From 54c55be6b2c7b4a0f79373375515db0bf5f4f5de Mon Sep 17 00:00:00 2001 From: ChristianCiach Date: Tue, 4 Oct 2022 14:15:45 +0200 Subject: [PATCH] Better help text to sign and verify SBOM --- cmd/cosign/cli/attach.go | 2 +- cmd/cosign/cli/download.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/cosign/cli/attach.go b/cmd/cosign/cli/attach.go index 446010f9510..8aa897f3f39 100644 --- a/cmd/cosign/cli/attach.go +++ b/cmd/cosign/cli/attach.go @@ -70,7 +70,7 @@ func attachSBOM() *cobra.Command { if err != nil { return err } - fmt.Fprintf(os.Stderr, "WARNING: Attaching SBOMs this way does not sign them. If you want to sign them, use 'cosign attest -predicate %s -key ' or 'cosign sign -key '.\n", o.SBOM) + fmt.Fprintf(os.Stderr, "WARNING: Attaching SBOMs this way does not sign them. If you want to sign them, use 'cosign attest --predicate %s --key ' or 'cosign sign --key --attachment sbom '.\n", o.SBOM) return attach.SBOMCmd(cmd.Context(), o.Registry, o.SBOM, mediaType, args[0]) }, } diff --git a/cmd/cosign/cli/download.go b/cmd/cosign/cli/download.go index 73edf99aa1d..a856e58ee23 100644 --- a/cmd/cosign/cli/download.go +++ b/cmd/cosign/cli/download.go @@ -68,7 +68,7 @@ func downloadSBOM() *cobra.Command { Example: " cosign download sbom ", Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - fmt.Fprintln(os.Stderr, "WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation ' or verify its signature.") + fmt.Fprintln(os.Stderr, "WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation ' or verify its signature using 'cosign verify --key --attachment sbom '.") _, err := download.SBOMCmd(cmd.Context(), *o, *do, args[0], cmd.OutOrStdout()) return err },