129 lines
2.4 KiB
Markdown
129 lines
2.4 KiB
Markdown
# m2pack-secure
|
|
|
|
CLI-first archive builder for a modern Metin2 client pack pipeline.
|
|
|
|
It is designed as a replacement for legacy EterPack tooling when you control the
|
|
client source and want a format that is easier to automate and harder to tamper
|
|
with.
|
|
|
|
## Goals
|
|
|
|
- CLI workflow first, no GUI dependency
|
|
- deterministic manifest layout for automation
|
|
- `zstd` compression
|
|
- `XChaCha20-Poly1305` authenticated encryption per file
|
|
- `Ed25519` signed manifest for tamper detection
|
|
- JSON output for AI agents and automation
|
|
|
|
## Current commands
|
|
|
|
- `m2pack keygen`
|
|
- `m2pack build`
|
|
- `m2pack list`
|
|
- `m2pack verify`
|
|
- `m2pack extract`
|
|
- `m2pack export-client-config`
|
|
|
|
## MCP Server
|
|
|
|
The repository also ships a Linux-friendly MCP server that wraps the `m2pack`
|
|
CLI for AI agents and automation.
|
|
|
|
Files:
|
|
|
|
- `mcp_server.mjs`
|
|
- `package.json`
|
|
|
|
Install:
|
|
|
|
```bash
|
|
npm install
|
|
```
|
|
|
|
Run:
|
|
|
|
```bash
|
|
node mcp_server.mjs
|
|
```
|
|
|
|
If the `m2pack` binary is not at `build/m2pack`, set:
|
|
|
|
```bash
|
|
export M2PACK_BINARY=/absolute/path/to/m2pack
|
|
```
|
|
|
|
Exposed tools:
|
|
|
|
- `pack_keygen`
|
|
- `pack_build`
|
|
- `pack_list`
|
|
- `pack_verify`
|
|
- `pack_extract`
|
|
- `pack_export_client_config`
|
|
- `pack_binary_info`
|
|
|
|
## Build
|
|
|
|
```bash
|
|
cmake -S . -B build
|
|
cmake --build build -j
|
|
```
|
|
|
|
## Quick start
|
|
|
|
Generate a master content key and signing keypair:
|
|
|
|
```bash
|
|
./build/m2pack keygen --out-dir keys --json
|
|
```
|
|
|
|
Build an archive from a client asset directory:
|
|
|
|
```bash
|
|
./build/m2pack build \
|
|
--input /path/to/client/root \
|
|
--output out/client.m2p \
|
|
--key keys/master.key \
|
|
--sign-secret-key keys/signing.key \
|
|
--json
|
|
```
|
|
|
|
Verify the archive:
|
|
|
|
```bash
|
|
./build/m2pack verify \
|
|
--archive out/client.m2p \
|
|
--public-key keys/signing.pub \
|
|
--key keys/master.key \
|
|
--json
|
|
```
|
|
|
|
Extract:
|
|
|
|
```bash
|
|
./build/m2pack extract \
|
|
--archive out/client.m2p \
|
|
--output out/unpacked \
|
|
--key keys/master.key
|
|
```
|
|
|
|
Export a client config header for `m2dev-client-src/src/PackLib/M2PackKeys.h`:
|
|
|
|
```bash
|
|
./build/m2pack export-client-config \
|
|
--key keys/master.key \
|
|
--public-key keys/signing.pub \
|
|
--output /path/to/m2dev-client-src/src/PackLib/M2PackKeys.h
|
|
```
|
|
|
|
## Format summary
|
|
|
|
- Single archive file with a fixed header
|
|
- Binary manifest near the end of the file
|
|
- Signed manifest hash in the header
|
|
- Per-file random nonce
|
|
- Per-file AEAD ciphertext, authenticated with the relative file path
|
|
|
|
See [docs/format.md](docs/format.md) and
|
|
[docs/client-integration.md](docs/client-integration.md).
|