1OSTREE SIGN(1)                    ostree sign                   OSTREE SIGN(1)
2
3
4

NAME

6       ostree-sign - Sign a commit
7

SYNOPSIS

9       ostree sign [OPTIONS...] {COMMIT} {KEY-ID...}
10

DESCRIPTION

12       Add a new signature to a commit. Note that currently, this will append
13       a new signature even if the commit is already signed with a given key.
14
15       There are several "well-known" system places for `ed25519` trusted and
16       revoked public keys -- expected single base64-encoded key per line.
17
18       Files:
19
20       •   /etc/ostree/trusted.ed25519
21
22       •   /etc/ostree/revoked.ed25519
23
24       •   /usr/share/ostree/trusted.ed25519
25
26       •   /usr/share/ostree/revoked.ed25519
27
28       Directories containing files with keys:
29
30       •   /etc/ostree/trusted.ed25519.d
31
32       •   /etc/ostree/revoked.ed25519.d
33
34       •   /usr/share/ostree/trusted.ed25519.d
35
36       •   /usr/share/ostree/rvokeded.ed25519.d
37
38

OPTIONS

40       KEY-ID
41
42           for ed25519:
43               base64-encoded secret (for signing) or public key (for
44               verifying).
45
46           for dummy:
47               ASCII-string used as secret key and public key.
48
49
50       --verify
51           Verify signatures
52
53       -s, --sign-type
54           Use particular signature mechanism. Currently available ed25519 and
55           dummy signature types. The default is ed25519.
56
57       --keys-file
58           Read key(s) from file filename.  Valid for ed25519 signature type.
59           For ed25519 this file must contain base64-encoded secret key(s)
60           (for signing) or public key(s) (for verifying) per line.
61
62       --keys-dir
63           Redefine the system path, where to search files and subdirectories
64           with well-known and revoked keys.
65
66
67
68OSTree                                                          OSTREE SIGN(1)