docs: document m2pack subcommands
Add a Phase 4 'm2pack commands' section to docs/cli.md with each subcommand's flags and a pointer at the m2pack-secure repo for installation. Update README.md with a short m2pack paragraph and append the Phase 4 entry to the Unreleased CHANGELOG section.
This commit is contained in:
Jan Nedbal
75
docs/cli.md
75
docs/cli.md
@@ -1,6 +1,7 @@
|
||||
# metin-release — CLI reference
|
||||
|
||||
Phase 1 commands. All subcommands share the top-level flags.
|
||||
Phase 1 `release …` commands and Phase 4 `m2pack …` commands. All
|
||||
subcommands share the top-level flags.
|
||||
|
||||
## Top-level flags
|
||||
|
||||
@@ -145,3 +146,75 @@ metin-release release publish \
|
||||
[--created-at ...] [--sample-blobs N] \
|
||||
[--yes] [--force] [--dry-run-upload]
|
||||
```
|
||||
|
||||
## m2pack commands
|
||||
|
||||
Phase 4 subcommands wrap the `m2pack-secure` binary and translate its
|
||||
JSON envelopes into the standard metin-release result envelope. The
|
||||
binary is **not** shipped with this CLI — build it from
|
||||
[`metin-server/m2pack-secure`](https://gitea.jakubkadlec.dev/metin-server/m2pack-secure)
|
||||
and either put it on `PATH` or point at it via the `M2PACK_BINARY`
|
||||
environment variable.
|
||||
|
||||
All m2pack commands pass through `--json` to the real tool, so the
|
||||
raw m2pack envelope is always available under `data.m2pack`. When
|
||||
m2pack exits non-zero or emits non-JSON output the wrapper raises a
|
||||
subprocess error with `m2pack_failed` / `m2pack_invalid_json` /
|
||||
`m2pack_empty_output` error codes.
|
||||
|
||||
### `m2pack build`
|
||||
|
||||
Build a signed `.m2p` archive from a client asset directory.
|
||||
|
||||
```
|
||||
metin-release m2pack build \
|
||||
--input /path/to/client-assets \
|
||||
--output /path/to/out.m2p \
|
||||
--key /path/to/content.key \
|
||||
--sign-secret-key /path/to/signing.sk \
|
||||
[--key-id N]
|
||||
```
|
||||
|
||||
### `m2pack verify`
|
||||
|
||||
Verify an `.m2p` archive's signature (and optionally full-decrypt it).
|
||||
|
||||
```
|
||||
metin-release m2pack verify \
|
||||
--archive /path/to/a.m2p \
|
||||
[--public-key /path/to/signing.pub] \
|
||||
[--key /path/to/content.key]
|
||||
```
|
||||
|
||||
Passing `--key` enables full-decrypt verification; omitting it only
|
||||
checks manifest structure and signature.
|
||||
|
||||
### `m2pack diff`
|
||||
|
||||
Diff two directories and/or `.m2p` archives. Either side can be a
|
||||
directory or an archive; m2pack figures it out.
|
||||
|
||||
```
|
||||
metin-release m2pack diff --left /old --right /new.m2p
|
||||
```
|
||||
|
||||
The wrapper promotes m2pack's added/removed/changed/unchanged counts
|
||||
into `data.stats` when available.
|
||||
|
||||
### `m2pack export-runtime-key`
|
||||
|
||||
Export a launcher runtime-key payload (json or raw blob) from a master
|
||||
content key + signing public key. Used to seed the launcher's bundled
|
||||
runtime-key file during release workflows.
|
||||
|
||||
```
|
||||
metin-release m2pack export-runtime-key \
|
||||
--key /path/to/content.key \
|
||||
--public-key /path/to/signing.pub \
|
||||
--output /path/to/runtime-key.json \
|
||||
[--key-id N] [--format json|blob]
|
||||
```
|
||||
|
||||
See `docs/key-rotation.md` in `m2pack-secure` for when to re-export
|
||||
runtime keys.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user