Releases: notaryproject/notation
Releases · notaryproject/notation
v0.12.0-beta.1
Features
- Verify using trust store and trust policy
- Manage trust store using CLI command
notation certificate
- Implement notation CLI command per CLI spec
- Support configuration of signature format
Other changes
- Clean up unused features and deprecated code
Changelog
- 965a0b7 Updates for v0.12.0-beta.1 release (#427)
- 24576db doc: remove reference to nv2 (#421)
- 2fef168 build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#425)
- f0e77eb feat: Added
notation certificate
command for trust store (#405) - 8d1d4dc feat: add signatureFormat config field (#400)
- fcba9f1 feat: implement list command UX (#414)
- a08dc9e update: updated notation sign command based on spec (#417)
- 2992190 update: updated notation key command based on spec (#416)
- a41b377 feat: implement login/logout UX (#413)
- 469069e update: updated notation verify command based on spec (#418)
- a219ad5 feat: implement version command (#419)
- 4d8da74 Fix demo docker pull step (#420)
- eb87bc3 Change oras-project/registry tag (#397)
- f947da5 feat: implement plugin UX (#415)
- f747031 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#401)
- 4803a8b spec: update notation cli md file as index for sub-commands (#374)
- 193a533 spec: add CLI notation certificate and key specs (#361)
- 01015b0 update: clean up notation CLI (#404)
- ab20527 spec: add CLI specs for notation list/login/logout/plugin (#362)
- 07bba5f spec: add spec for notation version command (#376)
- ecb0708 spec: add spec for notation verify command (#371)
- 20b9fa2 feat: use new verify workflow (#373)
- eb7e4f4 update release process (#396)
- 080c6bb doc: update doc after new release (#395)
v0.11.0-alpha.4
New Features
- Support COSE signature envelope
- Relax the certificate chain requirement to allow signing with self-signed certificates
- Add CLI spec for notation sign
- Add examples in CLI help doc for notation sign and verify commands
Bug fixes
- Fix #313: deprecated the expiry flag of notation cert generate-test
- Fix #332: fix broken links and refine wording in README.md
Other changes
- Add weekly build for CI
- Update to
go
1.19
- Update to
oras-go
2.0.0-rc.3
- Improve readability of documents and specs
Detail commits
- ci: add weekly release by @JeyJeyGao in #282
- Update download link and refactor the documentation directory by @FeynmanZhou in #308
- fix: deprecated the expiry flag of notation cert generate-test by @patrickzheng200 in #313
- doc: improve readability of directory spec by @shizhMSFT in #311
- feat: update to go 1.19 by @JeyJeyGao in #327
- Bump oras.land/oras-go/v2 from 2.0.0-rc.2 to 2.0.0-rc.3 by @dependabot in #334
- fix broken links and refine wording in README.md by @FeynmanZhou in #332
- Bump github.com/docker/docker-credential-helpers from 0.6.4 to 0.7.0 by @dependabot in #358
- feat:updating go.mod dependencies for alpha4 by @chloeyin in #357
- add workflow dispatch for dev build by @dtzar in #363
- Add notation sign CLI spec by @yizha1 in #341
- docs: add a note for dependencies in go.mod file. by @yizha1 in #309
- add goreport badge by @dtzar in #367
- add openssf scorecard by @dtzar in #368
- feat: support cose by @chloeyin in #365
- update: updated cert_gen to generate self-signed certificate by @patrickzheng200 in #380
- Bump version and dependencies for notation alpha.4 release by @yizha1 in #378
- doc: add examples in CLI help doc for notation sign and verify by @FeynmanZhou in #384
Full Changelog: v0.10.0-alpha.3...v0.11.0-alpha.4
v0.10.0-alpha.3
New Features
- Support
notation login
- Sign images with remote key stores that securely store the signing keys
- Verify signatures using Trust Store configured in Notation clients
- Sign images and verify signatures with locally stored test keys/certificates for demonstration use only
- Setup Trust Store with the new directory-based structure
- Configure Trust Policy as a JSON document. Support for registry scope and signature verification levels to customize the behavior during verification
- Store signatures in registries compliant with the ORAS Artifacts Specification v1.0.0-RC.2
Bug Fixes
- Fix #189: wrong download URL
- Fix #264: hello-signing workflow with a self-generated certificate chain
- Fix #286: allow empty credentials to store config
Removed
- Remove docker-generate and docker-notation
Other Changes
- Migrate to codecov.io
- Add unit tests
- Add CodeQL security scanning
- Refactor: delete pkg/registry directory
Detail Commits
- Update readme for 0.9.0 release by @dtzar in #187
- bump to go 1.18 by @dtzar in #188
- fix mistaken download URL by @FeynmanZhou in #189
- use notation-core-go crypto utils by @rgnote in #180
- Add issues to project action by @dtzar in #195
- Directory Structure Spec by @shizhMSFT in #175
- Run unit tests in Github workflow by @Wwwsylvia in #199
- Add CodeQL Security Scanning by @Wwwsylvia in #198
- Registry Authentication Spec by @shizhMSFT in #192
- refactor: delete pkg/registry directory by @binbin-li in #207
- Update workflow by @Wwwsylvia in #212
- Bump github.com/urfave/cli/v2 from 2.8.1 to 2.10.3 by @dependabot in #209
- Bump github.com/docker/cli from 20.10.14+incompatible to 20.10.17+incompatible by @dependabot in #200
- Baseline CLI reference for subsequent PRs on changes by @SteveLasker in #171
- Sorting commands for clarity #221 by @SteveLasker in #222
- notation login CLI by @SteveLasker in #223
- feat: bump up notation-go to the latest version by @binbin-li in #248
- Use cobra CLI for docker-generate command by @chloeyin in #250
- [Feature] support notation login by @binbin-li in #218
- test: Add unit tests for notation login by @binbin-li in #256
- use cobra for notation CLI by @chloeyin in #255
- Migrate to codecov.io by @junczhuMSFT in #266
- chore: bump up oras-go and notation-go by @binbin-li in #270
- remove docker-generate and docker-notation code by @chloeyin in #269
- Doc update README for codecov badge by @junczhuMSFT in #271
- Remove credential file from spec by @shizhMSFT in #262
- fixed the hello-signing workflow with self-generated certificate chain by @patrickzheng200 in #264
- Directory Structure Implementation by @JeyJeyGao in #265
- fix: allow empty credentials store config by @JeyJeyGao in #286
- add unit test for Notation CLI by @chloeyin in #274
- doc: add missing username/password options to commands by @binbin-li in #293
- bump up version to v0.10.0-alpha.3 by @yizha1 in #301
- fix: update notation-go by @JeyJeyGao in #294
- Build: Bump dependencies by @yizha1 in #306
New Contributors
- @FeynmanZhou made their first contribution in #189
- @rgnote made their first contribution in #180
- @binbin-li made their first contribution in #207
- @junczhuMSFT made their first contribution in #266
- @patrickzheng200 made their first contribution in #264
- @JeyJeyGao made their first contribution in #265
- @yizha1 made their first contribution in #301
Full Changelog: v0.9.0-alpha.1...v0.10.0-alpha.3
v0.9.0-alpha.1
What's Changed
- Update doc for v0.7.1-alpha.1 by @shizhMSFT in #139
- Move to
oras-go
for registry access by @shizhMSFT in #150 - Contributing guidelines by @marcofranssen in #107
- Bump actions/checkout from 2 to 3 by @dependabot in #152
- Bump actions/cache from 2 to 3 by @dependabot in #155
- Bump github.com/docker/cli from 20.10.8+incompatible to 20.10.14+incompatible by @dependabot in #158
- Bump actions/setup-go from 2 to 3 by @dependabot in #159
- Bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 by @dependabot in #156
- Bump github.com/urfave/cli/v2 from 2.4.0 to 2.4.8 by @dependabot in #165
- Update deps links for notation-go by @dtzar in #164
- Support managing plugin keys by @qmuntal in #168
- Add plugin sign capabaility by @qmuntal in #176
- Fix pluginConfig parsing by @qmuntal in #181
- Bump goreleaser/goreleaser-action from 2 to 3 by @dependabot in #178
- Bump github.com/urfave/cli/v2 from 2.4.8 to 2.8.1 by @dependabot in #184
- Bump to go 1.18 by @dtzar in #188
- Update readme for 0.9.0 release by @dtzar in #187
New Contributors
Full Changelog: v0.7.1-alpha.1...v0.9.0-alpha.1
feat-kv-extensibility
Notation supports remote signing, assuring the private keys used for the signing are kept private.
This release represents the work in progress for the pending Signing plugin interface API Spec #26 under the feat-kv-extensibility branch.
Installation
Each tar.gz
file in the asset list contains multiple platform versions of the notation binaries built for a specific commit.
Install notation on Linux or WSL
# Choose a binary
timestamp=20220121081115
commit=17c7607
# Download, extract and install
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/feat-kv-extensibility/notation-feat-kv-extensibility-$timestamp-$commit.tar.gz
tar xvzf notation.tar.gz
tar xvzf notation_0.0.0-SNAPSHOT-${commit}_linux_amd64.tar.gz -C ~/bin notation
Install notation on Windows (Powershell)
# Choose a binary
$timestamp="20220121081115"
$commit="17c7607"
# Download and extract
curl.exe -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/feat-kv-extensibility/notation-feat-kv-extensibility-$timestamp-$commit.tar.gz
tar.exe xvzf notation.tar.gz
Expand-Archive -Path notation_0.0.0-SNAPSHOT-${commit}_windows_amd64.zip
v0.7.1-alpha.1
Alpha 1 release of Notary v2 notation
Documentation 📘
- Getting started with notation
- Installing notation with linux and wsl2
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.1-alpha.1/notation_0.7.1-alpha.1_linux_amd64.tar.gz tar xvzf notation.tar.gz -C ~/bin notation
What's Changed
- Remove prototype-2 links from readme by @sajayantony in #103
- Resolve markdown linter warnings by @marcofranssen in #106
- Alpha.1 release updates by @SteveLasker in #111
- Link fix by @SteveLasker in #113
- Fix location parsing by @shizhMSFT in #115
- Correct auth flow by @shizhMSFT in #118
- No default push on local sign by @shizhMSFT in #122
- Support anonymous access by @shizhMSFT in #126
- Document release checklist by @shizhMSFT in #112
- Improve release pipeline by @shizhMSFT in #135
- Bump github.com/opencontainers/image-spec from 1.0.1 to 1.0.2 by @dependabot in #136
- Bump version to v0.7.1-alpha.1 by @shizhMSFT in #138
- Update artifact spec by @shizhMSFT in #133
- No auto-publish on release by @shizhMSFT in #134
New Contributors
- @sajayantony made their first contribution in #103
- @dependabot made their first contribution in #136
Full Changelog: v0.7.0-alpha.1...v0.7.1-alpha.1
v0.7.0-alpha.1
Alpha 1 release of Notary v2 notation
Documentation 📘
- Getting started with notation
- Installing notation with linux and wsl2
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.0-alpha.1/notation_0.7.0-alpha.1_linux_amd64.tar.gz tar xvzf notation.tar.gz -C ~/bin notation
What's Changed
- Add root readme info by @SteveLasker in #11
- Add TUF prototype to the readme by @mnm678 in #32
- Add isssue template referring to discussions by @marcofranssen in #23
- Reset readme for main by @SteveLasker in #73
- Add CODEOWNERS by @lachie83 in #74
- Adding Code of Conduct file and updating README.md to reflect new change by @terencet-dev in #77
- Adding information/links to README.md by @terencet-dev in #82
- Add Notation Quick Start by @SteveLasker in #87
- hello signing samples by @SteveLasker in #78
- Configuration file spec by @SteveLasker in #76
- Notation CLI baseline by @shizhMSFT in #83
- JWS-based Notation CLI by @shizhMSFT in #94
- Add release management by @lachie83 in #90
- Conform to the signature specification by @shizhMSFT in #108
New Contributors
- @terencet-dev made their first contribution in #77
Full Changelog: https://github.com/notaryproject/notation/commits/v0.7.0-alpha.1