Remove dependency on deprecated github.com/pkg/errors (#1887)

* cmd/cosign/cli: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * cmd/sget/cli: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * internal/pkg/cosign/ephemeral: remove dependency on pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/cosign: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/oci: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/policy: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/sget: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/signature: remove dependency on deprecated github.com/pkg/errors Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * go.mod: go mod tidy Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/cosign/kubernetes/webhook: remove unnecessary fmt.Sprintf Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com> * pkg/oci/remote: should handle error on name.NewRepository Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
sigstore · May 17, 2022 · 03e66aa · 03e66aa
1 parent eea6324
commit 03e66aa
Show file tree

Hide file tree

Showing 63 changed files with 322 additions and 333 deletions.
diff --git a/cmd/cosign/cli/attach/attestation.go b/cmd/cosign/cli/attach/attestation.go
@@ -21,7 +21,6 @@ import (
 	"os"
 
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/pkg/errors"
 	ssldsse "github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/pkg/oci/mutate"
@@ -33,7 +32,7 @@ import (
 func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signedPayload, imageRef string) error {
 	ociremoteOpts, err := regOpts.ClientOpts(ctx)
 	if err != nil {
-		return errors.Wrap(err, "constructing client options")
+		return fmt.Errorf("constructing client options: %w", err)
 	}
 
 	fmt.Fprintln(os.Stderr, "Using payload from:", signedPayload)

diff --git a/cmd/cosign/cli/attest.go b/cmd/cosign/cli/attest.go
@@ -16,7 +16,8 @@
 package cli
 
 import (
-	"github.com/pkg/errors"
+	"fmt"
+
 	"github.com/spf13/cobra"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/attest"
@@ -79,7 +80,7 @@ func Attest() *cobra.Command {
 			for _, img := range args {
 				if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.CertChain, o.NoUpload,
 					o.Predicate.Path, o.Force, o.Predicate.Type, o.Replace, ro.Timeout); err != nil {
-					return errors.Wrapf(err, "signing %s", img)
+					return fmt.Errorf("signing %s: %w", img, err)
 				}
 			}
 			return nil

diff --git a/cmd/cosign/cli/attest/attest.go b/cmd/cosign/cli/attest/attest.go
@@ -26,7 +26,6 @@ import (
 
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
-	"github.com/pkg/errors"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
@@ -94,7 +93,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry
 
 	ref, err := name.ParseReference(imageRef)
 	if err != nil {
-		return errors.Wrap(err, "parsing reference")
+		return fmt.Errorf("parsing reference: %w", err)
 	}
 
 	if timeout != 0 {
@@ -119,7 +118,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry
 
 	sv, err := sign.SignerFromKeyOpts(ctx, certPath, certChainPath, ko)
 	if err != nil {
-		return errors.Wrap(err, "getting signer")
+		return fmt.Errorf("getting signer: %w", err)
 	}
 	defer sv.Close()
 	wrapped := dsse.WrapSigner(sv, types.IntotoPayloadType)
@@ -148,7 +147,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry
 	}
 	signedPayload, err := wrapped.SignMessage(bytes.NewReader(payload), signatureoptions.WithContext(ctx))
 	if err != nil {
-		return errors.Wrap(err, "signing")
+		return fmt.Errorf("signing: %w", err)
 	}
 
 	if noUpload {

diff --git a/cmd/cosign/cli/commands.go b/cmd/cosign/cli/commands.go
@@ -16,10 +16,10 @@
 package cli
 
 import (
+	"fmt"
 	"os"
 
 	"github.com/google/go-containerregistry/pkg/logs"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"sigs.k8s.io/release-utils/version"
@@ -63,7 +63,7 @@ func New() *cobra.Command {
 				var err error
 				out, err = os.Create(ro.OutputFile)
 				if err != nil {
-					return errors.Wrapf(err, "Error creating output file %s", ro.OutputFile)
+					return fmt.Errorf("error creating output file %s: %w", ro.OutputFile, err)
 				}
 				stdout = os.Stdout
 				os.Stdout = out // TODO: don't do this.

diff --git a/cmd/cosign/cli/dockerfile/verify.go b/cmd/cosign/cli/dockerfile/verify.go
@@ -17,14 +17,13 @@ package dockerfile
 import (
 	"bufio"
 	"context"
+	"errors"
 	"flag"
 	"fmt"
 	"io"
 	"os"
 	"strings"
 
-	"github.com/pkg/errors"
-
 	"github.com/sigstore/cosign/cmd/cosign/cli/verify"
 )
 

diff --git a/cmd/cosign/cli/fulcio/fulcio.go b/cmd/cosign/cli/fulcio/fulcio.go
@@ -26,7 +26,6 @@ import (
 	"net/url"
 	"os"
 
-	"github.com/pkg/errors"
 	"golang.org/x/term"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots"
@@ -114,21 +113,21 @@ type Signer struct {
 func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
 	fClient, err := NewClient(ko.FulcioURL)
 	if err != nil {
-		return nil, errors.Wrap(err, "creating Fulcio client")
+		return nil, fmt.Errorf("creating Fulcio client: %w", err)
 	}
 
 	idToken := ko.IDToken
 	// If token is not set in the options, get one from the provders
 	if idToken == "" && providers.Enabled(ctx) && !ko.OIDCDisableProviders {
 		idToken, err = providers.Provide(ctx, "sigstore")
 		if err != nil {
-			return nil, errors.Wrap(err, "fetching ambient OIDC credentials")
+			return nil, fmt.Errorf("fetching ambient OIDC credentials: %w", err)
 		}
 	}
 
 	priv, err := cosign.GeneratePrivateKey()
 	if err != nil {
-		return nil, errors.Wrap(err, "generating cert")
+		return nil, fmt.Errorf("generating cert: %w", err)
 	}
 	signer, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256)
 	if err != nil {
@@ -151,7 +150,7 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
 	}
 	Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain.
 	if err != nil {
-		return nil, errors.Wrap(err, "retrieving cert")
+		return nil, fmt.Errorf("retrieving cert: %w", err)
 	}
 
 	f := &Signer{

diff --git a/cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go b/cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go
@@ -19,10 +19,11 @@ import (
 	"bytes"
 	"context"
 	"crypto/x509"
+	"errors"
+	"fmt"
 	"os"
 	"sync"
 
-	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/pkg/cosign/tuf"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 )
@@ -90,11 +91,11 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
 	if rootEnv != "" {
 		raw, err := os.ReadFile(rootEnv)
 		if err != nil {
-			return nil, nil, errors.Wrap(err, "error reading root PEM file")
+			return nil, nil, fmt.Errorf("error reading root PEM file: %w", err)
 		}
 		certs, err := cryptoutils.UnmarshalCertificatesFromPEM(raw)
 		if err != nil {
-			return nil, nil, errors.Wrap(err, "error unmarshalling certificates")
+			return nil, nil, fmt.Errorf("error unmarshalling certificates: %w", err)
 		}
 		for _, cert := range certs {
 			// root certificates are self-signed
@@ -113,7 +114,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
 	} else {
 		tufClient, err := tuf.NewFromEnv(context.Background())
 		if err != nil {
-			return nil, nil, errors.Wrap(err, "initializing tuf")
+			return nil, nil, fmt.Errorf("initializing tuf: %w", err)
 		}
 		defer tufClient.Close()
 		// Retrieve from the embedded or cached TUF root. If expired, a network
@@ -128,7 +129,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
 		for _, t := range targets {
 			certs, err := cryptoutils.UnmarshalCertificatesFromPEM(t.Target)
 			if err != nil {
-				return nil, nil, errors.Wrap(err, "error unmarshalling certificates")
+				return nil, nil, fmt.Errorf("error unmarshalling certificates: %w", err)
 			}
 			for _, cert := range certs {
 				// root certificates are self-signed

diff --git a/cmd/cosign/cli/fulcio/fulcioverifier/ctl/verify.go b/cmd/cosign/cli/fulcio/fulcioverifier/ctl/verify.go
@@ -21,13 +21,13 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"os"
 
 	ct "github.com/google/certificate-transparency-go"
 	ctx509 "github.com/google/certificate-transparency-go/x509"
 	"github.com/google/certificate-transparency-go/x509util"
-	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier/ctutil"
 
 	"github.com/sigstore/cosign/pkg/cosign/tuf"
@@ -94,23 +94,23 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
 			}
 			keyID, err := ctutil.GetCTLogID(pub)
 			if err != nil {
-				return errors.Wrap(err, "error getting CTFE public key hash")
+				return fmt.Errorf("error getting CTFE public key hash")
 			}
 			pubKeys[keyID] = logIDMetadata{pub, t.Status}
 		}
 	} else {
 		fmt.Fprintf(os.Stderr, "**Warning** Using a non-standard public key for verifying SCT: %s\n", rootEnv)
 		raw, err := os.ReadFile(rootEnv)
 		if err != nil {
-			return errors.Wrap(err, "error reading alternate public key file")
+			return fmt.Errorf("error reading alternate public key file")
 		}
 		pubKey, err := getPublicKey(raw)
 		if err != nil {
-			return errors.Wrap(err, "error parsing alternate public key from the file")
+			return fmt.Errorf("error parsing alternate public key from the file")
 		}
 		keyID, err := ctutil.GetCTLogID(pubKey)
 		if err != nil {
-			return errors.Wrap(err, "error getting CTFE public key hash")
+			return fmt.Errorf("error getting CTFE public key hash")
 		}
 		pubKeys[keyID] = logIDMetadata{pubKey, tuf.Active}
 	}
@@ -150,7 +150,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
 			}
 			err := ctutil.VerifySCT(pubKeyMetadata.pubKey, []*ctx509.Certificate{cert, certChain[0]}, sct, true)
 			if err != nil {
-				return errors.Wrap(err, "error verifying embedded SCT")
+				return fmt.Errorf("error verifying embedded SCT")
 			}
 			if pubKeyMetadata.status != tuf.Active {
 				fmt.Fprintf(os.Stderr, "**Info** Successfully verified embedded SCT using an expired verification key\n")
@@ -162,7 +162,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
 	// check SCT in response header
 	var addChainResp ct.AddChainResponse
 	if err := json.Unmarshal(rawSCT, &addChainResp); err != nil {
-		return errors.Wrap(err, "unmarshal")
+		return fmt.Errorf("unmarshal")
 	}
 	sct, err := addChainResp.ToSignedCertificateTimestamp()
 	if err != nil {
@@ -174,7 +174,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
 	}
 	err = ctutil.VerifySCT(pubKeyMetadata.pubKey, []*ctx509.Certificate{cert}, sct, false)
 	if err != nil {
-		return errors.Wrap(err, "error verifying SCT")
+		return fmt.Errorf("error verifying SCT")
 	}
 	if pubKeyMetadata.status != tuf.Active {
 		fmt.Fprintf(os.Stderr, "**Info** Successfully verified SCT using an expired verification key\n")
@@ -217,7 +217,7 @@ func getPublicKey(in []byte) (crypto.PublicKey, error) {
 		// Try using the PKCS1 before giving up.
 		pubKey, err = x509.ParsePKCS1PublicKey(derBytes)
 		if err != nil {
-			return nil, errors.Wrap(err, "failed to parse CT log public key")
+			return nil, fmt.Errorf("failed to parse CT log public key: %w", err)
 		}
 	}
 	return pubKey, nil

diff --git a/cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go b/cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go
@@ -20,8 +20,6 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/pkg/errors"
-
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
 	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier/ctl"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
@@ -35,7 +33,7 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*fulcio.Signer, error)
 
 	// verify the sct
 	if err := ctl.VerifySCT(ctx, fs.Cert, fs.Chain, fs.SCT); err != nil {
-		return nil, errors.Wrap(err, "verifying SCT")
+		return nil, fmt.Errorf("verifying SCT: %w", err)
 	}
 	fmt.Fprintln(os.Stderr, "Successfully verified SCT...")
 

diff --git a/cmd/cosign/cli/generate/generate_key_pair.go b/cmd/cosign/cli/generate/generate_key_pair.go
@@ -18,12 +18,12 @@ package generate
 import (
 	"context"
 	"crypto"
+	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strings"
 
-	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/pkg/cosign/git"
 	"github.com/sigstore/cosign/pkg/cosign/git/github"
 	"github.com/sigstore/cosign/pkg/cosign/git/gitlab"
@@ -48,7 +48,7 @@ func GenerateKeyPairCmd(ctx context.Context, kmsVal string, args []string) error
 		}
 		pubKey, err := k.CreateKey(ctx, k.DefaultAlgorithm())
 		if err != nil {
-			return errors.Wrap(err, "creating key")
+			return fmt.Errorf("creating key: %w", err)
 		}
 		pemBytes, err := cryptoutils.MarshalPublicKeyToPEM(pubKey)
 		if err != nil {

diff --git a/cmd/cosign/cli/load.go b/cmd/cosign/cli/load.go
@@ -17,9 +17,9 @@ package cli
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/pkg/oci/layout"
 	"github.com/sigstore/cosign/pkg/oci/remote"
@@ -47,13 +47,13 @@ func Load() *cobra.Command {
 func LoadCmd(ctx context.Context, opts options.LoadOptions, imageRef string) error {
 	ref, err := name.ParseReference(imageRef)
 	if err != nil {
-		return errors.Wrapf(err, "parsing image name %s", imageRef)
+		return fmt.Errorf("parsing image name %s: %w", imageRef, err)
 	}
 
 	// get the signed image from disk
 	sii, err := layout.SignedImageIndex(opts.Directory)
 	if err != nil {
-		return errors.Wrap(err, "signed image index")
+		return fmt.Errorf("signed image index: %w", err)
 	}
 	return remote.WriteSignedImageIndexImages(ref, sii)
 }
diff --git a/cmd/cosign/cli/manifest/verify.go b/cmd/cosign/cli/manifest/verify.go
@@ -17,14 +17,14 @@ package manifest
 import (
 	"bytes"
 	"context"
+	"errors"
 	"flag"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 
-	"github.com/pkg/errors"
 	"k8s.io/apimachinery/pkg/util/yaml"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/verify"
@@ -45,7 +45,7 @@ func (c *VerifyManifestCommand) Exec(ctx context.Context, args []string) error {
 
 	err := isExtensionAllowed(manifestPath)
 	if err != nil {
-		return errors.Wrap(err, "check if extension is valid")
+		return fmt.Errorf("check if extension is valid: %w", err)
 	}
 	manifest, err := os.ReadFile(manifestPath)
 	if err != nil {

diff --git a/cmd/cosign/cli/options/oidc.go b/cmd/cosign/cli/options/oidc.go
@@ -21,7 +21,6 @@ import (
 	"strings"
 	"unicode/utf8"
 
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
@@ -40,7 +39,7 @@ func (o *OIDCOptions) ClientSecret() (string, error) {
 	if o.clientSecretFile != "" {
 		clientSecretBytes, err := os.ReadFile(o.clientSecretFile)
 		if err != nil {
-			return "", errors.Wrap(err, "reading OIDC client secret")
+			return "", fmt.Errorf("reading OIDC client secret: %w", err)
 		}
 		if !utf8.Valid(clientSecretBytes) {
 			return "", fmt.Errorf("OIDC client secret in file %s not valid utf8", o.clientSecretFile)