Skip to content

'cosign verify' for keyless verification with non-Fulio roots - '--cert-chain' without '--cert' (sigstore/cosign pr2845)#153

Merged
ltagliaferri merged 2 commits intosigstore:mainfrom
dmitris:cosign-pr2845
May 4, 2023
Merged

'cosign verify' for keyless verification with non-Fulio roots - '--cert-chain' without '--cert' (sigstore/cosign pr2845)#153
ltagliaferri merged 2 commits intosigstore:mainfrom
dmitris:cosign-pr2845

Conversation

@dmitris
Copy link
Copy Markdown
Contributor

@dmitris dmitris commented Apr 24, 2023

Summary

Docs change for sigstore/cosign#2845. For 'cosign verify', --cert-chain is sufficient, an additional --cert parameter for the leaf certificate is no longer required. For the keyless verification case, this allows "BYO PKI" use case where one needs to verify using internal/corporate certificate chain rather than one from Fulcio.

Release Note

  • 'cosign verify' allows keyless verification using the passed certificate chain and identity, with no Fulcio-roots

Documentation

The change updates the documentation to correspond to the proposed sigstore/cosign code change in the PR referenced above.

@netlify
Copy link
Copy Markdown

netlify bot commented Apr 24, 2023
edited
Loading

Deploy Preview for docssigstore ready!

Name Link
🔨 Latest commit e91a76d
🔍 Latest deploy log https://app.netlify.com/sites/docssigstore/deploys/64510a32d7f5e80008c0c37f
😎 Deploy Preview https://deploy-preview-153--docssigstore.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@dmitris dmitris changed the title cosign verify --cert-chain without --cert 'cosign verify' for keyless verification with non-Fulio roots - '--cert-chain' without '--cert' (sigstore/cosign pr2845) Apr 24, 2023
@dmitris dmitris mentioned this pull request Apr 25, 2023
Merged
2 tasks
Hayden-IO
Hayden-IO requested changes Apr 25, 2023
View reviewed changes
Hayden-IO
Hayden-IO previously approved these changes Apr 25, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@Hayden-IO Hayden-IO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@Hayden-IO
Copy link
Copy Markdown
Contributor

Hayden-IO commented Apr 25, 2023

/HOLD until the Cosign PR is in

@dmitris dmitris mentioned this pull request Apr 26, 2023
Merged
Hayden-IO
Hayden-IO approved these changes Apr 28, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@Hayden-IO Hayden-IO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR is now merged.

dmitris added 2 commits May 2, 2023 15:03
@dmitris
cosign verify --cert-chain without --cert
7171008 
Docs change for sigstore/cosign#2845.
For 'cosign verify', `--cert-chain` is sufficient,
an additional `--cert` parameter for the leaf certificate is
no longer required.

Signed-off-by: Dmitry S <dsavints@gmail.com>
@dmitris
address PR feedback
e91a76d 
Signed-off-by: Dmitry S <dsavints@gmail.com>
@ltagliaferri ltagliaferri merged commit 46145a8 into sigstore:main May 4, 2023
@dmitris dmitris deleted the cosign-pr2845 branch May 5, 2023 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ltagliaferri ltagliaferri ltagliaferri approved these changes

@Hayden-IO Hayden-IO Hayden-IO approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dmitris @Hayden-IO @ltagliaferri