Skip to content
Snippets Groups Projects
Unverified Commit e167a3b6 authored by Luke Hinds's avatar Luke Hinds Committed by GitHub
Browse files

Installation guide (#400) 


Signed-off-by: default avatarLuke Hinds <lhinds@redhat.com>
parent db0e4181
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
INSTALLATION.md 0 → 100644
+ 133
0
View file @ e167a3b6
# Rekor installation
There are serveral methods to install rekor which we will cover here for both the rekor-cli and server
## From the release page
Rekor releases are available on the [release page](https://github.com/sigstore/rekor/releases)
The components are available, the server; `rekor-server` and the CLI tool `rekor-cli`
See [release-verify](release-verify.md) for details of to verify rekor release binaries.
## Using go install
If you have go installed, you can use go to retreive the rekor binaries
```
go install -v github.com/sigstore/rekor/cmd/rekor-cli@latest
```
You may also do the same for rekor-server, but **note** that rekor server also
requires trillian and database. See [database]
```
go install -v github.com/sigstore/rekor/cmd/rekor-server@latest
```
## Build from the git repository
Clone rekor
```
git clone https://github.com/sigstore/rekor.git
```
And then use our Makefile to build:
```
make rekor-cli rekor-server
```
> :notebook: You will of course need the 'make' package to run the above
# Rekor Server Set up
## Configure trillians database
To set up trillians database we need to create the database / tables.
Trillian requires a database, we use MariaDB for now (others to be explored later). Once this is installed on your machine,
edit the `scripts/createdb.sh` file with your database root account credentials and run the script.
If you’re just trying out rekor, keep the DB user name and password the same as in the script (test/zaphod). If you change these,
you need to make the changes on Trillian’s side (visit the trillian repo for details).
```
wget https://raw.githubusercontent.com/sigstore/rekor/main/scripts/createdb.sh
```
```
wget https://raw.githubusercontent.com/sigstore/rekor/main/scripts/storage.sql
```
```
chmod +x createdb.sh
```
```
sudo ./createdb.sh
```
## Install trillian
```
go install github.com/google/trillian/cmd/trillian_log_server@v1.3.14-0.20210713114448-df474653733c
```
```
go install github.com/google/trillian/cmd/trillian_log_signer@v1.3.14-0.20210713114448-df474653733c
```
## Run trillian
First run the trillian log server
```
trillian_log_server -http_endpoint=localhost:8090 -rpc_endpoint=localhost:8091 --logtostderr ...
```
Now run the signer:
```
trillian_log_signer --logtostderr --force_master --http_endpoint=localhost:8190 -rpc_endpoint=localhost:8191 --batch_size=1000 --sequencer_guard_window=0 --sequencer_interval=200ms
```
## Run Rekor
We are now ready to run rekor.
> :notebook: If you want a quick handy search index, then you will need to install redis-server
if you choose not to, then you must pass the argument `--enable_retrieve_api` false.
```
rekor-server serve --rekor_server.address=0.0.0.0 --rekor_server.port=3000
```
Example:
```
2021-07-29T12:06:47.829+0100 INFO app/root.go:107 Using config file: /home/luke/go/src/github.com/lukehinds/rekor/rekor-server.yaml
2021-07-29T12:06:47.830+0100 INFO app/serve.go:66 starting rekor-server
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'jar'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'jar'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'intoto'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'intoto'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'rfc3161'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'rfc3161'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'alpine'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'alpine'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'helm'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'helm'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'rekord'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'rekord'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'rpm'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'rpm'
2021-07-29T12:06:47.858+0100 INFO restapi/server.go:230 Serving rekor server at http://127.0.0.1:3000
```
## Use of rekor CLI
For examples of using the rekor-cli, please see the [types](types.md) documentation
README.md
+ 8
11
View file @ e167a3b6
......@@ -14,12 +14,6 @@ Rekor fulfils the signature transparency role of sigstore's software signing
infrastructure. However, Rekor can be run on its own and is designed to be
extensible to working with different manifest schemas and PKI tooling.
For more details on set up a Rekor server, [visit the following link](https://sigstore.dev/get_started/server/)
For details on CLI usage, [visit the following link](https://sigstore.dev/get_started/client/)
If you're interesting in integration with Rekor, we have an [OpenAPI swagger editor](https://sigstore.dev/swagger/)
## Public Instance
A public instance of rekor can be found at [rekor.sigstore.dev](https://rekor.sigstore.dev/api/v1/log/)
......@@ -37,11 +31,8 @@ We are interested in helping on board you!
### Installation
Rekor releases are available on the [release page](https://github.com/sigstore/rekor/releases)
The components are available, the server; `rekor-server` and the CLI tool `rekor-cli`
See [release-verify](release-verify.md) for details of to verify rekor release binaries.
Please see the [installation](installation.md) page for details on how to install the rekor CLI and set up / run
the rekor server
### Usage
......@@ -86,8 +77,14 @@ prior to this index were witnessed by Rekor before this time.
## Extensibility
### Custom schemas / manifests (rekor type)
Rekor allows customized manifests (which term them as types), [type customization is outlined here](https://github.com/sigstore/rekor/tree/main/pkg/types).
### API
If you're interesting in integration with Rekor, we have an [OpenAPI swagger editor](https://sigstore.dev/swagger/)
## Security
Should you discover any security issues, please refer to sigstores [security
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment