sneak/mfer - mfer - git.eeqj.de

sneak/mfer

Fork 1

Commit Graph

Author	SHA1	Message	Date
clawbot	8c7eef6240	fix: handle errcheck warnings in gpg.go and gpg_test.go, fix gofmt	2026-02-19 23:40:50 -08:00
sneak	4a2060087d	Add GPG signature verification on manifest load - Implement gpgVerify function that creates a temporary keyring to verify detached signatures against embedded public keys - Signature verification happens during deserialization after hash validation but before decompression - Extract signatureString() as a method on manifest for generating the canonical signature string (MAGIC-UUID-MULTIHASH) - Add --require-signature flag to check command to mandate signature from a specific GPG key ID - Expose IsSigned() and Signer() methods on Checker for signature status	2025-12-18 05:56:16 -08:00
sneak	778999a285	Add GPG signing support for manifest generation - Add --sign-key flag and MFER_SIGN_KEY env var to gen and freshen commands - Sign inner message multihash with GPG detached signature - Include signer fingerprint and public key in outer wrapper - Add comprehensive tests with temporary GPG keyring - Increase test timeout to 10s for GPG key generation	2025-12-18 02:12:54 -08:00

Author

SHA1

Message

Date

clawbot

8c7eef6240

fix: handle errcheck warnings in gpg.go and gpg_test.go, fix gofmt

2026-02-19 23:40:50 -08:00

sneak

4a2060087d

Add GPG signature verification on manifest load

- Implement gpgVerify function that creates a temporary keyring to verify
  detached signatures against embedded public keys
- Signature verification happens during deserialization after hash
  validation but before decompression
- Extract signatureString() as a method on manifest for generating the
  canonical signature string (MAGIC-UUID-MULTIHASH)
- Add --require-signature flag to check command to mandate signature from
  a specific GPG key ID
- Expose IsSigned() and Signer() methods on Checker for signature status

2025-12-18 05:56:16 -08:00

sneak

778999a285

Add GPG signing support for manifest generation

- Add --sign-key flag and MFER_SIGN_KEY env var to gen and freshen commands
- Sign inner message multihash with GPG detached signature
- Include signer fingerprint and public key in outer wrapper
- Add comprehensive tests with temporary GPG keyring
- Increase test timeout to 10s for GPG key generation

2025-12-18 02:12:54 -08:00

3 Commits