yaml content type by @haydentherapper in #933
|
|
|
|
|
- Add rekor test harness to presubmit tests by @priyawadhwa in #921
|
|
|
|
|
- sparkles Enable Scorecard badge by @azeemshaikh38 in #941
|
|
|
|
|
- update go mod in hack/tools to go1.18 by @cpanato in #935
|
|
|
|
|
- add ldflags back by @cpanato in #944
|
|
|
|
|
|
2022-07-27 15:37:41 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 27 13:26:17 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- updated to rekor 0.9.1
|
|
|
|
|
- feat: add subject URIs to index for x509 certificates by @asraa in #897
|
|
|
|
|
- fix: sql syntax in dbcreate script by @xens in #903
|
|
|
|
|
- Switch to go 1.18 and pin release-utils to v0.7.1 by @saschagrunert in #904
|
|
|
|
|
- Check inactive shards for UUID for /retrieve endpoint by @priyawadhwa in #905
|
|
|
|
|
- ensure log messages have requestID where possible by @bobcallaway in #907
|
|
|
|
|
- Remove unnecessary lookup of non-existent attestations from storage layer by @bobcallaway in #909
|
|
|
|
|
- Fix bug where /retrieve endpoint returns wrong logIndex across shards by @priyawadhwa in #908
|
|
|
|
|
|
|
|
|
|
- updated to rekor 0.9.0
|
|
|
|
|
- Add COSE support to Rekor by @kommendorkapten in #867
|
|
|
|
|
- Fix intoto index keys by @bobcallaway in #889
|
|
|
|
|
- Resolve virtual log index when calling /retrieve endpoint by @priyawadhwa in #894
|
|
|
|
|
- updated to rekor 0.8.2
|
|
|
|
|
- collect docker-compose logs if sharding tests fail, also trim IDs by @bobcallaway in #869
|
|
|
|
|
- ensure fallback logic executes if attestation key is empty when fetching attestation by @bobcallaway in #878
|
|
|
|
|
|
2022-06-29 14:42:40 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 29 12:26:43 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- rekor-zypper-verify.sh: add a small script that verifies the on-system
|
|
|
|
|
zypper repo cache against rekor transparency log.
|
|
|
|
|
|
2022-06-20 09:17:29 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 20 06:54:51 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated to rekor 0.8.1
|
|
|
|
|
- Fix indexing bug for intoto attestations by @priyawadhwa in #870
|
|
|
|
|
- Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
|
|
|
|
|
- Updated to rekor 0.8.0
|
|
|
|
|
- Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
|
|
|
|
|
- Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
|
|
|
|
|
- update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
|
|
|
|
|
- update go.mod to go1.17 by @cpanato in #861
|
|
|
|
|
- Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
|
|
|
|
|
- Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859
|
|
|
|
|
- Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864
|
|
|
|
|
- Updated to rekor 0.7.0
|
|
|
|
|
- remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
|
|
|
|
|
- intoto: add index on materials digest of slsa provenance by @asraa in #793
|
|
|
|
|
- chore(deps): Included dependency review by @naveensrinivasan in #788
|
|
|
|
|
- Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
|
|
|
|
|
- Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
|
|
|
|
|
- Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
|
|
|
|
|
- update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
|
|
|
|
|
- update go to 1.17.10 in the dockerfile by @cpanato in #819
|
|
|
|
|
- Limit the number of certificates parsed in a chain by @haydentherapper in #823
|
|
|
|
|
- Breaking change: Remove timestamping authority by @haydentherapper in #813
|
|
|
|
|
- Add back owners for rfc3161 package type by @haydentherapper in #833
|
|
|
|
|
- all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
|
|
|
|
|
- name stored attestations by digest instead of UUID by @bobcallaway in #769
|
|
|
|
|
|
2022-04-26 11:47:47 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 26 09:41:49 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated to rekor 0.6.0
|
|
|
|
|
|
|
|
|
|
- attempting to fix codeowners file by @bobcallaway in #653
|
|
|
|
|
- Update the warning text for the GA release. by @dlorenc in #654
|
|
|
|
|
- Add docs about API stability and deprecation policy by @priyawadhwa in #661
|
|
|
|
|
- update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666
|
|
|
|
|
- Move k8s objects out of the default namespace by @k4leung4 in #674
|
|
|
|
|
- add securityContext to deployment. by @k4leung4 in #678
|
|
|
|
|
- Add intoto type documentation by @jspeed-meyers in #679
|
|
|
|
|
- create namespace for rekor config in yaml. by @k4leung4 in #680
|
|
|
|
|
- Set rekor-cli User-Agent header on requests by @bobcallaway in #684
|
|
|
|
|
- update security process link by @bobcallaway in #685
|
|
|
|
|
- explicitly set permissions for github actions by @k4leung4 in #687
|
|
|
|
|
- Add documentation about Alpine type by @jspeed-meyers in #697
|
|
|
|
|
- Add code coverage to pull requests. by @k4leung4 in #676
|
|
|
|
|
- Consistent parenthesis use in Makefile by @k4leung4 in #700
|
|
|
|
|
- Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671
|
|
|
|
|
- Generate release yaml for non-CI builds. by @k4leung4 in #702
|
|
|
|
|
- Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701
|
|
|
|
|
- build trillian container to existing release. by @k4leung4 in #715
|
|
|
|
|
- Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718
|
|
|
|
|
- Switch to using the swag library for pointer manipulation. by @dlorenc in #719
|
|
|
|
|
- Change TreeID to be of type string instead of int64 by @priyawadhwa in #712
|
|
|
|
|
- Add sharding e2e test to Github Actions by @priyawadhwa in #714
|
|
|
|
|
- fix merge conflict by @priyawadhwa in #720
|
|
|
|
|
- Clearer logging for createAndInitTree by @priyawadhwa in #724
|
|
|
|
|
- Return virtual index when creating and getting a log entry by @priyawadhwa in #725
|
|
|
|
|
- Fix copy/paste mistake in repo name. by @k4leung4 in #730
|
|
|
|
|
- Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729
|
|
|
|
|
- Get log proofs by Tree ID by @priyawadhwa in #733
|
|
|
|
|
- Refactor rekor-cli loginfo by @priyawadhwa in #734
|
|
|
|
|
- Update loginfo API endpoint to return information about inactive shards by @priyawadhwa in #738
|
|
|
|
|
- Replace trillian_log_server.log_id_ranges flag with a config file by @priyawadhwa in #742
|
|
|
|
|
- fix build date format for version command by @cpanato in #745
|
|
|
|
|
- Require tlog_id when log_id_ranges is passed in by @lkatalin in #739
|
|
|
|
|
- Use active tree on server startup by @lkatalin in #727
|
|
|
|
|
- Specify public key for inactive shards in shard config by @priyawadhwa in #746
|
|
|
|
|
- Add support for providing certificate chain for X509 signature types by @haydentherapper in #747
|
|
|
|
|
- fix typo in filename by @bobcallaway in #758
|
|
|
|
|
- Update release jobs and trillian images by @cpanato in #756
|
|
|
|
|
- Add the SHA256 digest of the intoto payload into the rekor entry by @bobcallaway in #764
|
|
|
|
|
- Add index to hashed intoto envelope by @asraa in #761
|
|
|
|
|
- Fix link in types README by @eddiezane in #765
|
|
|
|
|
- set p.Block after parsing in helm provenance type by @bobcallaway in #759
|
|
|
|
|
- Fix search without sha prefix by @eddiezane in #767
|
|
|
|
|
- Add in configmap to release for sharding config by @priyawadhwa in #766
|
|
|
|
|
- Search inactive trees for GET by UUID requests by @lkatalin in #750
|
|
|
|
|
- Create EntryID for new artifacts and return EntryID to user by @lkatalin in #623
|
|
|
|
|
- Update cloudbuild to not fail when copy the images by @cpanato in #773
|
|
|
|
|
|
2022-04-03 11:03:38 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 1 15:13:27 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated to rekor 0.5.0
|
|
|
|
|
* Highlights
|
|
|
|
|
- Add Rekor logo to README (#650)
|
|
|
|
|
- update API calls to v5 (#591)
|
|
|
|
|
- Refactor helm type to remove intermediate state. (#575)
|
|
|
|
|
- Refactor the shard map parsing so we can pass it down into the API object. (#564)
|
|
|
|
|
- Refactor the alpine type to reduce intermediate state. (#573)
|
|
|
|
|
* Enhancements
|
|
|
|
|
- Add logic to GET artifacts via old or new UUID (#587)
|
|
|
|
|
- helpful error message for hashedrekord types (#605)
|
|
|
|
|
- Set Accept header in dynamic counter requests (#594)
|
|
|
|
|
- Add sharding package and update validators (#583)
|
|
|
|
|
- rekor-cli: show the url in case of error (#581)
|
|
|
|
|
- Enable parsing of incomplete minisign keys, to enable re-indexing. (#567)
|
|
|
|
|
- Cleanups on the TUF pluggable type. (#563)
|
|
|
|
|
- Refactor the RPM type to remove more intermediate state. (#566)
|
|
|
|
|
- Do some cleanups of the jar type to remove intermediate state. (#561)
|
|
|
|
|
* Others
|
|
|
|
|
- update version comments since dependabot doesn't do it (#617)
|
|
|
|
|
- Use workload identity provider instead of GitHub Secret for GCR access (#600)
|
|
|
|
|
- add OSSF scorecard action (#599)
|
|
|
|
|
- enable the sbom for rekor releases (#586)
|
|
|
|
|
- Point to the official website (instead of a 404) (#580)
|
|
|
|
|
- Add a Makefile target for the "ko apply" step. (#572)
|
|
|
|
|
- types/README.md: Corrected documentation link (#568)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 3 09:46:25 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- enable server build too, as people might want to deploy rekor chain
|
|
|
|
|
themselves.
|
|
|
|
|
|
2022-01-25 09:44:46 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 25 08:32:11 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
|
|
|
|
|
|
|
|
|
|
- Fix BUILD_DATE for reproducible build results (boo#1047218)
|
|
|
|
|
|
2022-01-06 16:04:12 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 6 14:52:16 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|
|
|
|
|
|
|
|
|
- updated to 0.4.0
|
|
|
|
|
Highlights
|
|
|
|
|
|
|
|
|
|
- Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501)
|
|
|
|
|
|
2021-12-10 10:11:57 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 8 16:58:06 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
|
|
|
|
|
|
- prepare building of the serve part
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 26 16:01:30 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
|
|
|
|
|
|
- initial package
|
