- Dec 21, 2021
-
-
dlorenc authoredThis should help out with #515. Signed-off-by:
Dan Lorenc <lorenc.d@gmail.com>
-
- Nov 19, 2021
-
-
asraa authored
* WIP: new hashed type Signed-off-by:
Dan Lorenc <lorenc.d@gmail.com>
* wip add signature verification
Signed-off-by: Asra Ali <asraa@google.com>
* address bobs comments
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Dan Lorenc <lorenc.d@gmail.com>
-
- Nov 15, 2021
-
-
Naveen authored
* Included pprof for profiling the application. Included pprof for profiling the application. Signed-off-by:
naveen <172697+naveensrinivasan@users.noreply.github.com>
* Update cmd/rekor-server/app/root.go
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
* Update cmd/rekor-server/app/root.go
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
-
- Sep 17, 2021
-
-
dlorenc authored
This is part of the temporal sharding work. The flag is not hooked up anywhere yet. Signed-off-by:Dan Lorenc <dlorenc@google.com>
-
- Aug 18, 2021
-
-
asraa authored
* Adds rekor TUF type Co-authored-by:
Santiago Torres <santiagotorres@purdue.edu>
Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Co-authored-by: Marina Moore <mnm678@gmail.com>
Signed-off-by: Asra Ali <asraa@google.com>
* add type documentation
Signed-off-by: Asra Ali <asraa@google.com>
* Address bob comments
Signed-off-by: Asra Ali <asraa@google.com>
* run make
Signed-off-by: Asra Ali <asraa@google.com>
* wip
Signed-off-by: Asra Ali <asraa@google.com>
* Address comments
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Santiago Torres <santiagotorres@purdue.edu>
Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Co-authored-by: Marina Moore <mnm678@gmail.com>
-
- Aug 08, 2021
-
-
Carlos Tadeu Panato Junior authored
Signed-off-by:Carlos Panato <ctadeu@gmail.com>
-
- Jul 30, 2021
-
-
asraa authored
* use an in memory timestamping key Signed-off-by:
Asra Ali <asraa@google.com>
* address comments
Signed-off-by: Asra Ali <asraa@google.com>
-
- Jul 28, 2021
-
-
Hector Fernandez authored
* fix: port flag override Signed-off-by:
Hector Fernandez <hectorj@gmail.com>
* chore: update rekor_server.port old references
Signed-off-by: Hector Fernandez <hectorj@gmail.com>
-
- Jul 20, 2021
-
-
asraa authored
* generalize signed checkpoint Signed-off-by:
Asra Ali <asraa@google.com>
* store note as text representation
Signed-off-by: Asra Ali <asraa@google.com>
* cleanup diff
Signed-off-by: Asra Ali <asraa@google.com>
* simplify
Signed-off-by: Asra Ali <asraa@google.com>
* use signer/verifier
Signed-off-by: Asra Ali <asraa@google.com>
* address dan comments
Signed-off-by: Asra Ali <asraa@google.com>
-
- Jul 09, 2021
-
-
Andrew Block authored
* Added Helm type Signed-off-by:
Andrew Block <andy.block@gmail.com>
* Cleaned up helm type
Signed-off-by: Andrew Block <andy.block@gmail.com>
* Correct Helm schema required fields
Signed-off-by: Andrew Block <andy.block@gmail.com>
* Regenerated Helm schema
Signed-off-by: Andrew Block <andy.block@gmail.com>
-
- Jul 01, 2021
-
-
Bob Callaway authored
* Move GetRekorClient into util directory Since other sigstore projects are using GetRekorClient, this moves it into the pkg/util directory so that the number of dependencies this brings with it can be minimized. Signed-off-by:
Bob Callaway <bob.callaway@gmail.com>
* move to pkg/client
Signed-off-by: Bob Callaway <bob.callaway@gmail.com>
-
- Jun 23, 2021
-
-
Bob Callaway authored
This adds support for the alpine package format used by Alpine Linux, which is the concatenation of three tgz files (signature, control data, and then the actual package files). Signed-off-by:Bob Callaway <bob.callaway@gmail.com>
-
- Jun 16, 2021
-
-
Appu authored
Signed-off-by:Appu Goundan <appu@google.com>
-
- Jun 07, 2021
-
-
Bob Callaway authored
* Convert STH to checkpoint format This switches away from sending the (now deprecated) Trillian LogRootV1 format over to the checkpoint format documented at https://github.com/google/trillian-examples/tree/master/formats/log Fixes: #313 Signed-off-by:
Bob Callaway <bob.callaway@gmail.com> -
dlorenc authored
This adds an "Attestation" method to the entry interface. Entries can return an attestation that they would like to store. The attestations are currently stored in GCS, but it supports any blob store. The feature is turned off with a flag, and we can set a max size as well. Signed-off-by:Dan Lorenc <dlorenc@google.com>
-
- May 29, 2021
-
-
dlorenc authored
This uses a custom fork of in-toto-golang because not all the changes are merged in one place. Signed-off-by:Dan Lorenc <dlorenc@google.com>
-
- May 24, 2021
-
-
asraa authored
* Add timestamps Signed-off-by:
Asra Ali <asraa@google.com>
* change
Signed-off-by: Asra Ali <asraa@google.com>
* address comments
Signed-off-by: Asra Ali <asraa@google.com>
* address comments
Signed-off-by: Asra Ali <asraa@google.com>
* fix binary writer
Signed-off-by: Asra Ali <asraa@google.com>
* add tsa
Signed-off-by: Asra Ali <asraa@google.com>
* distangle cert chain creation from new signer
Signed-off-by: Asra Ali <asraa@google.com>
* revert some now unncessary changes
Signed-off-by: Asra Ali <asraa@google.com>
* cert chain 404
Signed-off-by: Asra Ali <asraa@google.com>
* fix
Signed-off-by: Asra Ali <asraa@google.com>
-
- May 23, 2021
-
-
axel simon authored
Switch away from using rpc_endpoint=8091 and back to 8090 which is trillian_log_server's default. This simplifies the commands to start trillian log_server, reducing it down to: trillian_log_server --logtostderr ... and avoids diverging from upstream when there is no need. This change also updates the corresponding docker-compose and k8s configs. Signed-off-by:axelsimon <github@axelsimon.net>
-
- May 14, 2021
-
-
Bob Callaway authored
* Add version subcommands to rekor-cli & rekor-server Signed-off-by:
Bob Callaway <bob.callaway@gmail.com>
* Add version info to docker build & print at startup
This ensures the build ldflags are applied as part of the docker build
process (for docker-compose and ko).
This also prints the version information of the running server to the
logs upon server startup.
Signed-off-by: Bob Callaway <bob.callaway@gmail.com>
-
- Apr 16, 2021
-
-
priyawadhwa authored
* Update trillian dependency to master This removes calls to the trillian verifier and replaces them with calls to a new rekor verify package! The `verify` package currently only verifies the signed log root. Signed-off-by:
Priya Wadhwa <priyawadhwa@google.com>
* Fix lint
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Add verifier back in and update trillian images
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Make verify private
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Address code review comments
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Roll back to trillian v1.3.13
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Pin trillian to latest commit
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
-
- Apr 15, 2021
-
-
Bob Callaway authored
* Add new type for JAR archives This adds support for a new pluggable type that can extract signatures from signed JAR files. Per the JAR spec, a special manifest file is created with the digest hashes of all included content in the JAR file. It is this special manifest file that is then signed, and included in a file within the archive in PKCS7 format. The PKCS7 file also includes the X509 certificate that can be used to verify the signed manifest file inside of the JAR. Signed-off-by:Bob Callaway <bob.callaway@gmail.com> -
priyawadhwa authored
* Add signing package for signing within rekor Signed-off-by:
Priya Wadhwa <priyawadhwa@google.com>
* Remove public key from trillian and add in TODO for getting public key from Signer
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Create signer flag and store signer in api struct
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Remove public key from tlog in API, replace with a new pubkey tag
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Make sure we can get the public key locally
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Fix build error
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Reuse cosign implementation of signing interface
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* fix lint
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Add in-memory signer, store unmarshaled public key in api
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Temporarily skip the log_info test, since we are now getting the public key from rekor and not trillian
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Replace cosign import with sigstore
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Add unit test for memory signer
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Remove unnecessary code
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* skip test
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Sign the signature for the signed log root ourselves
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>
* Include memory as a signer option for signer flag, make memory default
Signed-off-by: Priya Wadhwa <priyawadhwa@google.com> -
Carlos Tadeu Panato Junior authored
* update boilerplate header and apply go fmt Signed-off-by:
Carlos Panato <ctadeu@gmail.com>
* lints: fix golangci-lint issues
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* updated based on feedback
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
-
- Apr 12, 2021
-
-
Dan Lorenc authored
This is changing as part of the general trillian signature changes. The trust model is still client -> database, our server trusts our database so we can pass signed messages on directly to users without double verification. Signed-off-by:Dan Lorenc <dlorenc@google.com>
-
- Mar 26, 2021
-
-
Dan Lorenc authored
This makes the binaries "go installable" by their canonical names. Signed-off-by:Dan Lorenc <dlorenc@google.com>
-