Skip to content

vix pack: add --sign=auto|never|required (non-blocking default) #28

New issue
New issue
Open
Open
vix pack: add --sign=auto|never|required (non-blocking default)#28
Labels
featureNew functionality or capability added to VixpackPackaging, distribution and artifact generationspecSpecification or formal definition (formats, protocols, architecture)testsTests, CI coverage and validationverifyPackage verification: integrity checks, payload digest, and cryptographic signature validation.
@GaspardKirira

Description

@GaspardKirira
GaspardKirira
opened on Dec 19, 2025

vix pack: add --sign=auto|never|required (non-blocking default)

Problem

Current signing behavior can be unclear and may block in some environments (CI, non-interactive shells) when minisign prompts for a password.

Goal

Introduce a predictable signing policy similar to npm:

  • --sign=auto (default): sign only if minisign + key are available, never fail.
  • --sign=never: never sign.
  • --sign=required: must sign, fail-fast with clear error messages.

Acceptance criteria

  • vix pack defaults to --sign=auto.
  • --sign remains as alias of --sign=required.
  • --sign=auto never blocks and never fails the pack if signing cannot be performed.
  • --sign=required exits with code 1 when minisign/key missing or signing fails.
  • Help output documents the modes + env var VIX_MINISIGN_SECKEY.

Notes

Signing output should be explicit in verbose mode:

  • show key path used (or "not found")
  • show whether minisign was detected

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureNew functionality or capability added to VixpackPackaging, distribution and artifact generationspecSpecification or formal definition (formats, protocols, architecture)testsTests, CI coverage and validationverifyPackage verification: integrity checks, payload digest, and cryptographic signature validation.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions