tiup mirror sign
The tiup mirror sign command is used to sign the metadata files (*.json)defined in TiUP mirror. These metadata files might be stored on the local file system or remotely stored using the HTTP protocol to provide a signature entry.
Syntax
tiup mirror sign <manifest-file> [flags]
<manifest-file> is the address of the file to be signed, which has two forms:
- Network address, which starts with HTTP or HTTPS, such as
http://172.16.5.5:8080/rotate/root.json - Local file path, which is a relative path or an absolute path
If it is a network address, this address must provide the following features:
- Supports the access via
http getthat returns the complete content of the signed file (including thesignaturesfield). - Supports the access via
http post. The client adds the signature to thesignaturesfield of the content that is returned byhttp getand posts to this network address.
Options
-k, --key
- Specifies the location of the private key used for signing the
{component}.jsonfile. - Data type:
STRING - If this option is not specified in the command,
"${TIUP_HOME}/keys/private.json"is used by default.
- If this option is not specified in the command,
--timeout
- Specifies the access timeout time for signing through the network. The unit is in seconds.
- Data type:
INT - Default: 10
Output
- If the command is executed successfully, there is no output.
- If the file has been signed by the specified key, TiUP reports the error
Error: this manifest file has already been signed by specified key. - If the file is not a valid manifest, TiUP reports the error
Error: unmarshal manifest: %s.