v0.4.0

Highlights

Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501)

Enhancements

Update the schema to match that of Trillian repo. The map specific (#528)
allow setting the user-agent string sent from the client (#521)
update key usage for ts cert (#504)
api/index/retrieve: allow searching on indicies with sha1 hashes (#499)
Only include Attestation data if attestation storage enabled (#494)
Fuzzing RequestFromRekor API (#488)
Included pprof for profiling the application. (#485)
refactor release and add signing (#483)
More verbose error message for redis connection failure (#479) (#480)
Fixed modtime for reproducible goreleaser (#473)
add goreleaser and cloudbuild for releases (#443)
Add dynamic JS tree size counter (#468)
check that entry UUID == leafHash of returned entry (#469)
chore: upgrade cosign version (#465)
Reproducible builds with trimpath (#464)
correct links, add Table of Contents of sorts (#449)
update go tuf for rsa key impl (#446)
Canonicalize JSON before inserting into trillian (#445)
Export search UUIDs field (#438)
Add a flag to start specifying log index ranges for virtual indices. (#435)
Cleanup some initialization/flag parsing in rekor-server. (#433)
Drop 404 errors down to a warning. (#426)
Cleanup the output of search (the text goes to stderr not stdout). (#421)
remove extradata field from types (#418)
Update usage of ./cmd/rekor-cli/ from rekor to rekor-cli (#417)
Add TUF type (#383)
Updates to INSTALLATION.md notes (#415)
Update snippets to use console type for snippets (#410)
version: add way to display a version when using go get or go install (#405)
Use an in memory timestamping key (#402)
Links are case sensitive (#401)
Installation guide (#400)
Add a SignedTimestampNote (#397)
Provide instructions on verifying releases (#399)
rekor-server: add html page when humans reach the server via the browser (#394)
use go modules to track tools (#395)

Bug Fixes

fix timestamp addition and unmarshal (#525)
Correct & parallelize tests (#522)
Fix fuzz go.sum issue (#509)
fix validation error (#503)
Correct Helm index keys (#474)
Fix a bug in x509 certificate handling. (#461)
Fix a conflict from parallel dependabot merges. (#456)
fix tuf metadata marshalling (#447)
Switch DSSE provider to go-securesystemslib (#442)
fix unmarshalling sth (#409)
Fix port flag override (#396)
makefile: small fix on the makefile for the rekor-server (#393)

Dependencies Updates

Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (#531)
Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (#530)
Bump the DSSE signing library. (#529)
Bump golang from 1.17.4 to 1.17.5 (#527)
Bump golang from 1.17.3 to 1.17.4 (#523)
Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#520)
Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (#517)
Bump github.com/secure-systems-lab/go-securesystemslib (#516)
Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#513)
Upgraded go-playground/validator module to v10 (#507)
Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (#495)
Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#510)
Bump the trillian import to v1.4.0. (#502)
Bump the trillian versions to v1.4.0 in our docker-compose setup. (#500)
update go.mod for go-fuzz (#496)
Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (#491)
Bump golang from 1.17.2 to 1.17.3 (#482)
Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (#478)
Bump actions/checkout from 2.3.5 to 2.4.0 (#477)
Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (#470)
bump go-swagger to v0.28.0 (#463)
Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (#459)
Bump actions/checkout from 2.3.4 to 2.3.5 (#458)
Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (#460)
Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (#451)
Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (#454)
Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (#453)
Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (#452)
Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (#450)
Bump golang from 1.17.1 to 1.17.2 (#448)
Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (#441)
Bump golang.org/x/mod from 0.5.0 to 0.5.1 (#440)
Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (#439)
Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (#437)
Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (#436)
Bump gocloud to v0.24.0. (#434)
Bump golang from 1.17.0 to 1.17.1 (#432)
Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#431)
Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (#429)
Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (#425)
Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (#423)
Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (#422)
Bump golang from 1.16.7 to 1.17.0 (#413)
Bump golang.org/x/mod from 0.4.2 to 0.5.0 (#412)
Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (#411)
Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (#408)
Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#407)
Bump golang from 1.16.6 to 1.16.7 (#403)
Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (#404)

Contributors

Aditya Sirish (@adityasaky)
Andrew Block (@sabre1041)
Asra Ali (@asraa)
Axel Simon (@axelsimon)
Batuhan Apaydın (@developer-guy)
Bob Callaway (@bobcallaway)
Carlos Panato (@cpanato)
Dan Lorenc (@dlorenc)
Dan Luhring (@luhring)
Harry Fallows (@harryfallows)
Hector Fernandez (@hectorj2f)
Jake Sanders (@dekkagaijin)
Jason Hall (@imjasonh)
Lily Sturmann (@lkatalin)
Luke Hinds (@lukehinds)
Marina Moore (@mnm678)
Mikhail Swift (@mikhailswift)
Naveen Srinivasan (@naveensrinivasan)
Robert James Hernandez (@sarcasticadmin)
Santiago Torres (@SantiagoTorres)
Tiziano Santoro (@tiziano88)
Trishank Karthik Kuppusamy (@trishankatdatadog)
Ville Aikas (@vaikas)
kpcyrd (@kpcyrd)

Images:

Rekor server: gcr.io/projectsigstore/rekor-server:v0.4.0
Rekor cli: gcr.io/projectsigstore/rekor-cli:v0.4.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.4.0

v0.4.0

Highlights

Enhancements

Bug Fixes

Dependencies Updates

Contributors

Thanks for all contributors!

Contributors