| title | tiup mirror sign |
|---|
The tiup mirror sign command is used to sign the metadata files (*.json)defined in TiUP mirror. These metadata files might be stored on the local file system or remotely stored using the HTTP protocol to provide a signature entry.
tiup mirror sign <manifest-file> [flags]<manifest-file> is the address of the file to be signed, which has two forms:
- Network address, which starts with HTTP or HTTPS, such as
http://172.16.5.5:8080/rotate/root.json - Local file path, which is a relative path or an absolute path
If it is a network address, this address must provide the following features:
- Supports the access via
http getthat returns the complete content of the signed file (including thesignaturesfield). - Supports the access via
http post. The client adds the signature to thesignaturesfield of the content that is returned byhttp getand posts to this network address.
- Specifies the location of the private key used for signing the
{component}.jsonfile. - Data type:
STRING -
- If this option is not specified in the command,
"${TIUP_HOME}/keys/private.json"is used by default.
- If this option is not specified in the command,
- Specifies the access timeout time for signing through the network. The unit is in seconds.
- Data type:
INT - Default: 10
Note:
This option is valid only when
<manifest-file>is a network address.
- If the command is executed successfully, there is no output.
- If the file has been signed by the specified key, TiUP reports the error
Error: this manifest file has already been signed by specified key. - If the file is not a valid manifest, TiUP reports the error
Error: unmarshal manifest: %s.