sneak/mfer
1
0
Fork 0
Code Issues 4 Pull Requests 1 Releases Wiki Activity
4a2060087d
mfer/internal
History
sneak 4a2060087d Add GPG signature verification on manifest load 
- Implement gpgVerify function that creates a temporary keyring to verify
  detached signatures against embedded public keys
- Signature verification happens during deserialization after hash
  validation but before decompression
- Extract signatureString() as a method on manifest for generating the
  canonical signature string (MAGIC-UUID-MULTIHASH)
- Add --require-signature flag to check command to mandate signature from
  a specific GPG key ID
- Expose IsSigned() and Signer() methods on Checker for signature status
2025-12-18 05:56:16 -08:00
..
bork next (#5) 2022-12-09 00:02:33 +00:00
cli Add GPG signature verification on manifest load 2025-12-18 05:56:16 -08:00
log Show only filename (not full path) in debug log caller info 2025-12-17 16:21:06 -08:00