Appearance
plexctl artifact
Synopsis
plexctl artifact is the read-only operator surface for the plexd artifact registry. Each record indexes an upstream plexd release line — its per-architecture checksums, support status (supported, deprecated, withdrawn), and supply-chain verification verdict (verified, unverified). The registry is curated through a separate management path; this CLI family only exposes the public read operations on /v1/artifacts/plexd.
text
plexctl artifact <subcommand> [flags]Subcommands
plexctl artifact list
GETs /v1/artifacts/plexd. Pagination is keyset-based via --cursor / --limit; the response carries a next_cursor the caller threads into the next --cursor to walk the pages. The text render is a table of version, support status, verdict, and the registry's created/updated timestamps.
plexctl artifact get <version>
GETs /v1/artifacts/plexd/{version}. Fetches a single release record by its version string. The text render is the same column set as list, for the one matched record.
plexctl artifact get-signature <version>
GETs /v1/artifacts/plexd/{version}/sigstore. Downloads the Sigstore bundle for the named release. The endpoint returns application/octet-stream, so the CLI streams the raw bytes verbatim to stdout rather than routing them through the --output renderer — the bundle is an opaque artifact meant to be piped into cosign or sigstore-go, and re-encoding it would corrupt the verification input. On a non-200 response the upstream problem document is rendered and the command exits non-zero.
Flags
plexctl artifact list
| Flag | Type | Required | Description |
|---|---|---|---|
--limit | int | no | Maximum items per page (server default when zero). |
--cursor | string | no | Continuation token returned by a previous call's next_cursor. |
plexctl artifact get <version>
This subcommand takes the <version> positional argument and no subcommand-specific flags.
plexctl artifact get-signature <version>
This subcommand takes the <version> positional argument and no subcommand-specific flags.
Persistent flags inherited from root
--server, --profile, --token-file, --output. See ../plexctl.md.
The --output format applies to list and get only; get-signature always writes the raw bundle bytes to stdout regardless of the format selected.
Exit codes
See ../plexctl.md#exit-code-taxonomy.
Examples
List indexed plexd release artifacts
shell
plexctl artifact list \
--server "${PLEXSPHERE_URL}" \
--output jsonWalk the pages with a cursor
shell
plexctl artifact list \
--server "${PLEXSPHERE_URL}" \
--limit 50 \
--cursor "eyJvZmZzZXQiOjUwfQ"Inspect a single release record
shell
plexctl artifact get v1.4.2 \
--server "${PLEXSPHERE_URL}" \
--output yamlDownload and verify a Sigstore bundle
shell
plexctl artifact get-signature v1.4.2 \
--server "${PLEXSPHERE_URL}" > plexd-v1.4.2.sigstore.jsonThe downloaded bundle can then be verified independently with cosign or sigstore-go.