Fix plugin verification docs: replace removed CLI commands#1501
Fix plugin verification docs: replace removed CLI commands#1501
Conversation
…g instructions The plugin key management CLI commands (mattermost plugin add key, mattermost plugin keys, mattermost plugin delete key) were removed in Mattermost v6.3.0 (commit 8f01a1b5a1, MM-36448) and were never added to mmctl. The documentation also had incorrect syntax even before removal (docs said "plugin add key" but actual command was "plugin keys add"). Replace the non-existent CLI commands with the current method: configuring PluginSettings.SignaturePublicKeyFiles in config.json.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughDocumentation replaced CLI-based plugin public key management with configuration-driven verification. Plugin signatures are verified against a built-in Mattermost public key plus any additional public keys listed in Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Newest code from mattermost has been published to preview environment for Git SHA ad7306c |
|
Newest code from mattermost has been published to preview environment for Git SHA 0fccd5e |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Updates the “Plugin verification” documentation to remove references to legacy mattermost plugin ... key(s) CLI commands (removed in Mattermost v6.3.0) and replaces them with the current configuration-based approach for adding plugin signature verification keys.
Changes:
- Replaced removed legacy CLI key-management commands with
PluginSettings.SignaturePublicKeyFilesconfiguration guidance. - Clarified that plugin verification checks both the built-in Mattermost key and any additional admin-configured keys.
- Added a
config.jsonsnippet and note about where key files must be stored.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Newest code from mattermost has been published to preview environment for Git SHA 0fccd5e |
…ate' The plugin signing section used 'public key certificate' and 'default certificate', while the verification section used 'public key'. Since the feature uses GPG (not X.509), 'public key' is the correct term. This also matches the source code terminology in plugin_signature.go.
|
Newest code from mattermost has been published to preview environment for Git SHA a77380f |
|
Newest code from mattermost has been published to preview environment for Git SHA 6e484e3 |
Summary
mattermostCLI commands (mattermost plugin add key,mattermost plugin keys,mattermost plugin delete key) that were removed in Mattermost v6.3.0 (commit8f01a1b5a1, MM-36448: Removes legacy CLI commands).mmctl— the currentmmctl pluginsubcommands (add,install-url,delete,enable,disable,list) do not include any key management functionality.PluginSettings.SignaturePublicKeyFilesinconfig.json.server/channels/app/plugin_signature.go).