Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Installation guide #400

Merged
merged 2 commits into from
Jul 29, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 133 additions & 0 deletions INSTALLATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
# Rekor installation

There are serveral methods to install rekor which we will cover here for both the rekor-cli and server

## From the release page

Rekor releases are available on the [release page](https://github.com/sigstore/rekor/releases)

The components are available, the server; `rekor-server` and the CLI tool `rekor-cli`

See [release-verify](release-verify.md) for details of to verify rekor release binaries.

## Using go install

If you have go installed, you can use go to retreive the rekor binaries

```
go install -v github.com/sigstore/rekor/cmd/rekor-cli@latest
```

You may also do the same for rekor-server, but **note** that rekor server also
requires trillian and database. See [database]

```
go install -v github.com/sigstore/rekor/cmd/rekor-server@latest
```

## Build from the git repository

Clone rekor

```
git clone https://github.com/sigstore/rekor.git
```

And then use our Makefile to build:

```
make rekor-cli rekor-server
```

> :notebook: You will of course need the 'make' package to run the above


# Rekor Server Set up

## Configure trillians database

To set up trillians database we need to create the database / tables.

Trillian requires a database, we use MariaDB for now (others to be explored later). Once this is installed on your machine,
edit the `scripts/createdb.sh` file with your database root account credentials and run the script.

If you’re just trying out rekor, keep the DB user name and password the same as in the script (test/zaphod). If you change these,
you need to make the changes on Trillian’s side (visit the trillian repo for details).

```
wget https://raw.githubusercontent.com/sigstore/rekor/main/scripts/createdb.sh
```

```
wget https://raw.githubusercontent.com/sigstore/rekor/main/scripts/storage.sql
```

```
chmod +x createdb.sh
```

```
sudo ./createdb.sh
```

## Install trillian

```
go install github.com/google/trillian/cmd/trillian_log_server@v1.3.14-0.20210713114448-df474653733c
```

```
go install github.com/google/trillian/cmd/trillian_log_signer@v1.3.14-0.20210713114448-df474653733c
```

## Run trillian

First run the trillian log server

```
trillian_log_server -http_endpoint=localhost:8090 -rpc_endpoint=localhost:8091 --logtostderr ...
```

Now run the signer:

```
trillian_log_signer --logtostderr --force_master --http_endpoint=localhost:8190 -rpc_endpoint=localhost:8191 --batch_size=1000 --sequencer_guard_window=0 --sequencer_interval=200ms
```

## Run Rekor

We are now ready to run rekor.

> :notebook: If you want a quick handy search index, then you will need to install redis-server
if you choose not to, then you must pass the argument `--enable_retrieve_api` false.

```
rekor-server serve --rekor_server.address=0.0.0.0 --rekor_server.port=3000
```

Example:

```
2021-07-29T12:06:47.829+0100 INFO app/root.go:107 Using config file: /home/luke/go/src/github.com/lukehinds/rekor/rekor-server.yaml
2021-07-29T12:06:47.830+0100 INFO app/serve.go:66 starting rekor-server
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'jar'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'jar'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'intoto'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'intoto'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'rfc3161'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'rfc3161'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'alpine'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'alpine'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'helm'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'helm'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'rekord'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'rekord'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:91 Loading support for pluggable type 'rpm'
2021-07-29T12:06:47.841+0100 INFO app/serve.go:92 Loading version '0.0.1' for pluggable type 'rpm'
2021-07-29T12:06:47.858+0100 INFO restapi/server.go:230 Serving rekor server at http://127.0.0.1:3000
```

## Use of rekor CLI

For examples of using the rekor-cli, please see the [types](types.md) documentation

19 changes: 8 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,6 @@ Rekor fulfils the signature transparency role of sigstore's software signing
infrastructure. However, Rekor can be run on its own and is designed to be
extensible to working with different manifest schemas and PKI tooling.

For more details on set up a Rekor server, [visit the following link](https://sigstore.dev/get_started/server/)

For details on CLI usage, [visit the following link](https://sigstore.dev/get_started/client/)

If you're interesting in integration with Rekor, we have an [OpenAPI swagger editor](https://sigstore.dev/swagger/)

## Public Instance

A public instance of rekor can be found at [rekor.sigstore.dev](https://rekor.sigstore.dev/api/v1/log/)
Expand All @@ -37,11 +31,8 @@ We are interested in helping on board you!

### Installation

Rekor releases are available on the [release page](https://github.com/sigstore/rekor/releases)

The components are available, the server; `rekor-server` and the CLI tool `rekor-cli`

See [release-verify](release-verify.md) for details of to verify rekor release binaries.
Please see the [installation](installation.md) page for details on how to install the rekor CLI and set up / run
the rekor server

### Usage

Expand Down Expand Up @@ -86,8 +77,14 @@ prior to this index were witnessed by Rekor before this time.

## Extensibility

### Custom schemas / manifests (rekor type)

Rekor allows customized manifests (which term them as types), [type customization is outlined here](https://github.com/sigstore/rekor/tree/main/pkg/types).

### API

If you're interesting in integration with Rekor, we have an [OpenAPI swagger editor](https://sigstore.dev/swagger/)

## Security

Should you discover any security issues, please refer to sigstores [security
Expand Down