Function run 

pub fn run(key_path: PathBuf, image_path: PathBuf) -> Result<()>

Sign a Hexz archive with an Ed25519 private key.

This function creates a cryptographic signature for the archive’s Master Index and embeds it in the archive file, updating the header to record the signature’s location.

Arguments

• key_path - Path to the Ed25519 private key file (32 bytes)
• image_path - Path to the Hexz archive file to sign

Process

1. Opens the archive and reads the header
2. Reads the entire Master Index structure
3. Computes SHA-256 digest of the index
4. Signs the digest with Ed25519 private key
5. Appends 64-byte signature to end of file
6. Updates header with signature offset/length

Returns

Returns Ok(()) on success, or an error if:

• Private key file cannot be read
• Archive file cannot be opened or is malformed
• Header cannot be parsed
• Signature generation fails
• File I/O errors occur

Side Effects

• Modifies the archive file (appends signature, updates header)
• Existing signature (if any) is replaced

Example

let key = PathBuf::from("~/.hexz/keys/private.key");
let archive = PathBuf::from("snapshot.hxz");
sign::run(key, archive)?;