You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduce a generic `pcf-sig` tool (crate tools/pcf-sig, lib pcf_sig_cli +
bin pcf-sig) for signing and verifying any PCF file with PCF-SIG (Ed25519):
keygen, incremental sign, verify with optional trust check, and key listing.
Signing is incremental by default — partitions already covered by a valid
signature from the same key are skipped — with --resign to force.
Wire PCF-SIG into the `pfs` CLI: keygen and verify-sig delegate to
pcf_sig_cli, and every mutating command (mkfs/mkdir/put/mv/rm/create/update)
accepts --key to auto-sign after its commit.
Because PFS-MS is append-only with a backward-linked session chain, naively
appending signature partitions corrupts the chain. Signing a PFS-MS file is
therefore committed as a dedicated signature session (pfs-ms sign_archive),
covering content and node records; the generic pcf-sig sign refuses PFS-MS
files and points to `pfs sign`.
Includes roundtrip/incremental/tamper/refusal tests for both crates, a
dedicated CI workflow, release-binary packaging for pcf-sig, and README docs.
0 commit comments