containers · rhatdan · Apr 6, 2024 · Apr 3, 2024 · Apr 3, 2024
diff --git a/go.mod b/go.mod
@@ -16,7 +16,6 @@ require (
 	github.com/docker/docker-credential-helpers v0.8.1
 	github.com/docker/go-connections v0.5.0
 	github.com/go-openapi/strfmt v0.23.0
-	github.com/go-openapi/swag v0.23.0
 	github.com/hashicorp/go-retryablehttp v0.7.5
 	github.com/klauspost/compress v1.17.7
 	github.com/klauspost/pgzip v1.2.6
@@ -26,7 +25,6 @@ require (
 	github.com/opencontainers/image-spec v1.1.0
 	github.com/opencontainers/selinux v1.11.0
 	github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f
-	github.com/otiai10/copy v1.14.0
 	github.com/proglottis/gpgme v0.1.3
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0
 	github.com/sigstore/fulcio v1.4.3
@@ -79,6 +77,7 @@ require (
 	github.com/go-openapi/loads v0.21.2 // indirect
 	github.com/go-openapi/runtime v0.26.0 // indirect
 	github.com/go-openapi/spec v0.20.9 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect

diff --git a/go.sum b/go.sum
@@ -316,9 +316,6 @@ github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
-github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
-github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
-github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

diff --git a/oci/layout/oci_delete_test.go b/oci/layout/oci_delete_test.go
@@ -3,14 +3,15 @@ package layout
 import (
 	"context"
 	"fmt"
+	"io"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"testing"
 
 	"github.com/containers/image/v5/types"
 	digest "github.com/opencontainers/go-digest"
 	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
-	cp "github.com/otiai10/copy"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -275,10 +276,43 @@ func TestReferenceDeleteImage_multipleImages_twoIdenticalReferences(t *testing.T
 }
 
 func loadFixture(t *testing.T, fixtureName string) string {
-	tmpDir := t.TempDir()
-	err := cp.Copy(fmt.Sprintf("fixtures/%v/", fixtureName), tmpDir)
+	destDir := t.TempDir()
+	srcDir := filepath.Join("fixtures", fixtureName)
+	err := filepath.WalkDir(srcDir, func(path string, d fs.DirEntry, err error) (retErr error) {
+		if err != nil {
+			return err
+		}
+		relPath, err := filepath.Rel(srcDir, path)
+		if err != nil {
+			return err
+		}
+		destPath := filepath.Join(destDir, relPath)
+		switch d.Type() {
+		case fs.ModeDir:
+			return os.MkdirAll(destPath, 0o700)
+		case 0: // regular file
+			src, err := os.Open(path)
+			if err != nil {
+				return err
+			}
+			defer src.Close()
+			dest, err := os.OpenFile(destPath, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0o600)
+			if err != nil {
+				return err
+			}
+			defer func() {
+				if err := dest.Close(); err != nil && retErr == nil {
+					retErr = err
+				}
+			}()
+			_, err = io.Copy(dest, src)
+			return err
+		default:
+			return fmt.Errorf("unexpected file type %#v", d.Type())
+		}
+	})
 	require.NoError(t, err)
-	return tmpDir
+	return destDir
 }
 
 func assertBlobExists(t *testing.T, blobsDir string, blobDigest string) {

diff --git a/signature/internal/rekor_set_test.go b/signature/internal/rekor_set_test.go
@@ -19,7 +19,6 @@ import (
 	"time"
 
 	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	sigstoreSignature "github.com/sigstore/sigstore/pkg/signature"
@@ -174,6 +173,11 @@ func TestUntrustedRekorPayloadUnmarshalJSON(t *testing.T) {
 	}
 }
 
+// stringPtr returns a pointer to the provided string value.
+func stringPtr(s string) *string {
+	return &s
+}
+
 func TestVerifyRekorSET(t *testing.T) {
 	cosignRekorKeyPEM, err := os.ReadFile("testdata/rekor.pub")
 	require.NoError(t, err)
@@ -250,12 +254,12 @@ func TestVerifyRekorSET(t *testing.T) {
 	cosignSigBytes, err := base64.StdEncoding.DecodeString(string(cosignSigBase64))
 	require.NoError(t, err)
 	validHashedRekord := models.Hashedrekord{
-		APIVersion: swag.String(HashedRekordV001APIVersion),
+		APIVersion: stringPtr(HashedRekordV001APIVersion),
 		Spec: models.HashedrekordV001Schema{
 			Data: &models.HashedrekordV001SchemaData{
 				Hash: &models.HashedrekordV001SchemaDataHash{
-					Algorithm: swag.String(models.HashedrekordV001SchemaDataHashAlgorithmSha256),
-					Value:     swag.String(hex.EncodeToString(cosignPayloadSHA256[:])),
+					Algorithm: stringPtr(models.HashedrekordV001SchemaDataHashAlgorithmSha256),
+					Value:     stringPtr(hex.EncodeToString(cosignPayloadSHA256[:])),
 				},
 			},
 			Signature: &models.HashedrekordV001SchemaSignature{

diff --git a/signature/sigstore/rekor/rekor.go b/signature/sigstore/rekor/rekor.go
@@ -17,7 +17,6 @@ import (
 	"github.com/containers/image/v5/signature/internal"
 	signerInternal "github.com/containers/image/v5/signature/sigstore/internal"
 	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
 	rekor "github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/client"
 	"github.com/sigstore/rekor/pkg/generated/client/entries"
@@ -114,17 +113,22 @@ func (u *uploader) uploadEntry(ctx context.Context, proposedEntry models.Propose
 	return resp.GetPayload(), nil
 }
 
+// stringPtr returns a pointer to the provided string value.
+func stringPtr(s string) *string {
+	return &s
+}
+
 // uploadKeyOrCert integrates this code into sigstore/internal.Signer.
 // Given components of the created signature, it returns a SET that should be added to the signature.
 func (u *uploader) uploadKeyOrCert(ctx context.Context, keyOrCertBytes []byte, signatureBytes []byte, payloadBytes []byte) ([]byte, error) {
 	payloadHash := sha256.Sum256(payloadBytes) // HashedRecord only accepts SHA-256
 	proposedEntry := models.Hashedrekord{
-		APIVersion: swag.String(internal.HashedRekordV001APIVersion),
+		APIVersion: stringPtr(internal.HashedRekordV001APIVersion),
 		Spec: models.HashedrekordV001Schema{
 			Data: &models.HashedrekordV001SchemaData{
 				Hash: &models.HashedrekordV001SchemaDataHash{
-					Algorithm: swag.String(models.HashedrekordV001SchemaDataHashAlgorithmSha256),
-					Value:     swag.String(hex.EncodeToString(payloadHash[:])),
+					Algorithm: stringPtr(models.HashedrekordV001SchemaDataHashAlgorithmSha256),
+					Value:     stringPtr(hex.EncodeToString(payloadHash[:])),
 				},
 			},
 			Signature: &models.HashedrekordV001SchemaSignature{