sneak/mfer
1
0
Fork 0
Code Issues 4 Pull Requests 1 Releases Wiki Activity
4a2060087d
mfer/internal/cli
History
sneak 4a2060087d Add GPG signature verification on manifest load 
- Implement gpgVerify function that creates a temporary keyring to verify
  detached signatures against embedded public keys
- Signature verification happens during deserialization after hash
  validation but before decompression
- Extract signatureString() as a method on manifest for generating the
  canonical signature string (MAGIC-UUID-MULTIHASH)
- Add --require-signature flag to check command to mandate signature from
  a specific GPG key ID
- Expose IsSigned() and Signer() methods on Checker for signature status
2025-12-18 05:56:16 -08:00
..
check.go Add GPG signature verification on manifest load 2025-12-18 05:56:16 -08:00
entry_test.go Use Go 1.13+ octal literal syntax throughout codebase 2025-12-18 01:29:40 -08:00
entry.go Add godoc strings to all exported types, functions, and fields 2025-12-17 11:27:41 -08:00
fetch_test.go Use Go 1.13+ octal literal syntax throughout codebase 2025-12-18 01:29:40 -08:00
fetch.go Use Go 1.13+ octal literal syntax throughout codebase 2025-12-18 01:29:40 -08:00
freshen_test.go Use Go 1.13+ octal literal syntax throughout codebase 2025-12-18 01:29:40 -08:00
freshen.go Add GPG signing support for manifest generation 2025-12-18 02:12:54 -08:00
gen.go Add GPG signing support for manifest generation 2025-12-18 02:12:54 -08:00
list.go Add list command to show manifest contents 2025-12-17 15:36:48 -08:00
mfer.go Add GPG signature verification on manifest load 2025-12-18 05:56:16 -08:00