helm/pkg/provenance at main - helm - Gitea: Git with a cup of tea

dilim/helm

mirror of https://github.com/helm/helm.git synced 2026-06-24 08:48:06 +00:00

Files

Sebastien Tardif e095e690a8 fix(provenance): check error return in Digest

Return the actual error from io.Copy in Digest() instead of nil.
The previous code swallowed the error and returned an empty string
as a valid SHA-256 digest, which could silently break chart
provenance verification.

Also fix encodeRelease() in pkg/storage/driver/util.go:
- Close the gzip writer on the w.Write() error path to avoid
  leaking resources.
- Check the error return from gzip.Writer.Close(), which flushes
  remaining compressed data and can fail.

Assisted-by: Grok/xAI
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>

2026-05-21 07:28:33 -07:00

testdata

Update dependencies and refactor crypto imports to use ProtonMail's go-crypto package

2025-09-23 16:00:45 +08:00

doc.go

[HIP-0026] Plugin packaging, signing, and verification (#31176 )

2025-08-30 13:25:28 -04:00

sign_test.go

chore: fix unnecessary-format issues from revive

2026-03-23 07:07:27 +01:00

sign.go

fix(provenance): check error return in Digest

2026-05-21 07:28:33 -07:00