sneak 4a2060087d Add GPG signature verification on manifest load ...

- Implement gpgVerify function that creates a temporary keyring to verify
  detached signatures against embedded public keys
- Signature verification happens during deserialization after hash
  validation but before decompression
- Extract signatureString() as a method on manifest for generating the
  canonical signature string (MAGIC-UUID-MULTIHASH)
- Add --require-signature flag to check command to mandate signature from
  a specific GPG key ID
- Expose IsSigned() and Signer() methods on Checker for signature status

2025-12-18 05:56:16 -08:00

..

check.go

Add GPG signature verification on manifest load

2025-12-18 05:56:16 -08:00

entry_test.go

Use Go 1.13+ octal literal syntax throughout codebase

2025-12-18 01:29:40 -08:00

entry.go

Add godoc strings to all exported types, functions, and fields

2025-12-17 11:27:41 -08:00

fetch_test.go

Use Go 1.13+ octal literal syntax throughout codebase

2025-12-18 01:29:40 -08:00

fetch.go

Use Go 1.13+ octal literal syntax throughout codebase

2025-12-18 01:29:40 -08:00

freshen_test.go

Use Go 1.13+ octal literal syntax throughout codebase

2025-12-18 01:29:40 -08:00

freshen.go

Add GPG signing support for manifest generation

2025-12-18 02:12:54 -08:00

gen.go

Add GPG signing support for manifest generation

2025-12-18 02:12:54 -08:00

list.go

Add list command to show manifest contents

2025-12-17 15:36:48 -08:00

mfer.go

Add GPG signature verification on manifest load

2025-12-18 05:56:16 -08:00