Bump github.com/go-openapi/strfmt from 0.20.0 to 0.20.1

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.20.0...v0.20.1

)

Signed-off-by: dependabot[bot] <support@github.com>

Stop exposing the redis server port on the host.

This was triggering some internal security scans we have, everything still works
with it only exposed locally.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

The error was turning signature bytes into a string directly. We could
base64 encode it, but that's not terribly useful either.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Fix a few more paths I was missing in the first folder move.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Rename the directories for rekor-cli and rekor-server.

This makes the binaries "go installable" by their canonical names.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Drop the replace that was pinning grpc.

This isn't needed and prevents "go install" from working.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.36.0 to 1.36.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.36.0...v1.36.1

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Adds a Location response header when a 409 Conflict error is returned
from the server when a duplicate entry is sent for insertion into the
log. Also changes message printed by CLI to improve usability.

Fixes #222

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.19.26 to 0.19.27.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.19.26...v0.19.27

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Pin the trillian deps in docker-compose.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

* Remove gzip processing flow completely from rekor

Issue #208 reported different handling of gzipped content via fetch vs
direct upload to rekor server. The code should be consistent, regardless
of whether content was compressed or not - by always attempting to
verify the signature against the (unmodified) byte stream.

This patch removes the gzip decoding completely from rekor and verifies
the bytes supplied or referenced.

Also fixes issue in E2E tests where sending SIGKILL to watch process
caused message to be printed to stderr, which fails the test when
running on MacOS.

Fixes #208

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.9.0...v1.10.0

)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: axelsimon <github@axelsimon.net>

Store the whole cert.

Add a second job that watches rekor for new STH entries and publishes

them to GCS.

We don't always have a new one, and under load there might be "batches" of entries
all integrated into the same STH. This means there is no guaranteed frequency of updates
or even a guarantee that every index will exist.

The values (and timestamps) should be monotonically increasing though.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Add the index back. This was failing tests for me.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Add the logid as a fixed parameter for the "prod" deploy.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

This will allow us to use types.NewEntry() to unmarshal returned
values in clients.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

No gzip check on fetching signed payload

Signed-off-by: Shiwei Zhang <shizh@microsoft.com>

Bumps golang from 1.16.0 to 1.16.2.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Add timestamps to the log_info output.

Also clean up a few small panics along the way.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Update version of docker-compose.yml

start_period in healthcheck and target in build are properties that are not supported for docker-compose versions <3.4. This change fixes this issue.

Signed-off-by: Efe Barlas <ebarlas@purdue.edu>

Return 400 error if requested tree size > reality

Validate and return hash and size from signed root

Currently we return a 500 error if a consistency proof is requested for
a size that exceeds the current state of the log. This change causes a
400 "Bad Request" error with a more descriptive error message to be
returned.

Fixes #199

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

The loginfo API returns both the current size, root hash, as well as the
signed tree head that callers can verify if they wish. The CLI does a
check to verify the signature on the tree head returned, but was
reporting the unsigned size and hash. This change ensures that the
values match and prints the values from the signed tree head.

Fixes #200

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Add some text explaining the lack of SLOs on our production instance.