Skip to content

Tags: theupdateframework/go-tuf

Tags

v2.0.2

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Error in case the delegated role is missing from the snapshot (#652)

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>

v2.0.1

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Fix branch name in multi-repo client example (#651)

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>

v2.0.0

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Increase the default value for MaxRootRotations (#645)

The default value of 32 is quite small, it may break certain clients that are
trying to do complete tuf refresh on a large TUF repo.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

v0.7.0

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.16.0 (#568)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.16.0.
- [Commits](golang/crypto@v0.14.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

v0.6.1

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
fix: fail to load deprecated ecdsa verifier (#541)

* fix: fail to load deprecated ecdsa verifier

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* test: update deprecated tests and fix assigned verifier

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

* chore: temporarily silence govulncheck alerts

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

---------

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>

v0.6.0

v0.6.0 release

v0.5.2

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
test: add tests for rollback protection on snapshot, targets, delegat…

…ions (#450)

* test: add tests for rollback protection

Signed-off-by: Asra Ali <asraa@google.com>

* golangci-lint

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>

v0.5.1

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
chore: update TUF spec version (#392)

We fixed #321 but forgot to update this, so now the GH actions bot is
confused (#391).

Signed-off-by: Zachary Newman <z@znewman.net>

v0.5.0

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
feat: Support ecdsa and RSA keys (#270 with backwards compatibility) (#…

…357)

* * fix!: ECDSA verifiers now expect PEM-encoded public keys per TUF specification
* feat: ECDSA signers are now implemented
* feat: RSA verifiers and signers are implemented

BREAKING CHANGE: ECDSA verifiers expect PEM-encoded public keys. If you rely
on previous behavior of hex-encoded public keys for verifiers, then you must
import pkg/deprecated/set_ecdsa that will allow a fallback for hex-encoded
ECDSA keys.

Co-authored-by: Asra Ali <asraa@google.com>
Co-authored-by: Toby Bristow <toby.bristow@qush.com>
Signed-off-by: Asra Ali <asraa@google.com>

* add comment

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Toby Bristow <toby.bristow@qush.com>

v0.3.2

Partially verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
fix(verify): backport "Fix a vulnerability in the verification of thr…

…eshold si… (#375)

fix(verify):  Fix a vulnerability in the verification of threshold signatures (due to handling of keys with multiple IDs) (#369)

* add test for several signatures same key diff ID

* fix verifying threshold signatures

* add some comments

* rename variables and add comments

Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Signed-off-by: Zachary Newman <z@znewman.net>

Signed-off-by: Zachary Newman <z@znewman.net>
Co-authored-by: Cédric Van Rompay <97546950+cedricvanrompay-datadog@users.noreply.github.com>
Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>