From b59cfbbf4f9906d74c3eb3b9cbe2be40f2362b1e Mon Sep 17 00:00:00 2001
From: Anna Kapuscinska <anna@isovalent.com>
Date: Sun, 17 Mar 2024 16:21:21 +0100
Subject: [PATCH] docs: Fix cosign instructions

Cosign documentation was migrated to https://docs.sigstore.dev/ in
sigstore/cosign#822 and the markdown files were removed in sigstore/cosign#3587.
Tetragon documentation was linking to one of this files. Now it's linking to
https://docs.sigstore.dev/.

While here, remove `COSIGN_EXPERIMENTAL=1` from the cosign command for
verifying keyless-signed images. It's not required since cosign v2.0.0
(see https://blog.sigstore.dev/cosign-2-0-released/).

Signed-off-by: Anna Kapuscinska <anna@isovalent.com>
---
 docs/content/en/docs/installation/verify.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/content/en/docs/installation/verify.md b/docs/content/en/docs/installation/verify.md
index 619290e042..d8901eb152 100644
--- a/docs/content/en/docs/installation/verify.md
+++ b/docs/content/en/docs/installation/verify.md
@@ -20,13 +20,13 @@ Since version 0.8.4, all Tetragon container images are signed using cosign.
 Let's verify a Tetragon image's signature using the `cosign verify` command:
 
 ```shell
-COSIGN_EXPERIMENTAL=1 cosign verify --certificate-github-workflow-repository cilium/tetragon --certificate-oidc-issuer https://token.actions.githubusercontent.com <Image URL> | jq
+cosign verify --certificate-github-workflow-repository cilium/tetragon --certificate-oidc-issuer https://token.actions.githubusercontent.com <Image URL> | jq
 ```
 
 {{< note >}}
-`COSIGN_EXPERIMENTAL=1` is used to allow verification of images signed in
-KEYLESS mode. To learn more about keyless signing, please refer to [Keyless
-Signatures](https://github.com/sigstore/cosign/blob/main/KEYLESS.md#keyless-signatures).
+If you are using cosign < v2.0.0, you must set `COSIGN_EXPERIMENTAL=1`
+environment variable to allow verification of images signed in KEYLESS mode.
+To learn more about keyless signing, please refer to [Sigstore documentation](https://docs.sigstore.dev/signing/overview/).
 {{< /note >}}
 
 ## Verify the SBOM signature