Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Devel package for openSUSE:Factory
  • 3 derived packages
  • Links to openSUSE:Factory / cosign
  • Download package
  • osc -A https://api.opensuse.org checkout security/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_link 0000000124 124 Bytes
_service 0000000127 127 Bytes
cosign-2.0.0.tar.gz 0006654819 6.35 MB
cosign.changes 0000037213 36.3 KB
cosign.spec 0000002344 2.29 KB
vendor.tar.zst 0012267745 11.7 MB
Revision 24 (latest revision is 41)
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 1067997 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 24) 
- update to 2.0.0 (jsc#SLE-23879)
  Breaking Changes:
  * insecure-skip-tlog-verify: rename and adapt the cert expiration check (#2620)
  * Deprecate --certificate-email flag. Make --certificate-identity and -… (#2411)
  Enhancements:
  * Change go module name to github.com/sigstore/cosign/v2 for Cosign 2.0 (#2544)
  * Allow users to pass in a path for the --identity-token flag (#2538)
  * Breaking change: Respect tlog-upload=false, default to true (#2505)
  * Support outputing a certificate without uploading to the tlog (#2506)
  * Attestation/Blob signing and verification using a RFC3161 time-stamping server (#2464)
  * respect tlog-upload flag with TSA (#2474)
  * Better feedback if specifying incompatible argument on cosign sign --attachment (#2449)
  * Support TSA and Rekor verifications (#2463)
  * add support for tsa signing and verification of images (#2460)
  * cosign policy sign: remove experimental flag and make keyless signing default (#2459)
  * Remove experimental mode from cosign attest and verify-attestation (#2458)
  * Remove experimental mode from sign-blob and verify-blob (#2457)
  * Add --offline flag to force offline verification (#2427)
  * Air gap support (#2299)
  * Breaking change: Change SCT verification behavior to default to enforcement (#2400)
  * Breaking change: remove --force flag from sign and attest and rely on --yes flag to skip confirmation (#2399)
  * Breaking change: replace --no-tlog-upload flag with --tlog-upload flag (#2397)
  * Remove experimental flag from cosign sign and cosign verify (#2387)
  * verify: remove SIGSTORE_TRUST_REKOR_API_PUBLIC_KEY test env var for using a key from rekor's API (#2362)
  * Add warning to use digest instead of tags to other cosign commands (#2650)
  * Fix up UI messages (#2629)
  * Remove hardcoded Fulcio from output (#2621)
  * Fix missing privacy statement, print in multiple locations (#2622)
  * feat: allows custom key names for import-key-pair (#2587)
  * feat: support keyless verification for verify-blob-attestation (#2525)
Comments 0
openSUSE Build Service is sponsored by
Places