Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'cosign verify' for keyless verification with non-Fulio roots - '--cert-chain' without '--cert' (sigstore/cosign pr2845) #153

Merged
merged 2 commits into from
May 4, 2023
Merged

'cosign verify' for keyless verification with non-Fulio roots - '--cert-chain' without '--cert' (sigstore/cosign pr2845) #153

merged 2 commits into from
May 4, 2023

Conversation

dmitris
Copy link
Contributor

@dmitris dmitris commented Apr 24, 2023

Summary

Docs change for sigstore/cosign#2845. For 'cosign verify', --cert-chain is sufficient, an additional --cert parameter for the leaf certificate is no longer required. For the keyless verification case, this allows "BYO PKI" use case where one needs to verify using internal/corporate certificate chain rather than one from Fulcio.

Release Note

  • 'cosign verify' allows keyless verification using the passed certificate chain and identity, with no Fulcio-roots

Documentation

The change updates the documentation to correspond to the proposed sigstore/cosign code change in the PR referenced above.

@netlify
Copy link

netlify bot commented Apr 24, 2023
edited
Loading

Deploy Preview for docssigstore ready!

Name Link
🔨 Latest commit e91a76d
🔍 Latest deploy log https://app.netlify.com/sites/docssigstore/deploys/64510a32d7f5e80008c0c37f
😎 Deploy Preview https://deploy-preview-153--docssigstore.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@dmitris dmitris changed the title cosign verify --cert-chain without --cert 'cosign verify' for keyless verification with non-Fulio roots - '--cert-chain' without '--cert' (sigstore/cosign pr2845) Apr 24, 2023
@dmitris dmitris mentioned this pull request Apr 25, 2023
Merged
2 tasks
haydentherapper
haydentherapper requested changes Apr 25, 2023
View reviewed changes
content/en/cosign/verify.md Outdated Show resolved Hide resolved
content/en/cosign/verify.md Outdated Show resolved Hide resolved
haydentherapper
haydentherapper previously approved these changes Apr 25, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@haydentherapper
Copy link
Contributor

/HOLD until the Cosign PR is in

@dmitris dmitris mentioned this pull request Apr 26, 2023
Merged
haydentherapper
haydentherapper approved these changes Apr 28, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR is now merged.

@dmitris
cosign verify --cert-chain without --cert
7171008 
Docs change for sigstore/cosign#2845.
For 'cosign verify', `--cert-chain` is sufficient,
an additional `--cert` parameter for the leaf certificate is
no longer required.

Signed-off-by: Dmitry S <dsavints@gmail.com>
@dmitris
address PR feedback
e91a76d 
Signed-off-by: Dmitry S <dsavints@gmail.com>
@ltagliaferri ltagliaferri merged commit 46145a8 into sigstore:main May 4, 2023
@dmitris dmitris deleted the cosign-pr2845 branch May 5, 2023 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@ltagliaferri ltagliaferri ltagliaferri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmitris @haydentherapper @ltagliaferri