Documentation
Four commands. Everything else is a flag.
seal
Walk a directory and write a manifest.
ferrule seal PATH [-o FILE] [--xattrs] [--owner] [--exclude GLOB]...
| Flag | Effect |
|---|---|
-o FILE | Write to FILE instead of stdout. |
--xattrs | Record extended attributes. Off by default: they rarely survive a round trip through tar. |
--owner | Record uid/gid. Off by default, since they mean little across machines. |
--exclude GLOB | Skip matching paths. Repeatable. Matched against the path relative to PATH. |
-j N | Hashing threads. Defaults to the number of online CPUs. |
verify
Compare a manifest against the tree it describes.
ferrule verify MANIFEST [-C DIR] [--quick] [--quiet]
--quick compares size and mtime only and skips hashing. It is useful on large trees where you want a first answer in seconds, and it will miss a file that was rewritten with identical size and restored mtime. Exit status is 0 when the tree matches, 1 when it does not, and 2 on an error such as an unreadable manifest.
diff
Compare two manifests without touching a filesystem.
ferrule diff OLD.frl NEW.frl [--format text|json]
Handy for asking what changed between two releases when you no longer have either tree unpacked.
sign / check
ferrule sign build.frl --key ~/.ferrule/release.key
ferrule check build.frl --pub release.pub
Signing appends a detached Ed25519 signature block to the end of the manifest. The signed bytes are everything above the block, so a signed manifest is still a valid manifest for every other command, and check only tells you the file is intact — run verify to say anything about the tree.
Further reading
- Manifest format — the file layout, field by field.
- Changelog