-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs move keyless info to overview #156
Docs move keyless info to overview #156
Conversation
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
✅ Deploy Preview for docssigstore ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
@olivekl Please review. I didn't change the name of the keyless.md file, but did change it's purpose. Should we create a whole new file with the same content and get rid of keyless.md? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, I don't think we need to change anything in overview.md. Summarizing my suggestions:
- Let's rename keyless.md to "public_deployment.md", and update the title. That gives us a place to add content about the public deployment
- Let's create "timestamping.md" and move the section on timestamps to it.
- Move "Custom Components" section under "verify.md"
- After that, revert all changes done to overview.md
That will result in duplicated content being deleted from "keyless.md", and removing the "ttl.sh" example which I personally don't think is needed.
I wonder where the "non-Fulcio keyless" use case (the one with short-lived keys and provided certificate-chain + identity) would be documented, thinking of sigstore/cosign#2845 and #153? |
@dmitris - In verify.md, as you proposed. "keyless.md" and "openid_signing.md" are being cleaned up to remove duplication. |
@Hayden Blauzvern ***@***.***> to clarify. You want
overview.md to remain completely the same as it was, and keyless.md to be
as edited, but renamed? What about the ttl.sh info that is now in
overview.md? Don't we want that information someplace? Or do you feel
that people should know how to use ttl.sh and crane enough such that they
can figure this out for themselves? I think we should have some sort of
quickstart container build for people to test with.
…On Wed, Apr 26, 2023 at 8:44 AM Hayden B ***@***.***> wrote:
@dmitris <https://github.com/dmitris> - In verify.md, as you proposed.
"keyless.md" and "openid_signing.md" are being cleaned up to remove
duplication.
—
Reply to this email directly, view it on GitHub
<#156 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/A5CUIOL2ZDNUEKNBFTKZXPLXDE7HDANCNFSM6AAAAAAXLTI5ZQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I would love for someone else to chime in too, but my thought is that ttl.sh is just for testing and not something someone should do for real-world usage. |
|
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
add note saying that for the example we are using script variable. Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Co-authored-by: ltagliaferri <lisa.tagliaferri@gmail.com> Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
add context to revert section Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
Looks great! |
1. `rm -r ~/.sigstore` | ||
1. `curl -O https://raw.githubusercontent.com/sigstore/root-signing/main/staging/repository/1.root.json` | ||
1. `cosign initialize --mirror=https://tuf-repo-cdn.sigstore.dev --root=1.root.json` | ||
1. `COSIGN_EXPERIMENTAL=1 cosign sign --oidc-issuer "https://oauth2.sigstage.dev/auth" --fulcio-url "https://fulcio.sigstage.dev" --rekor-url "https://rekor.sigstage.dev" ${IMAGE_DIGEST}` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can drop the experimental and need to add the --yes
flag as well in the sign
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed on dropping experimental. I'd not include "--yes" though, because we don't want the examples to be skipping through that prompt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes sense
changes implemented |
Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
add id info to verify, remove "experimental" Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
remove typo. Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
change OIDC issuer to accounts.example.com Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
typo Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
add https to oidc issuer example. Signed-off-by: jonvnadelberg <121979961+jonvnadelberg@users.noreply.github.com>
@ltagliaferri Can you take another look? |
Bumping for review |
Fixes #155
Summary
Removes duplicate information and clarifies information in overview.md
Release Note
NONE
Documentation
Doc only fix