Installation
go install github.com/sigstore/cosign/v2/cmd/cosign@v2.0.1
Enhancements
- Add environment variable token provider (#2864)
- Remove cosign policy command (#2846)
- Allow customising 'go' executable with GOEXE var (#2841)
- Consistent tlog warnings during verification (#2840)
- Add riscv64 arch (#2821)
- Default generated PEM labels to SIGSTORE (#2735)
- Update privacy statement and confirmation (#2797)
- Add exit codes for verify errors (#2766)
- Add Buildkite provider (#2779)
- verify-blob-attestation: Loosen arg requirements if --check-claims=false (#2746)
Bug Fixes
- PKCS11 sessions are now opened read only (#2853)
- Makefile: date format of log should not show signatures (#2835)
- Add missing flags to cosign verify dockerfile/manifest (#2830)
- Add a warning to remember how to configure a custom Gitlab host (#2816)
- Remove tag warning message from save/copy commands (#2799)
- Mark keyless pem files with b64 (#2671)
Contributors
- Aleksandr Razumov
- Batuhan Apaydın
- Billy Lynch
- Carlos Tadeu Panato Junior
- Chris Burns
- Derek Burdick
- Dmitry Savintsev
- favonia
- Hayden B
- Hector Fernandez
- Ivana Atanasova
- joe miller
- Luiz Carvalho
- Paolo Mainardi
- priyawadhwa
- Radoslav Dimitrov
- Steve Winslow
- Vincent Batts
- Zack Newman
Full Changelog: v2.0.0...v2.0.1