Documentation
¶
Overview ¶
Package verify performs PGP signature verification against a freshly cloned GitRepository's HEAD commit and/or referenced tag, matching source-controller's spec.verify behavior.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Signatures ¶
func Signatures(secrets source.SecretGetter, ns, name, secretRefName string, mode GitVerificationMode, tagName string, cloned *git.Repository, resolvedRef plumbing.Hash) error
Signatures applies PGP verification for the given namespace/name owner, looking up the keyring secret secretRefName in ns, applying the given mode, and (for tag/tagAndHEAD modes) verifying the annotated tag tagName. Pass tagName="" when mode does not require it. Returns nil when mode is unrecognised/empty (i.e. no verification configured).
Fails loud on any failure — missing secret, malformed keys, unsigned/badly-signed object.
The Secret named by secretRefName may carry multiple ASCII-armored public keys (any *.asc filename); they're concatenated into a single keyring before verification.
Types ¶
type GitVerificationMode ¶
type GitVerificationMode = sourcev1.GitVerificationMode
GitVerificationMode is the Flux GitVerificationMode type re-exported so callers do not need to import sourcev1 just to call Signatures.
Source Files