Skip to content

Commit

Permalink
pkg/cosign: remove dependency on deprecated github.com/pkg/errors
Browse files Browse the repository at this point in the history
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
  • Loading branch information
zchee committed May 16, 2022
1 parent 45b4f88 commit 24b1428
Show file tree
Hide file tree
Showing 18 changed files with 135 additions and 139 deletions.
7 changes: 3 additions & 4 deletions pkg/cosign/attestation/attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (
slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"

"github.com/in-toto/in-toto-golang/in_toto"
"github.com/pkg/errors"
)

const (
Expand Down Expand Up @@ -189,7 +188,7 @@ func generateCustomPredicate(rawPayload []byte, customType, timestamp string) (i

var result map[string]interface{}
if err := json.Unmarshal(rawPayload, &result); err != nil {
return nil, errors.Wrapf(err, "invalid JSON payload for predicate type %s", customType)
return nil, fmt.Errorf("invalid JSON payload for predicate type %s: %w", customType, err)
}

return result, nil
Expand All @@ -203,7 +202,7 @@ func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo stri
}
err = json.Unmarshal(rawPayload, &predicate)
if err != nil {
return "", errors.Wrap(err, "unmarshal Provenance predicate")
return "", fmt.Errorf("unmarshal Provenance predicate: %w", err)
}
return in_toto.ProvenanceStatement{
StatementHeader: generateStatementHeader(digest, repo, slsa.PredicateSLSAProvenance),
Expand All @@ -219,7 +218,7 @@ func generateLinkStatement(rawPayload []byte, digest string, repo string) (inter
}
err = json.Unmarshal(rawPayload, &link)
if err != nil {
return "", errors.Wrap(err, "unmarshal Link statement")
return "", fmt.Errorf("unmarshal Link statement: %w", err)
}
return in_toto.LinkStatement{
StatementHeader: generateStatementHeader(digest, repo, in_toto.PredicateLinkV1),
Expand Down
2 changes: 1 addition & 1 deletion pkg/cosign/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ package cosign

import (
"bufio"
"errors"
"fmt"
"os"
"strings"
"syscall"

"github.com/pkg/errors"
"golang.org/x/term"
)

Expand Down
15 changes: 7 additions & 8 deletions pkg/cosign/fetch.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"runtime"

"github.com/google/go-containerregistry/pkg/name"
"github.com/pkg/errors"
"github.com/sigstore/cosign/pkg/cosign/bundle"
ociremote "github.com/sigstore/cosign/pkg/oci/remote"
"knative.dev/pkg/pool"
Expand Down Expand Up @@ -69,14 +68,14 @@ func FetchSignaturesForReference(ctx context.Context, ref name.Reference, opts .

sigs, err := simg.Signatures()
if err != nil {
return nil, errors.Wrap(err, "remote image")
return nil, fmt.Errorf("remote image: %w", err)
}
l, err := sigs.Get()
if err != nil {
return nil, errors.Wrap(err, "fetching signatures")
return nil, fmt.Errorf("fetching signatures: %w", err)
}
if len(l) == 0 {
return nil, fmt.Errorf("no signatures associated with %v", ref)
return nil, fmt.Errorf("no signatures associated with %v: %w", ref, err)
}

g := pool.New(runtime.NumCPU())
Expand Down Expand Up @@ -119,14 +118,14 @@ func FetchAttestationsForReference(ctx context.Context, ref name.Reference, opts

atts, err := simg.Attestations()
if err != nil {
return nil, errors.Wrap(err, "remote image")
return nil, fmt.Errorf("remote image: %w", err)
}
l, err := atts.Get()
if err != nil {
return nil, errors.Wrap(err, "fetching attestations")
return nil, fmt.Errorf("fetching attestations: %w", err)
}
if len(l) == 0 {
return nil, fmt.Errorf("no attestations associated with %v", ref)
return nil, fmt.Errorf("no attestations associated with %v: %w", ref, err)
}

g := pool.New(runtime.NumCPU())
Expand All @@ -153,7 +152,7 @@ func FetchAttestationsForReference(ctx context.Context, ref name.Reference, opts
func FetchLocalSignedPayloadFromPath(path string) (*LocalSignedPayload, error) {
contents, err := ioutil.ReadFile(path)
if err != nil {
return nil, errors.Wrapf(err, "reading %s", path)
return nil, fmt.Errorf("reading %s: %w", path, err)
}
var b *LocalSignedPayload
if err := json.Unmarshal(contents, &b); err != nil {
Expand Down
12 changes: 6 additions & 6 deletions pkg/cosign/git/github/github.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ package github
import (
"context"
"encoding/base64"
"errors"
"fmt"
"io"
"net/http"
"os"
"strings"

"github.com/google/go-github/v42/github"
"github.com/pkg/errors"
"golang.org/x/oauth2"

"github.com/sigstore/cosign/pkg/cosign"
Expand All @@ -44,7 +44,7 @@ func New() *Gh {
func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) error {
keys, err := cosign.GenerateKeyPair(pf)
if err != nil {
return errors.Wrap(err, "generating key pair")
return fmt.Errorf("generating key pair: %w", err)
}

var httpClient *http.Client
Expand All @@ -66,7 +66,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro

key, getRepoPubKeyResp, err := client.Actions.GetRepoPublicKey(ctx, owner, repo)
if err != nil {
return errors.Wrap(err, "could not get repository public key")
return fmt.Errorf("could not get repository public key: %w", err)
}

if getRepoPubKeyResp.StatusCode < 200 && getRepoPubKeyResp.StatusCode >= 300 {
Expand All @@ -82,7 +82,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro

passwordSecretEnvResp, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, passwordSecretEnv)
if err != nil {
return errors.Wrap(err, "could not create \"COSIGN_PASSWORD\" github actions secret")
return fmt.Errorf("could not create \"COSIGN_PASSWORD\" github actions secret: %w", err)
}

if passwordSecretEnvResp.StatusCode < 200 && passwordSecretEnvResp.StatusCode >= 300 {
Expand All @@ -100,7 +100,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro

privateKeySecretEnvResp, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, privateKeySecretEnv)
if err != nil {
return errors.Wrap(err, "could not create \"COSIGN_PRIVATE_KEY\" github actions secret")
return fmt.Errorf("could not create \"COSIGN_PRIVATE_KEY\" github actions secret: %w", err)
}

if privateKeySecretEnvResp.StatusCode < 200 && privateKeySecretEnvResp.StatusCode >= 300 {
Expand All @@ -118,7 +118,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro

publicKeySecretEnvResp, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, publicKeySecretEnv)
if err != nil {
return errors.Wrap(err, "could not create \"COSIGN_PUBLIC_KEY\" github actions secret")
return fmt.Errorf("could not create \"COSIGN_PUBLIC_KEY\" github actions secret: %w", err)
}

if publicKeySecretEnvResp.StatusCode < 200 && publicKeySecretEnvResp.StatusCode >= 300 {
Expand Down
28 changes: 14 additions & 14 deletions pkg/cosign/git/gitlab/gitlab.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ package gitlab

import (
"context"
"errors"
"fmt"
"io"
"os"

"github.com/pkg/errors"
"github.com/sigstore/cosign/pkg/cosign"
"github.com/xanzy/go-gitlab"
)
Expand All @@ -39,7 +39,7 @@ func New() *Gl {
func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) error {
keys, err := cosign.GenerateKeyPair(pf)
if err != nil {
return errors.Wrap(err, "generating key pair")
return fmt.Errorf("generating key pair: %w", err)
}

token, tokenExists := os.LookupEnv("GITLAB_TOKEN")
Expand All @@ -52,12 +52,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
if url, baseURLExists := os.LookupEnv("GITLAB_HOST"); baseURLExists {
client, err = gitlab.NewClient(token, gitlab.WithBaseURL(url))
if err != nil {
return errors.Wrap(err, "could not create GitLab client")
return fmt.Errorf("could not create GitLab client: %w", err)
}
} else {
client, err = gitlab.NewClient(token)
if err != nil {
return errors.Wrap(err, "could not create GitLab client")
return fmt.Errorf("could not create GitLab client: %w", err)
}
}

Expand All @@ -70,12 +70,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
EnvironmentScope: gitlab.String("*"),
})
if err != nil {
return errors.Wrap(err, "could not create \"COSIGN_PASSWORD\" variable")
return fmt.Errorf("could not create \"COSIGN_PASSWORD\" variable: %w", err)
}

if passwordResp.StatusCode < 200 && passwordResp.StatusCode >= 300 {
bodyBytes, _ := io.ReadAll(passwordResp.Body)
return errors.Errorf("%s", bodyBytes)
return fmt.Errorf("%s", bodyBytes)
}

fmt.Fprintln(os.Stderr, "Password written to \"COSIGN_PASSWORD\" variable")
Expand All @@ -88,12 +88,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
Masked: gitlab.Bool(false),
})
if err != nil {
return errors.Wrap(err, "could not create \"COSIGN_PRIVATE_KEY\" variable")
return fmt.Errorf("could not create \"COSIGN_PRIVATE_KEY\" variable: %w", err)
}

if privateKeyResp.StatusCode < 200 && privateKeyResp.StatusCode >= 300 {
bodyBytes, _ := io.ReadAll(privateKeyResp.Body)
return errors.Errorf("%s", bodyBytes)
return fmt.Errorf("%s", bodyBytes)
}

fmt.Fprintln(os.Stderr, "Private key written to \"COSIGN_PRIVATE_KEY\" variable")
Expand All @@ -106,12 +106,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
Masked: gitlab.Bool(false),
})
if err != nil {
return errors.Wrap(err, "could not create \"COSIGN_PUBLIC_KEY\" variable")
return fmt.Errorf("could not create \"COSIGN_PUBLIC_KEY\" variable: %w", err)
}

if publicKeyResp.StatusCode < 200 && publicKeyResp.StatusCode >= 300 {
bodyBytes, _ := io.ReadAll(publicKeyResp.Body)
return errors.Errorf("%s", bodyBytes)
return fmt.Errorf("%s", bodyBytes)
}

fmt.Fprintln(os.Stderr, "Public key written to \"COSIGN_PUBLIC_KEY\" variable")
Expand All @@ -136,25 +136,25 @@ func (g *Gl) GetSecret(ctx context.Context, ref string, key string) (string, err
if url, baseURLExists := os.LookupEnv("GITLAB_HOST"); baseURLExists {
client, err = gitlab.NewClient(token, gitlab.WithBaseURL(url))
if err != nil {
return varPubKeyValue, errors.Wrap(err, "could not create GitLab client")
return varPubKeyValue, fmt.Errorf("could not create GitLab client): %w", err)
}
} else {
client, err = gitlab.NewClient(token)
if err != nil {
return varPubKeyValue, errors.Wrap(err, "could not create GitLab client")
return varPubKeyValue, fmt.Errorf("could not create GitLab client: %w", err)
}
}

varPubKey, pubKeyResp, err := client.ProjectVariables.GetVariable(ref, key, nil)
if err != nil {
return varPubKeyValue, errors.Wrap(err, "could not retrieve \"COSIGN_PUBLIC_KEY\" variable")
return varPubKeyValue, fmt.Errorf("could not retrieve \"COSIGN_PUBLIC_KEY\" variable: %w", err)
}

varPubKeyValue = varPubKey.Value

if pubKeyResp.StatusCode < 200 && pubKeyResp.StatusCode >= 300 {
bodyBytes, _ := io.ReadAll(pubKeyResp.Body)
return varPubKeyValue, errors.Errorf("%s", bodyBytes)
return varPubKeyValue, fmt.Errorf("%s", bodyBytes)
}

return varPubKeyValue, nil
Expand Down
20 changes: 10 additions & 10 deletions pkg/cosign/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@ import (
_ "crypto/sha256" // for `crypto.SHA256`
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"os"
"path/filepath"

"github.com/pkg/errors"
"github.com/theupdateframework/go-tuf/encrypted"

"github.com/sigstore/cosign/pkg/oci/static"
Expand Down Expand Up @@ -84,10 +84,10 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
case RSAPrivateKeyPemType:
rsaPk, err := x509.ParsePKCS1PrivateKey(p.Bytes)
if err != nil {
return nil, fmt.Errorf("error parsing rsa private key")
return nil, fmt.Errorf("error parsing rsa private key: %w", err)
}
if err = cryptoutils.ValidatePubKey(rsaPk.Public()); err != nil {
return nil, errors.Wrap(err, "error validating rsa key")
return nil, fmt.Errorf("error validating rsa key: %w", err)
}
pk = rsaPk
case ECPrivateKeyPemType:
Expand All @@ -96,7 +96,7 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
return nil, fmt.Errorf("error parsing ecdsa private key")
}
if err = cryptoutils.ValidatePubKey(ecdsaPk.Public()); err != nil {
return nil, errors.Wrap(err, "error validating ecdsa key")
return nil, fmt.Errorf("error validating ecdsa key: %w", err)
}
pk = ecdsaPk
case PrivateKeyPemType:
Expand All @@ -107,17 +107,17 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
switch k := pkcs8Pk.(type) {
case *rsa.PrivateKey:
if err = cryptoutils.ValidatePubKey(k.Public()); err != nil {
return nil, errors.Wrap(err, "error validating rsa key")
return nil, fmt.Errorf("error validating rsa key: %w", err)
}
pk = k
case *ecdsa.PrivateKey:
if err = cryptoutils.ValidatePubKey(k.Public()); err != nil {
return nil, errors.Wrap(err, "error validating ecdsa key")
return nil, fmt.Errorf("error validating ecdsa key: %w", err)
}
pk = k
case ed25519.PrivateKey:
if err = cryptoutils.ValidatePubKey(k.Public()); err != nil {
return nil, errors.Wrap(err, "error validating ed25519 key")
return nil, fmt.Errorf("error validating ed25519 key: %w", err)
}
pk = k
default:
Expand All @@ -132,7 +132,7 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
func marshalKeyPair(keypair Keys, pf PassFunc) (key *KeysBytes, err error) {
x509Encoded, err := x509.MarshalPKCS8PrivateKey(keypair.private)
if err != nil {
return nil, errors.Wrap(err, "x509 encoding private key")
return nil, fmt.Errorf("x509 encoding private key: %w", err)
}

password := []byte{}
Expand Down Expand Up @@ -204,12 +204,12 @@ func LoadPrivateKey(key []byte, pass []byte) (signature.SignerVerifier, error) {

x509Encoded, err := encrypted.Decrypt(p.Bytes, pass)
if err != nil {
return nil, errors.Wrap(err, "decrypt")
return nil, fmt.Errorf("decrypt: %w", err)
}

pk, err := x509.ParsePKCS8PrivateKey(x509Encoded)
if err != nil {
return nil, errors.Wrap(err, "parsing private key")
return nil, fmt.Errorf("parsing private key: %w", err)
}
switch pk := pk.(type) {
case *rsa.PrivateKey:
Expand Down
Loading

0 comments on commit 24b1428

Please sign in to comment.