v0.9.1

What's Changed

• feat: add subject URIs to index for x509 certificates by @asraa in #897
• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #898
• fix: sql syntax in dbcreate script by @xens in #903
• Switch to go 1.18 and pin release-utils to v0.7.1 by @saschagrunert in #904
• Check inactive shards for UUID for /retrieve endpoint by @priyawadhwa in #905
• ensure log messages have requestID where possible by @bobcallaway in #907
• Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1 by @dependabot in #906
• Remove unnecessary lookup of non-existent attestations from storage layer by @bobcallaway in #909
• Fix bug where /retrieve endpoint returns wrong logIndex across shards by @priyawadhwa in #908
• cleanup makefile with generated code; cleanup unused files by @bobcallaway in #910
• add changelog for v0.9.1 by @cpanato in #911

New Contributors

• @xens made their first contribution in #903
• @saschagrunert made their first contribution in #904

Full Changelog: v0.9.0...v0.9.1

Thanks for all contributors!

v0.9.0

What's Changed

• Add COSE support to Rekor by @kommendorkapten in #867
• Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #885
• Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #888
• Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #893
• Fix intoto index keys by @bobcallaway in #889
• Resolve virtual log index when calling /retrieve endpoint by @priyawadhwa in #894
• add changelog for v0.9.0 by @cpanato in #895

New Contributors

• @kommendorkapten made their first contribution in #867

Full Changelog: v0.8.2...v0.9.0

Thanks to all contributors!

v0.8.2

What's Changed

• collect docker-compose logs if sharding tests fail, also trim IDs by @bobcallaway in #869
• ensure fallback logic executes if attestation key is empty when fetching attestation by @bobcallaway in #878
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #881
• Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #880
• add changelog for v0.8.2 by @cpanato in #882

Full Changelog: v0.8.1...v0.8.2

v0.8.1

What's Changed

• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #868
• Bump actions/dependency-review-action from 1.0.2 to 2 by @dependabot in #871
• Fix indexing bug for intoto attestations by @priyawadhwa in #870
• Bump actions/dependency-review-action from 2.0.0 to 2.0.2 by @dependabot in #875
• Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
• add changelog for v0.8.1 by @cpanato in #874

Full Changelog: v0.8.0...v0.8.1

Thanks for all contributors!

v0.8.0

What's Changed

• Bump gopkg.in/ini.v1 from 1.66.4 to 1.66.5 by @dependabot in #846
• Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
• Bump gopkg.in/ini.v1 from 1.66.5 to 1.66.6 by @dependabot in #848
• Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.4.0 by @dependabot in #853
• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #852
• Bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in #857
• Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #858
• update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
• update go.mod to go1.17 by @cpanato in #861
• Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
• Bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 by @dependabot in #863
• Bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #844
• Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859
• Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864
• add changelog for v0.8.0 by @cpanato in #866

New Contributors

• @dhaus67 made their first contribution in #847

Full Changelog: v0.7.0...v0.8.0

v0.7.0

⚠️ Breaking Change

Removed timestamping authority API. This is a breaking API change.
If you are relying on the timestamping authority to issue signed timestamps, create signed timestamps using either OpenSSL or a service such as FreeTSA.

What's Changed

• remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
• Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #776
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #777
• Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #778
• Bump anchore/sbom-action from 0.10.0 to 0.11.0 by @dependabot in #779
• Bump github.com/mediocregopher/radix/v4 from 4.0.0 to 4.1.0 by @dependabot in #781
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #782
• Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #785
• Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #786
• Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #790
• Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #791
• Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #796
• Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #795
• Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #794
• intoto: add index on materials digest of slsa provenance by @asraa in #793
• Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #799
• chore(deps): Included dependency review by @naveensrinivasan in #788
• Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
• Bump github.com/go-playground/validator/v10 from 10.10.1 to 10.11.0 by @dependabot in #803
• Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
• Bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 by @dependabot in #802
• Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 by @dependabot in #811
• Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
• Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #816
• Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #815
• update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
• Bump github/codeql-action from 03e2e3c45f9f937ffe65a1caa4c9960d420a31f9 to 2.1.10 by @dependabot in #821
• Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #822
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 by @dependabot in #817
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 in /hack/tools by @dependabot in #818
• update go to 1.17.10 in the dockerfile by @cpanato in #819
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #827
• Limit the number of certificates parsed in a chain by @haydentherapper in #823
• Bump actions/github-script from 6.0.0 to 6.1.0 by @dependabot in #826
• Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #825
• Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #828
• Bump google-github-actions/auth from 0.7.1 to 0.7.2 by @dependabot in #830
• Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #829
• Breaking change: Remove timestamping authority by @haydentherapper in #813
• Bump google-github-actions/auth from 0.7.2 to 0.7.3 by @dependabot in #832
• Add back owners for rfc3161 package type by @haydentherapper in #833
• all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
• Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #836
• Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #837
• Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #840
• Bump google-github-actions/auth from 0.7.3 to 0.8.0 by @dependabot in #839
• name stored attestations by digest instead of UUID by @bobcallaway in #769
• Bump ossf/scorecard-action from 1.0.4 to 1.1.0 by @dependabot in #843
• Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #842
• add changelog for 0.7.0 release by @cpanato in #835

New Contributors

• @zchee made their first contribution in #834

Full Changelog: v0.6.0...v0.7.0

Thanks for all contributors!

v0.6.0

Notice: The server side remote fetching of resources will be removed in the next release

What's Changed

• attempting to fix codeowners file by @bobcallaway in #653
• Update the warning text for the GA release. by @dlorenc in #654
• Bump github.com/go-openapi/runtime from 0.22.0 to 0.23.0 by @dependabot in #655
• Bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 by @dependabot in #656
• Bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #660
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #659
• use upstream k8s version lib by @n3wscott in #657
• Bump golang from 301609e to fff998d by @dependabot in #662
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #663
• Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 by @dependabot in #664
• Add docs about API stability and deprecation policy by @priyawadhwa in #661
• update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #668
• Bump actions/github-script from 5.1.0 to 6 by @dependabot in #669
• Move k8s objects out of the default namespace by @k4leung4 in #674
• add securityContext to deployment. by @k4leung4 in #678
• Add intoto type documentation by @jspeed-meyers in #679
• create namespace for rekor config in yaml. by @k4leung4 in #680
• Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #682
• Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #683
• Set rekor-cli User-Agent header on requests by @bobcallaway in #684
• update security process link by @bobcallaway in #685
• Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 by @dependabot in #686
• explicitly set permissions for github actions by @k4leung4 in #687
• Bump github.com/go-openapi/runtime from 0.23.0 to 0.23.1 by @dependabot in #689
• Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #690
• Bump golangci/golangci-lint-action from 2.5.2 to 3 by @dependabot in #691
• Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0 by @dependabot in #692
• Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 by @dependabot in #693
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.0 to 0.3.1 by @dependabot in #695
• Bump actions/setup-go from 2.2.0 to 3.0.0 by @dependabot in #694
• Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1 by @dependabot in #696
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #698
• Add documentation about Alpine type by @jspeed-meyers in #697
• Add code coverage to pull requests. by @k4leung4 in #676
• Consistent parenthesis use in Makefile by @k4leung4 in #700
• Go update to 1.17.8 and cosign to 1.6.0 by @cpanato in #705
• Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #704
• Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671
• Generate release yaml for non-CI builds. by @k4leung4 in #702
• Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 by @dependabot in #708
• Bump github.com/go-openapi/runtime from 0.23.1 to 0.23.2 by @dependabot in #710
• Bump anchore/sbom-action from 0.6.0 to 0.7.0 by @dependabot in #709
• Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701
• Bump golang from 0168c35 to ca70980 by @dependabot in #707
• build trillian container to existing release. by @k4leung4 in #715
• Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #716
• Bump github.com/go-playground/validator/v10 from 10.10.0 to 10.10.1 by @dependabot in #717
• Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718
• Switch to using the swag library for pointer manipulation. by @dlorenc in #719
• Change TreeID to be of type string instead of int64 by @priyawadhwa in #712
• Add sharding e2e test to Github Actions by @priyawadhwa in #714
• fix merge conflict by @priyawadhwa in #720
• Bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #723
• Bump golang from ca70980 to c7c9458 by @dependabot in #722
• Clearer logging for createAndInitTree by @priyawadhwa in #724
• Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #728
• Return virtual index when creating and getting a log entry by @priyawadhwa in #725
• Fix copy/paste mistake in repo name. by @k4leung4 in #730
• Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729
• Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #736
• Get log proofs by Tree ID by @priyawadhwa in #733
• Refactor rekor-cli loginfo by @priyawadhwa in #734
• Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 by @dependabot in #740
• Update loginfo API endpoint to return information about inactive shards by @priyawadhwa in #738
• Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #744
• Replace trillian_log_server.log_id_ranges flag with a config file by @priyawadhwa in #742
• Bump anchore/sbom-action from 0.7.0 to 0.8.0 by @dependabot in #743
• fix build date format for version command by @cpanato in #745
• Require tlog_id when log_id_ranges is passed in by @lkatalin in #739
• Use active tree on server startup by @lkatalin in #727
• Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #748
• Specify public key for inactive shards in shard config by @priyawadhwa in #746
• Add support for providing certificate chain for X509 signature types by @haydentherapper in #747
• Bump google-github-actions/auth from 0.6.0 to 0.7.0 by @dependabot in #751
• Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #752
• Bump codecov/codecov-action from 2.1.0 to 3 by @dependabot in #753
• Bump anchore/sbom-action from 0.8.0 to 0.9.0 by @dependabot in #754
• Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 by @dependabot in #757
• fix typo in filename by @bobcallaway in #758
• Update release jobs and trillian images by @cpanato in #756
• Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #762
• Bump anchore/sbom-action from 0.9.0 to 0.10.0 by @dependabot in #763
• Add the SHA256 digest of the intoto payload into the rekor entry by @bobcallaway in #764
• Add index to hashed intoto envelope by @asraa in #761
• Fix link in types README by @eddiezane in #765
• set p.Block after parsing in helm provenance type by @bobcallaway in #759
• Bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 by @dependabot in #768
• Fix search without sha prefix by @eddiezane in #767
• Add in configmap to release for sharding config by @priyawadhwa in https://github.com/s...

v0.5.0

Highlights

• Add Rekor logo to README (#650)
• update API calls to v5 (#591)
• Refactor helm type to remove intermediate state. (#575)
• Refactor the shard map parsing so we can pass it down into the API object. (#564)
• Refactor the alpine type to reduce intermediate state. (#573)

Enhancements

• Add logic to GET artifacts via old or new UUID (#587)
• helpful error message for hashedrekord types (#605)
• Set Accept header in dynamic counter requests (#594)
• Add sharding package and update validators (#583)
• rekor-cli: show the url in case of error (#581)
• Enable parsing of incomplete minisign keys, to enable re-indexing. (#567)
• Cleanups on the TUF pluggable type. (#563)
• Refactor the RPM type to remove more intermediate state. (#566)
• Do some cleanups of the jar type to remove intermediate state. (#561)

Others

• Update Makefile (#621)
• update version comments since dependabot doesn't do it (#617)
• Use workload identity provider instead of GitHub Secret for GCR access (#600)
• add OSSF scorecard action (#599)
• enable the sbom for rekor releases (#586)
• Point to the official website (instead of a 404) (#580)
• add milestone to closed prs (#574)
• Add a Makefile target for the "ko apply" step. (#572)
• types/README.md: Corrected documentation link (#568)

Dependencies Updates

• Bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 (#636)
• Bump github.com/go-openapi/runtime from 0.21.1 to 0.22.0 (#635)
• Bump github.com/go-openapi/swag from 0.19.15 to 0.20.0 (#634)
• Bump golang from f71d4ca to 301609e (#627)
• Bump golang from 0fa6504 to f71d4ca (#624)
• Bump google.golang.org/grpc from 1.43.0 to 1.44.0 (#622)
• Bump github/codeql-action from 1.0.29 to 1.0.30 (#619)
• Bump ossf/scorecard-action from 1.0.1 to 1.0.2 (#618)
• bump swagger and go mod tidy (#616)
• Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#614)
• Bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#613)
• Bump google-github-actions/auth from 0.4.4 to 0.5.0 (#612)
• Bump github/codeql-action from 1.0.28 to 1.0.29 (#611)
• Bump gopkg.in/ini.v1 from 1.66.2 to 1.66.3 (#608)
• Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#609)
• Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4 (#606)
• Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 (#607)
• Bump ossf/scorecard-action from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1 (#603)
• Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1 (#602)
• Bump golang from 8c0269d to 0fa6504 (#597)
• Pin dependencies in github action workflows and Dockerfile (#595)
• update release image to use go 1.17.6 (#589)
• Bump golang from 1.17.5 to 1.17.6 (#588)
• Bump go.uber.org/goleak from 1.1.11 to 1.1.12 (#585)
• Bump go.uber.org/zap from 1.19.1 to 1.20.0 (#584)
• Bump github.com/go-playground/validator/v10 from 10.9.0 to 10.10.0 (#579)
• Bump actions/github-script from 4 to 5 (#577)

Contributors

• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Tadeu Panato Junior (@cpanato)
• Dan Lorenc (@dlorenc)
• Jason Hall (@imjasonh)
• Lily Sturmann (@lkatalin)
• Morten Linderud (@Foxboron)
• Nathan Smith (@nsmith5)
• Sylvestre Ledru (@sylvestre)
• Trishank Karthik Kuppusamy (@trishankatdatadog)

New Contributors

• @Foxboron made their first contribution in #569
• @sylvestre made their first contribution in #580
• @trishankatdatadog made their first contribution in #621
• @obarbier made their first contribution in #644
• @nsmith5 made their first contribution in #650

Thanks to all contributors!

Full Changelog: v0.4.0...v0.5.0

v0.4.0

v0.4.0

Highlights

• Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501)

Enhancements

• Update the schema to match that of Trillian repo. The map specific (#528)
• allow setting the user-agent string sent from the client (#521)
• update key usage for ts cert (#504)
• api/index/retrieve: allow searching on indicies with sha1 hashes (#499)
• Only include Attestation data if attestation storage enabled (#494)
• Fuzzing RequestFromRekor API (#488)
• Included pprof for profiling the application. (#485)
• refactor release and add signing (#483)
• More verbose error message for redis connection failure (#479) (#480)
• Fixed modtime for reproducible goreleaser (#473)
• add goreleaser and cloudbuild for releases (#443)
• Add dynamic JS tree size counter (#468)
• check that entry UUID == leafHash of returned entry (#469)
• chore: upgrade cosign version (#465)
• Reproducible builds with trimpath (#464)
• correct links, add Table of Contents of sorts (#449)
• update go tuf for rsa key impl (#446)
• Canonicalize JSON before inserting into trillian (#445)
• Export search UUIDs field (#438)
• Add a flag to start specifying log index ranges for virtual indices. (#435)
• Cleanup some initialization/flag parsing in rekor-server. (#433)
• Drop 404 errors down to a warning. (#426)
• Cleanup the output of search (the text goes to stderr not stdout). (#421)
• remove extradata field from types (#418)
• Update usage of ./cmd/rekor-cli/ from rekor to rekor-cli (#417)
• Add TUF type (#383)
• Updates to INSTALLATION.md notes (#415)
• Update snippets to use console type for snippets (#410)
• version: add way to display a version when using go get or go install (#405)
• Use an in memory timestamping key (#402)
• Links are case sensitive (#401)
• Installation guide (#400)
• Add a SignedTimestampNote (#397)
• Provide instructions on verifying releases (#399)
• rekor-server: add html page when humans reach the server via the browser (#394)
• use go modules to track tools (#395)

Bug Fixes

• fix timestamp addition and unmarshal (#525)
• Correct & parallelize tests (#522)
• Fix fuzz go.sum issue (#509)
• fix validation error (#503)
• Correct Helm index keys (#474)
• Fix a bug in x509 certificate handling. (#461)
• Fix a conflict from parallel dependabot merges. (#456)
• fix tuf metadata marshalling (#447)
• Switch DSSE provider to go-securesystemslib (#442)
• fix unmarshalling sth (#409)
• Fix port flag override (#396)
• makefile: small fix on the makefile for the rekor-server (#393)

Dependencies Updates

• Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (#531)
• Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (#530)
• Bump the DSSE signing library. (#529)
• Bump golang from 1.17.4 to 1.17.5 (#527)
• Bump golang from 1.17.3 to 1.17.4 (#523)
• Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#520)
• Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (#517)
• Bump github.com/secure-systems-lab/go-securesystemslib (#516)
• Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#513)
• Upgraded go-playground/validator module to v10 (#507)
• Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (#495)
• Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#510)
• Bump the trillian import to v1.4.0. (#502)
• Bump the trillian versions to v1.4.0 in our docker-compose setup. (#500)
• update go.mod for go-fuzz (#496)
• Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (#491)
• Bump golang from 1.17.2 to 1.17.3 (#482)
• Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (#478)
• Bump actions/checkout from 2.3.5 to 2.4.0 (#477)
• Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (#470)
• bump go-swagger to v0.28.0 (#463)
• Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (#459)
• Bump actions/checkout from 2.3.4 to 2.3.5 (#458)
• Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (#460)
• Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (#451)
• Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (#454)
• Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (#453)
• Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (#452)
• Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (#450)
• Bump golang from 1.17.1 to 1.17.2 (#448)
• Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (#441)
• Bump golang.org/x/mod from 0.5.0 to 0.5.1 (#440)
• Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (#439)
• Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (#437)
• Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (#436)
• Bump gocloud to v0.24.0. (#434)
• Bump golang from 1.17.0 to 1.17.1 (#432)
• Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#431)
• Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (#429)
• Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (#425)
• Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (#423)
• Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (#422)
• Bump golang from 1.16.7 to 1.17.0 (#413)
• Bump golang.org/x/mod from 0.4.2 to 0.5.0 (#412)
• Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (#411)
• Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (#408)
• Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#407)
• Bump golang from 1.16.6 to 1.16.7 (#403)
• Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (#404)

Contributors

• Aditya Sirish (@adityasaky)
• Andrew Block (@sabre1041)
• Asra Ali (@asraa)
• Axel Simon (@axelsimon)
• Batuhan Apaydın (@developer-guy)
• Bob Callaway (@bobcallaway)
• Carlos Panato (@cpanato)
• Dan Lorenc (@dlorenc)
• Dan Luhring (@luhring)
• Harry Fallows (@harryfallows)
• Hector Fernandez (@hectorj2f)
• Jake Sanders (@dekkagaijin)
• Jason Hall (@imjasonh)
• Lily Sturmann (@lkatalin)
• Luke Hinds (@lukehinds)
• Marina Moore (@mnm678)
• Mikhail Swift (@mikhailswift)
• Naveen Srinivasan (@naveensrinivasan)
• Robert James Hernandez (@sarcasticadmin)
• Santiago Torres (@SantiagoTorres)
• Tiziano Santoro (@tiziano88)
• Trishank Karthik Kuppusamy (@trishankatdatadog)
• Ville Aikas (@vaikas)
• kpcyrd (@kpcyrd)

Images:

• Rekor server: `gcr.i...

Rekor Release v0.3.0

v0.3.0 Release of rekor-cli and rekor-server:

4899332 build containers for both arm64 and amd64 #334
0882cde ci: add job to build the container to validate #335
34caf45 Upload generated timestamps #336
5fb05e1 Add Alpine Package type #337
710784c Add timestamping cert chain to config #338
e5dcf0a base64 encode timestamping cert chain #340
428f264 Update in-toto-golang to pick up the latest interface changes. #341
6c013a5 Move GetRekorClient into util directory #349
9fa4e20 Adopt new signing/verification APIs from sigstore #358
5862799 Added Helm type #354
cb96bc0 Fix help message outputs. #366
5ebdab6 Add index keys for in-toto provenance objects. #361
1c30d2f Fetch attestations from storage in the API. #364
aaca0ae Update trillian dependencies. #368
9995a02 Update the trillian code dependencies. #369
6031d7c update go modules, tidy #371
36ea8ba Update docker go version and github actions #372
e63fe71 Add type-specific usage documentation. #374
53d71cd Improve separation between type implementations and CLI code #339
38d532d Clean up EntryImpl interface #370
5687a24 Stop depending on external jenkins mirror #376
5e005eb Improve error messages for invalid content #377
12077f5 Fix #373: skip openssh tests if ssh-keygen is not in PATH #378
07c8e8f Generalize SignedCheckpoint to take arbitrary Notes #347
d8ac9f8 insert sha256: prefix if not provided #381
03c4917 add readOnly/writeOnly annotations to openapi #382
27be9e7 fix 0 log index #385
19d6519 return exit code of 1 if no results found in searching index #386
70eed2f makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform #391
464970c add timeout flag to rekor-cli #390
e4303a8 fix pre-formed entry upload #392

Releases signed against fulcio root with OpenID Account: [email protected]

rekor-cli-darwin-amd64: https://rekor.sigstore.dev/api/v1/log/entries/8bfbdffec6b9d5bffda06fff52e6bc86b6419d2469839c1ff5a5a3a8816ba711
rekor-cli-darwin-arm64: https://rekor.sigstore.dev/api/v1/log/entries/de960c01d6b772f3630594b4e4fd0540e21481aa4e370f4c52f2f8349df7974e
rekor-cli-linux-amd64: https://rekor.sigstore.dev/api/v1/log/entries/b6fdc91e6af5bdd8df133802b7966aa53c1e59365741ee56e287f11263e02c33
rekor-cli-linux-arm64: https://rekor.sigstore.dev/api/v1/log/entries/0de5733f6333f7de54d01e6e436b1b8e6cf0488e8d272b99c8d2f2f094f0f55b
rekor-cli-windows-amd64.exe: https://rekor.sigstore.dev/api/v1/log/entries/5d5fc116f000d667af2b56881b83bf88c4840d99a8fc82c53f06cb3bda2c940a
rekor-server-linux-amd64: https://rekor.sigstore.dev/api/v1/log/entries/8a4b15939fcac2a62a294157a49778f6eb9aecb1aebf666e49cf9c72dff4e6f6

Contributors

• Andrew Block (@sabre1041)
• Asra Ali (@asraa)
• Bob Callaway (@bobcallaway)
• Carlos Panato (@cpanato)
• Christian Rebischke (@shibumi)
• Dan Lorenc (@dlorenc)
• Jake Sanders (@dekkagaijin)