MCPcopy
hub / github.com/helm/helm / run

Method run

pkg/cmd/plugin_verify.go:70–124  ·  view source on GitHub ↗
(out io.Writer)

Source from the content-addressed store, hash-verified

68}
69
70func (o *pluginVerifyOptions) run(out io.Writer) error {
71 // Verify the plugin path exists
72 fi, err := os.Stat(o.pluginPath)
73 if err != nil {
74 return err
75 }
76
77 // Only support tarball verification
78 if fi.IsDir() {
79 return errors.New("directory verification not supported - only plugin tarballs can be verified")
80 }
81
82 // Verify it's a tarball
83 if !plugin.IsTarball(o.pluginPath) {
84 return errors.New("plugin file must be a gzipped tarball (.tar.gz or .tgz)")
85 }
86
87 // Look for provenance file
88 provFile := o.pluginPath + ".prov"
89 if _, err := os.Stat(provFile); err != nil {
90 return fmt.Errorf("could not find provenance file %s: %w", provFile, err)
91 }
92
93 // Read the files
94 archiveData, err := os.ReadFile(o.pluginPath)
95 if err != nil {
96 return fmt.Errorf("failed to read plugin file: %w", err)
97 }
98
99 provData, err := os.ReadFile(provFile)
100 if err != nil {
101 return fmt.Errorf("failed to read provenance file: %w", err)
102 }
103
104 // Verify the plugin using data
105 verification, err := plugin.VerifyPlugin(archiveData, provData, filepath.Base(o.pluginPath), o.keyring)
106 if err != nil {
107 return err
108 }
109
110 // Output verification details
111 for name := range verification.SignedBy.Identities {
112 fmt.Fprintf(out, "Signed by: %v\n", name)
113 }
114 fmt.Fprintf(out, "Using Key With Fingerprint: %X\n", verification.SignedBy.PrimaryKey.Fingerprint)
115
116 // Only show hash for tarballs
117 if verification.FileHash != "" {
118 fmt.Fprintf(out, "Plugin Hash Verified: %s\n", verification.FileHash)
119 } else {
120 fmt.Fprintf(out, "Plugin Metadata Verified: %s\n", verification.FileName)
121 }
122
123 return nil
124}

Callers 1

newPluginVerifyCmdFunction · 0.95

Calls 2

IsTarballFunction · 0.92
VerifyPluginFunction · 0.92

Tested by

no test coverage detected