From c7bb4f5cf3c4da0c7f19d3c770206046c5521ddd Mon Sep 17 00:00:00 2001 From: Ivar <iprudnikovas@microsoft.com> Date: Tue, 22 Oct 2024 15:06:49 +0100 Subject: [PATCH 1/2] adds CLI install instructions --- README.md | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f2ed8b1a..8135c76a 100644 --- a/README.md +++ b/README.md @@ -18,14 +18,55 @@ The CoseSign1, CoseSign1.Abstractions, and CoseSign1.Certicates libraries provid CoseSignTool, CoseHandler, and the CoseSign1 libraries are the Microsoft solution for signing SBOMs and, we believe, the most powerful and convenient solution currently on the market. ## How do I get started? -First, download the latest release from GitHub. There will be a fully signed version on NuGet.org soon, but this is [just a pre-release](#state-of-the-project), so there's only the open source version available for now. + +### Using as an executable CLI +Downloadable versions are available in GitHub [releases](https://github.com/microsoft/CoseSignTool/releases) of this repository. Separate page lists the features and how to use them: [CoseSignTool.md](./docs/CoseSignTool.md). + +#### Linux +Download and extract the folder with the compiled binaries, then make `CoseSignTool` available on the `$PATH`. + +```bash +# download and uzip the release +mkdir -p ~/cosesigntool +curl -L https://github.com/microsoft/CoseSignTool/releases/download/v1.2.8/CoseSignTool-Linux-release.zip -o ~/cosesigntool/release.zip +unzip ~/cosesigntool/release.zip -d ~/cosesigntool +# move the directory to a stable location +mv ~/cosesigntool/release ~/.local/bin/cosesigntool +export PATH="$PATH":~/.local/bin/cosesigntool +# cleanup of files +rm -rf ~/cosesigntool +# run the binary +CoseSignTool + +> *** CoseSignTool *** +> A tool for signing, validating, and getting payload from Cose signatures. +``` + +#### MacOS +See Linux, but make sure to download `CoseSignTool-MacOS-release.zip` instead. + +#### Windows +Similar to Linux or MacOS you could use PowerShell to download the release, extract and move it to the desired location and to add it to the Path like shown in the example below: + +```ps +PS C:\Users\johndoe> Invoke-WebRequest -Uri https://github.com/microsoft/CoseSignTool/releases/download/v1.2.8-pre5/CoseSignTool-Windows-release.zip -OutFile C:\Users\johndoe\release.zip +PS C:\Users\johndoe> Expand-Archive C:\Users\johndoe\release.zip -DestinationPath C:\Users\johndoe +PS C:\Users\johndoe> Rename-Item -Path "C:\Users\johndoe\release" -NewName "cosesigntool" +PS C:\Users\johndoe> Move-Item -Path C:\Users\johndoe\cosesigntool -Destination C:\Users\johndoe\AppData\Local\ +PS C:\Users\johndoe> $env:Path += ";C:\Users\johndoe\AppData\Local\cosesigntool" +PS C:\Users\johndoe> CoseSignTool + +*** CoseSignTool *** +A tool for signing, validating, and getting payload from Cose signatures. +``` + +### Using in .NET +Download a specific version from [releases](https://github.com/microsoft/CoseSignTool/releases). There will be a fully signed version on NuGet.org soon, but this is [just a pre-release](#state-of-the-project), so there's only the open source version available for now. If you have the option of calling it from a .NET application, go to [CoseHandler.md](./docs/CoseHandler.md) You can also use [indirect signatures](./docs/CoseIndirectSignature.md), where the signature can be validated against a hash of the payload content instead of requiring the full payload. For advanced topics such as time stamping, see [Advanced](./docs/Advanced.md) -Otherwise, go to [CoseSignTool.md](./docs/CoseSignTool.md) - ## How do I make this better? You would like to help? Great! First [check to make sure the work isn't already planned](#state-of-the-project), then... From 90b7e20f1f32bccc9c6ae1ba725da4c98760380f Mon Sep 17 00:00:00 2001 From: Ivar <iprudnikovas@microsoft.com> Date: Wed, 23 Oct 2024 10:09:31 +0100 Subject: [PATCH 2/2] use releases/latest/download in the doc to pull the latest always --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8135c76a..5dc22c5c 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Download and extract the folder with the compiled binaries, then make `CoseSignT ```bash # download and uzip the release mkdir -p ~/cosesigntool -curl -L https://github.com/microsoft/CoseSignTool/releases/download/v1.2.8/CoseSignTool-Linux-release.zip -o ~/cosesigntool/release.zip +curl -L https://github.com/microsoft/CoseSignTool/releases/latest/download/CoseSignTool-Linux-release.zip -o ~/cosesigntool/release.zip unzip ~/cosesigntool/release.zip -d ~/cosesigntool # move the directory to a stable location mv ~/cosesigntool/release ~/.local/bin/cosesigntool @@ -49,7 +49,7 @@ See Linux, but make sure to download `CoseSignTool-MacOS-release.zip` instead. Similar to Linux or MacOS you could use PowerShell to download the release, extract and move it to the desired location and to add it to the Path like shown in the example below: ```ps -PS C:\Users\johndoe> Invoke-WebRequest -Uri https://github.com/microsoft/CoseSignTool/releases/download/v1.2.8-pre5/CoseSignTool-Windows-release.zip -OutFile C:\Users\johndoe\release.zip +PS C:\Users\johndoe> Invoke-WebRequest -Uri https://github.com/microsoft/CoseSignTool/releases/latest/download/CoseSignTool-Windows-release.zip -OutFile C:\Users\johndoe\release.zip PS C:\Users\johndoe> Expand-Archive C:\Users\johndoe\release.zip -DestinationPath C:\Users\johndoe PS C:\Users\johndoe> Rename-Item -Path "C:\Users\johndoe\release" -NewName "cosesigntool" PS C:\Users\johndoe> Move-Item -Path C:\Users\johndoe\cosesigntool -Destination C:\Users\johndoe\AppData\Local\