Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.62.0 to 1.63.0.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.62.0...v1.63.0

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

We get flooded with scapers so it makes it hard to find real errors in our logs.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.19.30 to 0.19.31.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.19.30...v0.19.31

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/errors](https://github.com/go-openapi/errors) from 0.20.0 to 0.20.1.
- [Release notes](https://github.com/go-openapi/errors/releases)
- [Commits](https://github.com/go-openapi/errors/compare/v0.20.0...v0.20.1

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/errors
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.20.1...v0.20.2

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Fixes #420.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: kpcyrd <git@rxv.cc>

* Adds rekor TUF type

Co-authored-by: Santiago Torres <santiagotorres@purdue.edu>
Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Co-authored-by: Marina Moore <mnm678@gmail.com>
Signed-off-by: Asra Ali <asraa@google.com>

* add type documentation

Signed-off-by: Asra Ali <asraa@google.com>

* Address bob comments

Signed-off-by: Asra Ali <asraa@google.com>

* run make

Signed-off-by: Asra Ali <asraa@google.com>

* wip

Signed-off-by: Asra Ali <asraa@google.com>

* Address comments

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Santiago Torres <santiagotorres@purdue.edu>
Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Co-authored-by: Marina Moore <mnm678@gmail.com>

* update install docs to align with others in repo

Signed-off-by: Robert James Hernandez <rob@sarcasticadmin.com>

* Addding note about createtree needed for installation

Signed-off-by: Robert James Hernandez <rob@sarcasticadmin.com>

Bumps golang from 1.16.7 to 1.17.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.4.2 to 0.5.0.
- [Release notes](https://github.com/golang/mod/releases)
- [Commits](https://github.com/golang/mod/compare/v0.4.2...v0.5.0

)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.39.1 to 1.40.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.39.1...v1.40.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

`shell` or `bash` expects the entire snippet to be a bash script, while `console` highlights only lines prefixed with `$` as bash.

Signed-off-by: Tiziano Santoro <tiziano88@gmail.com>

Signed-off-by: Asra Ali <asraa@google.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.19.29 to 0.19.30.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.19.29...v0.19.30

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.18.1...v1.19.0

)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps golang from 1.16.6 to 1.16.7.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.39.0 to 1.39.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.39.0...v1.39.1

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* use an in memory timestamping key

Signed-off-by: Asra Ali <asraa@google.com>

* address comments

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Signed-off-by: Luke Hinds <lhinds@redhat.com>

* just commit timestampnote

Signed-off-by: Asra Ali <asraa@google.com>

* add signed timestamp note

Signed-off-by: Asra Ali <asraa@google.com>

* address validating sha comment

Signed-off-by: Asra Ali <asraa@google.com>

Provide instructions on verifying signatures

Note this is quite lengthy / hand wavy, but I believe
its better we show how our trust model works.

I also point out how much of this will be streamlined and improved
via the TUF integration

Signed-off-by: Luke Hinds <lhinds@redhat.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* fix: port flag override

Signed-off-by: Hector Fernandez <hectorj@gmail.com>

* chore: update rekor_server.port old references

Signed-off-by: Hector Fernandez <hectorj@gmail.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform (#391)

* makefile: add rule to download and set swagger and make rule to build rekor-cli for cross platform

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update ci

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* generalize signed checkpoint

Signed-off-by: Asra Ali <asraa@google.com>

* store note as text representation

Signed-off-by: Asra Ali <asraa@google.com>

* cleanup diff

Signed-off-by: Asra Ali <asraa@google.com>

* simplify

Signed-off-by: Asra Ali <asraa@google.com>

* use signer/verifier

Signed-off-by: Asra Ali <asraa@google.com>

* address dan comments

Signed-off-by: Asra Ali <asraa@google.com>

This commit adds a PATH lookup to the openSSH tests.
This prevents failing tests on systems with no ssh-keygen
in PATH.

Signed-off-by: Christian Rebischke <chris@shibumi.dev>

Previously we returned an HTTP 500 "error canonicalizing entry" error if
Rekor was unable to parse or verify the proposed content of a new log
entry. This adds a new error type ValidationError that allows
implementers of the Canonicalize method to delineate between internal,
transient errors and errors that clients can rectify.

With this patch, errors parsing or validating (provided or referenced)
artifacts will return an HTTP 400 message to the client with a message
about the issue.

Fixes: #362

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

This causes a JAR to be fetched over a local HTTP server in the
e2e test harness instead of the external Jenkins mirror. Also causes the
JAR input to be randomized so we can re-use the createSignedJar method
in multiple tests.

Fixes: #375

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>