frontpage.

I've been working on filepack, a command-line tool for file verification on and off for a while, and it's finally in a state where it's ready for feedback, review, and initial testing.

GitHub repo here: https://github.com/casey/filepack/

It uses a JSON manifest named `filepack.json` containing BLAKE3 file hashes and file lengths.

To create a manifest in the current directory:

  filepack create

To verify a manifest in the current directory:

  filepack verify

Manifests can be signed:

  # generate keypair
  filepack keygen

  # print public key
  filepack key

  # create and sign manifest
  filepack create --sign

And checked to have a signature from a particular public key:

  filepack verify --key <PUBLIC_KEY>

Signatures are made over the root of a merkle tree built from the contents of the manifest.

The root hash of this merkle tree is called a "package fingerprint", and provides a globally-unique identifier for a package.

The package fingerprint can be printed:

  filepack fingerprint

And a package can be verified to have a particular fingerprint:

  filepack verify --fingerprint <FINGERPRINT>

Additionally, and I think possibly most interestingly, a format for machine-readable metadata is defined, allowing packages to be self-describing, making collections of packages indexable and browsable with a better user interface than the folder-of-files ux possible otherwise.

Any feedback, issues, feature request, and design critique is most welcome! I tried to include a lot of details in the readme, so definitely check it out.

Typed Assembly Language

The UK tourist with a valid visa detained by ICE for six weeks

Ajail: A basic jail for programs you don't trust

Show HN: How much has the ad industry spent targeting you?

Show HN: OffKit – an iOS app blocker that adds friction

LDOS: Toward a Learning-Directed Operating System

PromptSpy ushers in the era of Android threats using GenAI

Colorado moves age checks from websites to operating systems

Pb-ext: Enhanced PocketBase server with monitoring, logging and API docs

Ruby Is the Best Language for Building AI Apps

Back to textbooks: Denmark rolls back digital learning

Show HN: Free tool to migrate OpenAI Assistants

A Galaxy Composed Almost of Dark Matter Has Been Confirmed

Python creator Guido van Rossum asks Elon Musk what SpaceX uses for coding

Infographic of the Navy and Air Force build up nearby Iran

Acme Weather, from the Creators of Dark Sky

Free Shadcn/UI patterns for faster UI delivery

Show HN: Fix-my-mic – stop macOS from switching to AirPods mic every connection

Formula: A VST for coding custom DSP inside your DAW

A 3000W Water-Cooled Power Supply (With GAN and Sic) [video]

OpenClaw Partners with VirusTotal for Skill Security

The Rolling Layoffs at Jack Dorsey's Block

Ask HN: How would you distribute a privacy-first AI chat for teams?

Enable automatic coverage workflow setup

Show HN: Resilient OpenClaw Browser Relay – Survives WS Drops and MV3 Restarts

Show HN: Stop Pasting Credentials in Slack

Show HN: Skill Check CLI for your skill.md

Show HN: WebhookStream – Receive, relay, send and debug webhooks from 1 platform

The political effects of X's feed algorithm

Show HN: Mukoko weather – AI-powered weather intelligence built for Zimbabwe

Show HN: Filepack: a fast SHASUM/SFV/PGP alternative using BLAKE3