I am pleased to announce the new package MlFront_Signify is available in opam.
signify was created by OpenBSD for maintainers to sign distributions and for users to verify those distributions. That is described in signify: Securing OpenBSD From Us To You and the signify manpage.
MlFront_Signify is compatible with signify. The C code comes from firmware update code for the embedded Linux router distribution OpenWrt (much easier to build using OCaml tools compared to OpenBSD code). The executable mlfront-signify has most of the same CLI options as OpenBSD signify and includes the same trivial tests as signify, but on Unix you should just use your package manager’s signify. The main contribution of MlFront_Signify is the OCaml library that is documented at:
I used it with [ANN] Combining LLVM MC, lld, precompiled C and bytecode to perform auto-upgrades. A few MlFront packages participate:
MlFront_Signifyto verify a potential upgradeMlFront_ZipFileto unpack a verified upgradeMlFront_Cacheto provide an immutable store where multiple versions can co-exist
In particular, the SHA256.sig file in the file listing Release dk 2.3.202505202143 · diskuv/dkcoder · GitHub was created using MlFront_Signify with the SHA256 checksum file as input. That serves the same purpose as https://cdn.openbsd.org/pub/OpenBSD/snapshots/arm64/SHA256.sig.
MlFront_ZipFile has an important bugfix so please upgrade it to 2.3.1 as well.
Thanks to the Mirage project where I use its mirage-crypto-rng secure random generator!
Enjoy.