From 0ea7921c8efd5e9e48fcd0f8d59d4eae91fdd1ed Mon Sep 17 00:00:00 2001
From: Caleb Xu <caxu@redhat.com>
Date: Mon, 11 May 2026 13:28:03 -0400
Subject: [PATCH] fix(verifier): return digest error when public key digest
 fails

Previously GetPublicKeyDigest errors were dropped and the outer verify
error (which is always nil at this point) was returned instead.
---
 internal/chartverifier/verifier.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/chartverifier/verifier.go b/internal/chartverifier/verifier.go
index 7c73fd3c..3ede84e6 100644
--- a/internal/chartverifier/verifier.go
+++ b/internal/chartverifier/verifier.go
@@ -17,6 +17,7 @@
 package chartverifier
 
 import (
+	"fmt"
 	"strings"
 	"time"
 
@@ -136,7 +137,7 @@ func (c *verifier) Verify(uri string) (*apiReport.Report, error) {
 			if len(c.publicKeys) == 1 && strings.Contains(r.Reason, checks.ChartSigned) {
 				publicKeyDigest, digestErr := tool.GetPublicKeyDigest(c.publicKeys[0])
 				if digestErr != nil {
-					return nil, err
+					return nil, fmt.Errorf("error getting public key digest: %w", digestErr)
 				}
 				result.SetPublicKeyDigest(publicKeyDigest)
 			}