librelad b28268a61f feat(system): "Verified" integrity check against the signed release manifest
Adds per-file integrity attestation on top of the existing signed-tarball
release flow. make_release now generates a SHA256SUMS manifest over the shipped
tree and (when a key is configured) signs it, riding both inside the release
tarball so they land in the install tree with no extra download.

lpVerifyInstall (scripts/source/verify.sh) re-hashes the install tree against
that manifest and verifies the manifest's minisign signature against the
root-owned footprint pubkey, yielding states: verified / modified / tampered /
unsigned / unverifiable / development. webuiSystemVerify writes verify_status.json
(throttled daily, force on demand, also after each update apply), surfaced as an
Integrity line + "Verify now" button on the Admin → Overview Updates card and a
row in the update details panel. `libreportal verify` exposes the same check on
the CLI.

Honest framing: this is a self-check (run by the software it verifies), so red
fires only for genuine modified/tampered states; the badge tooltip points to
out-of-band `minisign -Vm` for an independent guarantee.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-28 19:41:22 +01:00

54 lines
2.2 KiB
Bash
Executable File

#!/bin/bash
# This file is auto-generated by generate_arrays.sh
# Do not edit manually - run './scripts/source/files/generate_arrays.sh run' to regenerate
cli_scripts=(
"cli/cli_initialize.sh"
"cli/cli_update.sh"
"cli/commands/app/cli_app_commands.sh"
"cli/commands/app/cli_app_header.sh"
"cli/commands/app/cli_app_restore.sh"
"cli/commands/app/cli_app_tool_list.sh"
"cli/commands/backup/cli_backup_commands.sh"
"cli/commands/backup/cli_backup_header.sh"
"cli/commands/config/cli_config_commands.sh"
"cli/commands/config/cli_config_header.sh"
"cli/commands/debug/cli_debug_commands.sh"
"cli/commands/debug/cli_debug_header.sh"
"cli/commands/dockertype/cli_dockertype_commands.sh"
"cli/commands/dockertype/cli_dockertype_header.sh"
"cli/commands/firewall/cli_firewall_commands.sh"
"cli/commands/firewall/cli_firewall_header.sh"
"cli/commands/help/cli_help_commands.sh"
"cli/commands/help/cli_help_header.sh"
"cli/commands/install/cli_install_commands.sh"
"cli/commands/install/cli_install_header.sh"
"cli/commands/ip/cli_ip_commands.sh"
"cli/commands/ip/cli_ip_header.sh"
"cli/commands/peer/cli_peer_commands.sh"
"cli/commands/peer/cli_peer_header.sh"
"cli/commands/regen/cli_regen_commands.sh"
"cli/commands/regen/cli_regen_header.sh"
"cli/commands/reset/cli_reset_commands.sh"
"cli/commands/reset/cli_reset_header.sh"
"cli/commands/restore/cli_restore_commands.sh"
"cli/commands/restore/cli_restore_header.sh"
"cli/commands/setup/cli_setup_commands.sh"
"cli/commands/setup/cli_setup_header.sh"
"cli/commands/ssh/cli_ssh_commands.sh"
"cli/commands/ssh/cli_ssh_header.sh"
"cli/commands/system/cli_system_commands.sh"
"cli/commands/system/cli_system_header.sh"
"cli/commands/update/cli_update_commands.sh"
"cli/commands/update/cli_update_header.sh"
"cli/commands/validation/cli_validation_commands.sh"
"cli/commands/validation/cli_validation_header.sh"
"cli/commands/verify/cli_verify_commands.sh"
"cli/commands/verify/cli_verify_header.sh"
"cli/commands/webui/cli_webui_commands.sh"
"cli/commands/webui/cli_webui_header.sh"
"cli/task/cli_task_run.sh"
)