github.com/pivotal-cf/code-signing-public/pkgsign/yubikey

Open-source tools for creating and verifying digital signatures of Pivotal products


License
MIT
Install
go get github.com/pivotal-cf/code-signing-public/pkgsign/yubikey

Documentation

Code Signing Tools (open source)

Open-source tools for creating and verifying digital signatures of Pivotal products

How to use

Usage in development environments

You can use the -chain and -revoked flags to specify either local files or remote URLs for the Certificate Authority Chain & Revocation list.

To avoid setting these flags on every call, you may set the PKG_TOOLS_OVERRIDE_CA_URL environment variable to override the default base URI. e.g.:

export PKG_TOOLS_OVERRIDE_CA_URL=https://raw.githubusercontent.com/pivotal-cf/code-signing-certificates-DEV/master/

This affects both pkgsign and pkgverify.