OSTREE SIGN(1) ostree sign OSTREE SIGN(1)

ostree-sign - Sign a commit

ostree sign [OPTIONS...] {COMMIT} {KEY-ID...}

Add a new signature to a commit. Note that currently, this will append a new signature even if the commit is already signed with a given key.

There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single base64-encoded key per line.



Directories containing files with keys:



for ed25519:

base64-encoded secret (for signing) or public key (for verifying).

for dummy:

ASCII-string used as secret key and public key.


Verify signatures

-s, --sign-type

Use particular signature mechanism. Currently available ed25519 and dummy signature types. The default is ed25519.


Read key(s) from file filename. Valid for ed25519 signature type. For ed25519 this file must contain base64-encoded secret key(s) (for signing) or public key(s) (for verifying) per line.


Redefine the system path, where to search files and subdirectories with well-known and revoked keys.