diff --git a/README.md b/README.md index 45cbf9b6..7af9abb7 100644 --- a/README.md +++ b/README.md @@ -154,12 +154,12 @@ Typically, `path` will be a file containing the output of `tuf payload`. See also `tuf add-signatures`. -#### `tuf add-signatures --signatures ` - +#### `tuf add-signatures [--signatures ] [--format=] [--key-id=] ` Adds signatures (the output of `tuf sign-payload`) to the given role metadata file. -If the signature does not verify, it will not be added. +If the signature does not verify, it will not be added. Signature can be a json file +or json passed in via `stdin`. #### `tuf status --valid-at ` diff --git a/cmd/tuf/add_signatures.go b/cmd/tuf/add_signatures.go index d825b1b0..adb24e5d 100644 --- a/cmd/tuf/add_signatures.go +++ b/cmd/tuf/add_signatures.go @@ -13,14 +13,14 @@ import ( func init() { register("add-signatures", cmdAddSignature, ` -usage: tuf add-signatures --signatures= [--format=] [--key-id=] +usage: tuf add-signatures [--signatures ] [--format=] [--key-id=] Adds signatures (the output of "sign-payload") to the given role metadata file. If the signature does not verify, it will not be added. Options: - --signatures= the path to the file containing the signature(s) + --signatures= The path to the file containing the signatures to add. If not present, the contents are read from stdin --format= One of 'json', 'hex', or 'base64'. Defaults to 'json' --key-id= The key-id of the signature being added. Only required if the format is not 'json' `) @@ -30,9 +30,20 @@ func cmdAddSignature(args *docopt.Args, repo *tuf.Repo) error { roleFilename := args.String[""] f := args.String["--signatures"] - sigBytes, err := os.ReadFile(f) - if err != nil { - return err + var sigBytes []byte + var err error + if f != "" { + sigBytes, err = os.ReadFile(f) + if err != nil { + return err + } + } else { + var input string + _, err := fmt.Scan(&input) + if err != nil { + return err + } + sigBytes = []byte(input) } sigs := []data.Signature{} switch args.String["--format"] {