Update doc to reflect latest CLI changes

Signed-off-by: Ivan Font <ifont@redhat.com>
sigstore · Oct 3, 2024 · 6196cbf · 6196cbf
1 parent 6be059e
commit 6196cbf
Showing 1 changed file with 31 additions and 17 deletions.
diff --git a/README.model_signing.md b/README.model_signing.md
@@ -69,7 +69,7 @@ $ source .venv/bin/activate
 ## Sign
 
 ```bash
-(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${OUTPUT_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method}
+(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} --method {private-key, pki, sigstore} {additional parameters depending on method}
 ```
 
 ## Verify
@@ -84,14 +84,15 @@ $ source .venv/bin/activate
 
 ```bash
 $ MODEL_PATH='/path/to/your/model'
+$ SIG_PATH='./model.sig'
 $ openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem
 $ openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem
 $ source .venv/bin/activate
 # SIGN
-(.venv) $ python3 sign_model.py --model_path ${MODEL_PATH} --method private-key --private-key ec-secp256k1-priv-key.pem
+(.venv) $ python3 sign.py --model_path ${MODEL_PATH} --sig_out ${SIG_PATH} --method private-key --private-key ec-secp256k1-priv-key.pem
 ...
 #VERIFY
-(.venv) $ python3 verify_model.py --model_path ${MODEL_PATH} --method private-key --public-key ec-secp256k1-pub-key.pem
+(.venv) $ python3 verify.py --model_path ${MODEL_PATH} --sig_path ${SIG_PATH} --method private-key --public-key ec-secp256k1-pub-key.pem
 ...
 ```
 
@@ -105,21 +106,24 @@ In order to sign a model with your own PKI you need to create the following info
 
 ```bash
 $ MODEL_PATH='/path/to/your/model'
+$ SIG_PATH='./model.sig'
 $ CERT_CHAIN='/path/to/cert_chain'
 $ SIGNING_CERT='/path/to/signing_certificate'
 $ PRIVATE_KEY='/path/to/private_key'
 # SIGN
-(.venv) $ python3 sign_model.py --model_path ${MODEL_PATH} \
+(.venv) $ python3 sign.py --model_path ${MODEL_PATH} \
+    --sig_path ${SIG_PATH} \
     --method pki \
     --private-key ${PRIVATE_KEY} \
     --signing_cert ${SIGNING_CERT} \
     [--cert_chain ${CERT_CHAIN}]
 ...
 #VERIFY
 $ ROOT_CERTS='/path/to/root/certs'
-(.venv) $ python3 verify_model.py --model_path ${MODEL_PATH} \
-     --method pki \
-     --root_certs ${ROOT_CERTS}
+(.venv) $ python3 verify.py --model_path ${MODEL_PATH} \
+    --sig_path ${SIG_PATH} \
+    --method pki \
+    --root_certs ${ROOT_CERTS}
 ...
 ```
 
@@ -164,11 +168,13 @@ stored in TFHub, run the following commands:
 
 ```bash
 model_path=bertseq2seq
+sig_path=model.sig
 wget "https://tfhub.dev/google/bertseq2seq/bert24_en_de/1?tf-hub-format=compressed" -O "${model_path}".tgz
 mkdir -p "${model_path}"
 cd "${model_path}" && tar xvzf ../"${model_path}".tgz && rm ../"${model_path}".tgz && cd -
-python3 main.py sign --path "${model_path}"
-python3 main.py verify --path "${model_path}" \
+python3 sign.py --model_path "${model_path}" --method sigstore
+python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \
+    --method sigstore \
     --identity-provider https://accounts.google.com \
     --identity myemail@gmail.com
 ```
@@ -186,9 +192,11 @@ After this, we can sign and verify a Bert base model:
 ```bash
 model_name=bert-base-uncased
 model_path="${model_name}"
+sig_path=model.sig
 git clone --depth=1 "https://huggingface.co/${model_name}" && rm -rf "${model_name}"/.git
-python3 main.py sign --path "${model_path}"
-python3 main.py verify --path "${model_path}" \
+python3 sign.py --model_path "${model_path}"
+python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \
+    --method sigstore \
     --identity-provider https://accounts.google.com \
     --identity myemail@gmail.com
 ```
@@ -198,9 +206,11 @@ Similarly, we can sign and verify a Falcon model:
 ```bash
 model_name=tiiuae/falcon-7b
 model_path=$(echo "${model_name}" | cut -d/ -f2)
+sig_path=model.sig
 git clone --depth=1 "https://huggingface.co/${model_name}" && rm -rf "${model_name}"/.git
-python3 main.py sign --path "${model_path}"
-python3 main.py verify --path "${model_path}" \
+python3 sign.py --model_path "${model_path}"
+python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \
+    --method sigstore \
     --identity-provider https://accounts.google.com \
     --identity myemail@gmail.com
 ```
@@ -210,11 +220,13 @@ We can also support models from  the PyTorch Hub:
 ```bash
 model_name=hustvl/YOLOP
 model_path=$(echo "${model_name}" | cut -d/ -f2)
+sig_path=model.sig
 wget "https://github.com/${model_name}/archive/main.zip" -O "${model_path}".zip
 mkdir -p "${model_path}"
 cd "${model_path}" && unzip ../"${model_path}".zip && rm ../"${model_path}".zip && shopt -s dotglob && mv YOLOP-main/* . && shopt -u dotglob && rmdir YOLOP-main/ && cd -
-python3 main.py sign --path "${model_path}"
-python3 main.py verify --path "${model_path}" \
+python3 sign.py --model_path "${model_path}"
+python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \
+    --method sigstore \
     --identity-provider https://accounts.google.com \
     --identity myemail@gmail.com
 ```
@@ -224,9 +236,11 @@ We also support ONNX models, for example Roberta:
 ```bash
 model_name=roberta-base-11
 model_path="${model_name}.onnx"
+sig_path=model.sig
 wget "https://github.com/onnx/models/raw/main/text/machine_comprehension/roberta/model/${model_name}.onnx"
-python3 main.py sign --path "${model_path}"
-python3 main.py verify --path "${model_path}" \
+python3 sign.py --model_path "${model_path}"
+python3 verify.py --model_path "${model_path}" --sig_path ${sig_path} \
+    --method sigstore \
     --identity-provider https://accounts.google.com \
     --identity myemail@gmail.com
 ```