Skip to content
Snippets Groups Projects
Select Git revision
  • evidentia default
  • wip
  • main protected
  • v0.9.1
  • v0.9.0
  • v0.8.2
  • v0.8.1
  • v0.8.0
  • v0.7.0
  • v0.6.0
  • v0.5.0
  • v0.4.0
  • v0.3.0
  • v0.2.0
  • v0.1.1
  • v0.1.0
16 results
Search by author
  • Any Author
  • Ulrich Schöpp schoepp
1 author
  1. Feb 10, 2022
  3. Jan 25, 2022
  5. Dec 29, 2021
  7. Dec 27, 2021
    • Morten Linderud's avatar
      Implement /api/v1/version for rekor-server (#569) · 3f4129bc
      Morten Linderud authored 
      
* rekor-server: Implement /api/v1/version

This implements a version endpoint for rekor. This helps figure out the
version the server is currently running. It could later be used to
implement version compatibility with CLI utilities.

Example:
   λ rekor main» curl -s localhost:3000/api/v1/version | jq
   {
     "builddate": "'2021-12-27T13:20:32Z'",
     "commit": "12d1a47c",
     "treestate": "dirty",
     "version": "v0.4.0-15-g12d1a47-dirty"
   }

This removes some duplication of the build flags and inserts them into
/pkg/api which is then reused across the utilities.

Signed-off-by: default avatarMorten Linderud <morten@linderud.pw>

Signed-off-by: default avatarMorten Linderud <morten@linderud.pw>

* Generated files

Signed-off-by: default avatarMorten Linderud <morten@linderud.pw>
      3f4129bc
    • dlorenc's avatar
      Remove the attestation media type field. (#565) · 12d1a47c
      dlorenc authored 
      
This was never actually correct - these are technically "payloadTypes", which are
not actually mediaTypes. Some implementations mistakenly sent incorrect media types, so
it appeared to work. The GCS storage layer rejected correct implementations that sent the
payloadType, because these are not valid mediaTypes.

We never used this field anyway, so let's drop it. I verified that the API correctly ignores
unknown fields, so removing this will not break clients that send it.

Signed-off-by: default avatarDan Lorenc <lorenc.d@gmail.com>
      12d1a47c
  9. Dec 20, 2021
  11. Dec 16, 2021
  13. Nov 22, 2021
  15. Nov 04, 2021
  17. Oct 06, 2021
    • Bob Callaway's avatar
      Canonicalize JSON before inserting into trillian (#445) · 070f83e9
      Bob Callaway authored 
      
Each of the supported types has a Canonicalize() method that generates a
JSON representation of the entry. If the golang library were to make a
change to the order of keys when marshalling an object, it would cause
a duplicate entry in the log for a semantically equivalent object.

This change simply transforms the JSON into RFC8785-compliant
canonicalized JSON protecting against any changes in JSON libraries
going forward.

Signed-off-by: default avatarBob Callaway <bob.callaway@gmail.com>
      070f83e9
  19. Sep 14, 2021
  21. Aug 18, 2021
  23. Jul 30, 2021
  25. Jul 20, 2021
  27. Jul 17, 2021
    • Bob Callaway's avatar
      Improve error messages for invalid content (#377) · 5e005eb1
      Bob Callaway authored 
      
Previously we returned an HTTP 500 "error canonicalizing entry" error if
Rekor was unable to parse or verify the proposed content of a new log
entry. This adds a new error type ValidationError that allows
implementers of the Canonicalize method to delineate between internal,
transient errors and errors that clients can rectify.

With this patch, errors parsing or validating (provided or referenced)
artifacts will return an HTTP 400 message to the client with a message
about the issue.

Fixes: #362

Signed-off-by: default avatarBob Callaway <bob.callaway@gmail.com>
      5e005eb1
  29. Jul 14, 2021
  31. Jul 13, 2021
  33. Jul 12, 2021
  35. Jul 08, 2021
  37. Jun 24, 2021
  39. Jun 23, 2021
  41. Jun 16, 2021
  43. Jun 07, 2021
  45. May 27, 2021
  47. May 24, 2021
  49. May 06, 2021
  51. May 05, 2021
  53. Apr 29, 2021
  55. Apr 28, 2021
  57. Apr 20, 2021
  59. Apr 16, 2021
  61. Apr 15, 2021
  63. Apr 12, 2021
  65. Apr 10, 2021
    • Bob Callaway's avatar
      Update rekor REST API to match Trillian semantics (#250) · cce6cabf
      Bob Callaway authored 
      
This patch removes the /api/v1/log/entries/{uuid}/proof endpoint. If you
have the UUID (aka the leaf Merkle hash), you likely want proof that the
content represented by that hash is included in the log. There's no need
for a separate /proof endpoint to deliver the same content.

This commit also ensures that the getLogEntryByIndex and
getLogEntryByUUID endpoints return an inclusion proof as part of their
response content. The search endpoint also now returns the inclusion
proof of all entries returned from the query.

With this patch, Rekor no longer uses the deprecated `GetLeavesByHash`
Trillian API.

Fixes #229

Signed-off-by: default avatarBob Callaway <bob.callaway@gmail.com>
      cce6cabf
  67. Mar 24, 2021
  69. Mar 19, 2021
    • Bob Callaway's avatar
      Remove gzip processing flow completely from rekor (#221) · 8b28f05b
      Bob Callaway authored 
      
* Remove gzip processing flow completely from rekor

Issue #208 reported different handling of gzipped content via fetch vs
direct upload to rekor server. The code should be consistent, regardless
of whether content was compressed or not - by always attempting to
verify the signature against the (unmodified) byte stream.

This patch removes the gzip decoding completely from rekor and verifies
the bytes supplied or referenced.

Also fixes issue in E2E tests where sending SIGKILL to watch process
caused message to be printed to stderr, which fails the test when
running on MacOS.

Fixes #208

Signed-off-by: default avatarBob Callaway <bcallawa@redhat.com>
      8b28f05b