MCPcopy
hub / github.com/helm/helm / SignPlugin

Function SignPlugin

internal/plugin/sign.go:38–53  ·  view source on GitHub ↗

SignPlugin signs a plugin using the SHA256 hash of the tarball data. This is used when packaging and signing a plugin from tarball data. It creates a signature that includes the tarball hash and plugin metadata, allowing verification of the original tarball later.

(tarballData []byte, filename string, signer *provenance.Signatory)

Source from the content-addressed store, hash-verified

36// It creates a signature that includes the tarball hash and plugin metadata,
37// allowing verification of the original tarball later.
38func SignPlugin(tarballData []byte, filename string, signer *provenance.Signatory) (string, error) {
39 // Extract plugin metadata from tarball data
40 pluginMeta, err := ExtractTgzPluginMetadata(bytes.NewReader(tarballData))
41 if err != nil {
42 return "", fmt.Errorf("failed to extract plugin metadata: %w", err)
43 }
44
45 // Marshal plugin metadata to YAML bytes
46 metadataBytes, err := yaml.Marshal(pluginMeta)
47 if err != nil {
48 return "", fmt.Errorf("failed to marshal plugin metadata: %w", err)
49 }
50
51 // Use the generic provenance signing function
52 return signer.ClearSign(tarballData, filename, metadataBytes)
53}
54
55// ExtractTgzPluginMetadata extracts plugin metadata from a gzipped tarball reader
56func ExtractTgzPluginMetadata(r io.Reader) (*Metadata, error) {

Callers 3

runMethod · 0.92
TestSignPluginFunction · 0.85
TestVerifyPluginFunction · 0.85

Calls 2

ExtractTgzPluginMetadataFunction · 0.85
ClearSignMethod · 0.80

Tested by 2

TestSignPluginFunction · 0.68
TestVerifyPluginFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…