Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-15-SP4:Update
rekor.27049
rekor.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rekor.changes of Package rekor.27049
------------------------------------------------------------------- Tue Nov 29 13:42:54 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to rekor 1.0.1 (jsc#SLE-23476): - stop inserting envelope hash for intoto:0.0.2 types into index - build with FIPSified go1.18. ------------------------------------------------------------------- Wed Oct 19 08:21:25 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to rekor 1.0.0 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint by @bobcallaway in https://github.com/sigstore/rekor/pull/1073 - Adding e2e test coverage by @cdris in https://github.com/sigstore/rekor/pull/1071 - export rekor build/version information by @cpanato in https://github.com/sigstore/rekor/pull/1074 - Use POST instead of GET for /api/log/entries/retrieve metrics. by @var-sdk in https://github.com/sigstore/rekor/pull/1083 - Search through all shards when searching by hash by @priyawadhwa in https://github.com/sigstore/rekor/pull/1082 - verify: verify checkpoint's STH against the inclusion proof root hash by @asraa in https://github.com/sigstore/rekor/pull/1092 - add ability to enable/disable specific rekor API endpoints by @bobcallaway in https://github.com/sigstore/rekor/pull/1080 - enable configurable client retries with backoff in RekorClient by @bobcallaway in https://github.com/sigstore/rekor/pull/1096 - remove dead code around api-key and timestamp references by @bobcallaway in https://github.com/sigstore/rekor/pull/1098 - update swagger API version to 1.0.0 by @bobcallaway in https://github.com/sigstore/rekor/pull/1102 - remove unused RekorVersion API definition by @bobcallaway in https://github.com/sigstore/rekor/pull/1101 - install gocovmerge in hack/tools by @bobcallaway in https://github.com/sigstore/rekor/pull/1103 - add retry command line flag on rekor-cli by @bobcallaway in https://github.com/sigstore/rekor/pull/1097 - Add some info and debug logging to commonly used funcs by @priyawadhwa in https://github.com/sigstore/rekor/pull/1106 ------------------------------------------------------------------- Fri Sep 30 13:59:10 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to rekor 0.12.2 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching by hash ------------------------------------------------------------------- Tue Sep 27 12:22:57 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to rekor 0.12.1 (jsc#SLE-23476): - ** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version The addition of the intotov2 created a breaking change for the rekor-cli - What's Changed - fix: fix harness tests with intoto v0.0.2 by @asraa in #1052 - feat: add file based signer and password by @asraa in #1049 - Adds new rekor metrics for latency and QPS. by @var-sdk in #1059 ------------------------------------------------------------------- Thu Sep 15 12:33:21 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to rekor 0.12.0 (jsc#SLE-23476): - check supportedVersions list rather than directly reading from version map by @bobcallaway in #1003 - enable blocking specific pluggable type versions from being inserted into the log by @bobcallaway in #1004 - api.SearchLogQueryHandler thread safety by @cdris in #1006 - 'docker compose' to 'docker-compose' by @bobcallaway in #1009 - Intoto v0.0.2 by @pxp928 in #973 - Add bounds on number of elements in api/v1/log/entries/retrieve by @priyawadhwa in #1011 - Change Checkpoint origin to be "Hostname - Tree ID" by @haydentherapper in #1013 - feat: add verification functions by @asraa in #986 - Validate tree ID on calls to /api/v1/log/entries/retrieve by @priyawadhwa in #1017 - Include checkpoint (STH) in entry upload and retrieve responses by @haydentherapper in #1015 - fix: use entry uuid uniformly in return responses by @asraa in #1012 - remove /api/v1/version endpoint by @bobcallaway in #1022 - Fix rekor-cli backwards incompatibility & run harness tests against HEAD by @priyawadhwa in #1030 - Fix harness tests @ main by @priyawadhwa in #1038 - Fetch all tags in harness tests by @priyawadhwa in #1039 - fix retrieve endpoint response code and add testing by @asraa in #1043 - updated to rekor 0.11.0: - Add rekor harness tests by @priyawadhwa in #945 - Persist and check attestations across harness tests by @priyawadhwa in #952 - Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957 - api: fix inclusion proof verification flake by @asraa in #956 - change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963 - fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965 - Add prometheus summary to track metric latency by @priyawadhwa in #966 - compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967 - update field documentation on publicKey for hashedrekord by @bobcallaway in #969 - Allow sharding config to be written in yaml or json by @priyawadhwa in #974 - fix incorrect schema id for cose type by @bobcallaway in #979 - fix: make rekor verify work with sharded uuids by @asraa in #970 - update builder and cosign images by @cpanato in #981 - remove trailing slash on directories by @bobcallaway in #984 - add support for intersection & union in search operations by @dsa0x in #968 - Update scorecard-action to v2:alpha by @azeemshaikh38 in #987 - updated to rekor 0.10.0: - reuse DSSE signature wrappers instead of a local copy by @bobcallaway in #912 - Updates on the release job/makefile cleanup by @cpanato in #914 - Return 404 if entry isn't found in log by @priyawadhwa in #915 - Update cosign image in validate-release job by @priyawadhwa in #931 - update go builder and cosign image by @cpanato in #934 - Drop application/yaml content type by @haydentherapper in #933 - Add rekor test harness to presubmit tests by @priyawadhwa in #921 - sparkles Enable Scorecard badge by @azeemshaikh38 in #941 - update go mod in hack/tools to go1.18 by @cpanato in #935 - add ldflags back by @cpanato in #944 ------------------------------------------------------------------- Wed Jul 27 13:26:17 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to rekor 0.9.1 - feat: add subject URIs to index for x509 certificates by @asraa in #897 - fix: sql syntax in dbcreate script by @xens in #903 - Switch to go 1.18 and pin release-utils to v0.7.1 by @saschagrunert in #904 - Check inactive shards for UUID for /retrieve endpoint by @priyawadhwa in #905 - ensure log messages have requestID where possible by @bobcallaway in #907 - Remove unnecessary lookup of non-existent attestations from storage layer by @bobcallaway in #909 - Fix bug where /retrieve endpoint returns wrong logIndex across shards by @priyawadhwa in #908 - updated to rekor 0.9.0 - Add COSE support to Rekor by @kommendorkapten in #867 - Fix intoto index keys by @bobcallaway in #889 - Resolve virtual log index when calling /retrieve endpoint by @priyawadhwa in #894 - updated to rekor 0.8.2 - collect docker-compose logs if sharding tests fail, also trim IDs by @bobcallaway in #869 - ensure fallback logic executes if attestation key is empty when fetching attestation by @bobcallaway in #878 ------------------------------------------------------------------- Wed Jun 29 12:26:43 UTC 2022 - Marcus Meissner <meissner@suse.com> - rekor-zypper-verify.sh: add a small script that verifies the on-system zypper repo cache against rekor transparency log. ------------------------------------------------------------------- Mon Jun 20 06:54:51 UTC 2022 - Marcus Meissner <meissner@suse.com> - Updated to rekor 0.8.1 - Fix indexing bug for intoto attestations by @priyawadhwa in #870 - Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873 - Updated to rekor 0.8.0 - Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847 - Configure rekor server in e2e tests via env variable by @priyawadhwa in #850 - update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860 - update go.mod to go1.17 by @cpanato in #861 - Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862 - Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859 - Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864 - Updated to rekor 0.7.0 - remove URL fetch of keys/artifacts server-side by @bobcallaway in #735 - intoto: add index on materials digest of slsa provenance by @asraa in #793 - chore(deps): Included dependency review by @naveensrinivasan in #788 - Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800 - Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807 - Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810 - update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820 - update go to 1.17.10 in the dockerfile by @cpanato in #819 - Limit the number of certificates parsed in a chain by @haydentherapper in #823 - Breaking change: Remove timestamping authority by @haydentherapper in #813 - Add back owners for rfc3161 package type by @haydentherapper in #833 - all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834 - name stored attestations by digest instead of UUID by @bobcallaway in #769 ------------------------------------------------------------------- Tue Apr 26 09:41:49 UTC 2022 - Marcus Meissner <meissner@suse.com> - Updated to rekor 0.6.0 - attempting to fix codeowners file by @bobcallaway in #653 - Update the warning text for the GA release. by @dlorenc in #654 - Add docs about API stability and deprecation policy by @priyawadhwa in #661 - update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666 - Move k8s objects out of the default namespace by @k4leung4 in #674 - add securityContext to deployment. by @k4leung4 in #678 - Add intoto type documentation by @jspeed-meyers in #679 - create namespace for rekor config in yaml. by @k4leung4 in #680 - Set rekor-cli User-Agent header on requests by @bobcallaway in #684 - update security process link by @bobcallaway in #685 - explicitly set permissions for github actions by @k4leung4 in #687 - Add documentation about Alpine type by @jspeed-meyers in #697 - Add code coverage to pull requests. by @k4leung4 in #676 - Consistent parenthesis use in Makefile by @k4leung4 in #700 - Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671 - Generate release yaml for non-CI builds. by @k4leung4 in #702 - Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701 - build trillian container to existing release. by @k4leung4 in #715 - Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718 - Switch to using the swag library for pointer manipulation. by @dlorenc in #719 - Change TreeID to be of type string instead of int64 by @priyawadhwa in #712 - Add sharding e2e test to Github Actions by @priyawadhwa in #714 - fix merge conflict by @priyawadhwa in #720 - Clearer logging for createAndInitTree by @priyawadhwa in #724 - Return virtual index when creating and getting a log entry by @priyawadhwa in #725 - Fix copy/paste mistake in repo name. by @k4leung4 in #730 - Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729 - Get log proofs by Tree ID by @priyawadhwa in #733 - Refactor rekor-cli loginfo by @priyawadhwa in #734 - Update loginfo API endpoint to return information about inactive shards by @priyawadhwa in #738 - Replace trillian_log_server.log_id_ranges flag with a config file by @priyawadhwa in #742 - fix build date format for version command by @cpanato in #745 - Require tlog_id when log_id_ranges is passed in by @lkatalin in #739 - Use active tree on server startup by @lkatalin in #727 - Specify public key for inactive shards in shard config by @priyawadhwa in #746 - Add support for providing certificate chain for X509 signature types by @haydentherapper in #747 - fix typo in filename by @bobcallaway in #758 - Update release jobs and trillian images by @cpanato in #756 - Add the SHA256 digest of the intoto payload into the rekor entry by @bobcallaway in #764 - Add index to hashed intoto envelope by @asraa in #761 - Fix link in types README by @eddiezane in #765 - set p.Block after parsing in helm provenance type by @bobcallaway in #759 - Fix search without sha prefix by @eddiezane in #767 - Add in configmap to release for sharding config by @priyawadhwa in #766 - Search inactive trees for GET by UUID requests by @lkatalin in #750 - Create EntryID for new artifacts and return EntryID to user by @lkatalin in #623 - Update cloudbuild to not fail when copy the images by @cpanato in #773 ------------------------------------------------------------------- Fri Apr 1 15:13:27 UTC 2022 - Marcus Meissner <meissner@suse.com> - Updated to rekor 0.5.0 * Highlights - Add Rekor logo to README (#650) - update API calls to v5 (#591) - Refactor helm type to remove intermediate state. (#575) - Refactor the shard map parsing so we can pass it down into the API object. (#564) - Refactor the alpine type to reduce intermediate state. (#573) * Enhancements - Add logic to GET artifacts via old or new UUID (#587) - helpful error message for hashedrekord types (#605) - Set Accept header in dynamic counter requests (#594) - Add sharding package and update validators (#583) - rekor-cli: show the url in case of error (#581) - Enable parsing of incomplete minisign keys, to enable re-indexing. (#567) - Cleanups on the TUF pluggable type. (#563) - Refactor the RPM type to remove more intermediate state. (#566) - Do some cleanups of the jar type to remove intermediate state. (#561) * Others - update version comments since dependabot doesn't do it (#617) - Use workload identity provider instead of GitHub Secret for GCR access (#600) - add OSSF scorecard action (#599) - enable the sbom for rekor releases (#586) - Point to the official website (instead of a 404) (#580) - Add a Makefile target for the "ko apply" step. (#572) - types/README.md: Corrected documentation link (#568) ------------------------------------------------------------------- Thu Feb 3 09:46:25 UTC 2022 - Marcus Meissner <meissner@suse.com> - enable server build too, as people might want to deploy rekor chain themselves. ------------------------------------------------------------------- Tue Jan 25 08:32:11 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com> - Fix BUILD_DATE for reproducible build results (boo#1047218) ------------------------------------------------------------------- Thu Jan 6 14:52:16 UTC 2022 - Marcus Meissner <meissner@suse.com> - updated to 0.4.0 Highlights - Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (#501) ------------------------------------------------------------------- Wed Dec 8 16:58:06 UTC 2021 - Marcus Rueckert <mrueckert@suse.de> - prepare building of the serve part ------------------------------------------------------------------- Fri Nov 26 16:01:30 UTC 2021 - Marcus Rueckert <mrueckert@suse.de> - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor