This commit should have no change in existing behavior, but does the following:
Pulls the sign/verify commands into its own package that can be invoked directly
instead of needing to go through main.
Refactors the certstore library (a dependency of the sign library) to separate out
the OS-dependent libraries so that any platform can safely pull in the certstore
Identity interface. Adds a register func so that this can be set dynamically in
main.
This commit should have no change in existing behavior, but does the following:
Pulls the sign/verify commands into its own package that can be invoked directly instead of needing to go through main.
Refactors the certstore library (a dependency of the sign library) to separate out the OS-dependent libraries so that any platform can safely pull in the certstore Identity interface. Adds a register func so that this can be set dynamically in main.
My hope is to use this to allow similar tools to reuse this to provide additional identities and optional verification behavior. (see https://github.com/sigstore/cosign/issues/865#issuecomment-1105641594 for an example!)
Signed-off-by: Billy Lynch billy@chainguard.dev