From 95cb000beff79d69d2385fe87cce8fa37fccb016 Mon Sep 17 00:00:00 2001 From: Javier Rodriguez Date: Tue, 13 Jan 2026 13:51:38 +0100 Subject: [PATCH] fix(signature): Prevent setting signature algorithm if no verification Signed-off-by: Javier Rodriguez --- pkg/attestation/renderer/chainloop/v02.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/attestation/renderer/chainloop/v02.go b/pkg/attestation/renderer/chainloop/v02.go index 372bff3dd..d4192f046 100644 --- a/pkg/attestation/renderer/chainloop/v02.go +++ b/pkg/attestation/renderer/chainloop/v02.go @@ -144,11 +144,12 @@ func commitAnnotations(c *v1.Commit) (*structpb.Struct, error) { annotationsRaw[subjectGitAnnotationSignature] = c.GetSignature() } - // add author verification only if exists - if c.GetPlatformVerification() != nil { - pv := c.GetPlatformVerification() + // add verification only if exists as well as its fields + if pv := c.GetPlatformVerification(); pv != nil { annotationsRaw[subjectGitAnnotationAuthorVerificationStatus] = pv.GetStatus().String() - annotationsRaw[subjectGitAnnotationSignatureAlgorithm] = pv.GetSignatureAlgorithm() + if sig := pv.GetSignatureAlgorithm(); sig != "" { + annotationsRaw[subjectGitAnnotationSignatureAlgorithm] = sig + } } if remotes := c.GetRemotes(); len(remotes) > 0 {