Verify Docker Compose file for online installs
With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.
Download the signature file and the public key to the same directory as
docker-compose.ymland license file.Note: For instructions on downloading the
docker-compose.ymland license files, see the instructions on how to Install Remediate on online nodes.
Run the following command:
openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature signature docker-compose.yml
If the signature is valid, you will get the following response: