notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)Want a good monitor light? See my photosAll times are UTC		 Ukraine
Port details on branch 2025Q4
cosign Signing OCI containers and other artifacts using Sigstore
2.6.0_1 security on this many watch lists=0 search for ports that depend on this port Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 2.6.0_1Version of this port present on the latest quarterly branch.
Maintainer: bofh@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2025-11-01 15:53:31
Last Update: 2025-11-01 15:48:35
Commit Hash: ae07b4c
License: APACHE20
WWW:
https://www.sigstore.dev/
Description:
Cosign aims to make signatures invisible infrastructure. Cosign supports: - "Keyless signing" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default) - Hardware and KMS signing - Signing with a cosign generated encrypted private/public keypair - Container Signing, Verification and Storage in an OCI registry. - Bring-your-own PKI
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb - no subversion history for this port

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
Expand this list (4 items)
Collapse this list.
  1. bin/cosign
  2. /usr/local/share/licenses/cosign-2.6.0_1/catalog.mk
  3. /usr/local/share/licenses/cosign-2.6.0_1/LICENSE
  4. /usr/local/share/licenses/cosign-2.6.0_1/APACHE20
Collapse this list.
USE_RC_SUBR (Service Scripts)
  • no SUBR information found for this port
Dependency lines:
  • cosign>0:security/cosign
To install the port:
cd /usr/ports/security/cosign/ && make install clean
To add the package, run one of these commands:
  • pkg install security/cosign
  • pkg install cosign
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: cosign
Flavors: there is no flavor information for this port.
distinfo:
TIMESTAMP = 1757797254 SHA256 (go/security_cosign/cosign-v2.6.0/v2.6.0.mod) = 5bdb0b024ddd7ed55330cccaf993f544d68917acac507d0f3c78e22be77afabb SIZE (go/security_cosign/cosign-v2.6.0/v2.6.0.mod) = 17701

Expand this list (2 items)

Collapse this list.

SHA256 (go/security_cosign/cosign-v2.6.0/v2.6.0.zip) = 2952d765dacdaebf7c651cfbad99e4736a086a9732e3a42bf8e9ce963bc73ae3 SIZE (go/security_cosign/cosign-v2.6.0/v2.6.0.zip) = 1366214

Collapse this list.

Packages (timestamps in pop-ups are UTC):
cosign
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest2.6.1_22.6.1_3-2.6.02.6.1_3n/an/an/a
FreeBSD:13:quarterly2.6.02.6.0_1-2.5.12.6.0_1n/an/an/a
FreeBSD:14:latest2.6.1_22.6.1_3-2.5.3_12.6.1_3---
FreeBSD:14:quarterly2.6.0_12.6.0_1-2.5.12.6.0_1---
FreeBSD:15:latest2.6.1_32.6.1_3n/a-n/an/a--
FreeBSD:15:quarterly2.6.0_12.6.0_1n/a-n/an/a--
FreeBSD:16:latest2.6.1_32.6.1_3n/a-n/an/a--
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. go124 : lang/go124
Fetch dependencies:
  1. go124 : lang/go124
There are no ports dependent upon this port
Configuration Options:
No options to configure
Options name:
security_cosign
USES:
cpe go:modules zip
FreshPorts was unable to extract/find any pkg message
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://proxy.golang.org/github.com/sigstore/cosign/v2/@v/
Collapse this list.

Number of commits found: 1

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
2.6.0_1
01 Nov 2025 15:48:35
commit hash: ae07b4cd9e5d2da82d1b03dfbd103c951d7a9114commit hash: ae07b4cd9e5d2da82d1b03dfbd103c951d7a9114commit hash: ae07b4cd9e5d2da82d1b03dfbd103c951d7a9114commit hash: ae07b4cd9e5d2da82d1b03dfbd103c951d7a9114 files touched by this commit		 Adam Weinberger (adamw) search for other commits by this committer 
various: Bump Go ports for 1.24.9

This is a direct commit to 2025Q4. It'll definitely bring things (esp.
PORTREVISION lines) out of sync with main, but trying to MFH the
associated bump commit would bring in a massive quantity of conflicts.

Number of commits found: 1
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
mongodb70Dec 01
mongodb70Dec 01
mongodb70Dec 01
mongodb80Dec 01
mongodb80Dec 01
mongodb80Dec 01
wolfsslNov 30
mongodb70Nov 29
mongodb80Nov 29
gitlabNov 27
pngNov 27
unbound*Nov 27
gnutlsNov 21
chromiumNov 18
ungoogled-chromiumNov 18

14 vulnerabilities affecting 177 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2025-12-01 17:02:04 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 33980
Broken 118
Deprecated 253
Ignore 234
Forbidden 0
Restricted 2
No CDROM 1
Vulnerable 37
Expired 9
Set to expire 195
Interactive 0
new 24 hours 6
new 48 hours15
new 7 days42
new fortnight54
new month135
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2025 Dan Langille. All rights reserved.