cosign icon indicating copy to clipboard operation
cosign copied to clipboard

feature: 'cosign sign' add flags --ca-roots and --ca-intermediates to allow multiple CA roots

Open dmitris opened this issue 1 year ago • 0 comments

Description This is continuation of the work started in #3462 but with cosign sign instead of cosign verify. All the rationale applies - the goal is to allow to run cosign sign with the multiple roots of trust in a single certificate bundle file, passed through the new --ca-roots flag (as well as the optional intermediates - with the --ca-intermediates).
The second goal is to extend the exposed Go data structures to allow the clients using sigstore/cosign as a Go library to perform the signing while passing the "roots of trust" certificate bundle file. I suggest to add new fields, CARoots and CAIntermediates to the SignOptions after Cert and CertChain:

type SignOptions struct {
	Key             string
	Cert            string
	CertChain       string
        CARoots         string
        CAIntermediates string
	Upload          bool
        [...]
}

dmitris avatar Feb 29 '24 21:02 dmitris