Add readmes for examples

Signed-off-by: Cody Soyland <codysoyland@github.com>
sigstore · Jan 28, 2025 · 129c650 · 129c650
1 parent 768b3a0
commit 129c650
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/examples/README.md b/examples/README.md
@@ -0,0 +1,9 @@
+# sigstore-go examples
+
+These examples show how to use the library. They are not intended to be fully-
+supported CLI tools, so stability is not guaranteed.
+
+- [sigstore-go-signing](./sigstore-go-signing): a CLI for signing artifacts
+- [sigstore-go-verification](./sigstore-go-verification/README.md): a CLI for verifying Sigstore bundles
+- [custom-certificate-validator](./custom-certificate-validator/README.md): a custom certificate validator
+- [oci-image-verification](./oci-image-verification): a CLI for verifying OCI images
diff --git a/examples/sigstore-go-verification/README.md b/examples/sigstore-go-verification/README.md
@@ -0,0 +1,25 @@
+# sigstore-go-verification
+
+This is a CLI for verifying Sigstore bundles. View the help text with `-h` or `--help` for all the options.
+
+```shell
+$ go run . \
+  -artifact-digest 76176ffa33808b54602c7c35de5c6e9a4deb96066dba6533f50ac234f4f1f4c6b3527515dc17c06fbe2860030f410eee69ea20079bd3a2c6f3dcf3b329b10751 \
+  -artifact-digest-algorithm sha512 \
+  -expectedIssuer https://token.actions.githubusercontent.com \
+  -expectedSAN https://github.com/sigstore/sigstore-js/.github/workflows/release.yml@refs/heads/main \
+  ../bundle-provenance.json
+Verification successful!
+{
+   "version": 20230823,
+   "statement": {
+      "_type": "https://in-toto.io/Statement/v0.1",
+      "predicateType": "https://slsa.dev/provenance/v0.2",
+      "subject": ...
+    },
+    ...
+}
+```
+
+You can also specify a TUF root with something like `-tufRootURL tuf-repo-cdn.sigstore.dev`.
+
diff --git a/examples/sigstore-go-verification/main.go b/examples/sigstore-go-verification/main.go
@@ -66,7 +66,7 @@ func init() {
 	requireTlog = flag.Bool("requireTlog", true, "Require Artifact Transparency log entry (Rekor)")
 	minBundleVersion = flag.String("minBundleVersion", "", "Minimum acceptable bundle version (e.g. '0.1')")
 	trustedPublicKey = flag.String("publicKey", "", "Path to trusted public key")
-	trustedrootJSONpath = flag.String("trustedrootJSONpath", "examples/trusted-root-public-good.json", "Path to trustedroot JSON file")
+	trustedrootJSONpath = flag.String("trustedrootJSONpath", "../trusted-root-public-good.json", "Path to trustedroot JSON file")
 	tufRootURL = flag.String("tufRootURL", "", "URL of TUF root containing trusted root JSON file")
 	tufTrustedRoot = flag.String("tufTrustedRoot", "", "Path to the trusted TUF root.json to bootstrap trust in the remote TUF repository")
 	flag.Parse()