This also adds the ko targets for building them, and entries
to tools.go so go.mod recognizes these dependencies so we can build
them with ko.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

We were catching these inside the IndexKeys function calls and logging, this
change moves that up to the caller. This is much more standard and simplifies the
implementations.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

This got copy-pasta-ed a bit as we added a lot of new types. I refactored
this out so we have the logic only once.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

This didn't appear to actually be useful on any of our types - we also
check the actual fields that need to be hydrated directly.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

This was set to fail on December 18th, which happens to be yesterday!

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.10.0...v1.10.1

)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* rename ecosystem to origin

Signed-off-by: Asra Ali <asraa@google.com>

* update comments

Signed-off-by: Asra Ali <asraa@google.com>

* update key flag and add workflow-dispacth to trigger the build manually

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update key flag and add workflow-dispacth to trigger the build manually

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Bump google.golang.org/grpc from 1.42.0 to 1.43.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.42.0 to 1.43.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.42.0...v1.43.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* replace grpc.WithInsecure() with insecure.NewCredentials()

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Panato <ctadeu@gmail.com>

* Delete INSTALLATION.md

Signed-off-by: Edoardo Tenani <edoardo.tenani@pm.me>

* Delete release-verify.md

Signed-off-by: Edoardo Tenani <edoardo.tenani@pm.me>

* Update README.md

Signed-off-by: Edoardo Tenani <edoardo.tenani@pm.me>

* Update README.md

Signed-off-by: Edoardo Tenani <edoardo.tenani@pm.me>

* Apply suggestions from code review

Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Signed-off-by: Edoardo Tenani <edoardo.tenani@pm.me>

Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.9.0...v1.10.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v1.3.1...v1.4.1

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This included some manual changes because of the interface changes.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

stuff was removed here:

https://github.com/google/trillian/pull/2361/files#diff-536aadbe3c85911db6a449435a5ffe55ae4417950f2a9c27165af1a518b28f00



Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

Bumps golang from 1.17.4 to 1.17.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Asra Ali <asraa@google.com>

Bumps golang from 1.17.3 to 1.17.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ensure that the test HTTP handlers are called

Signed-off-by: Jake Sanders <jsand@google.com>

* parallelize HTTP server dependent tests

Signed-off-by: Jake Sanders <jsand@google.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.0 to 1.66.2.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.66.0...v1.66.2

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/mitchellh/mapstructure](https://github.com/mitchellh/mapstructure) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/mitchellh/mapstructure/releases)
- [Changelog](https://github.com/mitchellh/mapstructure/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitchellh/mapstructure/compare/v1.4.2...v1.4.3

)

---
updated-dependencies:
- dependency-name: github.com/mitchellh/mapstructure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](https://github.com/secure-systems-lab/go-securesystemslib/compare/v0.1.0...v0.2.0

)

---
updated-dependencies:
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Jake Sanders <jsand@google.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.64.0 to 1.66.0.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.64.0...v1.66.0

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.63.2 to 1.64.0.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.63.2...v1.64.0

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.21.0 to 0.21.1.
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.21.0...v0.21.1

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Upgraded go-playground/validator module to v10

Signed-off-by: Harry Fallows <harryfallows@protonmail.com>

* Manually re-added missing go.sum entry for module providing package github.com/dvyukov/go-fuzz/go-fuzz-dep

Signed-off-by: Harry Fallows <harryfallows@protonmail.com>

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: Asra Ali <asraa@google.com>

I had to change a few package imports to deal with upstream refactoring.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Signed-off-by: Asra Ali <asraa@google.com>

* WIP: new hashed type

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

* wip add signature verification

Signed-off-by: Asra Ali <asraa@google.com>

* address bobs comments

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Dan Lorenc <lorenc.d@gmail.com>

This should validate that the current version of Rekor works against the
newest version of Trillian in CI.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Adds the ability to search for indicies with sha1 hashes. Currently
rekor custom types can store indices with formats other than
sha256:<hash>.  Particularly the in-toto type can do this.

One particular use case of interest is indexing log entries by git
commit hash, which largely still use sha1.

Signed-off-by: Mikhail Swift <mswift@mswift.dev>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>