| title | summary |
|---|---|
tiup mirror sign |
The `tiup mirror sign` command is used to sign metadata files in TiUP mirror. It supports network addresses and local file paths. Options include specifying the private key location and setting the access timeout for network signing. Successful execution results in no output, while errors are reported for duplicate signing or invalid manifest files. |
The tiup mirror sign command is used to sign the metadata files (*.json)defined in TiUP mirror. These metadata files might be stored on the local file system or remotely stored using the HTTP protocol to provide a signature entry.
tiup mirror sign <manifest-file> [flags]<manifest-file> is the address of the file to be signed, which has two forms:
- Network address, which starts with HTTP or HTTPS, such as
http://172.16.5.5:8080/rotate/root.json - Local file path, which is a relative path or an absolute path
If it is a network address, this address must provide the following features:
- Supports the access via
http getthat returns the complete content of the signed file (including thesignaturesfield). - Supports the access via
http post. The client adds the signature to thesignaturesfield of the content that is returned byhttp getand posts to this network address.
- Specifies the location of the private key used for signing the
{component}.jsonfile. - Data type:
STRING -
- If this option is not specified in the command,
"${TIUP_HOME}/keys/private.json"is used by default.
- If this option is not specified in the command,
- Specifies the access timeout time for signing through the network. The unit is in seconds.
- Data type:
INT - Default: 10
Note:
This option is valid only when
<manifest-file>is a network address.
- If the command is executed successfully, there is no output.
- If the file has been signed by the specified key, TiUP reports the error
Error: this manifest file has already been signed by specified key. - If the file is not a valid manifest, TiUP reports the error
Error: unmarshal manifest: %s.