Releases: notaryproject/notation
Releases · notaryproject/notation
v0.10.0-alpha.3
New Features
- Support
notation login - Sign images with remote key stores that securely store the signing keys
- Verify signatures using Trust Store configured in Notation clients
- Sign images and verify signatures with locally stored test keys/certificates for demonstration use only
- Setup Trust Store with the new directory-based structure
- Configure Trust Policy as a JSON document. Support for registry scope and signature verification levels to customize the behavior during verification
- Store signatures in registries compliant with the ORAS Artifacts Specification v1.0.0-RC.2
Bug Fixes
- Fix #189: wrong download URL
- Fix #264: hello-signing workflow with a self-generated certificate chain
- Fix #286: allow empty credentials to store config
Removed
- Remove docker-generate and docker-notation
Other Changes
- Migrate to codecov.io
- Add unit tests
- Add CodeQL security scanning
- Refactor: delete pkg/registry directory
Detail Commits
- Update readme for 0.9.0 release by @dtzar in #187
- bump to go 1.18 by @dtzar in #188
- fix mistaken download URL by @FeynmanZhou in #189
- use notation-core-go crypto utils by @rgnote in #180
- Add issues to project action by @dtzar in #195
- Directory Structure Spec by @shizhMSFT in #175
- Run unit tests in Github workflow by @Wwwsylvia in #199
- Add CodeQL Security Scanning by @Wwwsylvia in #198
- Registry Authentication Spec by @shizhMSFT in #192
- refactor: delete pkg/registry directory by @binbin-li in #207
- Update workflow by @Wwwsylvia in #212
- Bump github.com/urfave/cli/v2 from 2.8.1 to 2.10.3 by @dependabot in #209
- Bump github.com/docker/cli from 20.10.14+incompatible to 20.10.17+incompatible by @dependabot in #200
- Baseline CLI reference for subsequent PRs on changes by @SteveLasker in #171
- Sorting commands for clarity #221 by @SteveLasker in #222
- notation login CLI by @SteveLasker in #223
- feat: bump up notation-go to the latest version by @binbin-li in #248
- Use cobra CLI for docker-generate command by @chloeyin in #250
- [Feature] support notation login by @binbin-li in #218
- test: Add unit tests for notation login by @binbin-li in #256
- use cobra for notation CLI by @chloeyin in #255
- Migrate to codecov.io by @junczhuMSFT in #266
- chore: bump up oras-go and notation-go by @binbin-li in #270
- remove docker-generate and docker-notation code by @chloeyin in #269
- Doc update README for codecov badge by @junczhuMSFT in #271
- Remove credential file from spec by @shizhMSFT in #262
- fixed the hello-signing workflow with self-generated certificate chain by @patrickzheng200 in #264
- Directory Structure Implementation by @JeyJeyGao in #265
- fix: allow empty credentials store config by @JeyJeyGao in #286
- add unit test for Notation CLI by @chloeyin in #274
- doc: add missing username/password options to commands by @binbin-li in #293
- bump up version to v0.10.0-alpha.3 by @yizha1 in #301
- fix: update notation-go by @JeyJeyGao in #294
- Build: Bump dependencies by @yizha1 in #306
New Contributors
- @FeynmanZhou made their first contribution in #189
- @rgnote made their first contribution in #180
- @binbin-li made their first contribution in #207
- @junczhuMSFT made their first contribution in #266
- @patrickzheng200 made their first contribution in #264
- @JeyJeyGao made their first contribution in #265
- @yizha1 made their first contribution in #301
Full Changelog: v0.9.0-alpha.1...v0.10.0-alpha.3
Contributors
dtzar, rgnote, and 11 other contributors
Assets 8
v0.9.0-alpha.1
What's Changed
- Update doc for v0.7.1-alpha.1 by @shizhMSFT in #139
- Move to
oras-gofor registry access by @shizhMSFT in #150 - Contributing guidelines by @marcofranssen in #107
- Bump actions/checkout from 2 to 3 by @dependabot in #152
- Bump actions/cache from 2 to 3 by @dependabot in #155
- Bump github.com/docker/cli from 20.10.8+incompatible to 20.10.14+incompatible by @dependabot in #158
- Bump actions/setup-go from 2 to 3 by @dependabot in #159
- Bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 by @dependabot in #156
- Bump github.com/urfave/cli/v2 from 2.4.0 to 2.4.8 by @dependabot in #165
- Update deps links for notation-go by @dtzar in #164
- Support managing plugin keys by @qmuntal in #168
- Add plugin sign capabaility by @qmuntal in #176
- Fix pluginConfig parsing by @qmuntal in #181
- Bump goreleaser/goreleaser-action from 2 to 3 by @dependabot in #178
- Bump github.com/urfave/cli/v2 from 2.4.8 to 2.8.1 by @dependabot in #184
- Bump to go 1.18 by @dtzar in #188
- Update readme for 0.9.0 release by @dtzar in #187
New Contributors
Full Changelog: v0.7.1-alpha.1...v0.9.0-alpha.1
Contributors
marcofranssen, dtzar, and 3 other contributors
Assets 8
feat-kv-extensibility
Notation supports remote signing, assuring the private keys used for the signing are kept private.
This release represents the work in progress for the pending Signing plugin interface API Spec #26 under the feat-kv-extensibility branch.
Installation
Each tar.gz file in the asset list contains multiple platform versions of the notation binaries built for a specific commit.
Install notation on Linux or WSL
# Choose a binary
timestamp=20220121081115
commit=17c7607
# Download, extract and install
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/feat-kv-extensibility/notation-feat-kv-extensibility-$timestamp-$commit.tar.gz
tar xvzf notation.tar.gz
tar xvzf notation_0.0.0-SNAPSHOT-${commit}_linux_amd64.tar.gz -C ~/bin notationInstall notation on Windows (Powershell)
# Choose a binary
$timestamp="20220121081115"
$commit="17c7607"
# Download and extract
curl.exe -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/feat-kv-extensibility/notation-feat-kv-extensibility-$timestamp-$commit.tar.gz
tar.exe xvzf notation.tar.gz
Expand-Archive -Path notation_0.0.0-SNAPSHOT-${commit}_windows_amd64.zipv0.7.1-alpha.1
Alpha 1 release of Notary v2 notation
Documentation 📘
- Getting started with notation
- Installing notation with linux and wsl2
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.1-alpha.1/notation_0.7.1-alpha.1_linux_amd64.tar.gz tar xvzf notation.tar.gz -C ~/bin notation
What's Changed
- Remove prototype-2 links from readme by @sajayantony in #103
- Resolve markdown linter warnings by @marcofranssen in #106
- Alpha.1 release updates by @SteveLasker in #111
- Link fix by @SteveLasker in #113
- Fix location parsing by @shizhMSFT in #115
- Correct auth flow by @shizhMSFT in #118
- No default push on local sign by @shizhMSFT in #122
- Support anonymous access by @shizhMSFT in #126
- Document release checklist by @shizhMSFT in #112
- Improve release pipeline by @shizhMSFT in #135
- Bump github.com/opencontainers/image-spec from 1.0.1 to 1.0.2 by @dependabot in #136
- Bump version to v0.7.1-alpha.1 by @shizhMSFT in #138
- Update artifact spec by @shizhMSFT in #133
- No auto-publish on release by @shizhMSFT in #134
New Contributors
- @sajayantony made their first contribution in #103
- @dependabot made their first contribution in #136
Full Changelog: v0.7.0-alpha.1...v0.7.1-alpha.1
Contributors
marcofranssen, sajayantony, and 3 other contributors
Assets 8
v0.7.0-alpha.1
v0.7.0-alpha.1
This tag was signed with the committer’s verified signature.
SteveLasker
Steve Lasker
Alpha 1 release of Notary v2 notation
Documentation 📘
- Getting started with notation
- Installing notation with linux and wsl2
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.0-alpha.1/notation_0.7.0-alpha.1_linux_amd64.tar.gz tar xvzf notation.tar.gz -C ~/bin notation
What's Changed
- Add root readme info by @SteveLasker in #11
- Add TUF prototype to the readme by @mnm678 in #32
- Add isssue template referring to discussions by @marcofranssen in #23
- Reset readme for main by @SteveLasker in #73
- Add CODEOWNERS by @lachie83 in #74
- Adding Code of Conduct file and updating README.md to reflect new change by @terencet-dev in #77
- Adding information/links to README.md by @terencet-dev in #82
- Add Notation Quick Start by @SteveLasker in #87
- hello signing samples by @SteveLasker in #78
- Configuration file spec by @SteveLasker in #76
- Notation CLI baseline by @shizhMSFT in #83
- JWS-based Notation CLI by @shizhMSFT in #94
- Add release management by @lachie83 in #90
- Conform to the signature specification by @shizhMSFT in #108
New Contributors
- @terencet-dev made their first contribution in #77
Full Changelog: https://github.com/notaryproject/notation/commits/v0.7.0-alpha.1
Contributors
marcofranssen, lachie83, and 4 other contributors