From 4e729c380494cb1d13dc7986b7f8152d26961fd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Thu, 15 Sep 2022 18:46:36 +0300 Subject: [PATCH] fix: add COSIGN_EXPERIMENTAL=1 for verify-blob MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın --- cmd/cosign/cli/verify.go | 13 +++++-------- doc/cosign_verify-blob.md | 13 +++++-------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/cmd/cosign/cli/verify.go b/cmd/cosign/cli/verify.go index 08a4fe9bfcb..93fa25e3bdb 100644 --- a/cmd/cosign/cli/verify.go +++ b/cmd/cosign/cli/verify.go @@ -218,13 +218,10 @@ You may specify either a key, a certificate or a kms reference to verify against The signature may be specified as a path to a file or a base64 encoded string. The blob may be specified as a path to a file or - for stdin.`, - Example: ` cosign verify-blob (--key ||)|(--cert ) --signature + Example: ` cosign verify-blob (--key ||)|(--certificate ) --signature # Verify a simple blob and message - cosign verify-blob --key cosign.pub --signature sig msg - - # Verify a simple blob with remote signature URL, both http and https schemes are supported - cosign verify-blob --key cosign.pub --signature http://host/my.sig + cosign verify-blob --key cosign.pub (--signature | msg) # Verify a signature from an environment variable cosign verify-blob --key cosign.pub --signature $sig msg @@ -232,8 +229,8 @@ The blob may be specified as a path to a file or - for stdin.`, # verify a signature with public key provided by URL cosign verify-blob --key https://host.for/ --signature $sig msg - # Verify a signature against a payload from another process using process redirection - cosign verify-blob --key cosign.pub --signature $sig <(git rev-parse HEAD) + # verify a signature with signature and key provided by URL + cosign verify-blob --key https://host.for/ --signature https://example.com/ # Verify a signature against Azure Key Vault cosign verify-blob --key azurekms://[VAULT_NAME][VAULT_URI]/[KEY] --signature $sig @@ -254,7 +251,7 @@ The blob may be specified as a path to a file or - for stdin.`, cosign verify-blob --key gitlab://[PROJECT_ID] --signature $sig # Verify a signature against a certificate - cosign verify-blob --cert --signature $sig + COSIGN_EXPERIMENTAL=1 cosign verify-blob --certificate --signature $sig `, Args: cobra.ExactArgs(1), diff --git a/doc/cosign_verify-blob.md b/doc/cosign_verify-blob.md index 2793bbb6a55..2bcedf555f6 100644 --- a/doc/cosign_verify-blob.md +++ b/doc/cosign_verify-blob.md @@ -18,13 +18,10 @@ cosign verify-blob [flags] ### Examples ``` - cosign verify-blob (--key ||)|(--cert ) --signature + cosign verify-blob (--key ||)|(--certificate ) --signature # Verify a simple blob and message - cosign verify-blob --key cosign.pub --signature sig msg - - # Verify a simple blob with remote signature URL, both http and https schemes are supported - cosign verify-blob --key cosign.pub --signature http://host/my.sig + cosign verify-blob --key cosign.pub (--signature | msg) # Verify a signature from an environment variable cosign verify-blob --key cosign.pub --signature $sig msg @@ -32,8 +29,8 @@ cosign verify-blob [flags] # verify a signature with public key provided by URL cosign verify-blob --key https://host.for/ --signature $sig msg - # Verify a signature against a payload from another process using process redirection - cosign verify-blob --key cosign.pub --signature $sig <(git rev-parse HEAD) + # verify a signature with signature and key provided by URL + cosign verify-blob --key https://host.for/ --signature https://example.com/ # Verify a signature against Azure Key Vault cosign verify-blob --key azurekms://[VAULT_NAME][VAULT_URI]/[KEY] --signature $sig @@ -54,7 +51,7 @@ cosign verify-blob [flags] cosign verify-blob --key gitlab://[PROJECT_ID] --signature $sig # Verify a signature against a certificate - cosign verify-blob --cert --signature $sig + COSIGN_EXPERIMENTAL=1 cosign verify-blob --certificate --signature $sig ```