Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix the local verification using certificates docs. #306

Merged
merged 1 commit into from
May 1, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion content/en/verifying/verify.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@
The general verification format with the `cosign verify` command is as follows.

```shell
$ cosign verify [--key <key path>|<key url>|<kms uri>] <image uri>

Check failure on line 13 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Dollar signs used before commands without showing output

content/en/verifying/verify.md:13:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ cosign verify [--key <key pa..."] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md014.md
```

Check failure on line 14 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Fenced code blocks should be surrounded by blank lines

content/en/verifying/verify.md:14 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md031.md
## Keyless verification using OpenID Connect

Check failure on line 15 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Headings should be surrounded by blank lines

content/en/verifying/verify.md:15 MD022/blanks-around-headings/blanks-around-headers Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Above] [Context: "## Keyless verification using OpenID Connect"] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md022.md

We'll use `user/demo` as our example image in the following commands and keyless signing where appropriate.

For identity-based verification of a container image, use the following command:

```

Check failure on line 21 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Fenced code blocks should have a language specified

content/en/verifying/verify.md:21 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md040.md
$ cosign verify <image URI> [email protected]
--certificate-oidc-issuer=https://accounts.example.com

Expand All @@ -28,7 +28,7 @@

The following example verifies the signature on file.txt from user [email protected] issued by [email protected]. It uses a provided bundle cosign.bundle that contains the certificate and signature.

```

Check failure on line 31 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Fenced code blocks should have a language specified

content/en/verifying/verify.md:31 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md040.md
$ cosign verify-blob <file> --bundle cosign.bundle [email protected]
--certificate-oidc-issuer=https://accounts.example.com
```
Expand Down Expand Up @@ -56,7 +56,7 @@
You can pass more than one image to `cosign verify`.

```shell
$ cosign verify user-0/demo-0 user-1/demo-1

Check failure on line 59 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Dollar signs used before commands without showing output

content/en/verifying/verify.md:59:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ cosign verify user-0/demo-0 ..."] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md014.md
```

## Local verifications
Expand All @@ -64,22 +64,22 @@
Verify with an on-disk public key provided by the signer or other organization:

```shell
$ cosign verify --key cosign.pub user/demo

Check failure on line 67 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Dollar signs used before commands without showing output

content/en/verifying/verify.md:67:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ cosign verify --key cosign.p..."] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md014.md
```

Verify with an on-disk signed image from `cosign save`:

```shell
$ cosign verify --key cosign.pub --local-image PATH/to/user/demo

Check failure on line 73 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Dollar signs used before commands without showing output

content/en/verifying/verify.md:73:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ cosign verify --key cosign.p..."] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md014.md
```

Verify image with local certificate and local certificate chain:

```shell
$ cosign verify --certificate cosign.crt --certificate-chain chain.crt user/demo
$ cosign verify --certificate cosign.crt --certificate-chain chain.crt --certificate-oidc-issuer https://issuer.example.com --certificate-identity [email protected] user/demo

Check failure on line 79 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Dollar signs used before commands without showing output

content/en/verifying/verify.md:79:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ cosign verify --certificate ..."] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md014.md
```

## Verify image with user-provided trusted chain

Check failure on line 82 in content/en/verifying/verify.md

View workflow job for this annotation

GitHub Actions / markdownlint

Headings should be surrounded by blank lines

content/en/verifying/verify.md:82 MD022/blanks-around-headings/blanks-around-headers Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "## Verify image with user-provided trusted chain"] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md022.md
Verify image with the provided certificate chain and identity parameters (intended for
a "bring your own PKI" use case):

Expand Down
Loading