Man page - ostree-sign(1)
Packages contains this manual
- ostree-admin-set-origin(1)
- ostree-diff(1)
- ostree-prepare-root(1)
- ostree-export(1)
- ostree-admin-deploy(1)
- ostree-admin-status(1)
- ostree-admin-cleanup(1)
- ostree-pull(1)
- ostree-pull-local(1)
- ostree-admin-os-init(1)
- ostree-admin-upgrade(1)
- ostree-ls(1)
- ostree-admin-config-diff(1)
- ostree-show(1)
- rofiles-fuse(1)
- ostree-rev-parse(1)
- ostree-init(1)
- ostree.repo-config(5)
- ostree-admin-switch(1)
- ostree-reset(1)
- ostree-commit(1)
- ostree(1)
- ostree-create-usb(1)
- ostree-config(1)
- ostree-refs(1)
- ostree-checkout(1)
- ostree-admin-unlock(1)
- ostree-gpg-sign(1)
- ostree-remote(1)
- ostree-admin-init-fs(1)
- ostree-log(1)
- ostree-checksum(1)
- ostree-admin-set-default(1)
- ostree-sign(1)
- ostree-admin-undeploy(1)
- ostree-fsck(1)
- ostree-admin-instutil(1)
- ostree-static-delta(1)
- ostree-summary(1)
- ostree-admin-stateroot-init(1)
- ostree-admin-post-copy(1)
- ostree.repo(5)
- ostree-admin-pin(1)
- ostree-find-remotes(1)
- ostree-prune(1)
- ostree-admin-lock-finalization(1)
- ostree-admin(1)
- ostree-cat(1)
apt-get install ostree
Manual
OSTREE SIGN
NAMESYNOPSIS
DESCRIPTION
OPTIONS
NAME
ostree-sign - Sign a commit
SYNOPSIS
|
ostree sign [OPTIONS...] {COMMIT} {KEY-ID...} |
DESCRIPTION
Add a new signature to a commit. Note that currently, this will append a new signature even if the commit is already signed with a given key.
For ‘ed25519‘ and ‘spki‘, there are several "well-known" system places for trusted and revoked public keys as listed below.
Files:
• /etc/ostree/trusted. SIGN-TYPE
• /etc/ostree/revoked. SIGN-TYPE
• /usr/share/ostree/trusted. SIGN-TYPE
• /usr/share/ostree/revoked. SIGN-TYPE
Directories containing files with keys:
• /etc/ostree/trusted. SIGN-TYPE .d
• /etc/ostree/revoked. SIGN-TYPE .d
• /usr/share/ostree/trusted. SIGN-TYPE .d
• /usr/share/ostree/revoked. SIGN-TYPE .d
The format of those files depends on the signature mechanism; for ‘ed25519‘, keys are stored in the base64 encoding per line, while for ‘spki‘ they are stored in the PEM "PUBLIC KEY" encoding.
OPTIONS
KEY-ID
for ed25519 and spki:
base64-encoded secret (for signing) or public key (for verifying).
for dummy:
ASCII-string used as secret key and public key.
--verify
Verify signatures
-s, --sign-type
Use particular signature mechanism. Currently available ed25519, spki, and dummy signature types. The default is ed25519.
--keys-file
Read key(s) from file filename. Valid for ed25519 and spki signature types. This file must contain base64-encoded secret key(s) (for signing) or public key(s) (for verifying) per line.
--keys-dir
Redefine the system path, where to search files and subdirectories with well-known and revoked keys.