@@ -211,13 +211,16 @@ def verify_signatures(self):
211211 logging .error (f'Unable to verify signatures, the specified allowed signers file does not exist!' )
212212 return False
213213
214+ self .signatures = {}
214215 for (file , sig_file ) in [(self .local_path , self .local_sig_path ), (self .local_metadata_path , self .local_metadata_sig_path )]:
215216 verify_cmd = subprocess .run (
216- [verify_script , '--verify' , '--allowed-signers-file' , allowed_signers_file , '--file' , file , '--signature-file' , sig_file ],
217+ [verify_script , '--verify' , '--terse' , '-- allowed-signers-file'allowed_signers_file , '--file' , file , '--signature-file' , sig_file ],
217218 stdout = subprocess .PIPE ,
218219 stderr = subprocess .PIPE )
219220 if verify_cmd .returncode == 0 :
220- logging .debug (f'Signature for { file } )
221+ signature = json .loads (verify_cmd .stdout .decode ('utf-8' ))
222+ self .signatures [file ] = signature
223+ logging .debug (f'Signature for { file } { signature } )
221224 else :
222225 logging .error (f'Failed to verify signature for { file } )
223226 return False
@@ -394,7 +397,11 @@ def make_approval_request(self):
394397 )
395398 pr_title = '[%s] Ingest %s' % (self .cvmfs_repo , filename )
396399 if self .sig_verified :
397- pr_body += "\n \n :heavy_check_mark: :closed_lock_with_key: The signature of this tarball has been successfully verified."
400+ pr_body += "\n \n :heavy_check_mark: :closed_lock_with_key: The signature of this tarball has been successfully verified:\n "
401+ for path , meta in self .signatures .items ():
402+ identity = meta .get ("identity" , "unknown" )
403+ namespace = meta .get ("namespace" , "unknown" )
404+ pr_body += f"- `{ path } \n - identity=`{ identity } { namespace } \n "
398405 pr_title += ' :closed_lock_with_key:'
399406 self .git_repo .create_pull (title = pr_title , body = pr_body , head = git_branch , base = 'main' )
400407 except Exception as err :
0 commit comments