Add a dangerzone-image store-signature CLI command

This can be useful when signatures are missing from the system, for an already present image, and can be used as a way to fix user issues.
2025-04-28 18:02:38 +02:00 · 2025-03-03 12:58:27 +01:00 · 2025-03-03 12:58:27 +01:00 · bdceee53d0
commit bdceee53d0
parent 61c8f2a6ad
1 changed files with 11 additions and 0 deletions
--- a/dangerzone/updater/cli.py
+++ b/dangerzone/updater/cli.py
@ -42,6 +42,17 @@ def upgrade(image: str, pubkey: str) -> None:
        raise click.Abort()


+@main.command()
+@click.argument("image", default=DEFAULT_IMAGE_NAME)
+@click.option("--pubkey", default=signatures.DEFAULT_PUBKEY_LOCATION)
+def store_signatures(image: str, pubkey: str) -> None:
+    manifest_digest = registry.get_manifest_digest(image)
+    sigs = signatures.get_remote_signatures(image, manifest_digest)
+    signatures.verify_signatures(sigs, manifest_digest, pubkey)
+    signatures.store_signatures(sigs, manifest_digest, pubkey, update_logindex=False)
+    click.echo(f"✅ Signatures has been verified and stored locally")
+
+
@main.command()
@click.argument("image_filename")
@click.option("--pubkey", default=signatures.DEFAULT_PUBKEY_LOCATION)