Merge pull request #408 from jku/polish-cosign-verify-bundle-example

Simplify cosign verify-bundle example

examples/cosign/verify-bundle/README.md

@@ -1,21 +1,16 @@
 This example shows how to verify a blob, using a bundle that was created by the
 `cosign sign-blob` command.
 
-### Create the artifact to be signed.
-```console
-cd examples/cosign/verify-bundle
-echo something > artifact.txt
+### Sign README.md file using cosign
 ```
-
-### Sign the artifact.txt file using cosign
-```
-cosign sign-blob --bundle=artifact.bundle artifact.txt
+cd examples/cosign/verify-bundle
+cosign sign-blob --bundle=artifact.bundle README.md
 ```
 
 ### Verify using sigstore-rs:
 ```console
 cargo run --example verify-bundle -- \
     --rekor-pub-key ~/.sigstore/root/targets/rekor.pub \
     --bundle artifact.bundle \
-    artifact.txt
+    README.md
 ```

examples/cosign/verify-bundle/run.sh

@@ -1,14 +1,8 @@
-BLOB="artifact.txt"
+BLOB="README.md"
 BUNDLE="artifact.bundle"
 
-echo -e "\nGenerate the blob to be signed"
-echo something > $BLOB
-
-echo -e "\nSign the artifact.txt file using sign-blob"
-COSIGN_EXPERIMENTAL=1 cosign sign-blob --bundle=$BUNDLE $BLOB
-
-echo -e "\nVerify using cosign. TODO: remove this later"
-cosign verify-blob --bundle=$BUNDLE $BLOB
+echo -e "\nSign README.md file using sign-blob"
+cosign sign-blob --bundle=$BUNDLE $BLOB
 
 echo -e "\nRun examples/cosign/verify-bundle"
 cargo run --example verify-bundle -- \