librelad caee74bd76 feat(distribution): signed artifact-index fetch+verify primitive (Phase 1)
Build the read side of the unified distribution primitive from
docs/roadmap/updates-and-distribution.md: one team-signed catalog
(index.json) on the same channel as latest.json, listing type-tagged
artifact envelopes. A hotfix is the first artifact type; apps/themes/
components are future envelope rows through the SAME pipe — the
marketplace seam is just the `type` + `payload.kind` fields.

Phase 1 is fetch + verify + parse only (NO mutation; the snapshot →
ops → rollback → History apply verb is Phase 2):

- Factor `lpVerifyMinisig` out of `lpFetchRelease` (scripts/source/
  fetch.sh) — one trust anchor (the root-owned footprint key) now
  shared by releases and the index; refactor `lpFetchRelease` to use
  it (behaviour-preserving, still fail-closed).
- scripts/source/artifacts.sh: `lpFetchIndex` — download →
  verify-before-parse → `valid_until` freshness (anti-withholding) →
  `index_serial` monotonic high-water (anti-rollback, TUF-lite) → emit
  verified JSON. Trust core is jq-free; parsing accessors prefer jq
  with a grep fallback.
- `libreportal artifact index` (scripts/cli/commands/artifact/) —
  read-only front door that fetches, verifies and lists. Runs directly
  like `updater check` (no task; no mutation).
- Regenerate the source arrays + lazy-load function manifest for the
  new files.

Doc: promote the format from vision to spec (§8) — 3 layers
(INDEX/ENVELOPE/PIPELINE), the bounded declarative op vocabulary (no
run-script, ever), the apply pipeline mapped onto existing functions,
the marketplace seam, and resolutions for all five open forks.

Self-tested 12/12: trust core fails closed (real key + no minisign →
refuse), happy path, stale-refused, rollback-refused, signature-refused,
jq + grep parsing.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 16:48:06 +01:00

58 lines
2.4 KiB
Bash
Executable File

#!/bin/bash
# This file is auto-generated by generate_arrays.sh
# Do not edit manually - run './scripts/source/files/generate_arrays.sh run' to regenerate
cli_scripts=(
"cli/cli_initialize.sh"
"cli/cli_update.sh"
"cli/commands/app/cli_app_commands.sh"
"cli/commands/app/cli_app_header.sh"
"cli/commands/app/cli_app_restore.sh"
"cli/commands/app/cli_app_tool_list.sh"
"cli/commands/artifact/cli_artifact_commands.sh"
"cli/commands/artifact/cli_artifact_header.sh"
"cli/commands/backup/cli_backup_commands.sh"
"cli/commands/backup/cli_backup_header.sh"
"cli/commands/config/cli_config_commands.sh"
"cli/commands/config/cli_config_header.sh"
"cli/commands/debug/cli_debug_commands.sh"
"cli/commands/debug/cli_debug_header.sh"
"cli/commands/dockertype/cli_dockertype_commands.sh"
"cli/commands/dockertype/cli_dockertype_header.sh"
"cli/commands/firewall/cli_firewall_commands.sh"
"cli/commands/firewall/cli_firewall_header.sh"
"cli/commands/help/cli_help_commands.sh"
"cli/commands/help/cli_help_header.sh"
"cli/commands/install/cli_install_commands.sh"
"cli/commands/install/cli_install_header.sh"
"cli/commands/ip/cli_ip_commands.sh"
"cli/commands/ip/cli_ip_header.sh"
"cli/commands/peer/cli_peer_commands.sh"
"cli/commands/peer/cli_peer_header.sh"
"cli/commands/regen/cli_regen_commands.sh"
"cli/commands/regen/cli_regen_header.sh"
"cli/commands/reset/cli_reset_commands.sh"
"cli/commands/reset/cli_reset_header.sh"
"cli/commands/restore/cli_restore_commands.sh"
"cli/commands/restore/cli_restore_header.sh"
"cli/commands/setup/cli_setup_commands.sh"
"cli/commands/setup/cli_setup_header.sh"
"cli/commands/ssh/cli_ssh_commands.sh"
"cli/commands/ssh/cli_ssh_header.sh"
"cli/commands/system/cli_system_commands.sh"
"cli/commands/system/cli_system_header.sh"
"cli/commands/update/cli_update_commands.sh"
"cli/commands/update/cli_update_header.sh"
"cli/commands/updater/cli_updater_commands.sh"
"cli/commands/updater/cli_updater_header.sh"
"cli/commands/validation/cli_validation_commands.sh"
"cli/commands/validation/cli_validation_header.sh"
"cli/commands/verify/cli_verify_commands.sh"
"cli/commands/verify/cli_verify_header.sh"
"cli/commands/webui/cli_webui_commands.sh"
"cli/commands/webui/cli_webui_header.sh"
"cli/task/cli_task_run.sh"
)