Upload container image signatures

Upload new container image signatures to Pyxis. Signatures are specified in the JSON format. They can be specified directly as string to the invoked entrypoint, or as a file path, when prefixed with “@”.

CLI reference

usage: pubtools-pyxis-upload-signatures [-h] --pyxis-server PYXIS_SERVER
                                        [--pyxis-insecure]
                                        [--pyxis-krb-principal PYXIS_KRB_PRINCIPAL]
                                        [--pyxis-krb-ktfile PYXIS_KRB_KTFILE]
                                        [--pyxis-ssl-crtfile PYXIS_SSL_CRTFILE]
                                        [--pyxis-ssl-keyfile PYXIS_SSL_KEYFILE]
                                        --signatures SIGNATURES
                                        [--request-threads REQUEST_THREADS]

Named Arguments

--pyxis-server

Pyxis service hostname

--pyxis-insecure

Allow insecure connection to Pyxis

--pyxis-krb-principal

Pyxis kerberos principal in form: name@REALM

--pyxis-krb-ktfile

Pyxis Kerberos client keytab. Optional. Used for login if TGT is not available.

--pyxis-ssl-crtfile

Path to .crt file for the SSL authentication

--pyxis-ssl-keyfile

Path to .key file for the SSL authentication

--signatures

Signatures in JSON format (as a string) or an @-prefixed file path with JSON, e.g. –signatures=@/tmp/filename.json

--request-threads

Maximum number of threads to use for parallel requests

Default: 16

Signature JSON format

The specific fields are generally expected to be filled by a different service.

[
    {
        "manifest_digest": "sha256:a1a1a1a1",
        "reference": "redhat.io/some-repository:1",
        "repository": "some-repository",
        "sig_key_id": "ABCDEFGH",
        "signature_data": "some-data"
    },
    {
        "manifest_digest": "sha256:b2b2b2b2",
        "reference": "stage.redhat.io/some-repository:1",
        "repository": "some-repository",
        "sig_key_id": "ABCDEFGH",
        "signature_data": "some-data"
    }
]

Examples

NOTE: The demonstration of various authentication types can be seen in “Get operator indices” entrypoint examples.

Upload signatures directly as a string:

pubtools-pyxis-upload-signatures \
--pyxis-server https://pyxis-server-url/ \
--pyxis-ssl-crtfile /path/to/file.crt \
--pyxis-ssl-keyfile /path/to/file.key \
--signatures '[{"foo": "bar"}]'

Upload signatures by specifying a filepath containing the signatures JSON:

pubtools-pyxis-upload-signatures \
--pyxis-server https://pyxis-server-url/ \
--pyxis-ssl-crtfile /path/to/file.crt \
--pyxis-ssl-keyfile /path/to/file.key \
--signatures @signatures.json