From 3ac4c89bd0562ed22bce0b9f5e8b52e5d36df332 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <riccardo.schirone@trailofbits.com>
Date: Mon, 29 Jan 2024 17:36:53 +0100
Subject: [PATCH] Adapt to LoadOption in signature/options

Signed-off-by: Riccardo Schirone <riccardo.schirone@trailofbits.com>
---
 go.mod                                 | 2 +-
 go.sum                                 | 4 ++--
 pkg/types/hashedrekord/v0.0.1/entry.go | 3 +--
 pkg/util/checkpoint_test.go            | 8 ++++----
 4 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index d79e94a33..f9ef3dba7 100644
--- a/go.mod
+++ b/go.mod
@@ -206,4 +206,4 @@ require (
 )
 
 // TODO: REMOVE ME
-replace github.com/sigstore/sigstore => github.com/trail-of-forks/sigstore v0.0.0-20240126132223-be71bbf68e72
+replace github.com/sigstore/sigstore => github.com/trail-of-forks/sigstore v0.0.0-20240129151206-cff4abcde12e
diff --git a/go.sum b/go.sum
index e150ef351..e5b1d0186 100644
--- a/go.sum
+++ b/go.sum
@@ -430,8 +430,8 @@ github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qv
 github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
-github.com/trail-of-forks/sigstore v0.0.0-20240126132223-be71bbf68e72 h1:2t43jfLSrvX1P+5n4itUo8PyvfSmVlhvk0jtcVEB70E=
-github.com/trail-of-forks/sigstore v0.0.0-20240126132223-be71bbf68e72/go.mod h1:rbZxJoss0Qf/OQeIuyqkQxo9jLKZlyLqOGX0BUaK7/I=
+github.com/trail-of-forks/sigstore v0.0.0-20240129151206-cff4abcde12e h1:EXVlV8GAQ7nct3uYZwga7JVjQ/GfwWAtMKbmYll3sZ8=
+github.com/trail-of-forks/sigstore v0.0.0-20240129151206-cff4abcde12e/go.mod h1:rbZxJoss0Qf/OQeIuyqkQxo9jLKZlyLqOGX0BUaK7/I=
 github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
 github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
diff --git a/pkg/types/hashedrekord/v0.0.1/entry.go b/pkg/types/hashedrekord/v0.0.1/entry.go
index 771797f90..74b268ef0 100644
--- a/pkg/types/hashedrekord/v0.0.1/entry.go
+++ b/pkg/types/hashedrekord/v0.0.1/entry.go
@@ -39,7 +39,6 @@ import (
 	"github.com/sigstore/rekor/pkg/types"
 	hashedrekord "github.com/sigstore/rekor/pkg/types/hashedrekord"
 	"github.com/sigstore/rekor/pkg/util"
-	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/options"
 )
 
@@ -148,7 +147,7 @@ func (v *V001Entry) validate() (pki.Signature, pki.PublicKey, error) {
 		return nil, nil, types.ValidationError(errors.New("missing signature"))
 	}
 	// Hashed rekord type only works for x509 signature types
-	sigObj, err := x509.NewSignatureWithOpts(bytes.NewReader(sig.Content), signature.WithED25519ph())
+	sigObj, err := x509.NewSignatureWithOpts(bytes.NewReader(sig.Content), options.WithED25519ph())
 	if err != nil {
 		return nil, nil, types.ValidationError(err)
 	}
diff --git a/pkg/util/checkpoint_test.go b/pkg/util/checkpoint_test.go
index 57a509605..bbfc53c59 100644
--- a/pkg/util/checkpoint_test.go
+++ b/pkg/util/checkpoint_test.go
@@ -310,9 +310,9 @@ func TestSigningRoundtripCheckpoint(t *testing.T) {
 			if err != nil {
 				t.Fatalf("error creating signed checkpoint")
 			}
-			signerOpts := []signature.LoadOption{signature.WithHash(crypto.SHA256)}
+			signerOpts := []signature.LoadOption{options.WithHash(crypto.SHA256)}
 			if rsaTestOpts, ok := test.opts.(*rsa.PSSOptions); ok && rsaTestOpts != nil {
-				signerOpts = append(signerOpts, signature.WithRSAPSS(rsaTestOpts))
+				signerOpts = append(signerOpts, options.WithRSAPSS(rsaTestOpts))
 			}
 			signer, _ := signature.LoadSignerWithOpts(test.signer, signerOpts...)
 
@@ -321,9 +321,9 @@ func TestSigningRoundtripCheckpoint(t *testing.T) {
 				t.Fatalf("signing test failed: wantSignErr %v, err %v", test.wantSignErr, err)
 			}
 			if !test.wantSignErr {
-				verifierOpts := []signature.LoadOption{signature.WithHash(crypto.SHA256)}
+				verifierOpts := []signature.LoadOption{options.WithHash(crypto.SHA256)}
 				if rsaTestOpts, ok := test.opts.(*rsa.PSSOptions); ok && rsaTestOpts != nil {
-					verifierOpts = append(verifierOpts, signature.WithRSAPSS(rsaTestOpts))
+					verifierOpts = append(verifierOpts, options.WithRSAPSS(rsaTestOpts))
 				}
 				verifier, _ := signature.LoadVerifierWithOpts(test.pubKey, verifierOpts...)