• Fixed bug where CLI requested admin privileges for all metadata operations, including listing targets on a repo #1315
• Prevented notary signer from being dumpable or ptraceable in Linux, except in debug mode #1327
• Bumped JWT dependency to fix potential Invalid Curve Attack on NIST curves within ECDH key management #1334
• If the home directory cannot be found, log a warning instead of erroring out #1318
• Bumped go version and various dependencies #1323 #1332 #1335 #1336
• Various internal and documentation fixes #1312 #1313 #1319 #1320 #1324 #1326 #1328 #1329 #1333

SHA256

notary-Darwin-amd64          9593cc0a341e7fe1d01e6834e9964558318a8679c058b6da755b8608dbeac3de
notary-Linux-amd64           73353b2b4b85604c738a6800465133cb3a828dff0aa26f3c0926dd9a73e19879
notary-Windows-amd64.exe     9d736f9b569b6a6a3de30cbfa3c60a764acdd445cf4ced760efa9d370bcad64f

v0.6.0

• The project has been moved from https://github.com/docker/notary to https://github.com/theupdateframework/notary, as it has been accepted into the CNCF. Downstream users should update their go imports.
• Removed support for RSA-key exchange ciphers supported by the server and signer and require TLS >= 1.2 for the server and signer. #1307
• libykcs11 can be found in several additional locations on Fedora. #1286
• If a certificate is used as a delegation public key, notary no longer warns if the certificate has expired, since notary should be relying on the role expiry instead. #1263
• An error is now returned when importing keys if there were invalid PEM blocks. #1260
• Notary server authentication credentials can now be provided as an environment variable NOTARY_AUTH, which should contain a base64-encoded "username:password" value. #1246
• Changefeeds are now supported for RethinkDB as well as SQL servers. #1214
• Notary CLI will now time out after 30 seconds if a username and password are not provided when authenticating to anotary server, fixing an issue where scripts for the notary CLI may hang forever. #1200
• Fixed potential race condition in the signer keystore. #1198
• Notary now no longer provides the option to generate RSA keys for a repository, but externally generated RSA keys can still be imported as keys for a repository. #1191
• Fixed bug where the notary client would ioutil.ReadAll responses from the server without limiting the size. #1186
• Default notary CLI log level is now warn, and if the -v option is passed, it is at info. #1179
• Example Postgres config now includes an example of mutual TLS authentication between the server/signer and Postgres. #1160 #1163
• Fixed an error where piping the server authentication credentials via STDIN when scripting the notary CLI did not work. #1155
• If the server and signer configurations forget to specify parseTime=true when using MySQL, notary server and signer will automatically add the option. #1150
• Custom metadata can now be provided and read on a target when using the notary client as a library (not yet exposed on the CLI). #1146
• notary init now accepts a --root-cert and --root-key flag for use with privately generated certificates and keys. #1144
• notary key generate now accepts a --role flag as well as a --output flag. This means it can generate new targets or delegation keys, and it can also output keys to a file instead of storing it in the default notary key store. #1134
• Newly generated keys are now stored encrypted and encoded in PKCS#8 format. This is not forwards-compatible against notary<0.6.0 and docker<17.12.x. Also please note that docker>=17.12.x is not forwards compatible with notary<0.6.0.. #1130 #1201
• Added support for wildcarded certificate IDs in the trustpinning configuration #1126
• Added support using the client against notary servers which are hosted as subpath under another server (e.g. https://domain.com/notary instead of https://notary.com) #1108
• If no changes were made to the targets file, you are no longer required to sign the target #1104
• Added support for wildcard suffixes for root certificates CNs for root keys, so that a single root certificate would be valid for multiple repositories #1088
• Root key rotations now do not require all previous root keys sign new root metadata. #942.
  • New keys are trusted if the root metadata file specifying the new key was signed by the previous root key/threshold
  • Root metadata can now be requested by version from the server, allowing clients with older root metadata to validate each new version one by one up to the current metadata
• notary key rotate now accepts a flag specifying which key to rotate to #942
• Refactoring of the client to make it easier to use as a library and to inject dependencies:
  • References to GUN have now been changed to "imagename". #1081
  • NewNotaryRepository can now be provided with a remote store and changelist, as opposed to always constructing its own. #1094
  • If needed, the notary repository will be initialized first when publishing. #1105
  • NewNotaryReository now requires a non-nil cache store. #1185
  • The "No valid trust data" error is now typed. #1212
  • TUFClient was previously mistakenly exported, and is now unexported. #1215
  • The notary client now has a Repository interface type to standardize client.NotaryRepository. #1220
  • The constructor functions NewFileCachedNotaryRepository and NewNotaryRepository have been renamed, respectively, to NewFileCachedRepository and NewRepository to reduce redundancy. #1226
  • NewRepository returns an interface as opposed to the concrete type NotaryRepository it previously did. NotaryRepository is also now an unexported concrete type. #1226
  • Key import/export logic has been moved from the utils package to the trustmanager package. #1250

SHA256

cross/notary-Darwin-amd64            a58af6a845160d36c650a6d4441ed76d4ca7776a6676bfc5a54658bb275fad8d 
cross/notary-Linux-amd64             f4e421b3bb3c32c39372f7f02fbe80c67580cccd381f9722b1c702b3ab63a1c7
cross/notary-Windows-amd64.exe       9f5e419adbeb19c655f3229ecc5922fe2934b0098d6207089baa679f64949787  

v0.4.3

• Fix build tags for static notary client binaries in linux #1039
• Fix key import for exported delegation keys #1067

Checksums

Sha256

notary-Darwin-amd64        1e32aad049d2835b0c5b4805f9abc39b88c4de90b9743775c33c9faaf6c6c383
notary-Linux-amd64         06cd02c4c2e7a3b1ad9899b03b3d4dde5392d964c675247d32f604a24661f839
notary-Windows-amd64.exe   a9d4dd661072fc428af7d832efc5bdccf9f230b6f5547d61e2833b1d6f35709c  

v0.4.2

• Bump the cross compiler to golang 1.7.1, since 1.6.3 builds binaries that could have non-deterministic bugs in OS X Sierra #984

v0.4.1 (Superseded by v0.4.2)

• Preliminary Windows support for notary client #970
• Output message to CLI when repo changes have been successfully published #974
• Improved error messages for client authentication errors and for the witness command #972
• Support for finding keys that are anywhere in the notary directory's private directory, not just under private/root_keys or private/tuf_keys #981
• Previously, on any error updating, the client would fall back on the cache. Now we only do so if there is a network error or if the server is unavailable or missing the TUF data. Invalid TUF data will cause the update to fail - for example if there was an invalid root rotation. #982

v0.4.0 (Superseded by v0.4.2)

• Server-managed key rotations #889
• Remove timestamp_keys table, which stored redundant information #889
• Introduce notary delete command to delete local and/or remote repo data #895
• Introduce notary witness command to stage signatures for specified roles #875
• Add -p flag to offline commands to attempt auto-publish #886 #912 #923
• Introduce notary reset command to manage staged changes #959 #856
• Add --rootkey flag to notary init to provide a private root key for a repo #801
• Introduce notary delegation purge command to remove a specified key from all delegations #855
• Removed HTTP endpoint from notary-signer #870
• Refactored and unified key storage #825
• Batched key import and export now operate on PEM files (potentially with multiple blocks) instead of ZIP #825 #882
• Add full database integration test-suite #824 #854 #863
• Improve notary-server, trust pinning, and yubikey logging #798 #858 #891
• Warn if certificates for root or delegations are near expiry #802
• Warn if role metadata is near expiry #786
• Reformat CLI table output to use the text/tabwriter package #809
• Fix passphrase retrieval attempt counting and terminal detection #906
• Fix listing nested delegations #864
• Bump go version to 1.6.3, fix go1.7 compatibility #851 #793
• Convert docker-compose files to v2 format #755
• Validate root rotations against trust pinning #800
• Update fixture certificates for two-year expiry window #951

Checksums

Sha256

notary-Darwin-amd64        0a7aa1356cc3f291844ecbd4632dc508a341dc15a2097deaa0d393ec37f95b54
notary-Linux-amd64         2ac583805c49a50e4b71003597f7fbee48393e836e9a0701671e079d1cd9c96d
notary-Windows-amd64.exe   bc2d527c41738bb4efaa4b7745e546cae4621a0752c72958648e8250fd365855  

v0.3

• Root rotations
• RethinkDB support as a storage backend for Server and Signer
• A new TUF repo builder that merges server and client validation
• Trust Pinning: configure known good key IDs and CAs to replace TOFU.
• Add --input, --output, and --quiet flags to notary verify command
• Remove local certificate store. It was redundant as all certs were also stored in the cached root.json
• Add environment variable for automating delegation key passphrase entry
• Update formatting for delegation list output to be multiline for keys and paths
• Update delegation behavior to not fallback to parent roles if specified role does not exist
• Further restrict JWT token permissions to remove unnecessary actions
• Cleanup of dead code in client side key storage logic
• Update project to Go 1.6.1
• Reorganize vendoring to meet Go 1.6+ standard. Still using Godeps to manage vendored packages
• Add targets by hash, no longer necessary to have the original target data available
• Active Key ID verification during signature verification
• Switch all testing from assert to require, reduces noise in test runs
• Use alpine based images for smaller downloads and faster setup times
• Clean up out of data signatures when re-signing content
• Set cache control headers on HTTP responses from Notary Server
• Add sha512 support for targets
• Move SQLite dependency to tests only so it doesn't get built into official images
• Fixed asking for password to list private repositories
• Enable using notary client with username/password in a scripted fashion
• Fix static compilation of client
• Enforce TUF version to be >= 1, previously 0 was acceptable although unused
• json.RawMessage should always be used as *json.RawMessage due to concepts of addressability in Go and effects on encoding

Checksums

Sha256

notary-Darwin-amd64             dfca69606e920142611209e50aa14124b83ac6af54473bf0102d2ceea2355140
notary-Linux-amd64              1cb85573282dd38657dc2af86fd403ceea5cd7440ac7f418f8d898fa5a9d071a
notary-Linux-static-amd64       66e7fbfb03dc88c0b592b0492ff66b8c325a204738c4c9447239fcaeb47be635

v0.2

• Add support for delegation roles in notary server and client
• Add notary CLI commands for managing delegation roles: notary delegation
  • add, list and remove subcommands
• Enhance notary CLI commands for adding targets to delegation roles
  • notary add --roles and notary remove --roles to manipulate targets for delegations
• Support for rotating the snapshot key to one managed by the notary server
• Add consistent download functionality to download metadata and content by checksum
• Update docker-compose configuration to use official mariadb image
  • deprecate notarymysql
  • default to using a volume for data directory
  • use separate databases for notary-server and notary-signer with separate users
• Add notary CLI command for changing private key passphrases: notary key passwd
• Enhance notary CLI commands for importing and exporting keys
• Change default notary CLI log level to fatal, introduce new verbose (error-level) and debug-level settings
• Store roles as PEM headers in private keys, incompatible with previous notary v0.1 key format
  • No longer store keys as <KEY_ID>_role.key, instead store as <KEY_ID>.key; new private keys from new notary clients will crash old notary clients
• Support logging as JSON format
• Support mutual TLS between notary client and notary server

Checksums

Sha256

notary-v0.2_darwin-amd64.zip    c3e78a9d037fa040cf0b97d1f1c587cfe37eeb993b182002d2cd8322642d649c
notary-v0.2_linux-amd64.zip     5ab2dab6deaffa7ea8261b35c88996bd2b53c311a6036a27e90eb73bd048ebe2
notary-v0.2_darwin-amd64.tar.gz 5e2d9fb5626cf64f9ea616ba89eff8dfef171451068a23465c967e6cf7e7b4c3
notary-v0.2_linux-amd64.tar.gz  15edcc66b604ecd73780848a64841371847c4b85951a09ae0b9734459fc7db53

Notary Client

The first release of the notary client supports the following features:

• Basic TUF operations against an instance of Notary Server.
  • Initialization of a TUF repository with a set of TUF keys.
    • Root, targets and snapshot keys generated locally.
    • Timestamp public key requested from Notary Server.
  • Adding and removing targets.
  • Publishing the repository to Notary Server.
  • Listing targets in repositories hosted by Notary server.
  • Rotating the targets and snapshots keys.
  • Verifying data in the trusted collection
• Self signed per collection certificates as the public trust anchors (root keys)
• Hardware signing with Yubikeys (only ECDSA keys with the root role currently supported)
• Configuration to set custom Notary Server location and local directory containing keys and cache:
  • via via the -s and -d flags respectively
  • via a configuration file specified with the -c flag
  • via a configuration file located at the default location ~/.notary/config.json
• Private key management
  • Backup and restore keys across machines.
  • Remove keys from Yubikeys and disk.
  • List currently available signing keys.
• Certificate management
  • List currently trusted certificates
  • Remove trusted certificates

Checksums

MD5

notary-v0.1_darwin-amd64.zip        90019e80390c8e514861fa34af4ad009
notary-v0.1_linux-amd64.zip         818413c06ac00c7ef8a393769a66eec3
notary-v0.1_darwin-amd64.tar.gz     173f8020e1e8a8b5d15c3be18f58cf36
notary-v0.1_linux-amd64.tar.gz      47ba6374daefea6abcf9e7505ed8c4a6

Sha256

notary-v0.1_darwin-amd64.zip        804b367e9e7b0896748c32ccf52c3a46255149a258322f3d1346e80bca55e859
notary-v0.1_linux-amd64.zip         760c449b7005f348863e43deb922ee7926f5f8018824cc40046e1a742bf3b5ee
notary-v0.1_darwin-amd64.tar.gz     2d6968e01927157c8bd0165088b7b59c389c6d9b0752e7608e724b2afdc745ec
notary-v0.1_linux-amd64.tar.gz      a33c6541733a38aa63b2e0581503381547e0a2bd181891b016f1ffada726ce45