pub fn pull_module(
artifact_ref: &str,
output_dir: &Path,
signature_policy: SignaturePolicy<'_>,
printer: Option<&Printer>,
) -> Result<(), OciError>Expand description
Pull a module from an OCI registry and extract it to output_dir.
signature_policy controls cryptographic signature verification:
SignaturePolicy::None— no verification (default).SignaturePolicy::RequireKey { path }— run realcosign verify --key, fail the pull if it does not succeed.SignaturePolicy::RequireKeyless { identity, issuer }— run real keyless verification with the supplied constraints, fail the pull if it does not succeed.
Prior to v0.4.0 this took a bool and only checked for the presence of
a signature manifest (HEAD on <tag>.sig) — a TOFU sentinel an attacker
who could push to the registry could trivially satisfy. The current API
requires callers to supply the verifying key (or identity/issuer) so the
trust decision is explicit and cryptographically enforced.