OSTree Developer Colin Walters walters@verbum.org ostree sign 1 ostree-sign Sign a commit ostree sign OPTIONS COMMIT KEY-ID Add a new signature to a commit. Note that currently, this will append a new signature even if the commit is already signed with a given key. There are several "well-known" system places for `ed25519` trusted and revoked public keys -- expected single base64-encoded key per line. Files: /etc/ostree/trusted.ed25519 /etc/ostree/revoked.ed25519 /usr/share/ostree/trusted.ed25519 /usr/share/ostree/revoked.ed25519 Directories containing files with keys: /etc/ostree/trusted.ed25519.d /etc/ostree/revoked.ed25519.d /usr/share/ostree/trusted.ed25519.d /usr/share/ostree/rvokeded.ed25519.d KEY-ID for ed25519: base64-encoded secret (for signing) or public key (for verifying). for dummy: ASCII-string used as secret key and public key. --verify Verify signatures -s, --sign-type Use particular signature mechanism. Currently available ed25519 and dummy signature types. The default is ed25519. --keys-file Read key(s) from file filename. Valid for ed25519 signature type. For ed25519 this file must contain base64-encoded secret key(s) (for signing) or public key(s) (for verifying) per line. --keys-dir Redefine the system path, where to search files and subdirectories with well-known and revoked keys.