Expand description
.fleet bundle manifest types + signing primitives (pure; no I/O).
The MANIFEST is the only signed object: it pins every bundled file by SHA-256, so the archive container need not be byte-deterministic — verifying each file’s hash against the manifest plus the manifest signature suffices.
Structs§
- Bundle
Entry - One file in a bundle, pinned by content hash.
- Bundle
Manifest - The signed manifest at
bundle.yaml.
Constants§
- FLEET_
BUNDLE_ FORMAT - Bundle wire-format version. Bump on any breaking manifest change.
Functions§
- content_
hash - Lowercase hex SHA-256 of
bytes. - manifest_
sign_ input - Canonical signing input: the manifest serialized with
sigcleared. Struct field order is fixed, so this is deterministic without a custom canonicalizer. - signer_
fingerprint - Short fingerprint of a multibase pubkey: first 8 hex chars of its SHA-256,
hyphen-grouped (e.g.
ab12-cd34) for human out-of-band comparison. - verify_
manifest_ sig - Verify the manifest signature against
pubkey. Fail-closed: nosig→ false.