Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

document --ca-roots and --ca-intermediates flags for 'cosign verify' #291

Merged
merged 2 commits into from
Feb 6, 2024

Conversation

dmitris
Copy link
Contributor

@dmitris dmitris commented Jan 29, 2024

Summary

Document the new --ca-roots and --ca-intermediates flags for cosign verify.

Related to sigstore/cosign sigstore/cosign#3464 and its issue sigstore/cosign#3462.
Document the new 'cosign verify' --ca-roots flag
and its difference to the --certificate-chain flag.
List the supported and currently unsupported use cases (single/multiple CA(s), intermediate CAs).

Release Note

  • New features and improvements, including behavioural changes, UI changes and CLI changes
  • cosign verify: added new -ca-roots and --ca-intermediates flags to use a certificate bundle PEM file with multiple CA root and optionally intermediate certificates

Documentation

N/A (this PR is the documentation change)

Copy link

netlify bot commented Jan 29, 2024

Deploy Preview for docssigstore ready!

Name Link
🔨 Latest commit c4cb47e
🔍 Latest deploy log https://app.netlify.com/sites/docssigstore/deploys/65bbc5f07d98190008359bd1
😎 Deploy Preview https://deploy-preview-291--docssigstore.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Related to sigstore/cosign#3462.
Document the new 'cosign verify' --ca-roots flag and
its difference to the --certificate-chain flag.
List the supported and currently unsupported use cases
(single/multiple CA(s), intermediate CAs).

Signed-off-by: Dmitry S <dsavints@gmail.com>
Signed-off-by: Dmitry S <dsavints@gmail.com>
@dmitris dmitris changed the title document --ca-roots flag for 'cosign verify' document --ca-roots and --ca-intermediates flags for 'cosign verify' Feb 1, 2024
@ltagliaferri ltagliaferri merged commit 64b258f into sigstore:main Feb 6, 2024
6 checks passed
@dmitris dmitris deleted the cosign-3464-pr branch February 6, 2024 19:05
@haydentherapper
Copy link
Contributor

@dmitris For the future, can you please note that this should not yet be merged until the feature lands?

@peer-jslater
Copy link

This documentation was very confusing while trying to get PKI working with certificates.
To other readers: the feature is still not merged. I'm currently using sigstore/cosign#2632 for reference. It may be helpful.

Tagging @ltagliaferri since they merged the PR.

@haydentherapper
Copy link
Contributor

@peer-jslater reverting this PR until this feature lands

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants