GNOME.org
 

Ostree sign capability

Is it possible to sign an ostree entity externally (outside of ostree-sign)?

My company wants to use a dedicated PKI server to supply the key and
do the encryption so the key is never publicly exposed (outside the
server).  They want to use a server on-board API to sign something and
then put the signature into the ostree repo as the "usual" metadata
entry.

Is this possible?

Or would I need to write a special program that emulates what
ostree-sign does except for using the external server API to do the
actual signing?  Assuming that is also possible.

I'm totally new to ostree, so if this is already available somewhere,
references would be appreciated.

Thank you.

Mark
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]