Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

client sign-pending

Sign a pending file. The command fetches all files associated with the given path from the backend, computes a SHA-512 hash of each, signs them with your secret key, and submits the signatures in a single request.

Use list-pending to discover which files need signing.

Arguments

<FILE_PATH>

Mirror-relative path to the file to sign, as returned by list-pending. For example https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json.

Options

-K --secret-key <PATH>

Path to your secret key file. Required.

-p --password <PASSWORD>

Password for the secret key. Conflicts with --password-file. Prompted interactively if neither is set.

-P --password-file <PATH>

File containing the password. Conflicts with --password.

-u --backend-url <URL>

Backend API URL. Defaults to http://127.0.0.1:3000.

--json

Emit output as JSON instead of human-readable text.

Environment

  • ASFALOAD_SIGN_PENDING_PASSWORD — alternative to --password.
  • ASFALOAD_SIGN_PENDING_PASSWORD_FILE — alternative to --password-file.

Output

Human-readable (default):

Success! Signature submitted

When the submission completes the required threshold:

Success! Signature submitted (complete)

JSON (with --json):

{"is_complete":true}

Examples

# sign a pending release index
client sign-pending -K ~/.asfaload/key.minisign \
    https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json

# sign with explicit password (CI usage)
client sign-pending -K ~/.asfaload/key.minisign -p "$PASSWORD" \
    https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json

Exit codes

  • 0 — signature submitted successfully.
  • non-zero — error (authentication failure, file not found, network error).