Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Verify Downloaded Package

Optional Step: 

The MediationZone package is signed with the [cosign] (https://github.com/sigstore/cosign) tool. 

There is a signature file in the release package that you can use to verify the main package. 

To verify the main package, download the *.tgz file and the *.sig file, and run the following commands:

Code Block
$ cat >> dr-cosign.pub << EOF
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEU95nqvgnrhrxLLU33rK6lt5qQZVU
AUUEor1i8IGMQQnUOrnH0aRHv5i2AxX3vlgHIRtCUWyxtY52GSakFsNQMQ==
-----END PUBLIC KEY-----
EOF

$ cosign verify-blob --key dr-cosign.pub --signature <download_path>/<version>.sig <download_path>/<version>.tgz

You should receive the following output if verification succeeded:

Code Block
Verified OK


...