Skip to content

Commit

Permalink
Remove dependency on deprecated github.com/pkg/errors (#1887)
Browse files Browse the repository at this point in the history
* cmd/cosign/cli: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* cmd/sget/cli: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* internal/pkg/cosign/ephemeral: remove dependency on pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/cosign: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/oci: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/policy: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/sget: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/signature: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* go.mod: go mod tidy

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/cosign/kubernetes/webhook: remove unnecessary fmt.Sprintf

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/oci/remote: should handle error on name.NewRepository

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
  • Loading branch information
zchee authored May 17, 2022
1 parent eea6324 commit 03e66aa
Show file tree
Hide file tree
Showing 63 changed files with 322 additions and 333 deletions.
3 changes: 1 addition & 2 deletions cmd/cosign/cli/attach/attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"os"

"github.com/google/go-containerregistry/pkg/name"
"github.com/pkg/errors"
ssldsse "github.com/secure-systems-lab/go-securesystemslib/dsse"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/pkg/oci/mutate"
Expand All @@ -33,7 +32,7 @@ import (
func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signedPayload, imageRef string) error {
ociremoteOpts, err := regOpts.ClientOpts(ctx)
if err != nil {
return errors.Wrap(err, "constructing client options")
return fmt.Errorf("constructing client options: %w", err)
}

fmt.Fprintln(os.Stderr, "Using payload from:", signedPayload)
Expand Down
5 changes: 3 additions & 2 deletions cmd/cosign/cli/attest.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
package cli

import (
"github.com/pkg/errors"
"fmt"

"github.com/spf13/cobra"

"github.com/sigstore/cosign/cmd/cosign/cli/attest"
Expand Down Expand Up @@ -79,7 +80,7 @@ func Attest() *cobra.Command {
for _, img := range args {
if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.CertChain, o.NoUpload,
o.Predicate.Path, o.Force, o.Predicate.Type, o.Replace, ro.Timeout); err != nil {
return errors.Wrapf(err, "signing %s", img)
return fmt.Errorf("signing %s: %w", img, err)
}
}
return nil
Expand Down
7 changes: 3 additions & 4 deletions cmd/cosign/cli/attest/attest.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (

"github.com/google/go-containerregistry/pkg/name"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/pkg/errors"

"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
Expand Down Expand Up @@ -94,7 +93,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry

ref, err := name.ParseReference(imageRef)
if err != nil {
return errors.Wrap(err, "parsing reference")
return fmt.Errorf("parsing reference: %w", err)
}

if timeout != 0 {
Expand All @@ -119,7 +118,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry

sv, err := sign.SignerFromKeyOpts(ctx, certPath, certChainPath, ko)
if err != nil {
return errors.Wrap(err, "getting signer")
return fmt.Errorf("getting signer: %w", err)
}
defer sv.Close()
wrapped := dsse.WrapSigner(sv, types.IntotoPayloadType)
Expand Down Expand Up @@ -148,7 +147,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry
}
signedPayload, err := wrapped.SignMessage(bytes.NewReader(payload), signatureoptions.WithContext(ctx))
if err != nil {
return errors.Wrap(err, "signing")
return fmt.Errorf("signing: %w", err)
}

if noUpload {
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@
package cli

import (
"fmt"
"os"

"github.com/google/go-containerregistry/pkg/logs"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"sigs.k8s.io/release-utils/version"
Expand Down Expand Up @@ -63,7 +63,7 @@ func New() *cobra.Command {
var err error
out, err = os.Create(ro.OutputFile)
if err != nil {
return errors.Wrapf(err, "Error creating output file %s", ro.OutputFile)
return fmt.Errorf("error creating output file %s: %w", ro.OutputFile, err)
}
stdout = os.Stdout
os.Stdout = out // TODO: don't do this.
Expand Down
3 changes: 1 addition & 2 deletions cmd/cosign/cli/dockerfile/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,13 @@ package dockerfile
import (
"bufio"
"context"
"errors"
"flag"
"fmt"
"io"
"os"
"strings"

"github.com/pkg/errors"

"github.com/sigstore/cosign/cmd/cosign/cli/verify"
)

Expand Down
9 changes: 4 additions & 5 deletions cmd/cosign/cli/fulcio/fulcio.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (
"net/url"
"os"

"github.com/pkg/errors"
"golang.org/x/term"

"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots"
Expand Down Expand Up @@ -114,21 +113,21 @@ type Signer struct {
func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
fClient, err := NewClient(ko.FulcioURL)
if err != nil {
return nil, errors.Wrap(err, "creating Fulcio client")
return nil, fmt.Errorf("creating Fulcio client: %w", err)
}

idToken := ko.IDToken
// If token is not set in the options, get one from the provders
if idToken == "" && providers.Enabled(ctx) && !ko.OIDCDisableProviders {
idToken, err = providers.Provide(ctx, "sigstore")
if err != nil {
return nil, errors.Wrap(err, "fetching ambient OIDC credentials")
return nil, fmt.Errorf("fetching ambient OIDC credentials: %w", err)
}
}

priv, err := cosign.GeneratePrivateKey()
if err != nil {
return nil, errors.Wrap(err, "generating cert")
return nil, fmt.Errorf("generating cert: %w", err)
}
signer, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256)
if err != nil {
Expand All @@ -151,7 +150,7 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
}
Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain.
if err != nil {
return nil, errors.Wrap(err, "retrieving cert")
return nil, fmt.Errorf("retrieving cert: %w", err)
}

f := &Signer{
Expand Down
11 changes: 6 additions & 5 deletions cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,11 @@ import (
"bytes"
"context"
"crypto/x509"
"errors"
"fmt"
"os"
"sync"

"github.com/pkg/errors"
"github.com/sigstore/cosign/pkg/cosign/tuf"
"github.com/sigstore/sigstore/pkg/cryptoutils"
)
Expand Down Expand Up @@ -90,11 +91,11 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
if rootEnv != "" {
raw, err := os.ReadFile(rootEnv)
if err != nil {
return nil, nil, errors.Wrap(err, "error reading root PEM file")
return nil, nil, fmt.Errorf("error reading root PEM file: %w", err)
}
certs, err := cryptoutils.UnmarshalCertificatesFromPEM(raw)
if err != nil {
return nil, nil, errors.Wrap(err, "error unmarshalling certificates")
return nil, nil, fmt.Errorf("error unmarshalling certificates: %w", err)
}
for _, cert := range certs {
// root certificates are self-signed
Expand All @@ -113,7 +114,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
} else {
tufClient, err := tuf.NewFromEnv(context.Background())
if err != nil {
return nil, nil, errors.Wrap(err, "initializing tuf")
return nil, nil, fmt.Errorf("initializing tuf: %w", err)
}
defer tufClient.Close()
// Retrieve from the embedded or cached TUF root. If expired, a network
Expand All @@ -128,7 +129,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
for _, t := range targets {
certs, err := cryptoutils.UnmarshalCertificatesFromPEM(t.Target)
if err != nil {
return nil, nil, errors.Wrap(err, "error unmarshalling certificates")
return nil, nil, fmt.Errorf("error unmarshalling certificates: %w", err)
}
for _, cert := range certs {
// root certificates are self-signed
Expand Down
18 changes: 9 additions & 9 deletions cmd/cosign/cli/fulcio/fulcioverifier/ctl/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"os"

ct "github.com/google/certificate-transparency-go"
ctx509 "github.com/google/certificate-transparency-go/x509"
"github.com/google/certificate-transparency-go/x509util"
"github.com/pkg/errors"
"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier/ctutil"

"github.com/sigstore/cosign/pkg/cosign/tuf"
Expand Down Expand Up @@ -94,23 +94,23 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
}
keyID, err := ctutil.GetCTLogID(pub)
if err != nil {
return errors.Wrap(err, "error getting CTFE public key hash")
return fmt.Errorf("error getting CTFE public key hash")
}
pubKeys[keyID] = logIDMetadata{pub, t.Status}
}
} else {
fmt.Fprintf(os.Stderr, "**Warning** Using a non-standard public key for verifying SCT: %s\n", rootEnv)
raw, err := os.ReadFile(rootEnv)
if err != nil {
return errors.Wrap(err, "error reading alternate public key file")
return fmt.Errorf("error reading alternate public key file")
}
pubKey, err := getPublicKey(raw)
if err != nil {
return errors.Wrap(err, "error parsing alternate public key from the file")
return fmt.Errorf("error parsing alternate public key from the file")
}
keyID, err := ctutil.GetCTLogID(pubKey)
if err != nil {
return errors.Wrap(err, "error getting CTFE public key hash")
return fmt.Errorf("error getting CTFE public key hash")
}
pubKeys[keyID] = logIDMetadata{pubKey, tuf.Active}
}
Expand Down Expand Up @@ -150,7 +150,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
}
err := ctutil.VerifySCT(pubKeyMetadata.pubKey, []*ctx509.Certificate{cert, certChain[0]}, sct, true)
if err != nil {
return errors.Wrap(err, "error verifying embedded SCT")
return fmt.Errorf("error verifying embedded SCT")
}
if pubKeyMetadata.status != tuf.Active {
fmt.Fprintf(os.Stderr, "**Info** Successfully verified embedded SCT using an expired verification key\n")
Expand All @@ -162,7 +162,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
// check SCT in response header
var addChainResp ct.AddChainResponse
if err := json.Unmarshal(rawSCT, &addChainResp); err != nil {
return errors.Wrap(err, "unmarshal")
return fmt.Errorf("unmarshal")
}
sct, err := addChainResp.ToSignedCertificateTimestamp()
if err != nil {
Expand All @@ -174,7 +174,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
}
err = ctutil.VerifySCT(pubKeyMetadata.pubKey, []*ctx509.Certificate{cert}, sct, false)
if err != nil {
return errors.Wrap(err, "error verifying SCT")
return fmt.Errorf("error verifying SCT")
}
if pubKeyMetadata.status != tuf.Active {
fmt.Fprintf(os.Stderr, "**Info** Successfully verified SCT using an expired verification key\n")
Expand Down Expand Up @@ -217,7 +217,7 @@ func getPublicKey(in []byte) (crypto.PublicKey, error) {
// Try using the PKCS1 before giving up.
pubKey, err = x509.ParsePKCS1PublicKey(derBytes)
if err != nil {
return nil, errors.Wrap(err, "failed to parse CT log public key")
return nil, fmt.Errorf("failed to parse CT log public key: %w", err)
}
}
return pubKey, nil
Expand Down
4 changes: 1 addition & 3 deletions cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ import (
"fmt"
"os"

"github.com/pkg/errors"

"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier/ctl"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
Expand All @@ -35,7 +33,7 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*fulcio.Signer, error)

// verify the sct
if err := ctl.VerifySCT(ctx, fs.Cert, fs.Chain, fs.SCT); err != nil {
return nil, errors.Wrap(err, "verifying SCT")
return nil, fmt.Errorf("verifying SCT: %w", err)
}
fmt.Fprintln(os.Stderr, "Successfully verified SCT...")

Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/generate/generate_key_pair.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@ package generate
import (
"context"
"crypto"
"errors"
"fmt"
"io"
"os"
"strings"

"github.com/pkg/errors"
"github.com/sigstore/cosign/pkg/cosign/git"
"github.com/sigstore/cosign/pkg/cosign/git/github"
"github.com/sigstore/cosign/pkg/cosign/git/gitlab"
Expand All @@ -48,7 +48,7 @@ func GenerateKeyPairCmd(ctx context.Context, kmsVal string, args []string) error
}
pubKey, err := k.CreateKey(ctx, k.DefaultAlgorithm())
if err != nil {
return errors.Wrap(err, "creating key")
return fmt.Errorf("creating key: %w", err)
}
pemBytes, err := cryptoutils.MarshalPublicKeyToPEM(pubKey)
if err != nil {
Expand Down
6 changes: 3 additions & 3 deletions cmd/cosign/cli/load.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ package cli

import (
"context"
"fmt"

"github.com/google/go-containerregistry/pkg/name"
"github.com/pkg/errors"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/pkg/oci/layout"
"github.com/sigstore/cosign/pkg/oci/remote"
Expand Down Expand Up @@ -47,13 +47,13 @@ func Load() *cobra.Command {
func LoadCmd(ctx context.Context, opts options.LoadOptions, imageRef string) error {
ref, err := name.ParseReference(imageRef)
if err != nil {
return errors.Wrapf(err, "parsing image name %s", imageRef)
return fmt.Errorf("parsing image name %s: %w", imageRef, err)
}

// get the signed image from disk
sii, err := layout.SignedImageIndex(opts.Directory)
if err != nil {
return errors.Wrap(err, "signed image index")
return fmt.Errorf("signed image index: %w", err)
}
return remote.WriteSignedImageIndexImages(ref, sii)
}
4 changes: 2 additions & 2 deletions cmd/cosign/cli/manifest/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,14 @@ package manifest
import (
"bytes"
"context"
"errors"
"flag"
"fmt"
"io"
"os"
"path/filepath"
"strings"

"github.com/pkg/errors"
"k8s.io/apimachinery/pkg/util/yaml"

"github.com/sigstore/cosign/cmd/cosign/cli/verify"
Expand All @@ -45,7 +45,7 @@ func (c *VerifyManifestCommand) Exec(ctx context.Context, args []string) error {

err := isExtensionAllowed(manifestPath)
if err != nil {
return errors.Wrap(err, "check if extension is valid")
return fmt.Errorf("check if extension is valid: %w", err)
}
manifest, err := os.ReadFile(manifestPath)
if err != nil {
Expand Down
3 changes: 1 addition & 2 deletions cmd/cosign/cli/options/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"strings"
"unicode/utf8"

"github.com/pkg/errors"
"github.com/spf13/cobra"
)

Expand All @@ -40,7 +39,7 @@ func (o *OIDCOptions) ClientSecret() (string, error) {
if o.clientSecretFile != "" {
clientSecretBytes, err := os.ReadFile(o.clientSecretFile)
if err != nil {
return "", errors.Wrap(err, "reading OIDC client secret")
return "", fmt.Errorf("reading OIDC client secret: %w", err)
}
if !utf8.Valid(clientSecretBytes) {
return "", fmt.Errorf("OIDC client secret in file %s not valid utf8", o.clientSecretFile)
Expand Down
Loading

0 comments on commit 03e66aa

Please sign in to comment.