Releases: sigstore/fulcio
v0.4.0
What's Changed
- add changelog for v0.3.0 release by @cpanato in #508
- Add intermediate CA implementation with KMS-backed signer by @haydentherapper in #496
- Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #513
- Embed SCTs in issued certificates by @haydentherapper in #507
- Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #516
- Update release images by @cpanato in #517
- Add documentation for CT log by @haydentherapper in #514
- examples: This adds example code on how to fetch a fulcio certificate by @Foxboron in #324
- add GRPC interface by @bobcallaway in #472
- Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 in /hack/tools by @dependabot in #520
- Add documentation for setting up Fulcio instance by @haydentherapper in #521
- Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #522
- Remove checked in binary by @haydentherapper in #524
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.8.0 to 2.10.0 by @dependabot in #523
- Fix null pointer crash and incorrect error statuses by @haydentherapper in #526
- Bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.1.0 to 1.2.0 in /hack/tools by @dependabot in #519
- Read public key of CT log from path to verify SCTs by @haydentherapper in #529
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.8.0 to 2.10.0 in /hack/tools by @dependabot in #518
- Add CSR support for key delivery and proof of possession by @haydentherapper in #527
- Bump google.golang.org/api from 0.74.0 to 0.75.0 by @dependabot in #532
- Bump github.com/prometheus/common from 0.33.0 to 0.34.0 by @dependabot in #533
- Bump github.com/googleapis/api-linter from 1.30.1 to 1.31.0 in /hack/tools by @dependabot in #534
- Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.3 by @dependabot in #537
- Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #535
- Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #536
- add changelog for v0.4.0 by @cpanato in #530
New Contributors
Full Changelog: v0.3.0...v0.4.0
Thanks for all contributors!
v0.3.0
What's Changed
- Bump go.step.sm/crypto from 0.15.2 to 0.15.3 by @dependabot in #473
- Bump google.golang.org/api from 0.71.0 to 0.72.0 by @dependabot in #476
- Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #477
- Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #478
- Bump google.golang.org/api from 0.72.0 to 0.73.0 by @dependabot in #479
- Refactor API tests by @haydentherapper in #483
- Bump go.step.sm/crypto from 0.15.3 to 0.16.0 by @dependabot in #482
- Update Username OIDC flow based on comments by @haydentherapper in #463
- fix build date format for version command by @cpanato in #484
- Fix minor typos in README by @jspeed-meyers in #486
- Fix minor typos in security model README by @jspeed-meyers in #488
- Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #485
- Fix certificate README typos by @jspeed-meyers in #487
- Bump github.com/prometheus/common from 0.32.1 to 0.33.0 by @dependabot in #491
- Add validation of public keys to prevent certifying weak keys by @haydentherapper in #490
- Add missing reader lock to File CA when reading certificate chain by @haydentherapper in #493
- Fix concurrency properly in File CA implementation by @haydentherapper in #495
- Bump google.golang.org/api from 0.73.0 to 0.74.0 by @dependabot in #499
- Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #497
- Bump go.step.sm/crypto from 0.16.0 to 0.16.1 by @dependabot in #498
- Use provided HTTP client instead when fetching root cert by @imjasonh in #502
- Generate larger, compliant serial numbers by @haydentherapper in #500
- Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #504
- Bump codecov/codecov-action from 2.1.0 to 3 by @dependabot in #505
- update cosign and golang-cross images by @cpanato in #506
New Contributors
- @jspeed-meyers made their first contribution in #486
- @imjasonh made their first contribution in #502
Full Changelog: v0.2.0...v0.3.0
Thanks for all contributors!
v0.2.0
What's Changed
- Script and process to generate OIDC config from federation directory. by @dlorenc in #139
- Add missing code of conduct (stock sigstore one) by @lukehinds in #153
- makefile: add rule to download and set swagger and make rule to build the dist by @cpanato in #154
- Bump cloud.google.com/go from 0.88.0 to 0.89.0 by @dependabot in #156
- fulcio: add version command by @cpanato in #155
- Bump cloud.google.com/go from 0.89.0 to 0.90.0 by @dependabot in #158
- Bump golang from 1.16.6 to 1.16.7 by @dependabot in #159
- Bump go.uber.org/zap from 1.18.1 to 1.19.0 by @dependabot in #160
- Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 by @dependabot in #161
- Bump cloud.google.com/go from 0.90.0 to 0.91.1 by @dependabot in #162
- add SCT as HTTP response header by @bobcallaway in #163
- Bump cloud.google.com/go from 0.91.1 to 0.92.3 by @dependabot in #167
- Bump golang from 1.16.7 to 1.17.0 by @dependabot in #166
- Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 by @dependabot in #168
- Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 by @dependabot in #169
- Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 by @dependabot in #171
- Switch to the JSON logger in prod by @dlorenc in #175
- Generate client code with swagger in Makefile by @priyawadhwa in #176
- Fix misspellings. by @msuozzo in #177
- Bump go.uber.org/zap from 1.19.0 to 1.19.1 by @dependabot in #178
- Bump golang from 1.17.0 to 1.17.1 by @dependabot in #179
- Add support for Github OIDC by @mattmoor in #180
- Bump github.com/ThalesIgnite/crypto11 from 1.2.4 to 1.2.5 by @dependabot in #182
- Add Github to
fulcioca
path. by @mattmoor in #184 - Changes fulcio-server to fulcio by @jyotsna-penumaka in #186
- Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 by @dependabot in #185
- Add GitHub OIDC to Fulcio by @dlorenc in #181
- Bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 by @dependabot in #188
- Bump github.com/spf13/viper from 1.8.1 to 1.9.0 by @dependabot in #189
- add pkcs11-config-path command line parameter by @avoidik in #192
- Bump golang from 1.17.1 to 1.17.2 by @dependabot in #197
- Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 by @dependabot in #199
- Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 by @dependabot in #200
- Implement basic AWS CloudHSM support for root CA creation + rewrite "FulcioCA" to "PKCS11CA" by @mbestavros in #187
- update go.sum by @bobcallaway in #205
- Fix the Github OIDC challenge endpoint by @mattmoor in #206
- Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 by @dependabot in #198
- Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 by @dependabot in #201
- Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 by @dependabot in #202
- Bump actions/checkout from 2.3.4 to 2.3.5 by @dependabot in #207
- use request ID logger where possible by @bobcallaway in #209
- Extract the OIDC issuer URL. by @mattmoor in #211
- Reproducible builds with trimpath by @naveensrinivasan in #210
- bump go-swagger to v0.28.0 by @bobcallaway in #213
- Add issuer information to code signing certificates by @bobcallaway in #204
- Refactor the kind e2e test. by @mattmoor in #215
- use sigstore/sigstore instead of directly calling RSA/ECDSA verify calls by @bobcallaway in #221
- Fulcio e2e testing / K8s OIDC /
ephemeralca
by @mattmoor in #219 - Refactor the way we access
Config
by @mattmoor in #222 - Remove the cluster-local block by default. by @mattmoor in #224
- Add support for "meta issuers". by @mattmoor in #223
- Use MetaIssuers to simulate EKS / GKE in e2e test. by @mattmoor in #225
- Various nits trying SoftHSM by @mattmoor in #217
- Bump github.com/hashicorp/golang-lru from 0.5.3 to 0.5.4 by @dependabot in #227
- Bump github.com/go-openapi/strfmt from 0.20.3 to 0.21.0 by @dependabot in #226
- Add support for recoginizing allow.pub as an spiffe issuer by @evanphx in #228
- Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 by @dependabot in #229
- break out CA-specific implementation from common API class by @bobcallaway in #220
- Bump actions/checkout from 2.3.5 to 2.4.0 by @dependabot in #233
- Bump golang from 1.17.2 to 1.17.3 by @dependabot in #234
- Fix nil pointer, update dev docs by @vaikas in #236
- fix cutpaste error, sets cpu correctly by @vaikas in #237
- Add commit sha and trigger to github workflow by @asraa in #232
- Bump github.com/sigstore/sigstore from 1.0.0 to 1.0.1 by @dependabot in #239
- Use
CGO_ENABLED=1
via.ko.yaml
. by @mattmoor in #242 - Fix street-address and postal-code descriptions to be more descriptive. by @vaikas in #245
- Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 by @dependabot in #247
- fix: go install complain missing version when dir not in module by @tuananh in #248
- Bump cloud.google.com/go/security from 0.1.0 to 1.1.0 by @dependabot in #246
- plumb through !cgo golang tags that removes pkcs11 support by @vaikas in #244
- Upgrade fulcios to use of the google privateca api at v1 by @n3wscott in #218
- Thread
FulcioConfig
through from main viactx
by @mattmoor in #249 - [Correction] Upgrade fulcios to use of the google privateca api at v1 by @n3wscott in #252
- Fix the k8s subject parsing. by @dlorenc in #254
- Consolidate
viper
usage inpkg/ca/ca.go
by @mattmoor in #255 - Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 by @dependabot in #256
- Remove
viper
frompkg/
. by @mattmoor in #257 - Drop gratuitous
sync.Once
in google CAs. by @mattmoor in #258 - Drop useless package. by @mattmoor in #259
- The v1 GCP CA requires this field to be set. by @dlorenc in #260
- Move the deployment to the new v1 cert. by @dlorenc in #261
- Consolidate the source-of-truth. by @mattmoor in #263
- add the ability to set the user-agent string on requests from the
Client
by @dekkagaijin in #264 - Bump golang from 1.17.3 to 1.17.4 by @dependabot in #265
- Drop OpenAPI from Fulcio by @mattmoor in #262
- While working on #267 noticed this, but didn't want to bake into it. by @vaikas in #268
- Wrap the server with the Prometheus so we get metrics + add an e2e te… by @vaikas in #267
- Bump github.com/prometheus/common from 0.29.0 to 0.32.1 by @dependabot in #270
- Bump golang from 1.17.4 to 1.17.5 by @dependabot in #269
- Make client request timeout configurable with
WithTimeout
client option by @nsmith5 in #272 - Localize flags to ...
Fulcio Release v0.1.1
#142 update go module dekkagaijin
#146 Validate its a recognised CA lukehinds
#145 fulcio-server: add html page when humans reach the server via the browser cpanato
#147 change or to and for known CA types runyontr
#149 add pkg/client for (non-generated) client-related utilities dekkagaijin
#151 Amend HSM cert usage lukehinds
Releases signed against fulcio root with OpenID Account: ctadeu@gmail.com
Fulcio Rekor entry: https://rekor.sigstore.dev/api/v1/log/entries/2fcb518e8b5b9a2db6a2a332475153a27291b3c9b188b9f2bd9c1b8652358223
Thanks to all contributors!
Release Fulcio v0.1.0
- Implement modular CA and SoftHSM integration #115
- Clarify some acronyms, add links #121
- fulcio/e2e: add initial kind cluster deployment to test fulcio server #118
- Support SPIFFE challenges instead of just emails #107
- Move OIDC configuration to a nested JSON config file #105
- Remove the viper config code #103
- Remove the common name field from the certs #102
Releases signed against fulcio root with OpenID Account: ctadeu@gmail.com
Fulcio Rekor entry: https://rekor.sigstore.dev/api/v1/log/entries/e5e7197c84863605b43f67bd4df554b2af6089a28ba881a65dd7e9f0c978c5d7
Thanks to all contributors!