Output certificate in bundle when entry is not uploaded to Rekor

[haydentherapper]

The issue was that we read the certificate from a variable set only if an entry was uploaded.

Fixes #2714

Signed-off-by: Hayden Blauzvern hblauzvern@google.com

Summary

Release Note

Documentation

[haydentherapper]

Verified with cosign sign-blob --tlog-upload=false --bundle=blob.bundle --output-certificate=blob.cert blob --yes and cosign verify-blob --certificate-identity <email> --certificate-oidc-issuer https://accounts.google.com --insecure-ignore-tlog --bundle blob.bundle --offline blob, the latter of which previously failed because it said no verifier was presented.

[codecov-commenter]

Codecov Report

Merging #2715 (62b56fe) into main (01bd21d) will decrease coverage by 0.04%.
The diff coverage is 0.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main    #2715      +/-   ##
==========================================
- Coverage   30.15%   30.11%   -0.04%     
==========================================
  Files         146      150       +4     
  Lines        9363     9483     +120     
==========================================
+ Hits         2823     2856      +33     
- Misses       6103     6190      +87     
  Partials      437      437              

Impacted Files	Coverage Δ
cmd/cosign/cli/sign/sign_blob.go	0.00% <0.00%> (ø)
pkg/cosign/errors.go	60.00% <0.00%> (-40.00%)	⬇️
cmd/cosign/errors/exit_code_lookup.go	100.00% <0.00%> (ø)
cmd/cosign/errors/errors.go	22.22% <0.00%> (ø)
cmd/cosign/errors/error_wrap.go	100.00% <0.00%> (ø)
cmd/cosign/errors/generate_docs.go	0.00% <0.00%> (ø)
pkg/cosign/verify.go	39.26% <0.00%> (+0.03%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.