Language:
Format:

10.4. 安装和使用 Cosign

使用以下步骤直接安装 Cosign。

先决条件

已安装 Go 版本 1.16 或更高版本。
您已在 config.yaml 文件中将 FEATURE_GENERAL_OCI_SUPPORT 设置为 true。

流程

输入以下 go 命令直接安装 Cosign：

$ go install github.com/sigstore/cosign/cmd/cosign@v1.0.0

输出示例

go: downloading github.com/sigstore/cosign v1.0.0
go: downloading github.com/peterbourgon/ff/v3 v3.1.0

输入以下命令为 Cosign 生成键值对：

$ cosign generate-key-pair

输出示例

Enter password for private key:
Enter again:
Private key written to cosign.key
Public key written to cosign.pub

输入以下命令为键值对签名：
```
$ cosign sign -key cosign.key quay-server.example.com/user1/busybox:test
```
输出示例
```
Enter password for private key:
Pushing signature to: quay-server.example.com/user1/busybox:sha256-ff13b8f6f289b92ec2913fa57c5dd0a874c3a7f8f149aabee50e3d01546473e3.sig
```
如果您遇到 错误： signing quay-server.example.com/user1/busybox:test: getting remote image: GET https://quay-server.example.com/v2/user1/busybox/manifests/test: UNAUTHORIZED: access to the requested resource is not authorized; map[] error，因为 Cosign 依赖于 ~./docker/config.json 用于授权，您可能需要执行以下命令：
```
$ podman login --authfile ~/.docker/config.json quay-server.example.com
```
输出示例
```
Username:
Password:
Login Succeeded!
```

输入以下命令查看更新的授权配置：

$ cat ~/.docker/config.json
{
	"auths": {
		"quay-server.example.com": {
			"auth": "cXVheWFkbWluOnBhc3N3b3Jk"
		}
	}

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.