CHANGELOG.md



To find the state of this project's repository at the time of any of these versions, check out the tags.


v0.4.0

Highlights

Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (https://github.com/sigstore/rekor/pull/501)


Enhancements

Update the schema to match that of Trillian repo. The map specific (https://github.com/sigstore/rekor/pull/528)
allow setting the user-agent string sent from the client (https://github.com/sigstore/rekor/pull/521)
update key usage for ts cert (https://github.com/sigstore/rekor/pull/504)
api/index/retrieve: allow searching on indicies with sha1 hashes (https://github.com/sigstore/rekor/pull/499)
Only include Attestation data if attestation storage enabled (https://github.com/sigstore/rekor/pull/494)
Fuzzing RequestFromRekor API (https://github.com/sigstore/rekor/pull/488)
Included pprof for profiling the application. (https://github.com/sigstore/rekor/pull/485)
refactor release and add signing (https://github.com/sigstore/rekor/pull/483)
More verbose error message for redis connection failure (https://github.com/sigstore/rekor/pull/479) (https://github.com/sigstore/rekor/pull/480)
Fixed modtime for reproducible goreleaser (https://github.com/sigstore/rekor/pull/473)
add goreleaser and cloudbuild for releases (https://github.com/sigstore/rekor/pull/443)
Add dynamic JS tree size counter (https://github.com/sigstore/rekor/pull/468)
check that entry UUID == leafHash of returned entry (https://github.com/sigstore/rekor/pull/469)
chore: upgrade cosign version (https://github.com/sigstore/rekor/pull/465)
Reproducible builds with trimpath (https://github.com/sigstore/rekor/pull/464)
correct links, add Table of Contents of sorts (https://github.com/sigstore/rekor/pull/449)
update go tuf for rsa key impl (https://github.com/sigstore/rekor/pull/446)
Canonicalize JSON before inserting into trillian (https://github.com/sigstore/rekor/pull/445)
Export search UUIDs field (https://github.com/sigstore/rekor/pull/438)
Add a flag to start specifying log index ranges for virtual indices. (https://github.com/sigstore/rekor/pull/435)
Cleanup some initialization/flag parsing in rekor-server. (https://github.com/sigstore/rekor/pull/433)
Drop 404 errors down to a warning. (https://github.com/sigstore/rekor/pull/426)
Cleanup the output of search (the text goes to stderr not stdout). (https://github.com/sigstore/rekor/pull/421)
remove extradata field from types (https://github.com/sigstore/rekor/pull/418)
Update usage of ./cmd/rekor-cli/ from rekor to rekor-cli (https://github.com/sigstore/rekor/pull/417)
Add TUF type (https://github.com/sigstore/rekor/pull/383)
Updates to INSTALLATION.md notes (https://github.com/sigstore/rekor/pull/415)
Update snippets to use console type for snippets (https://github.com/sigstore/rekor/pull/410)
version: add way to display a version when using go get or go install (https://github.com/sigstore/rekor/pull/405)
Use an in memory timestamping key (https://github.com/sigstore/rekor/pull/402)
Links are case sensitive (https://github.com/sigstore/rekor/pull/401)
Installation guide (https://github.com/sigstore/rekor/pull/400)
Add a SignedTimestampNote (https://github.com/sigstore/rekor/pull/397)
Provide instructions on verifying releases (https://github.com/sigstore/rekor/pull/399)
rekor-server: add html page when humans reach the server via the browser (https://github.com/sigstore/rekor/pull/394)
use go modules to track tools (https://github.com/sigstore/rekor/pull/395)


Bug Fixes

fix timestamp addition and unmarshal (https://github.com/sigstore/rekor/pull/525)
Correct & parallelize tests (https://github.com/sigstore/rekor/pull/522)
Fix fuzz go.sum issue (https://github.com/sigstore/rekor/pull/509)
fix validation error (https://github.com/sigstore/rekor/pull/503)
Correct Helm index keys (https://github.com/sigstore/rekor/pull/474)
Fix a bug in x509 certificate handling. (https://github.com/sigstore/rekor/pull/461)
Fix a conflict from parallel dependabot merges. (https://github.com/sigstore/rekor/pull/456)
fix tuf metadata marshalling (https://github.com/sigstore/rekor/pull/447)
Switch DSSE provider to go-securesystemslib (https://github.com/sigstore/rekor/pull/442)
fix unmarshalling sth (https://github.com/sigstore/rekor/pull/409)
Fix port flag override (https://github.com/sigstore/rekor/pull/396)
makefile: small fix on the makefile for the rekor-server (https://github.com/sigstore/rekor/pull/393)


Dependencies Updates

Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (https://github.com/sigstore/rekor/pull/531)
Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (https://github.com/sigstore/rekor/pull/530)
Bump the DSSE signing library. (https://github.com/sigstore/rekor/pull/529)
Bump golang from 1.17.4 to 1.17.5 (https://github.com/sigstore/rekor/pull/527)
Bump golang from 1.17.3 to 1.17.4 (https://github.com/sigstore/rekor/pull/523)
Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (https://github.com/sigstore/rekor/pull/520)
Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (https://github.com/sigstore/rekor/pull/517)
Bump github.com/secure-systems-lab/go-securesystemslib (https://github.com/sigstore/rekor/pull/516)
Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (https://github.com/sigstore/rekor/pull/513)
Upgraded go-playground/validator module to v10 (https://github.com/sigstore/rekor/pull/507)
Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (https://github.com/sigstore/rekor/pull/495)
Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (https://github.com/sigstore/rekor/pull/510)
Bump the trillian import to v1.4.0. (https://github.com/sigstore/rekor/pull/502)
Bump the trillian versions to v1.4.0 in our docker-compose setup. (https://github.com/sigstore/rekor/pull/500)
update go.mod for go-fuzz (https://github.com/sigstore/rekor/pull/496)
Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (https://github.com/sigstore/rekor/pull/491)
Bump golang from 1.17.2 to 1.17.3 (https://github.com/sigstore/rekor/pull/482)
Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (https://github.com/sigstore/rekor/pull/478)
Bump actions/checkout from 2.3.5 to 2.4.0 (https://github.com/sigstore/rekor/pull/477)
Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (https://github.com/sigstore/rekor/pull/470)
bump go-swagger to v0.28.0 (https://github.com/sigstore/rekor/pull/463)
Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (https://github.com/sigstore/rekor/pull/459)
Bump actions/checkout from 2.3.4 to 2.3.5 (https://github.com/sigstore/rekor/pull/458)
Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (https://github.com/sigstore/rekor/pull/460)
Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (https://github.com/sigstore/rekor/pull/451)
Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (https://github.com/sigstore/rekor/pull/454)
Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (https://github.com/sigstore/rekor/pull/453)
Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (https://github.com/sigstore/rekor/pull/452)
Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (https://github.com/sigstore/rekor/pull/450)
Bump golang from 1.17.1 to 1.17.2 (https://github.com/sigstore/rekor/pull/448)
Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (https://github.com/sigstore/rekor/pull/441)
Bump golang.org/x/mod from 0.5.0 to 0.5.1 (https://github.com/sigstore/rekor/pull/440)
Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (https://github.com/sigstore/rekor/pull/439)
Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (https://github.com/sigstore/rekor/pull/437)
Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (https://github.com/sigstore/rekor/pull/436)
Bump gocloud to v0.24.0. (https://github.com/sigstore/rekor/pull/434)
Bump golang from 1.17.0 to 1.17.1 (https://github.com/sigstore/rekor/pull/432)
Bump go.uber.org/zap from 1.19.0 to 1.19.1 (https://github.com/sigstore/rekor/pull/431)
Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (https://github.com/sigstore/rekor/pull/429)
Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (https://github.com/sigstore/rekor/pull/425)
Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (https://github.com/sigstore/rekor/pull/423)
Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (https://github.com/sigstore/rekor/pull/422)
Bump golang from 1.16.7 to 1.17.0 (https://github.com/sigstore/rekor/pull/413)
Bump golang.org/x/mod from 0.4.2 to 0.5.0 (https://github.com/sigstore/rekor/pull/412)
Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (https://github.com/sigstore/rekor/pull/411)
Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (https://github.com/sigstore/rekor/pull/408)
Bump go.uber.org/zap from 1.18.1 to 1.19.0 (https://github.com/sigstore/rekor/pull/407)
Bump golang from 1.16.6 to 1.16.7 (https://github.com/sigstore/rekor/pull/403)
Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (https://github.com/sigstore/rekor/pull/404)


Contributors

Aditya Sirish (@adityasaky)
Andrew Block (@sabre1041)
Asra Ali (@asraa)
Axel Simon (@axelsimon)
Batuhan Apaydın (@developer-guy)
Bob Callaway (@bobcallaway)
Carlos Panato (@cpanato)
Dan Lorenc (@dlorenc)
Dan Luhring (@luhring)
Harry Fallows (@harryfallows)
Hector Fernandez (@hectorj2f)
Jake Sanders (@dekkagaijin)
Jason Hall (@imjasonh)
Lily Sturmann (@lkatalin)
Luke Hinds (@lukehinds)
Marina Moore (@mnm678)
Mikhail Swift (@mikhailswift)
Naveen Srinivasan (@naveensrinivasan)
Robert James Hernandez (@sarcasticadmin)
Santiago Torres (@SantiagoTorres)
Tiziano Santoro (@tiziano88)
Trishank Karthik Kuppusamy (@trishankatdatadog)
Ville Aikas (@vaikas)
kpcyrd (@kpcyrd)