Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-25 09:21:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

docs: fix broken links (#3359)

Browse source 
* Update cosign installation guide link
* Update cosign overview link
* Update cosign sbom link

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-09-17 15:33:08 +02:00 committed by GitHub
parent d2cbc0adef
commit 7bb6ad6cc2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
36 changed files with 55 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/docs/workflows/verify-cli.md
View file

@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in
---
Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`.
Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`.
:::note
The public key for Edgeless Systems' long-term code-signing key is:
@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical
This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly.
:::
First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example:
First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example:
```shell-session
$ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64