OSTREE SIGN(1) ostree sign OSTREE SIGN(1)
NAME
ostree-sign - Sign a commit
SYNOPSIS
ostree sign [OPTIONS...] {COMMIT} {KEY-ID...}
DESCRIPTION
Add a new signature to a commit. Note that currently, this will append
a new signature even if the commit is already signed with a given key.
There are several "well-known" system places for `ed25519` trusted and
revoked public keys -- expected single base64-encoded key per line.
Files:
• /etc/ostree/trusted.ed25519
• /etc/ostree/revoked.ed25519
• /usr/share/ostree/trusted.ed25519
• /usr/share/ostree/revoked.ed25519
Directories containing files with keys:
• /etc/ostree/trusted.ed25519.d
• /etc/ostree/revoked.ed25519.d
• /usr/share/ostree/trusted.ed25519.d
• /usr/share/ostree/rvokeded.ed25519.d
OPTIONS
KEY-ID
for ed25519:
base64-encoded secret (for signing) or public key (for
verifying).
for dummy:
ASCII-string used as secret key and public key.
--verify
Verify signatures
-s, --sign-type
Use particular signature mechanism. Currently available ed25519 and
dummy signature types. The default is ed25519.
--keys-file
Read key(s) from file filename. Valid for ed25519 signature type.
For ed25519 this file must contain base64-encoded secret key(s)
(for signing) or public key(s) (for verifying) per line.
--keys-dir
Redefine the system path, where to search files and subdirectories
with well-known and revoked keys.
OSTree OSTREE SIGN(1)
Generated by dwww version 1.15 on Fri Jun 28 21:51:00 CEST 2024.