From 62278a6c7bf00080a8de3d2720b1bd18927a3143 Mon Sep 17 00:00:00 2001
From: Andrea Tartaglia <me@andreatartaglia.com>
Date: Fri, 25 Jul 2025 11:39:16 +0200
Subject: [PATCH] add verification message

`dl.DownloadTo` already handles the actual verification. This adds the
"signed by" messages if verify is defined

Signed-off-by: Andrea Tartaglia <me@andreatartaglia.com>
---
 pkg/downloader/manager.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/downloader/manager.go b/pkg/downloader/manager.go
index 42e6333c0..c096c5eb9 100644
--- a/pkg/downloader/manager.go
+++ b/pkg/downloader/manager.go
@@ -353,11 +353,20 @@ func (m *Manager) downloadAll(deps []*chart.Dependency) error {
 				getter.WithTagName(version))
 		}
 
-		if _, _, err = dl.DownloadTo(churl, version, tmpPath); err != nil {
+		_, v, err := dl.DownloadTo(churl, version, tmpPath)
+		if err != nil {
 			saveError = fmt.Errorf("could not download %s: %w", churl, err)
 			break
 		}
 
+		if m.Verify != VerifyNever {
+			for name := range v.SignedBy.Identities {
+				fmt.Fprintf(m.Out, "Signed by: %v\n", name)
+			}
+			fmt.Fprintf(m.Out, "Using Key With Fingerprint: %X\n", v.SignedBy.PrimaryKey.Fingerprint)
+			fmt.Fprintf(m.Out, "Chart Hash Verified: %s\n", v.FileHash)
+		}
+
 		if m.Untar {
 			chartutil.ExpandFile(m.ChartPath+"/charts/", tmpPath)
 		}