From 1900edac990140f1b2e94412b2e268395337195b Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Fri, 2 Dec 2022 09:40:52 +0900 Subject: [PATCH 1/3] fix: fix the package version to v2 ``` git ls-files | grep ".go$" | xargs -n 1 gsed -i "s|github.com/slsa-framework/slsa-verifier|github.com/slsa-framework/slsa-verifier/v2|g" ``` Signed-off-by: Shunsuke Suzuki --- cli/experimental/service/main.go | 2 +- cli/slsa-verifier/main_test.go | 8 ++++---- cli/slsa-verifier/verify.go | 2 +- cli/slsa-verifier/verify/options.go | 2 +- cli/slsa-verifier/verify/verify_artifact.go | 6 +++--- cli/slsa-verifier/verify/verify_image.go | 8 ++++---- experimental/rest/service.go | 4 ++-- register/register.go | 4 ++-- verifiers/internal/gcb/keys/keys.go | 2 +- verifiers/internal/gcb/provenance.go | 8 ++++---- verifiers/internal/gcb/provenance_test.go | 6 +++--- verifiers/internal/gcb/verifier.go | 10 +++++----- verifiers/internal/gha/builder.go | 6 +++--- verifiers/internal/gha/builder_test.go | 4 ++-- verifiers/internal/gha/provenance.go | 4 ++-- verifiers/internal/gha/provenance_test.go | 2 +- verifiers/internal/gha/rekor.go | 2 +- verifiers/internal/gha/rekor_test.go | 2 +- verifiers/internal/gha/verifier.go | 10 +++++----- verifiers/utils/builder.go | 2 +- verifiers/utils/builder_test.go | 2 +- verifiers/utils/container/container.go | 2 +- verifiers/verifier.go | 12 ++++++------ 23 files changed, 55 insertions(+), 55 deletions(-) diff --git a/cli/experimental/service/main.go b/cli/experimental/service/main.go index ad5c896a7..1bfd79495 100644 --- a/cli/experimental/service/main.go +++ b/cli/experimental/service/main.go @@ -8,7 +8,7 @@ import ( "github.com/gorilla/mux" - "github.com/slsa-framework/slsa-verifier/experimental/rest" + "github.com/slsa-framework/slsa-verifier/v2/experimental/rest" ) func main() { diff --git a/cli/slsa-verifier/main_test.go b/cli/slsa-verifier/main_test.go index 41c393004..961df0922 100644 --- a/cli/slsa-verifier/main_test.go +++ b/cli/slsa-verifier/main_test.go @@ -19,9 +19,9 @@ import ( "github.com/sigstore/cosign/pkg/oci" "github.com/sigstore/cosign/pkg/oci/layout" - "github.com/slsa-framework/slsa-verifier/cli/slsa-verifier/verify" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/verifiers/utils/container" + "github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier/verify" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils/container" ) func errCmp(e1, e2 error) bool { @@ -475,7 +475,7 @@ func Test_runVerifyGHAArtifactPath(t *testing.T) { { name: "regression: sharded uuids", artifact: "binary-linux-amd64-sharded", - source: "github.com/slsa-framework/slsa-verifier", + source: "github.com/slsa-framework/slsa-verifier/v2", pbranch: pString("release/v1.0"), pBuilderID: pString("https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml"), noversion: true, diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go index 54a573289..f88fef74b 100644 --- a/cli/slsa-verifier/verify.go +++ b/cli/slsa-verifier/verify.go @@ -19,7 +19,7 @@ import ( "fmt" "os" - "github.com/slsa-framework/slsa-verifier/cli/slsa-verifier/verify" + "github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier/verify" "github.com/spf13/cobra" ) diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go index c5c4796de..9af23e5c5 100644 --- a/cli/slsa-verifier/verify/options.go +++ b/cli/slsa-verifier/verify/options.go @@ -18,7 +18,7 @@ import ( "fmt" "strings" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" "github.com/spf13/cobra" ) diff --git a/cli/slsa-verifier/verify/verify_artifact.go b/cli/slsa-verifier/verify/verify_artifact.go index 28664551e..cf7b62340 100644 --- a/cli/slsa-verifier/verify/verify_artifact.go +++ b/cli/slsa-verifier/verify/verify_artifact.go @@ -22,9 +22,9 @@ import ( "io" "os" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) // Note: nil branch, tag, version-tag and builder-id means we ignore them during verification. diff --git a/cli/slsa-verifier/verify/verify_image.go b/cli/slsa-verifier/verify/verify_image.go index 53de39c58..3dfe14e4d 100644 --- a/cli/slsa-verifier/verify/verify_image.go +++ b/cli/slsa-verifier/verify/verify_image.go @@ -19,10 +19,10 @@ import ( "fmt" "os" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" - "github.com/slsa-framework/slsa-verifier/verifiers/utils/container" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils/container" ) type ComputeDigestFn func(string) (string, error) diff --git a/experimental/rest/service.go b/experimental/rest/service.go index cfe2df229..ab1d91303 100644 --- a/experimental/rest/service.go +++ b/experimental/rest/service.go @@ -9,8 +9,8 @@ import ( "io" "net/http" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers" ) var errInvalid = errors.New("invalid") diff --git a/register/register.go b/register/register.go index 71d8a931c..d3eb53a49 100644 --- a/register/register.go +++ b/register/register.go @@ -3,8 +3,8 @@ package register import ( "context" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) var SLSAVerifiers = make(map[string]SLSAVerifier) diff --git a/verifiers/internal/gcb/keys/keys.go b/verifiers/internal/gcb/keys/keys.go index e7d8367e6..93aad6b0b 100644 --- a/verifiers/internal/gcb/keys/keys.go +++ b/verifiers/internal/gcb/keys/keys.go @@ -9,7 +9,7 @@ import ( "io/fs" "path" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) //go:embed materials/* diff --git a/verifiers/internal/gcb/provenance.go b/verifiers/internal/gcb/provenance.go index 6477d379e..f026127e1 100644 --- a/verifiers/internal/gcb/provenance.go +++ b/verifiers/internal/gcb/provenance.go @@ -15,10 +15,10 @@ import ( intoto "github.com/in-toto/in-toto-golang/in_toto" dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers/internal/gcb/keys" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/keys" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) var GCBBuilderIDs = []string{ diff --git a/verifiers/internal/gcb/provenance_test.go b/verifiers/internal/gcb/provenance_test.go index a7505c26e..dd5013f1f 100644 --- a/verifiers/internal/gcb/provenance_test.go +++ b/verifiers/internal/gcb/provenance_test.go @@ -10,9 +10,9 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) // This function sets the statement of the proveannce, as if diff --git a/verifiers/internal/gcb/verifier.go b/verifiers/internal/gcb/verifier.go index 522e8af41..d79733aec 100644 --- a/verifiers/internal/gcb/verifier.go +++ b/verifiers/internal/gcb/verifier.go @@ -3,11 +3,11 @@ package gcb import ( "context" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" - register "github.com/slsa-framework/slsa-verifier/register" - _ "github.com/slsa-framework/slsa-verifier/verifiers/internal/gcb/keys" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" + register "github.com/slsa-framework/slsa-verifier/v2/register" + _ "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/keys" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) const VerifierName = "GCB" diff --git a/verifiers/internal/gha/builder.go b/verifiers/internal/gha/builder.go index 1f4993656..645da8f20 100644 --- a/verifiers/internal/gha/builder.go +++ b/verifiers/internal/gha/builder.go @@ -8,9 +8,9 @@ import ( "golang.org/x/mod/semver" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) var ( diff --git a/verifiers/internal/gha/builder_test.go b/verifiers/internal/gha/builder_test.go index 90940d53b..8dac4bd6d 100644 --- a/verifiers/internal/gha/builder_test.go +++ b/verifiers/internal/gha/builder_test.go @@ -6,8 +6,8 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" ) func Test_VerifyWorkflowIdentity(t *testing.T) { diff --git a/verifiers/internal/gha/provenance.go b/verifiers/internal/gha/provenance.go index 5b179474e..6a471e582 100644 --- a/verifiers/internal/gha/provenance.go +++ b/verifiers/internal/gha/provenance.go @@ -17,8 +17,8 @@ import ( "github.com/sigstore/rekor/pkg/generated/models" "github.com/slsa-framework/slsa-github-generator/signing/envelope" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" ) // SignedAttestation contains a signed DSSE envelope diff --git a/verifiers/internal/gha/provenance_test.go b/verifiers/internal/gha/provenance_test.go index aebc54214..86ffe232d 100644 --- a/verifiers/internal/gha/provenance_test.go +++ b/verifiers/internal/gha/provenance_test.go @@ -9,7 +9,7 @@ import ( intoto "github.com/in-toto/in-toto-golang/in_toto" slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) func provenanceFromBytes(payload []byte) (*intoto.ProvenanceStatement, error) { diff --git a/verifiers/internal/gha/rekor.go b/verifiers/internal/gha/rekor.go index 1e236488c..e1e145282 100644 --- a/verifiers/internal/gha/rekor.go +++ b/verifiers/internal/gha/rekor.go @@ -31,7 +31,7 @@ import ( "github.com/sigstore/sigstore/pkg/signature/dsse" "github.com/slsa-framework/slsa-github-generator/signing/envelope" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) const ( diff --git a/verifiers/internal/gha/rekor_test.go b/verifiers/internal/gha/rekor_test.go index 2182d202e..804987ee8 100644 --- a/verifiers/internal/gha/rekor_test.go +++ b/verifiers/internal/gha/rekor_test.go @@ -9,7 +9,7 @@ import ( "github.com/sigstore/rekor/pkg/generated/client" "github.com/sigstore/rekor/pkg/generated/client/index" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) type searchResult struct { diff --git a/verifiers/internal/gha/verifier.go b/verifiers/internal/gha/verifier.go index d6a023060..0a7bcd387 100644 --- a/verifiers/internal/gha/verifier.go +++ b/verifiers/internal/gha/verifier.go @@ -13,11 +13,11 @@ import ( "github.com/sigstore/cosign/pkg/cosign" "github.com/sigstore/rekor/pkg/client" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/register" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" - "github.com/slsa-framework/slsa-verifier/verifiers/utils/container" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/register" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils/container" ) const VerifierName = "GHA" diff --git a/verifiers/utils/builder.go b/verifiers/utils/builder.go index 990284b76..f5443c928 100644 --- a/verifiers/utils/builder.go +++ b/verifiers/utils/builder.go @@ -4,7 +4,7 @@ import ( "fmt" "strings" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) type TrustedBuilderID struct { diff --git a/verifiers/utils/builder_test.go b/verifiers/utils/builder_test.go index 0ce6c9e2d..fa5111109 100644 --- a/verifiers/utils/builder_test.go +++ b/verifiers/utils/builder_test.go @@ -7,7 +7,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) func Test_ParseBuilderID(t *testing.T) { diff --git a/verifiers/utils/container/container.go b/verifiers/utils/container/container.go index c70470482..2d89ab642 100644 --- a/verifiers/utils/container/container.go +++ b/verifiers/utils/container/container.go @@ -7,7 +7,7 @@ import ( "github.com/google/go-containerregistry/pkg/crane" crname "github.com/google/go-containerregistry/pkg/name" - serrors "github.com/slsa-framework/slsa-verifier/errors" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" ) func GetImageDigest(image string) (string, error) { diff --git a/verifiers/verifier.go b/verifiers/verifier.go index e7e52046b..e8ce53fbc 100644 --- a/verifiers/verifier.go +++ b/verifiers/verifier.go @@ -4,12 +4,12 @@ import ( "context" "fmt" - serrors "github.com/slsa-framework/slsa-verifier/errors" - "github.com/slsa-framework/slsa-verifier/options" - "github.com/slsa-framework/slsa-verifier/register" - _ "github.com/slsa-framework/slsa-verifier/verifiers/internal/gcb" - "github.com/slsa-framework/slsa-verifier/verifiers/internal/gha" - "github.com/slsa-framework/slsa-verifier/verifiers/utils" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/register" + _ "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) func getVerifier(builderOpts *options.BuilderOpts) (register.SLSAVerifier, error) { From 6c7df96f4754ea78172e85c2de137d91ab299a2d Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Fri, 2 Dec 2022 09:41:30 +0900 Subject: [PATCH 2/3] fix: fix the package version to v2 Signed-off-by: Shunsuke Suzuki --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 4b660098c..5eae8e0ea 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/slsa-framework/slsa-verifier +module github.com/slsa-framework/slsa-verifier/v2 go 1.18 From 43875937354943824e78f463056aab035085ffda Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Fri, 2 Dec 2022 10:03:00 +0900 Subject: [PATCH 3/3] test: fix source Signed-off-by: Shunsuke Suzuki --- cli/slsa-verifier/main_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/slsa-verifier/main_test.go b/cli/slsa-verifier/main_test.go index 961df0922..5e24d5ecd 100644 --- a/cli/slsa-verifier/main_test.go +++ b/cli/slsa-verifier/main_test.go @@ -475,7 +475,7 @@ func Test_runVerifyGHAArtifactPath(t *testing.T) { { name: "regression: sharded uuids", artifact: "binary-linux-amd64-sharded", - source: "github.com/slsa-framework/slsa-verifier/v2", + source: "github.com/slsa-framework/slsa-verifier", pbranch: pString("release/v1.0"), pBuilderID: pString("https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml"), noversion: true,