Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Update instructions to verify release blobs with cosign. #635

Closed
wants to merge 1 commit into from
Closed

docs: Update instructions to verify release blobs with cosign. #635

wants to merge 1 commit into from

Conversation

eiffel-fl
Copy link

Hi.

I am interested in using nfpm to generate *.deb and *.rpm packages.
So, I took a look at your documentation and found the instructions to verify the release blobs are not up to date.

With this PR, I updated them.
Note that I am not a cosign expert as I am currently working on this in my project (inspektor-gadget/inspektor-gadget#1280).

If you see any ways to improve this contribution, feel free to share.

Best regards.

@eiffel-fl
docs: Update instructions to verify release blobs with cosign.
c203ec0 
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 16, 2023
caarlos0
caarlos0 reviewed Mar 18, 2023
View reviewed changes
www/docs/install.md
```

1. Verify the signature:
```sh
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
cat checksums.txt.pem | base64 -d | openssl x509 -text -noout
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to check the new cosign release instructions, but, assuming this is right, we need to use the __VERSION__ var instead of an specific version.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to check the new cosign release instructions

Definitely, I am far from being a cosign expert so do not take my speech as gospel truth!
I rather open this PR just for information and giving some links rather than an issue to complain.

@caarlos0 caarlos0 mentioned this pull request Apr 6, 2023
Merged
@caarlos0 caarlos0 closed this in #647 Apr 6, 2023
@caarlos0
Copy link
Member

caarlos0 commented Apr 6, 2023

see #647

@caarlos0
Copy link
Member

caarlos0 commented Apr 6, 2023

thanks for bringing this up, btw <3

@eiffel-fl
Copy link
Author

You are welcome!

@eiffel-fl eiffel-fl deleted the docs-cosign branch April 6, 2023 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caarlos0 caarlos0 caarlos0 left review comments

Assignees
No one assigned
Labels
size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eiffel-fl @caarlos0