client: enable git signature checks via policy

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-11-19 17:42:09 +03:00 · 2025-11-07 15:38:08 -08:00
parent 474cae70a5
commit a372e4e65e
5 changed files with 297 additions and 18 deletions
--- a/source/git/source.go
+++ b/source/git/source.go
@@ -113,6 +113,26 @@ func (gs *Source) Identifier(scheme, ref string, attrs map[string]string, platfo
 			if v == "true" {
 				id.SkipSubmodules = true
 			}
+		case pb.AttrGitSignatureVerifyPubKey:
+			if id.VerifySignature == nil {
+				id.VerifySignature = &GitSignatureVerifyOptions{}
+			}
+			id.VerifySignature.PubKey = []byte(v)
+		case pb.AttrGitSignatureVerifyRejectExpired:
+			if id.VerifySignature == nil {
+				id.VerifySignature = &GitSignatureVerifyOptions{}
+			}
+			id.VerifySignature.RejectExpiredKeys = v == "true"
+		case pb.AttrGitSignatureVerifyRequireSignedTag:
+			if id.VerifySignature == nil {
+				id.VerifySignature = &GitSignatureVerifyOptions{}
+			}
+			id.VerifySignature.RequireSignedTag = v == "true"
+		case pb.AttrGitSignatureVerifyIgnoreSignedTag:
+			if id.VerifySignature == nil {
+				id.VerifySignature = &GitSignatureVerifyOptions{}
+			}
+			id.VerifySignature.IgnoreSignedTag = v == "true"
 		}
 	}