Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove dependency on deprecated github.com/pkg/errors #1887

Merged
merged 11 commits into from
May 17, 2022
Merged
3 changes: 1 addition & 2 deletions cmd/cosign/cli/attach/attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"os"

"github.com/google/go-containerregistry/pkg/name"
"github.com/pkg/errors"
ssldsse "github.com/secure-systems-lab/go-securesystemslib/dsse"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/pkg/oci/mutate"
Expand All @@ -33,7 +32,7 @@ import (
func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, signedPayload, imageRef string) error {
ociremoteOpts, err := regOpts.ClientOpts(ctx)
if err != nil {
return errors.Wrap(err, "constructing client options")
return fmt.Errorf("constructing client options: %w", err)
}

fmt.Fprintln(os.Stderr, "Using payload from:", signedPayload)
Expand Down
5 changes: 3 additions & 2 deletions cmd/cosign/cli/attest.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
package cli

import (
"github.com/pkg/errors"
"fmt"

"github.com/spf13/cobra"

"github.com/sigstore/cosign/cmd/cosign/cli/attest"
Expand Down Expand Up @@ -79,7 +80,7 @@ func Attest() *cobra.Command {
for _, img := range args {
if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.CertChain, o.NoUpload,
o.Predicate.Path, o.Force, o.Predicate.Type, o.Replace, ro.Timeout); err != nil {
return errors.Wrapf(err, "signing %s", img)
return fmt.Errorf("signing %s: %w", img, err)
}
}
return nil
Expand Down
7 changes: 3 additions & 4 deletions cmd/cosign/cli/attest/attest.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (

"github.com/google/go-containerregistry/pkg/name"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/pkg/errors"

"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
Expand Down Expand Up @@ -94,7 +93,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry

ref, err := name.ParseReference(imageRef)
if err != nil {
return errors.Wrap(err, "parsing reference")
return fmt.Errorf("parsing reference: %w", err)
}

if timeout != 0 {
Expand All @@ -119,7 +118,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry

sv, err := sign.SignerFromKeyOpts(ctx, certPath, certChainPath, ko)
if err != nil {
return errors.Wrap(err, "getting signer")
return fmt.Errorf("getting signer: %w", err)
}
defer sv.Close()
wrapped := dsse.WrapSigner(sv, types.IntotoPayloadType)
Expand Down Expand Up @@ -148,7 +147,7 @@ func AttestCmd(ctx context.Context, ko options.KeyOpts, regOpts options.Registry
}
signedPayload, err := wrapped.SignMessage(bytes.NewReader(payload), signatureoptions.WithContext(ctx))
if err != nil {
return errors.Wrap(err, "signing")
return fmt.Errorf("signing: %w", err)
}

if noUpload {
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@
package cli

import (
"fmt"
"os"

"github.com/google/go-containerregistry/pkg/logs"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"sigs.k8s.io/release-utils/version"
Expand Down Expand Up @@ -63,7 +63,7 @@ func New() *cobra.Command {
var err error
out, err = os.Create(ro.OutputFile)
if err != nil {
return errors.Wrapf(err, "Error creating output file %s", ro.OutputFile)
return fmt.Errorf("error creating output file %s: %w", ro.OutputFile, err)
zchee marked this conversation as resolved.
Show resolved Hide resolved
}
stdout = os.Stdout
os.Stdout = out // TODO: don't do this.
Expand Down
3 changes: 1 addition & 2 deletions cmd/cosign/cli/dockerfile/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,13 @@ package dockerfile
import (
"bufio"
"context"
"errors"
"flag"
"fmt"
"io"
"os"
"strings"

"github.com/pkg/errors"

"github.com/sigstore/cosign/cmd/cosign/cli/verify"
)

Expand Down
9 changes: 4 additions & 5 deletions cmd/cosign/cli/fulcio/fulcio.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (
"net/url"
"os"

"github.com/pkg/errors"
"golang.org/x/term"

"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots"
Expand Down Expand Up @@ -114,21 +113,21 @@ type Signer struct {
func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
fClient, err := NewClient(ko.FulcioURL)
if err != nil {
return nil, errors.Wrap(err, "creating Fulcio client")
return nil, fmt.Errorf("creating Fulcio client: %w", err)
}

idToken := ko.IDToken
// If token is not set in the options, get one from the provders
if idToken == "" && providers.Enabled(ctx) && !ko.OIDCDisableProviders {
idToken, err = providers.Provide(ctx, "sigstore")
if err != nil {
return nil, errors.Wrap(err, "fetching ambient OIDC credentials")
return nil, fmt.Errorf("fetching ambient OIDC credentials: %w", err)
}
}

priv, err := cosign.GeneratePrivateKey()
if err != nil {
return nil, errors.Wrap(err, "generating cert")
return nil, fmt.Errorf("generating cert: %w", err)
}
signer, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256)
if err != nil {
Expand All @@ -151,7 +150,7 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
}
Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain.
if err != nil {
return nil, errors.Wrap(err, "retrieving cert")
return nil, fmt.Errorf("retrieving cert: %w", err)
}

f := &Signer{
Expand Down
11 changes: 6 additions & 5 deletions cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,11 @@ import (
"bytes"
"context"
"crypto/x509"
"errors"
"fmt"
"os"
"sync"

"github.com/pkg/errors"
"github.com/sigstore/cosign/pkg/cosign/tuf"
"github.com/sigstore/sigstore/pkg/cryptoutils"
)
Expand Down Expand Up @@ -90,11 +91,11 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
if rootEnv != "" {
raw, err := os.ReadFile(rootEnv)
if err != nil {
return nil, nil, errors.Wrap(err, "error reading root PEM file")
return nil, nil, fmt.Errorf("error reading root PEM file: %w", err)
}
certs, err := cryptoutils.UnmarshalCertificatesFromPEM(raw)
if err != nil {
return nil, nil, errors.Wrap(err, "error unmarshalling certificates")
return nil, nil, fmt.Errorf("error unmarshalling certificates: %w", err)
}
for _, cert := range certs {
// root certificates are self-signed
Expand All @@ -113,7 +114,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
} else {
tufClient, err := tuf.NewFromEnv(context.Background())
if err != nil {
return nil, nil, errors.Wrap(err, "initializing tuf")
return nil, nil, fmt.Errorf("initializing tuf: %w", err)
}
defer tufClient.Close()
// Retrieve from the embedded or cached TUF root. If expired, a network
Expand All @@ -128,7 +129,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
for _, t := range targets {
certs, err := cryptoutils.UnmarshalCertificatesFromPEM(t.Target)
if err != nil {
return nil, nil, errors.Wrap(err, "error unmarshalling certificates")
return nil, nil, fmt.Errorf("error unmarshalling certificates: %w", err)
}
for _, cert := range certs {
// root certificates are self-signed
Expand Down
18 changes: 9 additions & 9 deletions cmd/cosign/cli/fulcio/fulcioverifier/ctl/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ import (
"crypto/x509"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"os"

ct "github.com/google/certificate-transparency-go"
ctx509 "github.com/google/certificate-transparency-go/x509"
"github.com/google/certificate-transparency-go/x509util"
"github.com/pkg/errors"
"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier/ctutil"

"github.com/sigstore/cosign/pkg/cosign/tuf"
Expand Down Expand Up @@ -94,23 +94,23 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
}
keyID, err := ctutil.GetCTLogID(pub)
if err != nil {
return errors.Wrap(err, "error getting CTFE public key hash")
return fmt.Errorf("error getting CTFE public key hash")
}
pubKeys[keyID] = logIDMetadata{pub, t.Status}
}
} else {
fmt.Fprintf(os.Stderr, "**Warning** Using a non-standard public key for verifying SCT: %s\n", rootEnv)
raw, err := os.ReadFile(rootEnv)
if err != nil {
return errors.Wrap(err, "error reading alternate public key file")
return fmt.Errorf("error reading alternate public key file")
}
pubKey, err := getPublicKey(raw)
if err != nil {
return errors.Wrap(err, "error parsing alternate public key from the file")
return fmt.Errorf("error parsing alternate public key from the file")
}
keyID, err := ctutil.GetCTLogID(pubKey)
if err != nil {
return errors.Wrap(err, "error getting CTFE public key hash")
return fmt.Errorf("error getting CTFE public key hash")
}
pubKeys[keyID] = logIDMetadata{pubKey, tuf.Active}
}
Expand Down Expand Up @@ -150,7 +150,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
}
err := ctutil.VerifySCT(pubKeyMetadata.pubKey, []*ctx509.Certificate{cert, certChain[0]}, sct, true)
if err != nil {
return errors.Wrap(err, "error verifying embedded SCT")
return fmt.Errorf("error verifying embedded SCT")
}
if pubKeyMetadata.status != tuf.Active {
fmt.Fprintf(os.Stderr, "**Info** Successfully verified embedded SCT using an expired verification key\n")
Expand All @@ -162,7 +162,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
// check SCT in response header
var addChainResp ct.AddChainResponse
if err := json.Unmarshal(rawSCT, &addChainResp); err != nil {
return errors.Wrap(err, "unmarshal")
return fmt.Errorf("unmarshal")
}
sct, err := addChainResp.ToSignedCertificateTimestamp()
if err != nil {
Expand All @@ -174,7 +174,7 @@ func VerifySCT(ctx context.Context, certPEM, chainPEM, rawSCT []byte) error {
}
err = ctutil.VerifySCT(pubKeyMetadata.pubKey, []*ctx509.Certificate{cert}, sct, false)
if err != nil {
return errors.Wrap(err, "error verifying SCT")
return fmt.Errorf("error verifying SCT")
}
if pubKeyMetadata.status != tuf.Active {
fmt.Fprintf(os.Stderr, "**Info** Successfully verified SCT using an expired verification key\n")
Expand Down Expand Up @@ -217,7 +217,7 @@ func getPublicKey(in []byte) (crypto.PublicKey, error) {
// Try using the PKCS1 before giving up.
pubKey, err = x509.ParsePKCS1PublicKey(derBytes)
if err != nil {
return nil, errors.Wrap(err, "failed to parse CT log public key")
return nil, fmt.Errorf("failed to parse CT log public key: %w", err)
}
}
return pubKey, nil
Expand Down
4 changes: 1 addition & 3 deletions cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ import (
"fmt"
"os"

"github.com/pkg/errors"

"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
"github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioverifier/ctl"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
Expand All @@ -35,7 +33,7 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*fulcio.Signer, error)

// verify the sct
if err := ctl.VerifySCT(ctx, fs.Cert, fs.Chain, fs.SCT); err != nil {
return nil, errors.Wrap(err, "verifying SCT")
return nil, fmt.Errorf("verifying SCT: %w", err)
}
fmt.Fprintln(os.Stderr, "Successfully verified SCT...")

Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/generate/generate_key_pair.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@ package generate
import (
"context"
"crypto"
"errors"
"fmt"
"io"
"os"
"strings"

"github.com/pkg/errors"
"github.com/sigstore/cosign/pkg/cosign/git"
"github.com/sigstore/cosign/pkg/cosign/git/github"
"github.com/sigstore/cosign/pkg/cosign/git/gitlab"
Expand All @@ -48,7 +48,7 @@ func GenerateKeyPairCmd(ctx context.Context, kmsVal string, args []string) error
}
pubKey, err := k.CreateKey(ctx, k.DefaultAlgorithm())
if err != nil {
return errors.Wrap(err, "creating key")
return fmt.Errorf("creating key: %w", err)
}
pemBytes, err := cryptoutils.MarshalPublicKeyToPEM(pubKey)
if err != nil {
Expand Down
6 changes: 3 additions & 3 deletions cmd/cosign/cli/load.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ package cli

import (
"context"
"fmt"

"github.com/google/go-containerregistry/pkg/name"
"github.com/pkg/errors"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/pkg/oci/layout"
"github.com/sigstore/cosign/pkg/oci/remote"
Expand Down Expand Up @@ -47,13 +47,13 @@ func Load() *cobra.Command {
func LoadCmd(ctx context.Context, opts options.LoadOptions, imageRef string) error {
ref, err := name.ParseReference(imageRef)
if err != nil {
return errors.Wrapf(err, "parsing image name %s", imageRef)
return fmt.Errorf("parsing image name %s: %w", imageRef, err)
}

// get the signed image from disk
sii, err := layout.SignedImageIndex(opts.Directory)
if err != nil {
return errors.Wrap(err, "signed image index")
return fmt.Errorf("signed image index: %w", err)
}
return remote.WriteSignedImageIndexImages(ref, sii)
}
4 changes: 2 additions & 2 deletions cmd/cosign/cli/manifest/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,14 @@ package manifest
import (
"bytes"
"context"
"errors"
"flag"
"fmt"
"io"
"os"
"path/filepath"
"strings"

"github.com/pkg/errors"
"k8s.io/apimachinery/pkg/util/yaml"

"github.com/sigstore/cosign/cmd/cosign/cli/verify"
Expand All @@ -45,7 +45,7 @@ func (c *VerifyManifestCommand) Exec(ctx context.Context, args []string) error {

err := isExtensionAllowed(manifestPath)
if err != nil {
return errors.Wrap(err, "check if extension is valid")
return fmt.Errorf("check if extension is valid: %w", err)
}
manifest, err := os.ReadFile(manifestPath)
if err != nil {
Expand Down
3 changes: 1 addition & 2 deletions cmd/cosign/cli/options/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"strings"
"unicode/utf8"

"github.com/pkg/errors"
"github.com/spf13/cobra"
)

Expand All @@ -40,7 +39,7 @@ func (o *OIDCOptions) ClientSecret() (string, error) {
if o.clientSecretFile != "" {
clientSecretBytes, err := os.ReadFile(o.clientSecretFile)
if err != nil {
return "", errors.Wrap(err, "reading OIDC client secret")
return "", fmt.Errorf("reading OIDC client secret: %w", err)
}
if !utf8.Valid(clientSecretBytes) {
return "", fmt.Errorf("OIDC client secret in file %s not valid utf8", o.clientSecretFile)
Expand Down
Loading