cosign
Code signing and transparency for containers and binaries
Cosign is a command line utility that is used to sign software artifacts and verify signatures using Sigstore.
Sigstore has a number of language specific clients that you can use to build custom tooling. Although a number of the clients include a basic CLI, Cosign is the recommended tool for signing and verifying.
arm64 amd64
Installation
1. Add WakeMeOps repository
curl -sSL https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository | sudo bash
2. Install cosign
Snippets
Download URLs
Version | SHA256 | Size (KB) |
---|---|---|
2.5.0 | a701affef6879cbc98a7ae49de2b139d9df3d77fc20b3d4b7f2b7a596cc00cc8 |
17775 |
2.4.3 | 4a2d0a6107e52f0adc12df159a25dc7f138362266f9dc29064440b10bc544614 |
17395 |
2.4.2 | cc386479dfe5d1a6c6b392dca7c60482062980bdcfe9674630f21f0e036b0b7b |
17350 |
2.4.1 | 810149af9a08ed10c9f2b968564631a2eae700428c7e1c58c03e0a41f75dbad1 |
16987 |
Version | SHA256 | Size (KB) |
---|---|---|
2.5.0 | 9b8bd565a3074ff9c925aab97c65261830d289ff727261587dfbfbf7a0c8b7a5 |
15183 |
2.4.3 | ec74a6e97466497f6324e1603ee4b400423508f51b85a39489a7863bccbe51fa |
14868 |
2.4.2 | 397cf7755b5d1f37d5c74781af5aa7532879cbf8fa2db120337a41cb8c92fd86 |
14855 |
2.4.1 | 759c3d72be4b4a1082317881863baf3e427158823bab54f86018048fa09df7d0 |
14578 |
Blueprints
Debian packages listed on this page are generated from op2deb YAML blueprints. Blueprints for cosign are versioned here.
Click here to see cosign ops2deb blueprints
https://github.com/upciti/wakemeops/blob/main/blueprints/secops/cosign/ops2deb.yml
name: cosign
matrix:
architectures:
- amd64
- arm64
versions:
- 2.4.1
- 2.4.2
- 2.4.3
- 2.5.0
homepage: https://www.sigstore.dev
summary: code signing and transparency for containers and binaries
description: |-
Cosign is a command line utility that is used to sign software artifacts and
verify signatures using Sigstore.
Sigstore has a number of language specific clients that you can use to build
custom tooling. Although a number of the clients include a basic CLI, Cosign is
the recommended tool for signing and verifying.
fetch: https://github.com/sigstore/cosign/releases/download/v{{version}}/cosign-linux-{{target}}
install:
- cosign-linux-{{target}}:/usr/bin/cosign
The blueprint fetch
keyword contains a URL template pointing to cosign releases. Downloaded files are locked in a lockfile versioned here.
Click here to see cosign release hashes
https://github.com/upciti/wakemeops/blob/main/blueprints/secops/cosign/ops2deb.lock.yml
- url: https://github.com/sigstore/cosign/releases/download/v2.4.1/cosign-linux-amd64
sha256: 8b24b946dd5809c6bd93de08033bcf6bc0ed7d336b7785787c080f574b89249b
timestamp: 2024-11-25 12:30:15+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.4.1/cosign-linux-arm64
sha256: 3b2e2e3854d0356c45fe6607047526ccd04742d20bd44afb5be91fa2a6e7cb4a
timestamp: 2024-11-25 12:30:15+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.4.2/cosign-linux-amd64
sha256: e7f5bd99a790703333e8f8e8e6c91d5e646f3d7041e4cf935b56587de20cec3f
timestamp: 2025-02-04 21:05:54+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.4.2/cosign-linux-arm64
sha256: 9ab2a932190161d67b9fcda81777e28086b2152c7d506a0e2f83dbb3fd7e2b1c
timestamp: 2025-02-04 21:05:54+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.4.3/cosign-linux-amd64
sha256: caaad125acef1cb81d58dcdc454a1e429d09a750d1e9e2b3ed1aed8964454708
timestamp: 2025-03-13 09:08:25+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.4.3/cosign-linux-arm64
sha256: bd0f9763bca54de88699c3656ade2f39c9a1c7a2916ff35601caf23a79be0629
timestamp: 2025-03-13 09:08:25+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.5.0/cosign-linux-amd64
sha256: 1f6c194dd0891eb345b436bb71ff9f996768355f5e0ce02dde88567029ac2188
timestamp: 2025-04-16 15:08:51+00:00
- url: https://github.com/sigstore/cosign/releases/download/v2.5.0/cosign-linux-arm64
sha256: 080a998f9878f22dafdb9ad54d5b2e2b8e7a38c53527250f9d89a6763a28d545
timestamp: 2025-04-16 15:08:51+00:00