'\" t .\" Title: ostree sign .\" Author: Colin Walters .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 03/16/2024 .\" Manual: ostree sign .\" Source: OSTree .\" Language: English .\" .TH "OSTREE SIGN" "1" "" "OSTree" "ostree sign" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ostree-sign \- Sign a commit .SH "SYNOPSIS" .HP \w'\fBostree\ sign\fR\ 'u \fBostree sign\fR [OPTIONS...] {COMMIT} {KEY\-ID...} .SH "DESCRIPTION" .PP Add a new signature to a commit\&. Note that currently, this will append a new signature even if the commit is already signed with a given key\&. .PP There are several "well\-known" system places for `ed25519` trusted and revoked public keys \-\- expected single base64\-encoded key per line\&. .PP Files: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /etc/ostree/trusted\&.ed25519 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /etc/ostree/revoked\&.ed25519 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /usr/share/ostree/trusted\&.ed25519 .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /usr/share/ostree/revoked\&.ed25519 .RE .PP Directories containing files with keys: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /etc/ostree/trusted\&.ed25519\&.d .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /etc/ostree/revoked\&.ed25519\&.d .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /usr/share/ostree/trusted\&.ed25519\&.d .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} /usr/share/ostree/rvokeded\&.ed25519\&.d .RE .sp .SH "OPTIONS" .PP \fBKEY\-ID\fR .RS 4 .PP \fBfor ed25519:\fR .RS 4 base64\-encoded secret (for signing) or public key (for verifying)\&. .RE .PP \fBfor dummy:\fR .RS 4 ASCII\-string used as secret key and public key\&. .RE .sp .RE .PP \fB\-\-verify\fR .RS 4 Verify signatures .RE .PP \fB\-s, \-\-sign\-type\fR .RS 4 Use particular signature mechanism\&. Currently available ed25519 and dummy signature types\&. The default is ed25519\&. .RE .PP \fB\-\-keys\-file\fR .RS 4 Read key(s) from file filename\&. Valid for ed25519 signature type\&. For ed25519 this file must contain base64\-encoded secret key(s) (for signing) or public key(s) (for verifying) per line\&. .RE .PP \fB\-\-keys\-dir\fR .RS 4 Redefine the system path, where to search files and subdirectories with well\-known and revoked keys\&. .RE