OSTREE SIGN(1)                    ostree sign                   OSTREE SIGN(1)

NAME
       ostree-sign - Sign a commit

SYNOPSIS
       ostree sign [OPTIONS...] {COMMIT} {KEY-ID...}

DESCRIPTION
       Add a new signature to a commit. Note that currently, this will append
       a new signature even if the commit is already signed with a given key.

       There are several "well-known" system places for `ed25519` trusted and
       revoked public keys -- expected single base64-encoded key per line.

       Files:

       o   /etc/ostree/trusted.ed25519

       o   /etc/ostree/revoked.ed25519

       o   /usr/share/ostree/trusted.ed25519

       o   /usr/share/ostree/revoked.ed25519

       Directories containing files with keys:

       o   /etc/ostree/trusted.ed25519.d

       o   /etc/ostree/revoked.ed25519.d

       o   /usr/share/ostree/trusted.ed25519.d

       o   /usr/share/ostree/rvokeded.ed25519.d


OPTIONS
       KEY-ID

           for ed25519:
               base64-encoded secret (for signing) or public key (for
               verifying).

           for dummy:
               ASCII-string used as secret key and public key.


       --verify
           Verify signatures

       -s, --sign-type
           Use particular signature mechanism. Currently available ed25519 and
           dummy signature types. The default is ed25519.

       --keys-file
           Read key(s) from file filename.  Valid for ed25519 signature type.
           For ed25519 this file must contain base64-encoded secret key(s)
           (for signing) or public key(s) (for verifying) per line.

       --keys-dir
           Redefine the system path, where to search files and subdirectories
           with well-known and revoked keys.

OSTree                                                          OSTREE SIGN(1)