Support (image trust show) for sigstoreSigned entries

sigstoreSigned does not have GPG IDs, so we add N/A in that column.

NOTE: this does not show the use-sigstore-attachments value from
registries.d.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

1 files changed, 16 insertions, 8 deletions

diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 5f292083f..a27ce5a85 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -100,15 +100,23 @@ func descriptionsOfPolicyRequirements(reqs []repoContent, template Policy, regis
 		entry := template
 		entry.Type = trustTypeDescription(repoele.Type)
 
-		uids := []string{}
-		if len(repoele.KeyPath) > 0 {
-			uids = append(uids, idReader(repoele.KeyPath)...)
-		}
-		if len(repoele.KeyData) > 0 {
-			uids = append(uids, getGPGIdFromKeyData(idReader, repoele.KeyData)...)
+		var gpgIDString string
+		switch repoele.Type {
+		case "signedBy":
+			uids := []string{}
+			if len(repoele.KeyPath) > 0 {
+				uids = append(uids, idReader(repoele.KeyPath)...)
+			}
+			if len(repoele.KeyData) > 0 {
+				uids = append(uids, getGPGIdFromKeyData(idReader, repoele.KeyData)...)
+			}
+			gpgIDString = strings.Join(uids, ", ")
+
+		case "sigstoreSigned":
+			gpgIDString = "N/A" // We could potentially return key fingerprints here, but they would not be _GPG_ fingerprints.
 		}
-		entry.GPGId = strings.Join(uids, ", ")
-		entry.SignatureStore = lookasidePath
+		entry.GPGId = gpgIDString
+		entry.SignatureStore = lookasidePath // We do this even for sigstoreSigned and things like type: reject, to show that the sigstore is being read.
 		res = append(res, &entry)
 	}