sneak/mfer
1
0
Fork 0
Code Issues 8 Pull Requests 2 Actions Releases Wiki Activity

Add GPG signing support for manifest generation

Browse Source 
- Add --sign-key flag and MFER_SIGN_KEY env var to gen and freshen commands
- Sign inner message multihash with GPG detached signature
- Include signer fingerprint and public key in outer wrapper
- Add comprehensive tests with temporary GPG keyring
- Increase test timeout to 10s for GPG key generation
This commit is contained in:
Jeffrey Paul
2025-12-18 02:12:54 -08:00
parent 308c583d57
commit 778999a285
10 changed files with 415 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/cli/freshen.go
View File

@@ -227,6 +227,14 @@ func (mfa *CLIApp) freshenManifestOperation(ctx *cli.Context) error {
builder := mfer.NewBuilder()
// Set up signing options if sign-key is provided
if signKey := ctx.String("sign-key"); signKey != "" {
builder.SetSigningOptions(&mfer.SigningOptions{
KeyID: mfer.GPGKeyID(signKey),
})
log.Infof("signing manifest with GPG key: %s", signKey)
}
for _, e := range entries {
select {
case <-ctx.Done():