pub fn verify_commit(root: &Path, sha: &str) -> Option<bool>Expand description
Verify a commit’s signature via git verify-commit <sha>.
Returns:
Some(true)—verify-commitexited 0 (a good signature that verified against the local keyring).Some(false)— it exited non-zero: the commit is unsigned, or the signature didn’t verify (e.g. signed with a key not in the local keyring).None—gitisn’t on PATH (the shell-out itself failed). Callers iterating commits from a valid repo never see this; it’s the advisory-posture escape hatch.
This reflects git’s own verdict and deliberately does NOT
distinguish “unsigned” from “signed with an untrusted key” —
trust is the user’s GPG config / .git/allowed_signers, not this
rule’s job.