@@ -131,6 +131,43 @@ vz vm init --allow-unpinned --ipsw ~/Downloads/restore.ipsw
131131sudo vz vm provision --image ~ /.vz/images/base.img --allow-unpinned
132132```
133133
134+ ### 6. Create signed patch bundles
135+
136+ ``` bash
137+ # Generate an Ed25519 signing key (PKCS#8 PEM)
138+ openssl genpkey -algorithm Ed25519 -out /tmp/vz-patch-signing-key.pem
139+
140+ # Prepare operations and payload digests
141+ cat > /tmp/patch-operations.json << 'JSON '
142+ [
143+ {
144+ "type": "write_file",
145+ "path": "/usr/local/libexec/vz-agent",
146+ "content_digest": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
147+ "mode": 493
148+ },
149+ {
150+ "type": "set_mode",
151+ "path": "/usr/local/libexec/vz-agent",
152+ "mode": 493
153+ }
154+ ]
155+ JSON
156+
157+ mkdir -p /tmp/patch-payload
158+ cp /path/to/vz-agent /tmp/patch-payload/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
159+
160+ vz vm patch create \
161+ --bundle /tmp/patch-1.vzpatch \
162+ --base-id stable \
163+ --operations /tmp/patch-operations.json \
164+ --payload-dir /tmp/patch-payload \
165+ --signing-key /tmp/vz-patch-signing-key.pem
166+
167+ vz vm patch verify --bundle /tmp/patch-1.vzpatch
168+ sudo vz vm patch apply --bundle /tmp/patch-1.vzpatch --root /tmp/mounted-root
169+ ```
170+
134171## Command groups
135172
136173### Containers
@@ -143,7 +180,7 @@ sudo vz vm provision --image ~/.vz/images/base.img --allow-unpinned
143180
144181### VMs (macOS)
145182
146- ` vm init ` , ` vm run ` , ` vm exec ` , ` vm save ` , ` vm restore ` , ` vm list ` , ` vm stop ` , ` vm cache ` , ` vm provision ` , ` vm cleanup ` , ` vm self-sign ` , ` vm validate `
183+ ` vm init ` , ` vm run ` , ` vm exec ` , ` vm save ` , ` vm restore ` , ` vm list ` , ` vm stop ` , ` vm cache ` , ` vm provision ` , ` vm cleanup ` , ` vm self-sign ` , ` vm validate ` , ` vm base ` , ` vm patch `
147184
148185## Architecture
149186
0 commit comments