pub(super) fn verify_signature(
artifact: &str,
data: &[u8],
encoded_signature: &str,
public_key: &PublicKey,
expected_trusted_comments: &[&str],
) -> Result<(), InstallerError>Expand description
Verifies a minisign signature over data and checks that every entry in
expected_trusted_comments appears in the signature’s trusted comment
(tab-separated tokens). This prevents cross-extension substitution and
version replay attacks.