Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Developed at security
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP4:FactoryCandidates/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_service 0000000127 127 Bytes
cosign-2.2.0.tar.gz 0000850421 830 KB
cosign.changes 0000042046 41.1 KB
cosign.spec 0000002139 2.09 KB
vendor.tar.zst 0017520501 16.7 MB
Revision 16 (latest revision is 20)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1108432 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 16) 
- updated to 2.2.0 (jsc#SLE-23879)
  - Enhancements
    * switch to uploading DSSE types to rekor instead of intoto (#3113)
    * add 'cosign sign' command-line parameters for mTLS (#3052)
    * improve error messages around bundle != payload hash (#3146)
    * make VerifyImageAttestation function public (#3156)
    * Switch to cryptoutils function for SANS (#3185)
    * Handle HTTP_1_1_REQUIRED errors in github provider (#3172)
  - Bug Fixes
    * Fix nondeterminsitic timestamps (#3121)
  - Documentation
    * doc: Add example of sign-blob with key in env var (#3152)
    * add deprecation notice for cosign-releases GCS bucket (#3148)
    * update doc links (#3186)

- updated to 2.1.1 (jsc#SLE-23879)
  - Bug Fixes
    - wait for the workers become available again to continue the execution (#3084)
    - fix help text when in a container (#3082)
- updated to 2.1.0 (jsc#SLE-23879)
  - Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag.
  - Enhancements
    - Verify sigs and attestations in parallel (#3066)
    - Deep inspect attestations when filtering download (#3031)
    - refactor bundle validation code, add support for DSSE rekor type (#3016)
    - Allow overriding remote options (#3049)
    - feat: adds no cert found on sig exit code (#3038)
    - Make predicate a required flag in attest commands (#3033)
    - Added support for attaching Time stamp authority Response in attach command (#3001)
    - Add sign --sign-container-identity CLI (#2984) (forwarded request 1108431 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by
Places