mix stevedore.verify (Stevedore v0.2.0)

Copy Markdown View Source

Verify an image's signatures (fetched via the Referrers API / .sig tag) against an ECDSA public key (PEM). Exits non-zero if no signature satisfies the policy.

mix stevedore.verify REF --key path/to/key.pub [--scheme http|https]