Skip to content

Commit f231500

Browse files
haydentherapperhaydentherapper
authored
Update README for release (#549)
* Update the design doc link to one without approvals * Add information on the public instance * Include installation info * Add developer documentation Signed-off-by: Hayden <[email protected]>
1 parent 1805962 commit f231500

File tree

1 file changed

+72
-3
lines changed

1 file changed

+72
-3
lines changed

README.md

Lines changed: 72 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,80 @@
1-
# Rekor on Tiles
1+
# Rekor v2
22

3-
Rekor on Tiles, aka Rekor v2, is a redesigned and modernized [Rekor](https://github.com/sigstore/rekor),
3+
Rekor v2, aka rekor-tiles or Rekor on Tiles, is a redesigned and modernized [Rekor](https://github.com/sigstore/rekor),
44
Sigstore's signature transparency log, transitioning its backend to a modern,
55
[tile-backed transparency log](https://transparency.dev/articles/tile-based-logs/) implementation to
66
simplify maintenance and lower operational costs.
77

88
More information (documents are shared with [sigstore-dev](https://groups.google.com/g/sigstore-dev), join the group to get access):
99

1010
* [Proposal](https://docs.google.com/document/d/1Mi9OhzrucIyt-UCLk_FxO2_xSQZW9ow9U3Lv0ZB_PpM/edit?resourcekey=0-4rPbZPyCS7QDj26Hk0UyvA&tab=t.0#heading=h.bjitqo6lwsmn)
11-
* [Design doc](https://docs.google.com/document/d/1qZ-lkpbQkBzV45rtemWYmT6ReqCwjTt5TbMDFLdaPyM/edit?resourcekey=0-bMAyN9EKPDvB0H3edYi_Cw&tab=t.0#heading=h.xzptrog8pyxf)
11+
* [Design doc](https://docs.google.com/document/d/1ZYlt_VFB-lxbZCcTZHN-6KVDox3h7-ePp85pNpOUF1U/edit?resourcekey=0-V3WqDB22nOJfI4lTs59RVQ&tab=t.0#heading=h.xzptrog8pyxf)
12+
13+
## Public-good instance
14+
15+
The Sigstore community hosts a productionized instance of Rekor v2 with a 99.5% availability SLO.
16+
See the [status page](https://status.sigstore.dev/) for uptime metrics.
17+
18+
Use the public-good instance's TUF repository to determine the URL of the active instance.
19+
Note that the community instance's URL will change approximately every 6 months when
20+
we "shard" the log, creating a new log instance to keep the size of the log maintainable.
21+
Sigstore clients will pull the latest log shard URL from the TUF-distributed
22+
[SigningConfig](https://github.com/sigstore/root-signing/blob/main/targets/signing_config.v0.2.json),
23+
and will fetch both active and inactive shard public keys from the
24+
[TrustedRoot](https://github.com/sigstore/root-signing/blob/main/targets/trusted_root.json).
25+
26+
As of October 2025, we have not yet distributed the current Rekor v2 URL in the SigningConfig, to give users
27+
adequate time to update their clients to support verifying entries from Rekor v2. We are planning to distribute
28+
the latest Rekor v2 URL by end of 2025/early 2026.
29+
30+
If you want to start using Rekor v2, construct a signing config, using the
31+
[TUF-distributed signing config](https://github.com/sigstore/root-signing/blob/main/targets/signing_config.v0.2.json)
32+
as a base, and adding the following instance as the first entry in the `rekorTlogUrls` list:
33+
34+
```
35+
{
36+
"url": "https://log2025-1.rekor.sigstore.dev",
37+
"majorApiVersion": 2,
38+
"validFor": {
39+
"start": "2025-10-06T00:00:00Z"
40+
},
41+
"operator": "sigstore.dev"
42+
},
43+
```
44+
45+
**Note**: We will eventually turn down the 2025 Rekor v2 instance when we deploy a 2026 instance. We strongly
46+
advise against hardcoding this URL into any pipelines that cannot be easily updated.
47+
48+
## Installation
49+
50+
We provide prebuilt binaries and containers for private deployments.
51+
52+
* Download the latest binary from [Releases](https://github.com/sigstore/rekor-tiles/releases)
53+
* Pull the latest container from [GHCR](https://github.com/sigstore/rekor-tiles/pkgs/container/rekor-tiles)
54+
* Install Rekor v2 via [Helm](https://github.com/sigstore/helm-charts/tree/main/charts/rekor-tiles)
55+
56+
## Security Reports
57+
58+
If you find any issues, follow Sigstore's [security policy](https://github.com/sigstore/rekor-tiles/security/policy)
59+
to report them.
60+
61+
## Local Development
62+
63+
### Deployment
64+
65+
Run `docker compose up --build --wait` to start the service along with emulated Google Cloud Storage and Spanner instances.
66+
67+
Run `docker compose down` to turn down the service, or `docker compose down --volumes` to turn down the service and delete
68+
persisted tiles.
69+
70+
### Making a request
71+
72+
Follow the [client documentation](https://github.com/sigstore/rekor-tiles/blob/main/CLIENTS.md#rekor-v2-the-bash-way)
73+
for constructing a request and parsing a response.
74+
75+
### Testing
76+
77+
Run unit tests with `go test ./...`.
78+
79+
Follow the [end-to-end test documentation](https://github.com/sigstore/rekor-tiles/blob/main/tests/README.md)
80+
for how to run integration tests against a local instance.

0 commit comments

Comments
 (0)