add cosign
This commit is contained in:
StellaOps Bot
7
tools/cosign/README.md
Normal file
7
tools/cosign/README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# Cosign offline drop (runtime/signals signing)
|
||||
|
||||
- Version: `v2.6.0` (pinned to keep `sign-blob` arguments aligned with the sprint’s DSSE snippets).
|
||||
- Binary: `tools/cosign/cosign` → `tools/cosign/v2.6.0/cosign-linux-amd64`
|
||||
- SHA256: `ea5c65f99425d6cfbb5c4b5de5dac035f14d09131c1a0ea7c7fc32eab39364f9`
|
||||
- Check: `cd tools/cosign/v2.6.0 && sha256sum -c cosign_checksums.txt --ignore-missing`
|
||||
- Use: add `tools/cosign` to `PATH` or call `./tools/cosign/cosign sign-blob --predicate-type … --output-signature … <file>`
|
||||
Reference in New Issue
Block a user