ostree/man/ostree-commit.xml
Colin Walters 82d934916b commit: Add --sign-from-file
Passing the private key via a direct command line argument
is just a bad idea because it's highly likely to get logged
or appear in `ps`.
Spotted in review of work for composefs signatures.
2023-07-15 09:50:40 -04:00

358 lines
13 KiB
XML

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
Copyright 2014 Anne LoVerso <anne.loverso@students.olin.edu>
SPDX-License-Identifier: LGPL-2.0+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library. If not, see <https://www.gnu.org/licenses/>.
-->
<refentry id="ostree">
<refentryinfo>
<title>ostree commit</title>
<productname>OSTree</productname>
<authorgroup>
<author>
<contrib>Developer</contrib>
<firstname>Colin</firstname>
<surname>Walters</surname>
<email>walters@verbum.org</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>ostree commit</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>ostree-commit</refname>
<refpurpose>Commit a new revision</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ostree commit</command> <arg choice="opt" rep="repeat">OPTIONS</arg> --branch=<arg choice="req">BRANCH</arg> <arg choice="opt">PATH</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
This allows you to commit changes to a branch. The specification of the branch is required. The command will print the checksum of a successful commit.
</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>--subject</option>, <option>-s</option>="SUBJECT"</term>
<listitem><para>
One line subject. (optional)
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--body</option>, <option>-m</option>="BODY"</term>
<listitem><para>
Full description. (optional)
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--body-file</option>, <option>-F</option>="FILE"</term>
<listitem><para>
Full commit description from a file. (optional)
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--editor</option>, <option>-e</option></term>
<listitem><para>
Open a text editor for the commit description. It will use OSTREE_EDITOR, VISUAL, EDITOR, or vi, in descending order of preference. The commit will be aborted if the message is left empty.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--branch</option>, <option>-b</option>="BRANCH"</term>
<listitem><para>
Branch. Required, unless --orphan is given.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--parent</option>="COMMIT"</term>
<listitem><para>
Parent checksum or "none" to explicitly use no parent. If not specified, <literal>BRANCH</literal> is used as parent (no parent in case <literal>BRANCH</literal> does not exist).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--tree</option>="dir=PATH" or "tar=TARFILE" or "ref=COMMIT"</term>
<listitem><para>
Overlay the given argument as a tree. When committing an archive, the TARFILE can be specified as <literal>-</literal> to read the archive from standard input.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--base</option>="REV"</term>
<listitem><para>
Start from the content in a commit. This differs from <literal>--tree=ref=REV</literal> in that no commit modifiers are applied. This is usually what you want when
creating a derived commit. This is also used for <literal>--selinux-policy-from-base</literal>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--add-metadata-string</option>="KEY=VALUE"</term>
<listitem><para>
Add a key/value pair to metadata. Can be specified multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--add-metadata</option>="KEY=VALUE"</term>
<listitem><para>
Add a key/value pair to metadata, where the KEY is a string, and VALUE is g_variant_parse() formatted. Can be specified multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--keep-metadata</option>="KEY"</term>
<listitem><para>
Keep metadata KEY and its associated VALUE from parent. Can be specified multiple times.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--add-detached-metadata-string</option>="KEY=VALUE"</term>
<listitem><para>
Add a key/value pair to detached metadata.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--owner-uid</option>="UID"</term>
<listitem><para>
Set file ownership user id.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--owner-gid</option>="GID"</term>
<listitem><para>
Set file ownership group id.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--no-xattrs</option></term>
<listitem><para>
Do not import extended attributes.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--bootable</option></term>
<listitem><para>
Inject standard metadata for a bootable Linux filesystem tree.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--link-checkout-speedup</option></term>
<listitem><para>
Optimize for commits of trees composed of hardlinks into the repository.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--tar-autocreate-parents</option></term>
<listitem><para>
When loading tar archives, automatically create parent directories as needed.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--skip-if-unchanged</option></term>
<listitem><para>
If the contents are unchanged from previous commit, do nothing.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--consume</option></term>
<listitem><para>
When committing from a local directory (i.e. not an archive or --tree=ref),
assume ownership of the content. This may simply involve deleting it,
but if possible, the content may simply be <literal>rename()</literal>ed
into the repository rather than creating a new copy.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--statoverride</option>="PATH"</term>
<listitem><para>
File containing list of modifications to make permissions (file mode in
decimal, followed by space, followed by file path). The specified mode
is ORed with the file's original mode unless preceded by "=".
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--skip-list</option>="PATH"</term>
<listitem><para>
File containing list of file paths to skip (one path per line).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--table-output</option></term>
<listitem><para>
Output more information in a KEY: VALUE format.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--generate-sizes</option></term>
<listitem><para>
Generate size information along with commit metadata.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--gpg-sign</option>="KEY-ID"</term>
<listitem><para>
GPG Key ID with which to sign the commit (if have GPGME - GNU Privacy Guard Made Easy).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--gpg-homedir</option>="HOMEDIR"</term>
<listitem><para>
GPG home directory to use when looking for keyrings (if have GPGME - GNU Privacy Guard Made Easy).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--timestamp</option>="TIMESTAMP"</term>
<listitem><para>
Override the timestamp of the commit to TIMESTAMP.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--orphan</option></term>
<listitem><para>
Create a commit without writing to a ref (branch)
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--fsync</option>="POLICY"</term>
<listitem><para>
POLICY is a boolean which specifies whether fsync should be used or not. Default to true.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-s, --sign-type</option></term>
<listitem><para>
Use particular signature engine. Currently
available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
signature types.
The default is <arg choice="plain">ed25519</arg>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--sign-from-file</option>="PATH"</term>
<listitem><para>
This will read a key (corresponding to the provided <literal>--sign-type</literal> from the provided path. The key should be base64 encoded.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--sign</option>="KEY-ID"</term>
<listitem><para>
In new code, avoid using this because passing private keys via command line arguments
are prone to leakage in logs and process listings.
</para>
<para>
The <literal>KEY-ID</literal> is:
<variablelist>
<varlistentry>
<term><option>for ed25519:</option></term>
<listitem><para>
<literal>base64</literal>-encoded secret key for commit signing.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>for dummy:</option></term>
<listitem><para>
ASCII-string used as secret key.
</para></listitem>
</varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Example</title>
<para><command>$ ostree commit --branch=my-branch --subject="Initial commit"</command></para>
<programlisting>
67e382b11d213a402a5313e61cbc69dfd5ab93cb07fbb8b71c2e84f79fa5d7dc
</programlisting>
</refsect1>
</refentry>