mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-23 02:05:01 +03:00
82d934916b
Passing the private key via a direct command line argument is just a bad idea because it's highly likely to get logged or appear in `ps`. Spotted in review of work for composefs signatures.
358 lines
13 KiB
XML
358 lines
13 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<!--
|
|
Copyright 2014 Anne LoVerso <anne.loverso@students.olin.edu>
|
|
|
|
SPDX-License-Identifier: LGPL-2.0+
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with this library. If not, see <https://www.gnu.org/licenses/>.
|
|
-->
|
|
|
|
<refentry id="ostree">
|
|
|
|
<refentryinfo>
|
|
<title>ostree commit</title>
|
|
<productname>OSTree</productname>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<contrib>Developer</contrib>
|
|
<firstname>Colin</firstname>
|
|
<surname>Walters</surname>
|
|
<email>walters@verbum.org</email>
|
|
</author>
|
|
</authorgroup>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>ostree commit</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>ostree-commit</refname>
|
|
<refpurpose>Commit a new revision</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>ostree commit</command> <arg choice="opt" rep="repeat">OPTIONS</arg> --branch=<arg choice="req">BRANCH</arg> <arg choice="opt">PATH</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
This allows you to commit changes to a branch. The specification of the branch is required. The command will print the checksum of a successful commit.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><option>--subject</option>, <option>-s</option>="SUBJECT"</term>
|
|
|
|
<listitem><para>
|
|
One line subject. (optional)
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--body</option>, <option>-m</option>="BODY"</term>
|
|
|
|
<listitem><para>
|
|
Full description. (optional)
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--body-file</option>, <option>-F</option>="FILE"</term>
|
|
|
|
<listitem><para>
|
|
Full commit description from a file. (optional)
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--editor</option>, <option>-e</option></term>
|
|
|
|
<listitem><para>
|
|
Open a text editor for the commit description. It will use OSTREE_EDITOR, VISUAL, EDITOR, or vi, in descending order of preference. The commit will be aborted if the message is left empty.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--branch</option>, <option>-b</option>="BRANCH"</term>
|
|
|
|
<listitem><para>
|
|
Branch. Required, unless --orphan is given.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--parent</option>="COMMIT"</term>
|
|
|
|
<listitem><para>
|
|
Parent checksum or "none" to explicitly use no parent. If not specified, <literal>BRANCH</literal> is used as parent (no parent in case <literal>BRANCH</literal> does not exist).
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--tree</option>="dir=PATH" or "tar=TARFILE" or "ref=COMMIT"</term>
|
|
|
|
<listitem><para>
|
|
Overlay the given argument as a tree. When committing an archive, the TARFILE can be specified as <literal>-</literal> to read the archive from standard input.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--base</option>="REV"</term>
|
|
|
|
<listitem><para>
|
|
Start from the content in a commit. This differs from <literal>--tree=ref=REV</literal> in that no commit modifiers are applied. This is usually what you want when
|
|
creating a derived commit. This is also used for <literal>--selinux-policy-from-base</literal>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--add-metadata-string</option>="KEY=VALUE"</term>
|
|
|
|
<listitem><para>
|
|
Add a key/value pair to metadata. Can be specified multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--add-metadata</option>="KEY=VALUE"</term>
|
|
|
|
<listitem><para>
|
|
Add a key/value pair to metadata, where the KEY is a string, and VALUE is g_variant_parse() formatted. Can be specified multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--keep-metadata</option>="KEY"</term>
|
|
|
|
<listitem><para>
|
|
Keep metadata KEY and its associated VALUE from parent. Can be specified multiple times.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--add-detached-metadata-string</option>="KEY=VALUE"</term>
|
|
|
|
<listitem><para>
|
|
Add a key/value pair to detached metadata.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--owner-uid</option>="UID"</term>
|
|
|
|
<listitem><para>
|
|
Set file ownership user id.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--owner-gid</option>="GID"</term>
|
|
|
|
<listitem><para>
|
|
Set file ownership group id.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--no-xattrs</option></term>
|
|
<listitem><para>
|
|
Do not import extended attributes.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--bootable</option></term>
|
|
<listitem><para>
|
|
Inject standard metadata for a bootable Linux filesystem tree.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--link-checkout-speedup</option></term>
|
|
|
|
<listitem><para>
|
|
Optimize for commits of trees composed of hardlinks into the repository.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--tar-autocreate-parents</option></term>
|
|
|
|
<listitem><para>
|
|
When loading tar archives, automatically create parent directories as needed.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--skip-if-unchanged</option></term>
|
|
|
|
<listitem><para>
|
|
If the contents are unchanged from previous commit, do nothing.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--consume</option></term>
|
|
|
|
<listitem><para>
|
|
When committing from a local directory (i.e. not an archive or --tree=ref),
|
|
assume ownership of the content. This may simply involve deleting it,
|
|
but if possible, the content may simply be <literal>rename()</literal>ed
|
|
into the repository rather than creating a new copy.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--statoverride</option>="PATH"</term>
|
|
|
|
<listitem><para>
|
|
File containing list of modifications to make permissions (file mode in
|
|
decimal, followed by space, followed by file path). The specified mode
|
|
is ORed with the file's original mode unless preceded by "=".
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--skip-list</option>="PATH"</term>
|
|
|
|
<listitem><para>
|
|
File containing list of file paths to skip (one path per line).
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--table-output</option></term>
|
|
|
|
<listitem><para>
|
|
Output more information in a KEY: VALUE format.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--generate-sizes</option></term>
|
|
|
|
<listitem><para>
|
|
Generate size information along with commit metadata.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--gpg-sign</option>="KEY-ID"</term>
|
|
|
|
<listitem><para>
|
|
GPG Key ID with which to sign the commit (if have GPGME - GNU Privacy Guard Made Easy).
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--gpg-homedir</option>="HOMEDIR"</term>
|
|
|
|
<listitem><para>
|
|
GPG home directory to use when looking for keyrings (if have GPGME - GNU Privacy Guard Made Easy).
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--timestamp</option>="TIMESTAMP"</term>
|
|
|
|
<listitem><para>
|
|
Override the timestamp of the commit to TIMESTAMP.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--orphan</option></term>
|
|
|
|
<listitem><para>
|
|
Create a commit without writing to a ref (branch)
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--fsync</option>="POLICY"</term>
|
|
|
|
<listitem><para>
|
|
POLICY is a boolean which specifies whether fsync should be used or not. Default to true.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-s, --sign-type</option></term>
|
|
<listitem><para>
|
|
Use particular signature engine. Currently
|
|
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
|
|
signature types.
|
|
|
|
The default is <arg choice="plain">ed25519</arg>.
|
|
</para></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--sign-from-file</option>="PATH"</term>
|
|
<listitem><para>
|
|
This will read a key (corresponding to the provided <literal>--sign-type</literal> from the provided path. The key should be base64 encoded.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--sign</option>="KEY-ID"</term>
|
|
<listitem><para>
|
|
In new code, avoid using this because passing private keys via command line arguments
|
|
are prone to leakage in logs and process listings.
|
|
</para>
|
|
<para>
|
|
The <literal>KEY-ID</literal> is:
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><option>for ed25519:</option></term>
|
|
<listitem><para>
|
|
<literal>base64</literal>-encoded secret key for commit signing.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>for dummy:</option></term>
|
|
<listitem><para>
|
|
ASCII-string used as secret key.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Example</title>
|
|
<para><command>$ ostree commit --branch=my-branch --subject="Initial commit"</command></para>
|
|
<programlisting>
|
|
67e382b11d213a402a5313e61cbc69dfd5ab93cb07fbb8b71c2e84f79fa5d7dc
|
|
</programlisting>
|
|
</refsect1>
|
|
</refentry>
|