Skip to content

cosign verification fails with syntax / missing arguments error #3404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheRedCyclops opened this issue May 14, 2025 · 1 comment
Open

cosign verification fails with syntax / missing arguments error #3404

TheRedCyclops opened this issue May 14, 2025 · 1 comment
Labels
bug Something isn't working triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed

Comments

@TheRedCyclops
Copy link

Kairos version:
v3.4.2

CPU architecture, OS, and Version:
N/A

Describe the bug
When attempting to verify the image as instructed on the wiki it fails with an error about missing the --certificate-identity and --certificate-oidc-issuer if you specify a value for the first one

To Reproduce

download the latest version, with sha256, sig and pem
follow the wiki to verify the image, executing the following command in my case:

COSIGN_EXPERIMENTAL=1 cosign verify-blob --cert kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256.pem --signature kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256.sig kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256

It fails saying it's missing arguments

Expected behavior

It should verify the signature
Logs

$> COSIGN_EXPERIMENTAL=1 cosign verify-blob --cert kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256.pem --signature kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256.sig --certificate-identity github kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256

Error: --certificate-identity or --certificate-identity-regexp is required for verification in keyless mode
error during command execution: --certificate-identity or --certificate-identity-regexp is required for verification in keyless mode

Additional context

This happens before installation
@TheRedCyclops TheRedCyclops added bug Something isn't working triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed labels May 14, 2025
@TheRedCyclops
Copy link
Author

TheRedCyclops commented May 14, 2025
edited
Loading

Ok, I've got an update, after some more tinkering the following command works: COSIGN_EXPERIMENTAL=1 cosign verify-blob --cert kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256.pem --signature kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256.sig --certificate-identity-regexp https://github\.com/kairos-io/kairos/\.github/workflows/reusable-release\.yaml@refs/tags/v[0-9]+\.[0-9]+\.[0-9]+ --certificate-oidc-issuer https://token.actions.githubusercontent.com kairos-alpine-3.21-standard-amd64-generic-v3.4.2k3sv1.32.3-k3s1.iso.sha256
The docs still need to be fixed though

@jimmykarily jimmykarily moved this to In Progress 🏃 in 🧙Issue tracking board May 19, 2025
@jimmykarily jimmykarily moved this from In Progress 🏃 to Todo 🖊 in 🧙Issue tracking board May 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed
Projects
🧙Issue tracking board
Status: Todo 🖊
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TheRedCyclops