- Mar 03, 2021
-
-
Bob Callaway authoredSince the verification of a signature will, by definition, include verifying the content has not been altered, it is unnecessary to require users of the CLI or REST API to specify the SHA256 hash of the content when creating a new entry into the log. Note that the server will still compute the hash and store it in the log for ease of comparison. Fixes #180 Signed-off-by:
Bob Callaway <bcallawa@redhat.com>
-
- Feb 26, 2021
-
-
Luke Hinds authored
-
- Feb 25, 2021
-
-
Luke Hinds authored
All instances of projectrekor are now renamed to SigStore This includes: * Import paths * Tests * Readme's Signed-off-by:Luke Hinds <lhinds@redhat.com>
-
- Jan 30, 2021
-
-
Dan Lorenc authored
-
- Jan 28, 2021
-
-
Bob Callaway authored
-
- Jan 19, 2021
-
-
Bob Callaway authored
Signed-off-by:
Bob Callaway <bcallawa@redhat.com>
Co-authored-by: Dan Lorenc <dlorenc@google.com>
-
- Jan 14, 2021
-
-
Dan Lorenc authored
Still need to add some more e2e-style tests that go through the ArtifactFactory flow.
-
- Jan 13, 2021
-
-
Dan Lorenc authored
This supports pgp and minisign right now. We can add logic to try to detect these later.
-
- Jan 12, 2021
-
-
Bob Callaway authored
Signed-off-by:Bob Callaway <bcallawa@redhat.com>
-
- Jan 08, 2021
-
-
Bob Callaway authored
also adds --log-index parameter to CLI verify command Signed-off-by:Bob Callaway <bcallawa@redhat.com>
-
- Dec 17, 2020
-
-
Bob Callaway authored
-