You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using a custom Sigstore deployment, the Sigstore root must be explicitly initialized. This is often done by using cosign initialize.
This means that ec on its own cannot support this use case. It relies on another utility, cosign. Users must have both installed. This is the approach taken by EC's verify-enterprise-contract Task.
Let's add a new command to ec, e.g. ec sigstore initialize, to perform this operation.
Acceptance Criteria
The ec-cli image no longer includes the cosign binary.
The verify-enterprise-contract Task can still initialize the Sigstore root.
The text was updated successfully, but these errors were encountered:
When using a custom Sigstore deployment, the Sigstore root must be explicitly initialized. This is often done by using
cosign initialize
.This means that
ec
on its own cannot support this use case. It relies on another utility,cosign
. Users must have both installed. This is the approach taken by EC'sverify-enterprise-contract
Task.Let's add a new command to ec, e.g.
ec sigstore initialize
, to perform this operation.Acceptance Criteria
verify-enterprise-contract
Task can still initialize the Sigstore root.The text was updated successfully, but these errors were encountered: