document `--ca-roots` and `--ca-intermediates` flags for 'cosign verify'

dmitris commented 5 months ago

Summary

Document the new --ca-roots and --ca-intermediates flags for cosign verify.

Related to sigstore/cosign https://github.com/sigstore/cosign/pull/3464 and its issue https://github.com/sigstore/cosign/issues/3462. Document the new 'cosign verify' --ca-roots flag and its difference to the --certificate-chain flag. List the supported and currently unsupported use cases (single/multiple CA(s), intermediate CAs).

Release Note

New features and improvements, including behavioural changes, UI changes and CLI changes
cosign verify: added new -ca-roots and --ca-intermediates flags to use a certificate bundle PEM file with multiple CA root and optionally intermediate certificates

Documentation

N/A (this PR is the documentation change)

netlify[bot] commented 5 months ago

Deploy Preview for docssigstore ready!

Name	Link
Latest commit	c4cb47e99dc85650a3f6ffe96b625f34bc968555
Latest deploy log	https://app.netlify.com/sites/docssigstore/deploys/65bbc5f07d98190008359bd1
Deploy Preview	https://deploy-preview-291--docssigstore.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

haydentherapper commented 4 months ago

@dmitris For the future, can you please note that this should not yet be merged until the feature lands?

peer-jslater commented 3 months ago

This documentation was very confusing while trying to get PKI working with certificates. To other readers: the feature is still not merged. I'm currently using https://github.com/sigstore/cosign/issues/2632 for reference. It may be helpful.

Tagging @ltagliaferri since they merged the PR.

haydentherapper commented 3 months ago

@peer-jslater reverting this PR until this feature lands

sigstore / docs