pub fn run(key_path: PathBuf, image_path: PathBuf) -> Result<()>Expand description
Sign a Hexz archive with an Ed25519 private key.
This function creates a cryptographic signature for the archive’s Master Index and embeds it in the archive file, updating the header to record the signature’s location.
§Arguments
key_path- Path to the Ed25519 private key file (32 bytes)image_path- Path to the Hexz archive file to sign
§Process
- Opens the archive and reads the header
- Reads the entire Master Index structure
- Computes SHA-256 digest of the index
- Signs the digest with Ed25519 private key
- Appends 64-byte signature to end of file
- Updates header with signature offset/length
§Returns
Returns Ok(()) on success, or an error if:
- Private key file cannot be read
- Archive file cannot be opened or is malformed
- Header cannot be parsed
- Signature generation fails
- File I/O errors occur
§Side Effects
- Modifies the archive file (appends signature, updates header)
- Existing signature (if any) is replaced
§Example
let key = PathBuf::from("~/.hexz/keys/private.key");
let archive = PathBuf::from("snapshot.hxz");
sign::run(key, archive)?;