What's Changed
- Missed a couple of renames by @lukehinds in #1
- User can use toml config for cert details by @lukehinds in #2
- OIDC by @lukehinds in #3
- readme, gitignore by @lukehinds in #4
- Project Rename by @lukehinds in #5
- Project refactor in prep for rewrite by @lukehinds in #7
- Key generation code by @lukehinds in #9
- Fix lint errors by @lukehinds in #12
- Set up CI by @lukehinds in #11
- Return PubK in correct type by @lukehinds in #13
- Client port by @lukehinds in #14
- Return the response so we can handle specific status codes by @lukehinds in #15
- Bind flags with PreRun by @lukehinds in #18
- Rename clients by @lukehinds in #20
- Implements file MIME checking by @lukehinds in #21
- Delete DS_Store by @lukehinds in #22
- Implement rekor log entry by @lukehinds in #23
- Update copyright statement by @dekkagaijin in #25
- Device flow! by @dlorenc in #24
- Add
signature
library by @dekkagaijin in #26 - Add Security Section by @lukehinds in #29
- cmd: add version command by @cpanato in #31
- Rename signature payloads to be more descriptive for users by @dekkagaijin in #32
- Use
crypto.PublicKey
in favor of*ecdsa.PublicKey
by @dekkagaijin in #33 - remove Ed25519 until we can make it work sanely with Rekor by @dekkagaijin in #34
- Signers should return the payloads which were actually signed by @dekkagaijin in #35
- update boilerplate header and apply go fmt by @cpanato in #37
- ci/boilerplate: fix bolierplate check by @cpanato in #39
- go: update go version to use 1.16.x by @cpanato in #36
- Move kms package from cosign to sigstore by @priyawadhwa in #41
- Leverage the
signature
package for signing by @dekkagaijin in #38 - Implement code owners by @lukehinds in #40
- use RSA-PSS instead of RSA-PKCS#1 v1.5 signature scheme by @dekkagaijin in #43
- feat: add vault transit kms engine by @RichiCoder1 in #44
- Bump the rekor dependency. by @dlorenc in #47
- Allow specifying the full key version. by @dlorenc in #45
- some vault fixes by @RichiCoder1 in #49
- Better define sigstores purpose by @lukehinds in #52
- remove optional algorithm; ensure CI and Makefile are correct by @bobcallaway in #57
- log error message but continue with OAuth2 flow if browser auto-open … by @bobcallaway in #56
- change to rekor.sigstore.dev by @bobcallaway in #60
- remove gosec since it is handled by golangci-lint by @bobcallaway in #58
- Add support for ed25519 based keys by @priyawadhwa in #51
- Bump rekor for the new API changes. by @dlorenc in #61
- Move all rekor code to tlog by @lukehinds in #63
- Refact key tlog by @lukehinds in #65
- Add support for static identity tokens supplied directly by the caller. by @dlorenc in #64
- enable transit secret engine at another path by @developer-guy in #67
- Refactor IDToken handling to support claims based on fields other tha… by @dlorenc in #68
- cert.Subject is not populated, return serial instead by @lukehinds in #71
- Allow the OOB authentication flow when we can't open a browser. by @dlorenc in #62
- convert signature library to implement crypto.Signer interface by @bobcallaway in #69
- use new path to GetRekorClient by @bobcallaway in #73
- Fix for Error: error during PEM decoding by @lukehinds in #78
- Use
output
to save client cert file locally by @lukehinds in #79 - Add formatted URL for rekor entry by @lukehinds in #80
- Add PublicKeyProvider interface by @bobcallaway in #75
- Bump rekor. by @dlorenc in #82
- Also output the signature if required by @lukehinds in #83
- filehandler: add application/x-executable to supported mimetype by @cpanato in #84
- stop using signerverifier to get access to publickeyprovider by @bobcallaway in #85
- compute crc over digest instead of message by @bobcallaway in #86
- We should use the client ID from the oauth config, not viper. by @dlorenc in #87
- Don't use pointers for ed25519 keys by @dekkagaijin in #88
- AWS KMS Support by @codysoyland in #74
- Remove
cmd/
, clean up unused code by @dekkagaijin in #90 - Remove
pkg/tlog
, rungo mod tidy
by @dekkagaijin in #91 - update go modules, run
go mod tidy
by @dekkagaijin in #94 - update github actions to latest versions by @dekkagaijin in #93
- change in-memory signers to implement crypto.Signer by @bobcallaway in #92
- Add initial Azure KMS support by @cpanato in #76
- Remove
pkg/util
directory by @dekkagaijin in #95 - Implement wrappers/converters for the DSSE signing spec. by @dlorenc in #96
- Add tests for
pkg/cryptoutils
by @dekkagaijin in #99 - More
pkg/cryptoutils
tests, add a generator for ECDSA keypairs by @dekkagaijin in #100 - ENCRYPTED COSIGN PRIVATE KEY -> ENCRYPTED SIGSTORE PRIVATE KEY by @dekkagaijin in #101
- remove fulcio client code by @dekkagaijin in #103
- small update in the makefile by @cpanato in #105
- default to P-256 curve again by @dekkagaijin in #106
- Add missing code of conduct (stock sigstore one) by @lukehinds in #107
- leverage Vault token helpers approach while obtaining Vault token by @developer-guy in #104
- Transit backend path is hardcoded for some operations of the KMS Vault client by @LeSuisse in #102
- Switch DSSE provider to go-securesystemslib by @adityasaky in #111
- pass by reference instead of pointer so correct redirect_uri is known by @bobcallaway in #114
- Pin localstack in e2e tests (fixes #112) by @codysoyland in #115
- Fix typo/readability by @ocdtrekkie in #116
- Modularise CI by @lukehinds in #118
- Update readme in anticipation of 1.0 by @lukehinds in #119
- Integration tests for dex / OIDConnect by @lukehinds in #110
- Change redirect listener to use ephemeral port by @bobcallaway in #120
New Contributors
- @lukehinds made their first contribution in #1
- @dekkagaijin made their first contribution in #25
- @dlorenc made their first contribution in #24
- @cpanato made their first contribution in #31
- @priyawadhwa made their first contribution in #41
- @RichiCoder1 made their first contribution in #44
- @bobcallaway made their first contribution in #57
- @developer-guy made their first contribution in #67
- @codysoyland made their first contribution in #74
- @LeSuisse made their first contribution in #102
- @adityasaky made their first contribution in #111
- @ocdtrekkie made their first contribution in #116
Full Changelog: https://github.com/sigstore/sigstore/commits/v1.0.0