From 6af1ff4018442783a378d64445d4e5697456cb0e Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Tue, 16 Jan 2024 14:11:48 +0100 Subject: [PATCH] Update sigstore/sigstore and use LoadOptions Signed-off-by: Riccardo Schirone --- go.mod | 5 ++++- go.sum | 8 ++++---- pkg/util/checkpoint_test.go | 14 ++++++++------ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 4b337816d..d79e94a33 100644 --- a/go.mod +++ b/go.mod @@ -164,7 +164,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-containerregistry v0.17.0 // indirect + github.com/google/go-containerregistry v0.18.0 // indirect github.com/google/uuid v1.5.0 // indirect github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -204,3 +204,6 @@ require ( gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 // indirect ) + +// TODO: REMOVE ME +replace github.com/sigstore/sigstore => github.com/trail-of-forks/sigstore v0.0.0-20240126132223-be71bbf68e72 diff --git a/go.sum b/go.sum index 9ad5cad47..e150ef351 100644 --- a/go.sum +++ b/go.sum @@ -215,8 +215,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.17.0 h1:5p+zYs/R4VGHkhyvgWurWrpJ2hW4Vv9fQI+GzdcwXLk= -github.com/google/go-containerregistry v0.17.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.18.0 h1:ShE7erKNPqRh5ue6Z9DUOlk04WsnFWPO6YGr3OxnfoQ= +github.com/google/go-containerregistry v0.18.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE= github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk= github.com/google/go-replayers/httpreplay v1.2.0 h1:VM1wEyyjaoU53BwrOnaf9VhAyQQEEioJvFYxYcLRKzk= @@ -389,8 +389,6 @@ github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= github.com/sigstore/protobuf-specs v0.2.1 h1:KIoM7E3C4uaK092q8YoSj/XSf9720f8dlsbYwwOmgEA= github.com/sigstore/protobuf-specs v0.2.1/go.mod h1:xPqQGnH/HllKuZ4VFPz/g+78epWM/NLRGl7Fuy45UdE= -github.com/sigstore/sigstore v1.8.1 h1:mAVposMb14oplk2h/bayPmIVdzbq2IhCgy4g6R0ZSjo= -github.com/sigstore/sigstore v1.8.1/go.mod h1:02SL1158BSj15bZyOFz7m+/nJzLZfFd9A8ab3Kz7w/E= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 h1:rEDdUefulkIQaMJyzLwtgPDLNXBIltBABiFYfb0YmgQ= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1/go.mod h1:RCdYCc1IxCYWzh2IdzdA6Yf7JIY0cMRqH08fpQYechw= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 h1:DvRWG99QGWZC5mp42SEde2Xke/Q384Idnj2da7yB+Mk= @@ -432,6 +430,8 @@ github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qv github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/trail-of-forks/sigstore v0.0.0-20240126132223-be71bbf68e72 h1:2t43jfLSrvX1P+5n4itUo8PyvfSmVlhvk0jtcVEB70E= +github.com/trail-of-forks/sigstore v0.0.0-20240126132223-be71bbf68e72/go.mod h1:rbZxJoss0Qf/OQeIuyqkQxo9jLKZlyLqOGX0BUaK7/I= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= diff --git a/pkg/util/checkpoint_test.go b/pkg/util/checkpoint_test.go index 2b394d8db..57a509605 100644 --- a/pkg/util/checkpoint_test.go +++ b/pkg/util/checkpoint_test.go @@ -310,20 +310,22 @@ func TestSigningRoundtripCheckpoint(t *testing.T) { if err != nil { t.Fatalf("error creating signed checkpoint") } - signer, _ := signature.LoadSigner(test.signer, crypto.SHA256) - if _, ok := test.signer.(*rsa.PrivateKey); ok { - signer, _ = signature.LoadRSAPSSSigner(test.signer.(*rsa.PrivateKey), crypto.SHA256, test.opts.(*rsa.PSSOptions)) + signerOpts := []signature.LoadOption{signature.WithHash(crypto.SHA256)} + if rsaTestOpts, ok := test.opts.(*rsa.PSSOptions); ok && rsaTestOpts != nil { + signerOpts = append(signerOpts, signature.WithRSAPSS(rsaTestOpts)) } + signer, _ := signature.LoadSignerWithOpts(test.signer, signerOpts...) _, err = sth.Sign(test.identity, signer, options.WithCryptoSignerOpts(test.opts)) if (err != nil) != test.wantSignErr { t.Fatalf("signing test failed: wantSignErr %v, err %v", test.wantSignErr, err) } if !test.wantSignErr { - verifier, _ := signature.LoadVerifier(test.pubKey, crypto.SHA256) - if _, ok := test.pubKey.(*rsa.PublicKey); ok { - verifier, _ = signature.LoadRSAPSSVerifier(test.pubKey.(*rsa.PublicKey), crypto.SHA256, test.opts.(*rsa.PSSOptions)) + verifierOpts := []signature.LoadOption{signature.WithHash(crypto.SHA256)} + if rsaTestOpts, ok := test.opts.(*rsa.PSSOptions); ok && rsaTestOpts != nil { + verifierOpts = append(verifierOpts, signature.WithRSAPSS(rsaTestOpts)) } + verifier, _ := signature.LoadVerifierWithOpts(test.pubKey, verifierOpts...) if !sth.Verify(verifier) != test.wantVerifyErr { t.Fatalf("verification test failed %v", sth.Verify(verifier))