Description
https://docs.sigstore.dev/cosign/system_config/custom_components/ bullet 3. states:
You can then supply that trusted root file to cosign verify commands with --trusted-root.
However, cosign verify currently doesn't (yet) support the --trusted-root parameter - building cosign from the trunk (commit 795289124edd46d4e2ab588b426a8314bc13cf1f), you get the error:
$ ./cosign verify --trusted-root=trustedroot.json --onlineTlog=false --requireTlog=false --ignore-sct=true image-name:tag
Error: unknown flag: --trusted-root
main.go:74: error during command execution: unknown flag: --trusted-root
The docs line is added in pr327
Suggested solution: modify the doc to say something like:
You can then supply that trusted root file to the `cosign verify-bundle` command with --trusted-root; in the future, this option will also be supported by `cosign verify`.
Version
$ cosign version
GitVersion: v2.4.1-16-g79528912
GitCommit: 795289124edd46d4e2ab588b426a8314bc13cf1f
GitTreeState: clean
BuildDate: 2024-11-13T01:47:43Z
GoVersion: go1.23.3
Compiler: gc
Platform: darwin/arm64
/cc @steiza
Description
https://docs.sigstore.dev/cosign/system_config/custom_components/ bullet
3.states:However,
cosign verifycurrently doesn't (yet) support the--trusted-rootparameter - buildingcosignfrom the trunk (commit795289124edd46d4e2ab588b426a8314bc13cf1f), you get the error:$ ./cosign verify --trusted-root=trustedroot.json --onlineTlog=false --requireTlog=false --ignore-sct=true image-name:tag Error: unknown flag: --trusted-root main.go:74: error during command execution: unknown flag: --trusted-rootThe docs line is added in pr327
Suggested solution: modify the doc to say something like:
Version
/cc @steiza