# TX v0.0.6

A large step from v0.0.5: TX now covers the everyday `tar` surface end to end,
while keeping its distinguishing features (Reed-Solomon parity, a Merkle-hashed
manifest, Ed25519 signing, index-first ISO output). `tar xf *.tx` still works.

## Security (fail-closed)

- The verifier now **recomputes the Merkle root from the hashes**; a valid
  signature can no longer be transplanted onto swapped content/hashes.
- **Unsigned archives are rejected** when a trust store is configured.
- Bounded attacker-controlled allocations + a 64 GiB decompressed backstop;
  zip-slip guarded on extract.

## tar feature parity

- `list` / `-l`, `--strip-components`, `--exclude`, `--path` include filters.
- stdin/stdout (`-`), `-v` verbose, `--files-from` / `-T`.
- Content codec autodetect by magic (gzip / bzip2 / zstd / xz) with a
  decompression-bomb cap.
- Metadata: perms + mtime by default, ownership via `--preserve-owner`,
  xattrs / ACLs / SELinux as `SCHILY.xattr.*` PAX records, POSIX special files
  (FIFO, char/block devices).

## Sparse, incremental, append

- **Sparse files**: pack emits real GNU sparse entries via `SEEK_DATA` /
  `SEEK_HOLE` (holes never read from disk nor materialized in RAM); unpack
  re-punches holes (`--sparse`).
- **Incremental**: `--listed-incremental` snapshots (path/mtime/size); deletions
  replayed on restore (`--incremental`).
- **append / update**: reconstruct payload, merge by path, re-pack and re-sign.

## Performance

- **RAM-bounded packing**: tar spools to a temp file and parity shards stream to
  disk one group at a time. A 1 GB pack now runs in ~8 MB RSS (was 2.4 GB).
- Fixed a latent shard-sizing bug that could truncate large incompressible files
  in default parity mode, and removed a 6x archive-bloat floor.

## Downloads

Static-musl Linux (x86_64 / aarch64), macOS (Apple silicon / Intel), and
Windows (x86_64). Verify against `SHA256SUMS`.

Tests: 63 green (unit + integration, including forgery / fail-closed / OOM /
zip-slip and sparse + incremental coverage).