UX: Improve the help doc and output for verification #304
Description
Summary
Currently only a digest showed as the output after notation verify successfully executed. What is this digest about: the digest of the signature, signature manifest or image manifest? see example below:
notation --cert $CERT_NAME verify $IMAGE
sha256:18adff7f255319415112345671bb41076de4a864eb792c35c20f0f6b4aa4c458
Currently the digest from the output is actually the digest of image manifest.
The help doc for notation verify is not accurate as well. Currently it is showed as below:
notation verify -h
Verifies OCI Artifacts
It is actually to verify the signature of an OCI artifact, not SBOM, VA or any other supply chain artifacts.
User Scenario
As a user, after I verify a signature of the supplied image or OCI artifact against the certificate successfully, I want to make sure the verification is performed on the correct image or OCI artifact against correct certificate.
Improvement
Here is one idea of improving the output after a successful verification.
notation --cert $CERT_NAME verify $IMAGE
The signature is verified against the certificate $CERT_NAME for the OCI artifact sha256:18adff7f255319415112345671bb41076de4a864eb792c35c20f0f6b4aa4c458
NOTE: Maybe need to consider the case of multiple signatures against the same certificate.