From 17a4852fbe94dccac06232d6c8a0a6a8115598f2 Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Thu, 2 Jun 2022 15:39:44 -0400 Subject: [PATCH 01/13] Checkout pull request merge commit for e2e test. (#54) This should ensure we're running the code in the PR rather than the code from main. Signed-off-by: Billy Lynch --- .github/workflows/e2e.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 1243ea20..d63ea742 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -35,6 +35,8 @@ jobs: steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 + with: + ref: "refs/pull/${{github.event.number}}/merge" - name: Set up Go uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.1.0 From dfe59ec93165e91b4f7bf047ecb6bbb5500355ad Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Thu, 2 Jun 2022 16:35:07 -0400 Subject: [PATCH 02/13] e2e: select checkout ref based on event type. (#57) This change adds logic to select the ref to checkout for events. By default pull_request_target will use the base branch as the target since it was originally intended for trusted workloads. However, we need to use this to have access to the OIDC creds for the e2e tests, so insert our own logic here. This is effectively a ternary of the form ${{ || }}. See https://docs.github.com/en/actions/learn-github-actions/expressions for more details. Signed-off-by: Billy Lynch --- .github/workflows/e2e.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index d63ea742..c620afba 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -36,7 +36,15 @@ jobs: steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 with: - ref: "refs/pull/${{github.event.number}}/merge" + # Use the merge commit if type is pull_request/pull_request_target, + # else use the default ref. + # By default pull_request_target will use the base branch as the + # target since it was originally intended for trusted workloads. + # However, we need to use this to have access to the OIDC creds + # for the e2e tests, so insert our own logic here. + # This is effectively a ternary of the form ${{ || }}. + # See https://docs.github.com/en/actions/learn-github-actions/expressions for more details. + ref: ${{ startsWith(${{ github.event_name }}, "pull_request") "refs/pull/${{ github.event.number }}/merge" }} || ${{ github.ref }} }} - name: Set up Go uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.1.0 From 9817dc00392fbc7d6a9b854771448978b0150a31 Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Thu, 2 Jun 2022 16:36:01 -0400 Subject: [PATCH 03/13] Refactor verification to use consistent verification options. (#55) - Fixes attached signature verification to respect the same options as detached signatures. - Adds tests for attached signature verification. - Exports useful functions to allow other libraries to validate commits. - Adds package documentation for what should go into git vs signature packages (because if I was getting getting tripped up, other people will too). - Removed found signature / found tlog entry claims - I'm not sure how useful these are on their own, and my gut instinct is the yes / no for the validation is probably sufficient. - Changes smimesign output in verification info to gitsign. Signed-off-by: Billy Lynch --- command_verify.go | 137 +++++++++++---------------- internal/git/doc.go | 19 ++++ internal/git/git.go | 51 +--------- internal/signature/doc.go | 17 ++++ internal/signature/signature_test.go | 72 -------------- internal/signature/verify.go | 49 ---------- pkg/git/signature_test.go | 96 +++++++++++++++++++ pkg/git/verify.go | 93 ++++++++++++++++++ 8 files changed, 286 insertions(+), 248 deletions(-) create mode 100644 internal/git/doc.go create mode 100644 internal/signature/doc.go delete mode 100644 internal/signature/signature_test.go delete mode 100644 internal/signature/verify.go create mode 100644 pkg/git/signature_test.go create mode 100644 pkg/git/verify.go diff --git a/command_verify.go b/command_verify.go index 7f0ec9cf..fe0111d1 100644 --- a/command_verify.go +++ b/command_verify.go @@ -18,53 +18,41 @@ package main import ( "bytes" "context" - "crypto/x509" "fmt" "io" "os" - "github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots" "github.com/sigstore/gitsign/internal" "github.com/sigstore/gitsign/internal/git" - "github.com/sigstore/gitsign/internal/signature" ) func commandVerify() error { + ctx := context.Background() sNewSig.emit() - if len(fileArgs) < 2 { - return verifyAttached() - } - - return verifyDetached() -} - -func verifyAttached() error { var ( - f io.ReadCloser - err error + data, sig []byte + err error ) - - // Read in signature - if len(fileArgs) == 1 { - if f, err = os.Open(fileArgs[0]); err != nil { - return fmt.Errorf("failed to open signature file (%s): %w", fileArgs[0], err) - } - defer f.Close() + detached := len(fileArgs) >= 2 + if detached { + data, sig, err = readDetached() } else { - f = stdin + sig, err = readAttached() + } + if err != nil { + return fmt.Errorf("failed to read signature data (detached: %T): %w", detached, err) } - buf := new(bytes.Buffer) - if _, err = io.Copy(buf, f); err != nil { - return fmt.Errorf("failed to read signature: %w", err) + rekor, err := newRekorClient() + if err != nil { + return fmt.Errorf("failed to create rekor client: %w", err) } - chains, err := signature.Verify(buf.Bytes(), nil, false, verifyOpts()) - cert := chains[0][0][0] + summary, err := git.Verify(ctx, rekor, data, sig, detached) if err != nil { - if len(chains) > 0 { - emitBadSig(cert) + if summary != nil && summary.Cert != nil { + emitBadSig(summary.Cert) } else { // TODO: We're omitting a bunch of arguments here. sErrSig.emit() @@ -72,23 +60,50 @@ func verifyAttached() error { return fmt.Errorf("failed to verify signature: %w", err) } - var ( - fpr = internal.CertHexFingerprint(cert) - subj = cert.Subject.String() - ) + fpr := internal.CertHexFingerprint(summary.Cert) - fmt.Fprintf(stderr, "smimesign: Signature made using certificate ID 0x%s\n", fpr) - emitGoodSig(cert) + fmt.Fprintln(stderr, "tlog index:", *summary.LogEntry.LogIndex) + fmt.Fprintf(stderr, "gitsign: Signature made using certificate ID 0x%s | %v\n", fpr, summary.Cert.Issuer) + emitGoodSig(summary.Cert) // TODO: Maybe split up signature checking and certificate checking so we can // output something more meaningful. - fmt.Fprintf(stderr, "smimesign: Good signature from \"%s\"\n", subj) + fmt.Fprintf(stderr, "gitsign: Good signature from %v\n", summary.Cert.EmailAddresses) + + for _, c := range summary.Claims { + fmt.Fprintf(stderr, "%s: %t\n", string(c.Key), c.Value) + } + emitTrustFully() return nil } -func verifyDetached() error { +func readAttached() ([]byte, error) { + var ( + f io.ReadCloser + err error + ) + + // Read in signature + if len(fileArgs) == 1 { + if f, err = os.Open(fileArgs[0]); err != nil { + return nil, fmt.Errorf("failed to open signature file (%s): %w", fileArgs[0], err) + } + defer f.Close() + } else { + f = stdin + } + + sig := new(bytes.Buffer) + if _, err = io.Copy(sig, f); err != nil { + return nil, fmt.Errorf("failed to read signature: %w", err) + } + + return sig.Bytes(), nil +} + +func readDetached() ([]byte, []byte, error) { var ( f io.ReadCloser err error @@ -96,12 +111,12 @@ func verifyDetached() error { // Read in signature if f, err = os.Open(fileArgs[0]); err != nil { - return fmt.Errorf("failed to open signature file (%s): %w", fileArgs[0], err) + return nil, nil, fmt.Errorf("failed to open signature file (%s): %w", fileArgs[0], err) } defer f.Close() sig := new(bytes.Buffer) if _, err = io.Copy(sig, f); err != nil { - return fmt.Errorf("failed to read signature file: %w", err) + return nil, nil, fmt.Errorf("failed to read signature file: %w", err) } // Read in signed data @@ -109,54 +124,14 @@ func verifyDetached() error { f = stdin } else { if f, err = os.Open(fileArgs[1]); err != nil { - return fmt.Errorf("failed to open message file (%s): %w", fileArgs[1], err) + return nil, nil, fmt.Errorf("failed to open message file (%s): %w", fileArgs[1], err) } defer f.Close() } buf := new(bytes.Buffer) if _, err = io.Copy(buf, f); err != nil { - return fmt.Errorf("failed to read message file: %w", err) - } - - rekor, err := newRekorClient() - if err != nil { - return fmt.Errorf("failed to create rekor client: %w", err) - } - - summary, err := git.Verify(context.Background(), rekor, buf.Bytes(), sig.Bytes()) - if err != nil { - if summary != nil && summary.Cert != nil { - emitBadSig(summary.Cert) - } else { - // TODO: We're omitting a bunch of arguments here. - sErrSig.emit() - } - return fmt.Errorf("failed to verify signature: %w", err) + return nil, nil, fmt.Errorf("failed to read message file: %w", err) } - fpr := internal.CertHexFingerprint(summary.Cert) - - fmt.Fprintln(stderr, "tlog index:", *summary.LogEntry.LogIndex) - fmt.Fprintf(stderr, "smimesign: Signature made using certificate ID 0x%s | %v\n", fpr, summary.Cert.Issuer) - emitGoodSig(summary.Cert) - - // TODO: Maybe split up signature checking and certificate checking so we can - // output something more meaningful. - fmt.Fprintf(stderr, "smimesign: Good signature from %v\n", summary.Cert.EmailAddresses) - - for _, c := range summary.Claims { - fmt.Fprintf(stderr, "%s: %t\n", string(c.Key), c.Value) - } - - emitTrustFully() - - return nil -} - -func verifyOpts() x509.VerifyOptions { - return x509.VerifyOptions{ - Roots: fulcioroots.Get(), - Intermediates: fulcioroots.GetIntermediates(), - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, - } + return buf.Bytes(), sig.Bytes(), nil } diff --git a/internal/git/doc.go b/internal/git/doc.go new file mode 100644 index 00000000..96aef47d --- /dev/null +++ b/internal/git/doc.go @@ -0,0 +1,19 @@ +// Copyright 2022 The Sigstore authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package git provides higher level funcs for signing and verifying Git +// commits. Functions here generally tie together low level signature writing +// and Sigstore components together into useful abstractions for working with +// Git objects. +package git diff --git a/internal/git/git.go b/internal/git/git.go index 013957fc..00aeae82 100644 --- a/internal/git/git.go +++ b/internal/git/git.go @@ -19,17 +19,14 @@ import ( "bytes" "context" "crypto/x509" - "encoding/pem" "fmt" - cms "github.com/github/smimesign/ietf-cms" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" - - "github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots" "github.com/sigstore/gitsign/internal/fulcio" "github.com/sigstore/gitsign/internal/rekor" "github.com/sigstore/gitsign/internal/signature" + "github.com/sigstore/gitsign/pkg/git" "github.com/sigstore/rekor/pkg/generated/models" ) @@ -83,9 +80,7 @@ type Claim struct { type ClaimCondition string const ( - ClaimParsedSignature ClaimCondition = "Parsed Git signature" ClaimValidatedSignature ClaimCondition = "Validated Git signature" - ClaimLocatedRekorEntry ClaimCondition = "Located Rekor entry" ClaimValidatedRekorEntry ClaimCondition = "Validated Rekor entry" ) @@ -96,42 +91,12 @@ func NewClaim(c ClaimCondition, ok bool) Claim { } } -func Verify(ctx context.Context, rekor rekor.Verifier, data, sig []byte) (*VerificationSummary, error) { +func Verify(ctx context.Context, rekor rekor.Verifier, data, sig []byte, detached bool) (*VerificationSummary, error) { claims := []Claim{} - // Try decoding as PEM - var der []byte - if blk, _ := pem.Decode(sig); blk != nil { - der = blk.Bytes - } else { - der = sig - } - // Parse signature - sd, err := cms.ParseSignedData(der) - if err != nil { - return nil, fmt.Errorf("failed to parse signature: %w", err) - } - claims = append(claims, NewClaim(ClaimParsedSignature, true)) - - // Generate verification options. - certs, err := sd.GetCertificates() + cert, err := git.VerifySignature(data, sig, detached) if err != nil { - return nil, fmt.Errorf("error getting signature certs: %w", err) - } - cert := certs[0] - - opts := x509.VerifyOptions{ - Roots: fulcioroots.Get(), - Intermediates: fulcioroots.GetIntermediates(), - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, - // cosign hack: ignore the current time for now - we'll use the tlog to - // verify whether the commit was signed at a valid time. - CurrentTime: cert.NotBefore, - } - - _, err = sd.VerifyDetached(data, opts) - if err != nil { - return nil, fmt.Errorf("failed to verify signature: %w", err) + return nil, err } claims = append(claims, NewClaim(ClaimValidatedSignature, true)) @@ -140,16 +105,10 @@ func Verify(ctx context.Context, rekor rekor.Verifier, data, sig []byte) (*Verif return nil, err } - tlog, err := rekor.Get(ctx, commit, cert) + tlog, err := git.VerifyRekor(ctx, rekor, commit, cert) if err != nil { - return nil, fmt.Errorf("failed to locate rekor entry: %w", err) - } - claims = append(claims, NewClaim(ClaimLocatedRekorEntry, true)) - - if err := rekor.Verify(ctx, tlog); err != nil { return nil, fmt.Errorf("failed to validate rekor entry: %w", err) } - claims = append(claims, NewClaim(ClaimValidatedRekorEntry, true)) return &VerificationSummary{ diff --git a/internal/signature/doc.go b/internal/signature/doc.go new file mode 100644 index 00000000..b0fdadda --- /dev/null +++ b/internal/signature/doc.go @@ -0,0 +1,17 @@ +// Copyright 2022 The Sigstore authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package signature handles the nitty-gritty of formatting and writing out +// signatures. Functions here should not require any network/Sigstore access. +package signature diff --git a/internal/signature/signature_test.go b/internal/signature/signature_test.go deleted file mode 100644 index ce5bf970..00000000 --- a/internal/signature/signature_test.go +++ /dev/null @@ -1,72 +0,0 @@ -// -// Copyright 2022 The Sigstore Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package signature - -import ( - "crypto" - "crypto/x509" - "fmt" - "testing" - - "github.com/github/smimesign/fakeca" -) - -type identity struct { - Identity - base *fakeca.Identity -} - -func (i *identity) Certificate() (*x509.Certificate, error) { - return i.base.Certificate, nil -} - -func (i *identity) CertificateChain() ([]*x509.Certificate, error) { - return i.base.Chain(), nil -} - -func (i *identity) Signer() (crypto.Signer, error) { - return i.base.PrivateKey, nil -} - -// TestSignVerify is a basic test to ensure that the Sign/Verify funcs can be -// used with each other. We're assuming that the actual signature format has -// been more thoroghly vetted in other packages (i.e. ietf-cms). -func TestSignVerify(t *testing.T) { - id := &identity{ - base: fakeca.New(), - } - data := []byte("tacocat") - - sig, _, err := Sign(id, data, SignOptions{ - Detached: true, - Armor: true, - // Fake CA outputs self-signed certs, so we need to use -1 to make sure - // the self-signed cert itself is included in the chain, otherwise - // Verify cannot find a cert to use for verification. - IncludeCerts: -1, - }) - if err != nil { - t.Fatalf("Sign() = %v", err) - } - - fmt.Println(id.base.Chain()) - if _, err := Verify(data, sig, true, x509.VerifyOptions{ - // Trust the fake CA - Roots: id.base.ChainPool(), - }); err != nil { - t.Fatalf("Verify() = %v", err) - } -} diff --git a/internal/signature/verify.go b/internal/signature/verify.go deleted file mode 100644 index 119dda7b..00000000 --- a/internal/signature/verify.go +++ /dev/null @@ -1,49 +0,0 @@ -// -// Copyright 2022 The Sigstore Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package signature - -import ( - "crypto/x509" - "encoding/pem" - "fmt" - - cms "github.com/github/smimesign/ietf-cms" -) - -// Verify verifies a signature for a given identity. -// -// WARNING: this function doesn't do any revocation checking. -func Verify(body, sig []byte, detached bool, opts x509.VerifyOptions) ([][][]*x509.Certificate, error) { - // Try decoding as PEM - var der []byte - if blk, _ := pem.Decode(sig); blk != nil { - der = blk.Bytes - } else { - der = sig - } - - // Parse signature - sd, err := cms.ParseSignedData(der) - if err != nil { - return nil, fmt.Errorf("failed to parse signature: %w", err) - } - - if detached { - return sd.VerifyDetached(body, opts) - } - - return sd.Verify(opts) -} diff --git a/pkg/git/signature_test.go b/pkg/git/signature_test.go new file mode 100644 index 00000000..a7a6a48f --- /dev/null +++ b/pkg/git/signature_test.go @@ -0,0 +1,96 @@ +// +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package git + +import ( + "crypto" + "crypto/x509" + "fmt" + "os" + "testing" + + "github.com/github/smimesign/fakeca" + "github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots" + "github.com/sigstore/gitsign/internal/signature" + "github.com/sigstore/sigstore/pkg/cryptoutils" +) + +type identity struct { + signature.Identity + base *fakeca.Identity +} + +func (i *identity) Certificate() (*x509.Certificate, error) { + return i.base.Certificate, nil +} + +func (i *identity) CertificateChain() ([]*x509.Certificate, error) { + return i.base.Chain(), nil +} + +func (i *identity) Signer() (crypto.Signer, error) { + return i.base.PrivateKey, nil +} + +// TestSignVerify is a basic test to ensure that the Sign/Verify funcs can be +// used with each other. We're assuming that the actual signature format has +// been more thoroghly vetted in other packages (i.e. ietf-cms). +func TestSignVerify(t *testing.T) { + ca := fakeca.New() + initFulcioRoots(t, ca.Certificate) + + id := &identity{ + base: ca, + } + data := []byte("tacocat") + + for _, detached := range []bool{true, false} { + t.Run(fmt.Sprintf("detached(%t)", detached), func(t *testing.T) { + sig, _, err := signature.Sign(id, data, signature.SignOptions{ + Detached: detached, + Armor: true, + // Fake CA outputs self-signed certs, so we need to use -1 to make sure + // the self-signed cert itself is included in the chain, otherwise + // Verify cannot find a cert to use for verification. + IncludeCerts: -1, + }) + if err != nil { + t.Fatalf("Sign() = %v", err) + } + if _, err := VerifySignature(data, sig, detached); err != nil { + t.Fatalf("Verify() = %v", err) + } + }) + } +} + +func initFulcioRoots(t *testing.T, cert *x509.Certificate) { + t.Helper() + + pem, _ := cryptoutils.MarshalCertificateToPEM(cert) + tmp, err := os.CreateTemp(t.TempDir(), "fulcio_root_*.cert") + if err != nil { + t.Fatalf("failed to create temp cert file: %v", err) + } + defer tmp.Close() + if _, err := tmp.Write(pem); err != nil { + t.Fatalf("failed to write cert file: %v", err) + } + t.Setenv("SIGSTORE_ROOT_FILE", tmp.Name()) + + // Call fulcioroots to set up the root init. + _ = fulcioroots.Get() +} diff --git a/pkg/git/verify.go b/pkg/git/verify.go new file mode 100644 index 00000000..2b4bae37 --- /dev/null +++ b/pkg/git/verify.go @@ -0,0 +1,93 @@ +// +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package git + +import ( + "context" + "crypto/x509" + "encoding/pem" + "fmt" + + cms "github.com/github/smimesign/ietf-cms" + + "github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots" + "github.com/sigstore/gitsign/internal/rekor" + "github.com/sigstore/rekor/pkg/generated/models" +) + +// VerifySignature verifies for a given Git data + signature pair. +// +// Data should be the Git data that was signed (i.e. everything in the commit +// besides the signature). Note: passing in the commit object itself will not +// work. +// +// Signatures should be CMS/PKCS7 formatted. +func VerifySignature(data, sig []byte, detached bool) (*x509.Certificate, error) { + // Try decoding as PEM + var der []byte + if blk, _ := pem.Decode(sig); blk != nil { + der = blk.Bytes + } else { + der = sig + } + // Parse signature + sd, err := cms.ParseSignedData(der) + if err != nil { + return nil, fmt.Errorf("failed to parse signature: %w", err) + } + + // Generate verification options. + certs, err := sd.GetCertificates() + if err != nil { + return nil, fmt.Errorf("error getting signature certs: %w", err) + } + cert := certs[0] + + opts := x509.VerifyOptions{ + Roots: fulcioroots.Get(), + Intermediates: fulcioroots.GetIntermediates(), + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, + // cosign hack: ignore the current time for now - we'll use the tlog to + // verify whether the commit was signed at a valid time. + CurrentTime: cert.NotBefore, + } + + if detached { + if _, err := sd.VerifyDetached(data, opts); err != nil { + return nil, fmt.Errorf("failed to verify detached signature: %w", err) + } + } else { + if _, err := sd.Verify(opts); err != nil { + return nil, fmt.Errorf("failed to verify attached signature: %w", err) + } + } + + return cert, nil +} + +// VerifyRekor verifies the given commit + cert exists in the Rekor transparency log. +func VerifyRekor(ctx context.Context, rekor rekor.Verifier, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error) { + tlog, err := rekor.Get(ctx, commitSHA, cert) + if err != nil { + return nil, fmt.Errorf("failed to locate rekor entry: %w", err) + } + + if err := rekor.Verify(ctx, tlog); err != nil { + return nil, fmt.Errorf("failed to validate rekor entry: %w", err) + } + + return tlog, nil +} From 660df819a50c1c12f2c846e730038f281cb27c67 Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Thu, 2 Jun 2022 19:36:32 -0400 Subject: [PATCH 04/13] Fix e2e ref expression. (#59) I was foolish thinking it was right the first time. Fixes the expression to actually be correct. Verified in a test repo. Signed-off-by: Billy Lynch --- .github/workflows/e2e.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index c620afba..9385afa5 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -42,9 +42,9 @@ jobs: # target since it was originally intended for trusted workloads. # However, we need to use this to have access to the OIDC creds # for the e2e tests, so insert our own logic here. - # This is effectively a ternary of the form ${{ || }}. + # This is effectively a ternary of the form ${{ && || }}. # See https://docs.github.com/en/actions/learn-github-actions/expressions for more details. - ref: ${{ startsWith(${{ github.event_name }}, "pull_request") "refs/pull/${{ github.event.number }}/merge" }} || ${{ github.ref }} }} + ref: ${{ startsWith(github.event_name, 'pull_request') && format('refs/pull/{0}/merge', github.event.number) || github.ref }} - name: Set up Go uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.1.0 From c72bc2cc8d5cae883603125a837934d16072b179 Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Thu, 2 Jun 2022 19:37:55 -0400 Subject: [PATCH 05/13] Partially remove cosign dependencies for fulcio / rekor client creation. (#53) Mostly a refactor to replace some of the cosign calls with their equivalent underlying implementations. Signed-off-by: Billy Lynch --- internal/fulcio/fulcio.go | 45 ++++++++++++++++++++++++++------------- internal/rekor/rekor.go | 4 ++-- 2 files changed, 32 insertions(+), 17 deletions(-) diff --git a/internal/fulcio/fulcio.go b/internal/fulcio/fulcio.go index 34953164..071a5ef5 100644 --- a/internal/fulcio/fulcio.go +++ b/internal/fulcio/fulcio.go @@ -18,6 +18,9 @@ package fulcio import ( "context" "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" "crypto/x509" "encoding/pem" "fmt" @@ -25,9 +28,9 @@ import ( "os" "github.com/sigstore/cosign/cmd/cosign/cli/fulcio" - "github.com/sigstore/cosign/cmd/cosign/cli/options" "github.com/sigstore/cosign/cmd/cosign/cli/sign" "github.com/sigstore/cosign/pkg/providers" + "github.com/sigstore/sigstore/pkg/signature" ) type Identity struct { @@ -47,25 +50,37 @@ func NewIdentity(ctx context.Context, w io.Writer) (*Identity, error) { } authFlow = fulcio.FlowToken } - sv, err := sign.SignerFromKeyOpts(ctx, "", "", options.KeyOpts{ - FulcioURL: envOrValue("GITSIGN_FULCIO_URL", "https://fulcio.sigstore.dev"), - OIDCIssuer: envOrValue("GITSIGN_OIDC_ISSUER", "https://oauth2.sigstore.dev/auth"), - OIDCClientID: clientID, - OIDCRedirectURL: os.Getenv("GITSIGN_OIDC_REDIRECT_URL"), - RekorURL: envOrValue("GITSIGN_REKOR_URL", "https://rekor.sigstore.dev"), - // Force browser based interactive mode - Git captures both stdout and - // stderr when it invokes the signing tool, so we can't use the - // code-based flow here for now (may require an upstream Git change to - // support). - FulcioAuthFlow: authFlow, - IDToken: idToken, - }) + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, fmt.Errorf("generating private key: %w", err) + } + + fClient, err := fulcio.NewClient(envOrValue("GITSIGN_FULCIO_URL", "https://fulcio.sigstore.dev")) + if err != nil { + return nil, fmt.Errorf("error creating Fulcio client: %w", err) + } + + issuer := envOrValue("GITSIGN_OIDC_ISSUER", "https://oauth2.sigstore.dev/auth") + redirectURL := os.Getenv("GITSIGN_OIDC_REDIRECT_URL") + + cert, err := fulcio.GetCert(ctx, priv, idToken, authFlow, issuer, clientID, "", redirectURL, fClient) if err != nil { fmt.Fprintln(w, "error getting signer:", err) return nil, err } + + sv, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256) + if err != nil { + return nil, err + } + return &Identity{ - sv: sv, + sv: &sign.SignerVerifier{ + Cert: cert.CertPEM, + Chain: cert.ChainPEM, + SignerVerifier: sv, + }, stderr: w, }, nil } diff --git a/internal/rekor/rekor.go b/internal/rekor/rekor.go index 5fbccacb..b0f2c2b8 100644 --- a/internal/rekor/rekor.go +++ b/internal/rekor/rekor.go @@ -31,8 +31,8 @@ import ( "github.com/go-openapi/strfmt" "github.com/go-openapi/swag" - "github.com/sigstore/cosign/cmd/cosign/cli/rekor" "github.com/sigstore/cosign/pkg/cosign" + rekor "github.com/sigstore/rekor/pkg/client" "github.com/sigstore/rekor/pkg/generated/client" "github.com/sigstore/rekor/pkg/generated/client/index" "github.com/sigstore/rekor/pkg/generated/models" @@ -57,7 +57,7 @@ type Client struct { } func New(url string) (*Client, error) { - c, err := rekor.NewClient(url) + c, err := rekor.GetRekorClient(url, rekor.WithUserAgent("gitsign")) if err != nil { return nil, err } From e2a8996052ea0267951f17ab044d25dead18e825 Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Fri, 3 Jun 2022 16:17:02 -0400 Subject: [PATCH 06/13] Remove dependency on cosign/cli/fulcio. (#63) This reimplements much of the behavior in https://github.com/sigstore/cosign/blob/v1.9.0/cmd/cosign/cli/fulcio/fulcio.go to remove the dependency on cosign for fulcio operations. We may want to upstream this library to sigstore/sigstore, but starting off here to get a feel for other changes we might want to make first. Signed-off-by: Billy Lynch --- go.mod | 60 +------------ go.sum | 78 ---------------- internal/fulcio/fulcio.go | 157 ++++++++++++--------------------- internal/fulcio/fulcio_test.go | 142 +++++++++++++++++++++++++++++ internal/fulcio/identity.go | 146 ++++++++++++++++++++++++++++++ internal/fulcio/signer.go | 25 ++++++ 6 files changed, 374 insertions(+), 234 deletions(-) create mode 100644 internal/fulcio/fulcio_test.go create mode 100644 internal/fulcio/identity.go create mode 100644 internal/fulcio/signer.go diff --git a/go.mod b/go.mod index 95ec6aab..148d8c42 100644 --- a/go.mod +++ b/go.mod @@ -3,16 +3,20 @@ module github.com/sigstore/gitsign go 1.17 require ( + github.com/coreos/go-oidc/v3 v3.2.0 github.com/github/smimesign v0.2.0 github.com/go-git/go-git/v5 v5.4.2 github.com/go-openapi/runtime v0.24.1 github.com/go-openapi/strfmt v0.21.2 github.com/go-openapi/swag v0.21.1 + github.com/google/go-cmp v0.5.8 github.com/pborman/getopt v0.0.0-20180811024354-2b5b3bfb099b github.com/sigstore/cosign v1.8.1-0.20220601172726-ae90c7495df6 + github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 github.com/sigstore/rekor v0.7.0 github.com/sigstore/sigstore v1.2.1-0.20220512194100-3ed986cc9758 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 + golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 ) require ( @@ -21,54 +25,25 @@ require ( cloud.google.com/go/compute v1.6.1 // indirect cloud.google.com/go/iam v0.3.0 // indirect cloud.google.com/go/storage v1.22.1 // indirect - github.com/Azure/azure-sdk-for-go v64.0.0+incompatible // indirect - github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.27 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect - github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect - github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/logger v0.2.1 // indirect - github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/PaesslerAG/gval v1.0.0 // indirect github.com/PaesslerAG/jsonpath v0.1.1 // indirect github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect - github.com/ThalesIgnite/crypto11 v1.2.5 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect - github.com/aws/aws-sdk-go-v2 v1.14.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.14.0 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.9.0 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.10.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.15.0 // indirect - github.com/aws/smithy-go v1.11.0 // indirect - github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 // indirect github.com/benbjohnson/clock v1.1.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect - github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect - github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect - github.com/coreos/go-oidc/v3 v3.2.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20210823021906-dc406ceaf94b // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/cli v20.10.12+incompatible // indirect github.com/docker/distribution v2.8.0+incompatible // indirect github.com/docker/docker v20.10.12+incompatible // indirect @@ -84,7 +59,6 @@ require ( github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.3.1 // indirect - github.com/go-logr/logr v1.2.2 // indirect github.com/go-openapi/analysis v0.21.2 // indirect github.com/go-openapi/errors v0.20.2 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect @@ -92,13 +66,11 @@ require ( github.com/go-openapi/loads v0.21.1 // indirect github.com/go-openapi/spec v0.20.6 // indirect github.com/go-openapi/validate v0.21.0 // indirect - github.com/go-piv/piv-go v1.9.0 // indirect github.com/go-playground/locales v0.14.0 // indirect github.com/go-playground/universal-translator v0.18.0 // indirect github.com/go-playground/validator/v10 v10.11.0 // indirect github.com/go-stack/stack v1.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.3.0 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/mock v1.6.0 // indirect @@ -106,31 +78,22 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/certificate-transparency-go v1.1.2 // indirect - github.com/google/go-cmp v0.5.8 // indirect github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 // indirect - github.com/google/go-github/v42 v42.0.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/google/trillian v1.4.1 // indirect github.com/google/uuid v1.3.0 // indirect github.com/googleapis/gax-go/v2 v2.4.0 // indirect - github.com/googleapis/gnostic v0.5.5 // indirect github.com/googleapis/go-type-adapters v1.0.0 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect - github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.12 // indirect github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect github.com/jhump/protoreflect v1.10.3 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jonboulle/clockwork v0.3.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -141,7 +104,6 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect - github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -166,7 +128,6 @@ require ( github.com/segmentio/ksuid v1.0.4 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect - github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/soheilhy/cmux v0.1.5 // indirect @@ -180,14 +141,12 @@ require ( github.com/subosito/gotenv v1.3.0 // indirect github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect - github.com/thales-e-security/pool v0.0.2 // indirect github.com/theupdateframework/go-tuf v0.3.0 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect github.com/transparency-dev/merkle v0.0.1 // indirect github.com/urfave/cli v1.22.7 // indirect github.com/vbatts/tar-split v0.11.2 // indirect - github.com/xanzy/go-gitlab v0.68.0 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/zeebo/errs v1.2.2 // indirect go.etcd.io/bbolt v1.3.6 // indirect @@ -219,7 +178,6 @@ require ( go.uber.org/zap v1.21.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect - golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect golang.org/x/sync v0.0.0-20220513210516-0976fa681c29 // indirect golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect @@ -233,7 +191,6 @@ require ( google.golang.org/grpc v1.46.2 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.66.4 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect @@ -241,15 +198,6 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0 // indirect gotest.tools/v3 v3.1.0 // indirect - k8s.io/api v0.23.5 // indirect - k8s.io/apimachinery v0.23.5 // indirect - k8s.io/client-go v0.23.5 // indirect - k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89 // indirect - k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect - k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect knative.dev/pkg v0.0.0-20220325200448-1f7514acd0c2 // indirect - sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect - sigs.k8s.io/release-utils v0.6.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 5c54f13f..b08bbd37 100644 --- a/go.sum +++ b/go.sum @@ -136,7 +136,6 @@ github.com/Azure/azure-sdk-for-go v60.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v60.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v64.0.0+incompatible h1:WAA77WBDWYtNfCC95V70VvkdzHe+wM/r2MQ9mG7fnQs= github.com/Azure/azure-sdk-for-go v64.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-service-bus-go v0.11.5/go.mod h1:MI6ge2CuQWBVq+ly456MY7XqNLJip5LO1iSFodbNLbU= @@ -149,7 +148,6 @@ github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs= @@ -158,7 +156,6 @@ github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgq github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.22/go.mod h1:BAWYUWGPEtKPzjVkp0Q6an0MJcJDsoh5Z1BFAEFs4Xs= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= @@ -166,31 +163,22 @@ github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyC github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.9/go.mod h1:hg3/1yw0Bq87O3KvvnJoAh34/0zbP7SFizX/qN5JvjU= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA= github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= github.com/Azure/go-autorest/autorest/azure/cli v0.4.4/go.mod h1:yAQ2b6eP/CmLPnmLvxtT1ALIY3OR1oFcCqVBi8vHiTc= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= -github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= @@ -252,7 +240,6 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/ReneKroon/ttlcache/v2 v2.10.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY= -github.com/ReneKroon/ttlcache/v2 v2.11.0 h1:OvlcYFYi941SBN3v9dsDcC2N8vRxyHcCmJb3Vl4QMoM= github.com/ReneKroon/ttlcache/v2 v2.11.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= @@ -300,10 +287,8 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= -github.com/armon/go-metrics v0.4.0 h1:yCQqn7dwca4ITXb+CbubHmedzaQYHhNhrEXLYUeEe8Q= github.com/armon/go-metrics v0.4.0/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= @@ -333,47 +318,36 @@ github.com/aws/aws-sdk-go v1.42.8/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+ github.com/aws/aws-sdk-go v1.42.22/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.42.25/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs= github.com/aws/aws-sdk-go v1.43.45/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.12 h1:5f7ESFKQv5WHX8m37H2T8G+tc/rggy7sfdZ8ioqXFY8= github.com/aws/aws-sdk-go v1.44.12/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250= github.com/aws/aws-sdk-go-v2 v1.11.0/go.mod h1:SQfA+m2ltnu1cA0soUkj4dRSsmITiVQUJvBIZjzfPyQ= -github.com/aws/aws-sdk-go-v2 v1.14.0 h1:IzSYBJHu0ZdUi27kIW6xVrs0eSxI4AzwbenzfXhhVs4= github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.0.0/go.mod h1:Xn6sxgRuIDflLRJFj5Ev7UxABIkNbccFPV/p8itDReM= github.com/aws/aws-sdk-go-v2/config v1.5.0/go.mod h1:RWlPOAW3E3tbtNAqTwvSW54Of/yP3oiZXMI0xfUdjyA= github.com/aws/aws-sdk-go-v2/config v1.10.1/go.mod h1:auIv5pIIn3jIBHNRcVQcsczn6Pfa6Dyv80Fai0ueoJU= -github.com/aws/aws-sdk-go-v2/config v1.14.0 h1:Yr8/7R6H8nqqfqgLATrcB83ax6FE2HcDXEB54XPhE98= github.com/aws/aws-sdk-go-v2/config v1.14.0/go.mod h1:GKDRrvsq/PTaOYc9252u8Uah1hsIdtor4oIrFvUNPNM= github.com/aws/aws-sdk-go-v2/credentials v1.3.1/go.mod h1:r0n73xwsIVagq8RsxmZbGSRQFj9As3je72C2WzUIToc= github.com/aws/aws-sdk-go-v2/credentials v1.6.1/go.mod h1:QyvQk1IYTqBWSi1T6UgT/W8DMxBVa5pVuLFSRLLhGf8= -github.com/aws/aws-sdk-go-v2/credentials v1.9.0 h1:R3Q5s1uGLUg0aUzi+oRaUqRXhd17G/9+PiVnAwXp4sY= github.com/aws/aws-sdk-go-v2/credentials v1.9.0/go.mod h1:PyHKqk/+tJuDY7T8R580S1j/AcSD+ODeUZ99CAUKLqQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.3.0/go.mod h1:2LAuqPx1I6jNfaGDucWfA2zqQCYCOMCDHiCOciALyNw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.8.0/go.mod h1:5E1J3/TTYy6z909QNR0QnXGBpfESYGDqd3O0zqONghU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 h1:CkM4d3lNeMXMZ0BDX3BtCktnKA1Ftud84Hb6d+Ix4Rk= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0/go.mod h1:rwdUKJV5rm+vHu1ncD1iGDqahBEL8O0tBjVqo9eO2N0= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.7.1/go.mod h1:wN/mvkow08GauDwJ70jnzJ1e+hE+Q3Q7TwpYLXOe9oI= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.0/go.mod h1:NO3Q5ZTTQtO2xIg2+xTXYDiT7knSejfeDm7WGDaOo0U= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5 h1:+phazLmKkjBYhFTsGYH9J7jgnA8+Aer2yE4QeS4zn6A= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5/go.mod h1:2hXc8ooJqF2nAznsbJQIn+7h851/bu8GVC80OVTTqf8= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.0.0/go.mod h1:anlUzBoEWglcUxUQwZA7HQOEVEnQALVZsizAapB2hq8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0 h1:PO+HNeJBeRK0yVD9CQZ+VUrYfd5sXqS7YdPYHHcDkR4= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0/go.mod h1:miRSv9l093jX/t/j+mBCaLqFHo9xKYzJ7DGm1BsGoJM= github.com/aws/aws-sdk-go-v2/internal/ini v1.1.1/go.mod h1:Zy8smImhTdOETZqfyn01iNOe0CNggVbPjCajyaz6Gvg= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.0/go.mod h1:6oXGy4GLpypD3uCh8wcqztigGgmhLToMfjavgh+VySg= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 h1:c8s9EhIPVFMFS+R1+rtEghGrf7v83gSUWbcCYX/OPes= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6/go.mod h1:o1ippSg3yJx5EuT4AOGXJCUcmt5vrcxla1cg6K1Q8Iw= github.com/aws/aws-sdk-go-v2/service/ecr v1.4.1/go.mod h1:FglZcyeiBqcbvyinl+n14aT/EWC7S1MIH+Gan2iizt0= -github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 h1:lY2Z2sBP+zSbJ6CvvmnFgPcgknoQ0OJV88AwVetRRFk= github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0/go.mod h1:4zYI85WiYDhFaU1jPFVfkD7HlBcdnITDE3QxDwy4Kus= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.4.1/go.mod h1:eD5Eo4drVP2FLTw0G+SMIPWNWvQRGGTtIZR2XeAagoA= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 h1:LsqBpyRofMG6eDs6YGud6FhdGyIyXelAasPOZ6wWLro= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0/go.mod h1:IArQ3IBR00FkuraKwudKZZU32OxJfdTdwV+W5iZh3Y4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.5.0/go.mod h1:80NaCIH9YU3rzTTs/J/ECATjXuRqzo/wB6ukO6MZ0XY= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.2.1/go.mod h1:zceowr5Z1Nh2WVP8bf/3ikB41IZW59E4yIYbg+pC6mw= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.5.0/go.mod h1:Mq6AEc+oEjCUlBuLiK5YwW4shSOAKCQ3tXN0sQeYoBA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0 h1:JNMALY8/ZnFsfAzBHtC4gq8JeZPANmIoI2VaBgYzbf8= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0/go.mod h1:rBDLgXDAwHOfxZKLRDl8OGTPzFDC+a2pLqNNj8+QwfI= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.9.0/go.mod h1:xKCZ4YFSF2s4Hnb/J0TLeOsKuGzICzcElaOKNGrVnx4= github.com/aws/aws-sdk-go-v2/service/kms v1.10.0/go.mod h1:ZkHWL8m5Nw1g9yMXqpCjnIJtSDToAmNbXXZ9gj0bO7s= @@ -384,17 +358,13 @@ github.com/aws/aws-sdk-go-v2/service/sqs v1.12.0/go.mod h1:TDqDmQnsbgL2ZMIGUf3z9 github.com/aws/aws-sdk-go-v2/service/ssm v1.15.0/go.mod h1:kJa2uHklY03rKsNSbEsToeUgWJ1PambXBtRNacorRhg= github.com/aws/aws-sdk-go-v2/service/sso v1.3.1/go.mod h1:J3A3RGUvuCZjvSuZEcOpHDnzZP/sKbhDWV2T1EOzFIM= github.com/aws/aws-sdk-go-v2/service/sso v1.6.0/go.mod h1:Q/l0ON1annSU+mc0JybDy1Gy6dnJxIcWjphO6qJPzvM= -github.com/aws/aws-sdk-go-v2/service/sso v1.10.0 h1:qCuSRiQhsPU46NH79HUyPQEn5AcpMj+2gsqMYwtzdw8= github.com/aws/aws-sdk-go-v2/service/sso v1.10.0/go.mod h1:m1CRRFX7eH3EE6w0ntdu+lo+Ph9VS7y8qRV/vdym0ZY= github.com/aws/aws-sdk-go-v2/service/sts v1.6.0/go.mod h1:q7o0j7d7HrJk/vr9uUt3BVRASvcU7gYZB9PUgPiByXg= github.com/aws/aws-sdk-go-v2/service/sts v1.10.0/go.mod h1:jLKCFqS+1T4i7HDqCP9GM4Uk75YW1cS0o82LdxpMyOE= -github.com/aws/aws-sdk-go-v2/service/sts v1.15.0 h1:zC/vHxWTlqZ0tIPJItg0zWHsa25cH7tXsUknSGcH39o= github.com/aws/aws-sdk-go-v2/service/sts v1.15.0/go.mod h1:E264g2Gl5U9KTGzmd8ypGEAoh75VmqyuA/Ox5O1eRE4= github.com/aws/smithy-go v1.6.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.9.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= -github.com/aws/smithy-go v1.11.0 h1:nOfSDwiiH232f90OuevPnAEQO5ZqH+xnn8uGVsvBCw4= github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM= -github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 h1:IWeCJzU+IYaO2rVEBlGPTBfe90cmGXFTLdhUFlzDGsY= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795/go.mod h1:8vJsEZ4iRqG+Vx6pKhWK6U00qcj0KC37IsfszMkY6UE= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/beeker1121/goque v1.0.3-0.20191103205551-d618510128af/go.mod h1:84CWnaDz4g1tEVnFLnuBigmGK15oPohy0RfvSN8d4eg= @@ -444,10 +414,8 @@ github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e/go.mod h1:V284PjgVwSk4ETmz84rpu9ehpGg7swlIH8npP9k2bGw= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cavaliercoder/go-rpm v0.0.0-20200122174316-8cb9fd9c31a8/go.mod h1:AZIh1CCnMrcVm6afFf96PBvE2MRpWFco91z8ObJtgDY= -github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -467,7 +435,6 @@ github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6pr github.com/chavacava/garif v0.0.0-20210405164556-e8a0a408d6af/go.mod h1:Qjyv4H3//PWVzTeCezG2b9IRn6myJxJSr4TD/xo6ojU= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= -github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 h1:XlpL9EHrPOBJMLDDOf35/G4t5rGAFNNAZQ3cDcWavtc= github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21/go.mod h1:Zlre/PVxuSI9y6/UV4NwGixQ48RHQDSPiUkofr6rbMU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= @@ -505,7 +472,6 @@ github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u9 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= -github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= @@ -661,7 +627,6 @@ github.com/dgryski/go-lttb v0.0.0-20180810165845-318fcdf10a77/go.mod h1:Va5MyIzk github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= @@ -825,7 +790,6 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= @@ -942,7 +906,6 @@ github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE github.com/go-openapi/validate v0.20.3/go.mod h1:goDdqVGiigM3jChcrYJxD2joalke3ZXeftD16byIjA4= github.com/go-openapi/validate v0.21.0 h1:+Wqk39yKOhfpLqNLEC0/eViCkzM5FVXVqrvt526+wcI= github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= -github.com/go-piv/piv-go v1.9.0 h1:P6j2gjfP7zO7T3nCk/jwCgsvFRwB8shEqAJ4q85jgXc= github.com/go-piv/piv-go v1.9.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= @@ -1063,7 +1026,6 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.3.0 h1:kHL1vqdqWNfATmA0FNMdmZNMyZI1U6O31X4rlIPoBog= github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -1170,11 +1132,9 @@ github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-2022030118263 github.com/google/go-github/v27 v27.0.6/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-github/v39 v39.0.0/go.mod h1:C1s8C5aCC9L+JXIYpJM5GYytdX52vC1bLvHEF1IhBrE= -github.com/google/go-github/v42 v42.0.0 h1:YNT0FwjPrEysRkLIiKuEfSvBPCGKphW5aS5PxwaoLec= github.com/google/go-github/v42 v42.0.0/go.mod h1:jgg/jvyI0YlDOM1/ps6XYh04HNQ3vKf0CVko62/EhRg= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk= @@ -1182,7 +1142,6 @@ github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwG github.com/google/go-replayers/httpreplay v1.0.0/go.mod h1:LJhKoTwS5Wy5Ld/peq8dFFG5OfJyHEz7ft+DsTUv25M= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/mako v0.0.0-20190821191249-122f8dcef9e3/go.mod h1:YzLcVlL+NqWnmUEPuhS1LxDDwGO9WNbVlEXaF4IH35g= @@ -1243,7 +1202,6 @@ github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= @@ -1309,11 +1267,9 @@ github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= @@ -1321,57 +1277,45 @@ github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39 github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.1.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= -github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= -github.com/hashicorp/go-plugin v1.4.4 h1:NVdrSdFRt3SkZtNckJ6tog7gbpRrcbOjQi/rgF7JYWQ= github.com/hashicorp/go-plugin v1.4.4/go.mod h1:viDMjcLJuDui6pXb8U4HVfb8AamCWhHGUjr2IrTF67s= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= -github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmkiSY5xuju57czJ/IJQ= github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.2/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 h1:MBgwAFPUbfuI0+tmDU/aeM1MARvdbqWmiieXIalKqDE= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.5.0 h1:O293SZ2Eg+AAYijkVK3jR786Am1bhDEh2GHT0tIVE5E= github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1393,14 +1337,11 @@ github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpT github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= -github.com/hashicorp/vault/api v1.5.0 h1:Bp6yc2bn7CWkOrVIzFT/Qurzx528bdavF3nz590eu28= github.com/hashicorp/vault/api v1.5.0/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= -github.com/hashicorp/vault/sdk v0.5.0 h1:EED7p0OCU3OY5SAqJwSANofY1YKMytm+jDHDQ2EzGVQ= github.com/hashicorp/vault/sdk v0.5.0/go.mod h1:UJZHlfwj7qUJG8g22CuxUgkdJouFrBNvBHCyx8XAPdo= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I= github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/honeycombio/beeline-go v1.1.1 h1:sU8r4ae34uEL3/CguSl8Mr+Asz9DL1nfH9Wwk85Pc7U= github.com/honeycombio/beeline-go v1.1.1/go.mod h1:kN0cfUGBMfA87DyCYbiiLoSzWsnw3bluZvNEWtatHxk= @@ -1488,9 +1429,7 @@ github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4= github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo= @@ -1698,7 +1637,6 @@ github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -1706,7 +1644,6 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= @@ -1724,7 +1661,6 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= @@ -1780,7 +1716,6 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= @@ -1887,7 +1822,6 @@ github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4/v4 v4.0.3/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -2018,7 +1952,6 @@ github.com/ryancurrah/gomodguard v1.2.3/go.mod h1:rYbA/4Tg5c54mV1sv4sQTP5WOPBcoL github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE= @@ -2267,7 +2200,6 @@ github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/withfig/autocomplete-tools/packages/cobra v0.0.0-20220122124547-31d3821a6898/go.mod h1:cKObXQ6PVFO7bHUd5jpApXvMIt55Ewz7UdMiC05ONxI= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/go-gitlab v0.68.0 h1:b2iMQHgZ1V+NyRqLRJVv6RFfr4xnd/AASeS/PETYL0Y= github.com/xanzy/go-gitlab v0.68.0/go.mod h1:o4yExCtdaqlM8YGdDJWuZoBmfxBsmA9TPEjs9mx1UO4= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= @@ -3314,7 +3246,6 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -3377,7 +3308,6 @@ k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= k8s.io/api v0.23.3/go.mod h1:w258XdGyvCmnBj/vGzQMj6kzdufJZVUwEM1U2fRJwSQ= k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI= -k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= k8s.io/apiextensions-apiserver v0.23.4/go.mod h1:TWYAKymJx7nLMxWCgWm2RYGXHrGlVZnxIlGnvtfYu+g= k8s.io/apimachinery v0.19.7/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q= @@ -3386,7 +3316,6 @@ k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRp k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apimachinery v0.23.3/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= @@ -3397,7 +3326,6 @@ k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= k8s.io/client-go v0.23.3/go.mod h1:47oMd+YvAOqZM7pcQ6neJtBiFH7alOyfunYN48VsmwE= k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0= -k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= k8s.io/code-generator v0.23.4/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= @@ -3418,19 +3346,16 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89 h1:bUNlsw5yb353zbKMj8srOr6V2Ajhz1VkTKonP1L8r2o= k8s.io/klog/v2 v2.60.1-0.20220317184644-43cc75f9ae89/go.mod h1:N3kgBtsFxMb4nQ0eBDgbHEt/dtxBuTkSFQ+7K5OUoz4= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf h1:M9XBsiMslw2lb2ZzglC0TOkBPK5NQi0/noUrdnoFwUg= k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220127004650-9b3446523e65/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= knative.dev/hack v0.0.0-20220224013837-e1785985d364/go.mod h1:PHt8x8yX5Z9pPquBEfIj0X66f8iWkWfR0S/sarACJrI= knative.dev/hack/schema v0.0.0-20220224013837-e1785985d364/go.mod h1:ffjwmdcrH5vN3mPhO8RrF2KfNnbHeCE2C60A+2cv3U0= @@ -3450,15 +3375,12 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyz sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= -sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/release-utils v0.4.1-0.20220207182343-6dadf2228617/go.mod h1:t9pL38kZkTBVDcjL1y7ajrkNQFLiArVAjOVO0sxzFF0= -sigs.k8s.io/release-utils v0.6.0 h1:wJDuzWJqPH4a5FAxAXE2aBvbB6UMIW7iYMhsKnIMQkA= sigs.k8s.io/release-utils v0.6.0/go.mod h1:kR1/DuYCJ4covppUasYNcA11OixC9O37B/E0ejRfb+c= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/internal/fulcio/fulcio.go b/internal/fulcio/fulcio.go index 071a5ef5..e5c41164 100644 --- a/internal/fulcio/fulcio.go +++ b/internal/fulcio/fulcio.go @@ -1,11 +1,10 @@ -// -// Copyright 2022 The Sigstore Authors. +// Copyright 2022 The Sigstore authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -16,130 +15,88 @@ package fulcio import ( - "context" "crypto" - "crypto/ecdsa" - "crypto/elliptic" "crypto/rand" + "crypto/sha256" "crypto/x509" - "encoding/pem" - "fmt" - "io" - "os" + "net/url" + "reflect" + "strings" - "github.com/sigstore/cosign/cmd/cosign/cli/fulcio" - "github.com/sigstore/cosign/cmd/cosign/cli/sign" - "github.com/sigstore/cosign/pkg/providers" - "github.com/sigstore/sigstore/pkg/signature" + "github.com/sigstore/fulcio/pkg/api" + "github.com/sigstore/sigstore/pkg/oauthflow" ) -type Identity struct { - sv *sign.SignerVerifier - stderr io.Writer +// Client provides a fulcio client with helpful options for configuring OIDC +// flows. +type Client struct { + api.Client + oidc OIDCOptions } -func NewIdentity(ctx context.Context, w io.Writer) (*Identity, error) { - clientID := envOrValue("GITSIGN_OIDC_CLIENT_ID", "sigstore") - idToken := "" - authFlow := fulcio.FlowNormal - if providers.Enabled(ctx) { - var err error - idToken, err = providers.Provide(ctx, clientID) - if err != nil { - fmt.Fprintln(w, "error getting id token:", err) - } - authFlow = fulcio.FlowToken - } +// OIDCOptions contains settings for OIDC operations. +type OIDCOptions struct { + Issuer string + ClientID string + ClientSecret string + RedirectURL string + TokenGetter oauthflow.TokenGetter +} - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) +func NewClient(fulcioURL string, opts OIDCOptions) (*Client, error) { + u, err := url.Parse(fulcioURL) if err != nil { - return nil, fmt.Errorf("generating private key: %w", err) + return nil, err } + client := api.NewClient(u, api.WithUserAgent("gitsign")) + return &Client{ + Client: client, + oidc: opts, + }, nil +} - fClient, err := fulcio.NewClient(envOrValue("GITSIGN_FULCIO_URL", "https://fulcio.sigstore.dev")) +// GetCert exchanges the given private key for a Fulcio certificate. +func (c *Client) GetCert(priv crypto.Signer) (*api.CertificateResponse, error) { + pubBytes, err := x509.MarshalPKIXPublicKey(priv.Public()) if err != nil { - return nil, fmt.Errorf("error creating Fulcio client: %w", err) + return nil, err } - issuer := envOrValue("GITSIGN_OIDC_ISSUER", "https://oauth2.sigstore.dev/auth") - redirectURL := os.Getenv("GITSIGN_OIDC_REDIRECT_URL") - - cert, err := fulcio.GetCert(ctx, priv, idToken, authFlow, issuer, clientID, "", redirectURL, fClient) + tok, err := oauthflow.OIDConnect(c.oidc.Issuer, c.oidc.ClientID, c.oidc.ClientSecret, c.oidc.RedirectURL, c.oidc.TokenGetter) if err != nil { - fmt.Fprintln(w, "error getting signer:", err) return nil, err } - sv, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256) + // Sign the email address as part of the request + h := sha256.Sum256([]byte(tok.Subject)) + proof, err := priv.Sign(rand.Reader, h[:], nil) if err != nil { return nil, err } - return &Identity{ - sv: &sign.SignerVerifier{ - Cert: cert.CertPEM, - Chain: cert.ChainPEM, - SignerVerifier: sv, + cr := api.CertificateRequest{ + PublicKey: api.Key{ + Algorithm: keyAlgorithm(priv), + Content: pubBytes, }, - stderr: w, - }, nil -} - -func envOrValue(env, value string) string { - if v := os.Getenv(env); v != "" { - return v - } - return value -} - -// Certificate gets the identity's certificate. -func (i *Identity) Certificate() (*x509.Certificate, error) { - p, _ := pem.Decode(i.sv.Cert) - cert, err := x509.ParseCertificate(p.Bytes) - return cert, err -} - -// CertificateChain attempts to get the identity's full certificate chain. -func (i *Identity) CertificateChain() ([]*x509.Certificate, error) { - p, _ := pem.Decode(i.sv.Chain) - chain, err := x509.ParseCertificates(p.Bytes) - if err != nil { - return nil, err - } - // the cert itself needs to be appended to the chain - cert, err := i.Certificate() - if err != nil { - return nil, err + SignedEmailAddress: proof, } - return append([]*x509.Certificate{cert}, chain...), nil + return c.SigningCert(cr, tok.RawString) } -// Signer gets a crypto.Signer that uses the identity's private key. -func (i *Identity) Signer() (crypto.Signer, error) { - s, ok := i.sv.SignerVerifier.(crypto.Signer) - if !ok { - return nil, fmt.Errorf("could not use signer %T as crypto.Signer", i.sv.SignerVerifier) +// keyAlgorithm returns a string representation of the type of signer. +// Currently this is dervived from the package name - +// e.g. crypto/ecdsa.PrivateKey -> ecdsa. +// if Signer is nil, "" is returned. +func keyAlgorithm(signer crypto.Signer) string { + // This is a bit of a hack, but let's us use the package name as an approximation for + // algorithm type. + // e.g. *ecdsa.PrivateKey -> ecdsa + t := reflect.TypeOf(signer) + if t == nil { + return "" } - - return s, nil -} - -// Delete deletes this identity from the system. -func (i *Identity) Delete() error { - // Does nothing - keys are ephemeral - return nil -} - -// Close any manually managed memory held by the Identity. -func (i *Identity) Close() { - // noop -} - -func (i *Identity) PublicKey() (crypto.PublicKey, error) { - return i.sv.SignerVerifier.PublicKey() -} - -func (i *Identity) SignerVerifier() *sign.SignerVerifier { - return i.sv + s := strings.Split(strings.TrimPrefix(t.String(), "*"), ".") + return s[0] } diff --git a/internal/fulcio/fulcio_test.go b/internal/fulcio/fulcio_test.go new file mode 100644 index 00000000..f2c85d3f --- /dev/null +++ b/internal/fulcio/fulcio_test.go @@ -0,0 +1,142 @@ +// Copyright 2022 The Sigstore authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fulcio + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "crypto/x509" + "encoding/json" + "errors" + "fmt" + "net/http" + "net/http/httptest" + "testing" + + "github.com/coreos/go-oidc/v3/oidc" + "github.com/google/go-cmp/cmp" + "github.com/sigstore/fulcio/pkg/api" + "github.com/sigstore/sigstore/pkg/oauthflow" + "golang.org/x/oauth2" +) + +type fakeSigner struct { + crypto.Signer +} + +func TestKeyAlgorithm(t *testing.T) { + key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + for _, tc := range []struct { + signer crypto.Signer + want string + }{ + { + signer: key, + want: "ecdsa", + }, + { + signer: fakeSigner{}, + want: "fulcio", + }, + { + signer: nil, + want: "", + }, + } { + t.Run(tc.want, func(t *testing.T) { + got := keyAlgorithm(tc.signer) + if got != tc.want { + t.Errorf("want %s, got %s", tc.want, got) + } + }) + } +} + +type fakeFulcio struct { + api.Client + signer *ecdsa.PrivateKey + email string +} + +func (f *fakeFulcio) SigningCert(cr api.CertificateRequest, token string) (*api.CertificateResponse, error) { + if want := keyAlgorithm(f.signer); want != cr.PublicKey.Algorithm { + return nil, fmt.Errorf("want algorithm %s, got %s", want, cr.PublicKey.Algorithm) + } + pem, err := x509.MarshalPKIXPublicKey(f.signer.Public()) + if err != nil { + return nil, err + } + want := api.Key{ + Algorithm: keyAlgorithm(f.signer), + Content: pem, + } + if diff := cmp.Diff(want, cr.PublicKey); diff != "" { + return nil, errors.New(diff) + } + + // Verify checksum separately since this is non-deterministic. + h := sha256.Sum256([]byte(f.email)) + if !ecdsa.VerifyASN1(&f.signer.PublicKey, h[:], cr.SignedEmailAddress) { + return nil, errors.New("signed email did not match") + } + + return &api.CertificateResponse{}, nil +} + +type fakeTokenGetter struct { + email string +} + +func (f *fakeTokenGetter) GetIDToken(*oidc.Provider, oauth2.Config) (*oauthflow.OIDCIDToken, error) { + return &oauthflow.OIDCIDToken{ + Subject: f.email, + }, nil +} + +func TestGetCert(t *testing.T) { + // Implements a fake OIDC discovery. + oidc := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + json.NewEncoder(w).Encode(map[string]interface{}{ + "issuer": fmt.Sprintf("http://%s", r.Host), + }) + })) + defer oidc.Close() + + key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + email := "foo@example.com" + + client := &Client{ + // fakeFulcio is what will be doing the validation. + Client: &fakeFulcio{ + signer: key, + email: email, + }, + oidc: OIDCOptions{ + Issuer: oidc.URL, + TokenGetter: &fakeTokenGetter{ + email: email, + }, + }, + } + + // fakeFulcio is returning a bogus response, so only check if we returned + // error. + if _, err := client.GetCert(key); err != nil { + t.Fatalf("GetCert: %v", err) + } +} diff --git a/internal/fulcio/identity.go b/internal/fulcio/identity.go new file mode 100644 index 00000000..28a66841 --- /dev/null +++ b/internal/fulcio/identity.go @@ -0,0 +1,146 @@ +// +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fulcio + +import ( + "context" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "encoding/pem" + "fmt" + "io" + "os" + + "github.com/sigstore/cosign/pkg/providers" + "github.com/sigstore/sigstore/pkg/oauthflow" + "github.com/sigstore/sigstore/pkg/signature" +) + +type Identity struct { + sv *CertSignerVerifier + stderr io.Writer +} + +func NewIdentity(ctx context.Context, w io.Writer) (*Identity, error) { + clientID := envOrValue("GITSIGN_OIDC_CLIENT_ID", "sigstore") + var authFlow oauthflow.TokenGetter = oauthflow.DefaultIDTokenGetter + if providers.Enabled(ctx) { + var err error + idToken, err := providers.Provide(ctx, clientID) + if err != nil { + fmt.Fprintln(w, "error getting id token:", err) + } + authFlow = &oauthflow.StaticTokenGetter{RawToken: idToken} + } + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return nil, fmt.Errorf("generating private key: %w", err) + } + + client, err := NewClient(envOrValue("GITSIGN_FULCIO_URL", "https://fulcio.sigstore.dev"), + OIDCOptions{ + Issuer: envOrValue("GITSIGN_OIDC_ISSUER", "https://oauth2.sigstore.dev/auth"), + ClientID: clientID, + RedirectURL: os.Getenv("GITSIGN_OIDC_REDIRECT_URL"), + TokenGetter: authFlow, + }) + if err != nil { + return nil, fmt.Errorf("error creating Fulcio client: %w", err) + } + + cert, err := client.GetCert(priv) + if err != nil { + fmt.Fprintln(w, "error getting signer:", err) + return nil, err + } + + sv, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256) + if err != nil { + return nil, err + } + + return &Identity{ + sv: &CertSignerVerifier{ + SignerVerifier: sv, + Cert: cert.CertPEM, + Chain: cert.ChainPEM, + }, + stderr: w, + }, nil +} + +func envOrValue(env, value string) string { + if v := os.Getenv(env); v != "" { + return v + } + return value +} + +// Certificate gets the identity's certificate. +func (i *Identity) Certificate() (*x509.Certificate, error) { + p, _ := pem.Decode(i.sv.Cert) + cert, err := x509.ParseCertificate(p.Bytes) + return cert, err +} + +// CertificateChain attempts to get the identity's full certificate chain. +func (i *Identity) CertificateChain() ([]*x509.Certificate, error) { + p, _ := pem.Decode(i.sv.Chain) + chain, err := x509.ParseCertificates(p.Bytes) + if err != nil { + return nil, err + } + // the cert itself needs to be appended to the chain + cert, err := i.Certificate() + if err != nil { + return nil, err + } + + return append([]*x509.Certificate{cert}, chain...), nil +} + +// Signer gets a crypto.Signer that uses the identity's private key. +func (i *Identity) Signer() (crypto.Signer, error) { + s, ok := i.sv.SignerVerifier.(crypto.Signer) + if !ok { + return nil, fmt.Errorf("could not use signer %T as crypto.Signer", i.sv.SignerVerifier) + } + + return s, nil +} + +// Delete deletes this identity from the system. +func (i *Identity) Delete() error { + // Does nothing - keys are ephemeral + return nil +} + +// Close any manually managed memory held by the Identity. +func (i *Identity) Close() { + // noop +} + +func (i *Identity) PublicKey() (crypto.PublicKey, error) { + return i.sv.SignerVerifier.PublicKey() +} + +func (i *Identity) SignerVerifier() *CertSignerVerifier { + return i.sv +} diff --git a/internal/fulcio/signer.go b/internal/fulcio/signer.go new file mode 100644 index 00000000..fb5f7dba --- /dev/null +++ b/internal/fulcio/signer.go @@ -0,0 +1,25 @@ +// Copyright 2022 The Sigstore authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fulcio + +import "github.com/sigstore/sigstore/pkg/signature" + +// CertSignerVerifier wraps a SignerVerifier with a Certificate. +type CertSignerVerifier struct { + signature.SignerVerifier + + Cert []byte + Chain []byte +} From 2fc0f7337e165242cc0965d3c21a522d88dbf506 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jun 2022 09:31:01 +0200 Subject: [PATCH 07/13] Bump actions/cache from 3.0.2 to 3.0.3 (#64) * Bump actions/cache from 3.0.2 to 3.0.3 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/48af2dc4a9e8278b89d7fa154b955c30c6aaab09...30f413bfed0a2bc738fdfd409e5a9e96b24545fd) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * update version comment Signed-off-by: cpanato Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- .github/workflows/release.yml | 2 +- .github/workflows/validate-release.yml | 2 +- .gitignore | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 172d2e05..545edeb3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: go-version: 1.18 check-latest: true - - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + - uses: actions/cache@30f413bfed0a2bc738fdfd409e5a9e96b24545fd # v3.0.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index e9d19659..4f1c6efa 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -18,7 +18,7 @@ jobs: go-version: 1.18 check-latest: true - - uses: actions/cache@48af2dc4a9e8278b89d7fa154b955c30c6aaab09 # v3.0.2 + - uses: actions/cache@30f413bfed0a2bc738fdfd409e5a9e96b24545fd # v3.0.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.gitignore b/.gitignore index fe234efa..bc0ea650 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ *.swp dist/* gitsign +.vscode/* From 8498bc2768821f13a7d1ac624a204398c7141c66 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jun 2022 09:21:30 +0200 Subject: [PATCH 08/13] Bump github.com/sigstore/rekor from 0.7.0 to 0.8.0 (#72) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 24 ++++++++++++------------ go.sum | 56 ++++++++++++++++++++++++++++++++------------------------ 2 files changed, 44 insertions(+), 36 deletions(-) diff --git a/go.mod b/go.mod index 148d8c42..623f7a67 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,8 @@ require ( github.com/pborman/getopt v0.0.0-20180811024354-2b5b3bfb099b github.com/sigstore/cosign v1.8.1-0.20220601172726-ae90c7495df6 github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 - github.com/sigstore/rekor v0.7.0 - github.com/sigstore/sigstore v1.2.1-0.20220512194100-3ed986cc9758 + github.com/sigstore/rekor v0.8.0 + github.com/sigstore/sigstore v1.2.1-0.20220526001230-8dc4fa90a468 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 ) @@ -39,14 +39,14 @@ require ( github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.11.4 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20210823021906-dc406ceaf94b // indirect - github.com/docker/cli v20.10.12+incompatible // indirect - github.com/docker/distribution v2.8.0+incompatible // indirect - github.com/docker/docker v20.10.12+incompatible // indirect + github.com/docker/cli v20.10.16+incompatible // indirect + github.com/docker/distribution v2.8.1+incompatible // indirect + github.com/docker/docker v20.10.16+incompatible // indirect github.com/docker/docker-credential-helpers v0.6.4 // indirect github.com/dustin/go-humanize v1.0.0 // indirect github.com/emirpasic/gods v1.12.0 // indirect @@ -65,7 +65,7 @@ require ( github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/loads v0.21.1 // indirect github.com/go-openapi/spec v0.20.6 // indirect - github.com/go-openapi/validate v0.21.0 // indirect + github.com/go-openapi/validate v0.22.0 // indirect github.com/go-playground/locales v0.14.0 // indirect github.com/go-playground/universal-translator v0.18.0 // indirect github.com/go-playground/validator/v10 v10.11.0 // indirect @@ -78,7 +78,7 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/certificate-transparency-go v1.1.2 // indirect - github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 // indirect + github.com/google/go-containerregistry v0.9.0 // indirect github.com/google/trillian v1.4.1 // indirect github.com/google/uuid v1.3.0 // indirect github.com/googleapis/gax-go/v2 v2.4.0 // indirect @@ -97,7 +97,7 @@ require ( github.com/jonboulle/clockwork v0.3.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.14.2 // indirect + github.com/klauspost/compress v1.15.4 // indirect github.com/leodido/go-urn v1.2.1 // indirect github.com/letsencrypt/boulder v0.0.0-20220331220046-b23ab962616e // indirect github.com/magiconair/properties v1.8.6 // indirect @@ -188,10 +188,10 @@ require ( google.golang.org/api v0.81.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect - google.golang.org/grpc v1.46.2 // indirect + google.golang.org/grpc v1.47.0 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect - gopkg.in/ini.v1 v1.66.4 // indirect + gopkg.in/ini.v1 v1.66.6 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index b08bbd37..f7c1b78f 100644 --- a/go.sum +++ b/go.sum @@ -136,7 +136,7 @@ github.com/Azure/azure-sdk-for-go v60.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v60.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v62.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v64.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v65.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-service-bus-go v0.11.5/go.mod h1:MI6ge2CuQWBVq+ly456MY7XqNLJip5LO1iSFodbNLbU= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= @@ -318,7 +318,7 @@ github.com/aws/aws-sdk-go v1.42.8/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+ github.com/aws/aws-sdk-go v1.42.22/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.42.25/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs= github.com/aws/aws-sdk-go v1.43.45/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.12/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/aws/aws-sdk-go v1.44.22/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.7.1/go.mod h1:L5LuPC1ZgDr2xQS7AmIec/Jlc7O/Y1u2KxJyNVab250= github.com/aws/aws-sdk-go-v2 v1.11.0/go.mod h1:SQfA+m2ltnu1cA0soUkj4dRSsmITiVQUJvBIZjzfPyQ= @@ -534,8 +534,9 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= -github.com/containerd/stargz-snapshotter/estargz v0.10.1 h1:hd1EoVjI2Ax8Cr64tdYqnJ4i4pZU49FkEf5kU8KxQng= github.com/containerd/stargz-snapshotter/estargz v0.10.1/go.mod h1:aE5PCyhFMwR8sbrErO5eM2GcvkyXTTJremG883D4qF0= +github.com/containerd/stargz-snapshotter/estargz v0.11.4 h1:LjrYUZpyOhiSaU7hHrdR82/RBoxfGWSaC0VeSSMXqnk= +github.com/containerd/stargz-snapshotter/estargz v0.11.4/go.mod h1:7vRJIcImfY8bpifnMjt+HTJoQxASq7T28MYbP15/Nf0= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= @@ -589,8 +590,9 @@ github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -630,16 +632,19 @@ github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQ github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v20.10.12+incompatible h1:lZlz0uzG+GH+c0plStMUdF/qk3ppmgnswpR5EbqzVGA= github.com/docker/cli v20.10.12+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v20.10.16+incompatible h1:aLQ8XowgKpR3/IysPj8qZQJBVQ+Qws61icFuZl6iKYs= +github.com/docker/cli v20.10.16+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY= github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.11+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.16+incompatible h1:2Db6ZR/+FUR3hqPMwnogOPHFn405crbpxvWzKovETOQ= +github.com/docker/docker v20.10.16+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= @@ -904,8 +909,9 @@ github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0 github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= github.com/go-openapi/validate v0.20.3/go.mod h1:goDdqVGiigM3jChcrYJxD2joalke3ZXeftD16byIjA4= -github.com/go-openapi/validate v0.21.0 h1:+Wqk39yKOhfpLqNLEC0/eViCkzM5FVXVqrvt526+wcI= github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y= +github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-piv/piv-go v1.9.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= @@ -927,8 +933,8 @@ github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8w github.com/go-redis/redis/v8 v8.11.4/go.mod h1:2Z2wHZXdQpCDXEGzqMockDpNyYvi2l4Pxt6RJr792+w= github.com/go-rod/rod v0.101.8/go.mod h1:N/zlT53CfSpq74nb6rOR0K8UF0SPUPBmzBnArrms+mY= github.com/go-rod/rod v0.106.1/go.mod h1:+YLe2X+nAuEGpYWs7rKPZr9SMX100FbxYZaeU1Dofpc= -github.com/go-rod/rod v0.106.6 h1:zJorVPG7s8Xgbh7PkSySP4FNoo0OiougKaMb3j6zT6w= -github.com/go-rod/rod v0.106.6/go.mod h1:xkZOchuKqTOkMOBkrzb7uJpbKZRab1haPCWDvuZkS2U= +github.com/go-rod/rod v0.106.8 h1:pVMVz0jMtLVyx8FhJEEA6l+EY9Iw/nJTDYT/he4+UJc= +github.com/go-rod/rod v0.106.8/go.mod h1:xkZOchuKqTOkMOBkrzb7uJpbKZRab1haPCWDvuZkS2U= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -1125,8 +1131,9 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-containerregistry v0.7.1-0.20211118220127-abdc633f8305/go.mod h1:6cMIl1RfryEiPzBE67OgtZdEiLWz4myqCQIiBMy3CsM= github.com/google/go-containerregistry v0.8.0/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI= github.com/google/go-containerregistry v0.8.1-0.20220110151055-a61fd0a8e2bb/go.mod h1:wW5v71NHGnQyb4k+gSshjxidrC7lN33MdWEn+Mz9TsI= -github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839 h1:7PunQZxMao2q43If8gKj1JFRzapmhgny9NWwXY4PGa4= github.com/google/go-containerregistry v0.8.1-0.20220209165246-a44adc326839/go.mod h1:cwx3SjrH84Rh9VFJSIhPh43ovyOp3DCWgY3h8nWmdGQ= +github.com/google/go-containerregistry v0.9.0 h1:5Ths7RjxyFV0huKChQTgY6fLzvHhZMpLTFNja8U0/0w= +github.com/google/go-containerregistry v0.9.0/go.mod h1:9eq4BnSufyT1kHNffX+vSXVonaJ7yaIOulrKZejMxnQ= github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20220413173345-f1b065c6cb3d/go.mod h1:gm/Zjh0iiPBfwgDIYgHJCRxaGzBZu1njCgwX1EmC1Tw= github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20220301182634-bfe2ffc6b6bd/go.mod h1:MO/Ilc3XTxy/Pi8aMXEiRUl6icOqResFyhSFCLlqtR8= github.com/google/go-github/v27 v27.0.6/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0= @@ -1338,6 +1345,7 @@ github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpT github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= github.com/hashicorp/vault/api v1.5.0/go.mod h1:LkMdrZnWNrFaQyYYazWVn7KshilfDidgVBq6YiTq/bM= +github.com/hashicorp/vault/api v1.6.0/go.mod h1:h1K70EO2DgnBaTz5IsL6D5ERsNt5Pce93ueVS2+t0Xc= github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/vault/sdk v0.5.0/go.mod h1:UJZHlfwj7qUJG8g22CuxUgkdJouFrBNvBHCyx8XAPdo= @@ -1487,8 +1495,10 @@ github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.14.2 h1:S0OHlFk/Gbon/yauFJ4FfJJF5V0fc5HbBTJazi28pRw= github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ= +github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/pgzip v1.2.4/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1812,7 +1822,6 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.0-beta.8/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU= github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= @@ -1957,7 +1966,6 @@ github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiB github.com/sagikazarmark/crypt v0.1.0/go.mod h1:B/mN0msZuINBtQ1zZLEQcegFJJf9vnYIR88KRMEuODE= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= github.com/sagikazarmark/crypt v0.4.0/go.mod h1:ALv2SRj7GxYV4HO9elxH9nS6M9gW+xDNxqmyJ6RfDFM= -github.com/sagikazarmark/crypt v0.5.0/go.mod h1:l+nzl7KWh51rpzp2h7t4MZWyiEWdhNpOAnclKvg+mdA= github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI= @@ -1995,13 +2003,13 @@ github.com/sigstore/cosign v1.8.1-0.20220601172726-ae90c7495df6/go.mod h1:6BrdWn github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 h1:XE7A9lJ+wYhmUFBWYTaw3Ph943zHB4iBYd5R0SX0ZOA= github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7/go.mod h1:ANQivY/lfOp9hN92S813LEthkm/kit96hzeIF3SNoZA= github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3/go.mod h1:u9clLqaVjqV9pExVL1XkM37dGyMCOX/LMocS9nsnWDY= -github.com/sigstore/rekor v0.7.0 h1:LTos05C/aDrdgxf7491DWb6R6d+wJtgUSxg8sv+E3eA= -github.com/sigstore/rekor v0.7.0/go.mod h1:uUFwwj3Cf46VELJoSQMPsdvIo+gMZUmxg4AaIsdQzNk= +github.com/sigstore/rekor v0.8.0 h1:L7H5CYf066V9v8spyeopYgrFgOcVplp26Jefrvof/J0= +github.com/sigstore/rekor v0.8.0/go.mod h1:RmPJN+AMMu6VFR0RgndY7iEiaRCcwtA9i8yjPUiWQ7s= github.com/sigstore/sigstore v1.0.2-0.20211210190220-04746d994282/go.mod h1:SuM+QIHtnnR9eGsURRLv5JfxM6KeaU0XKA1O7FmLs4Q= github.com/sigstore/sigstore v1.1.0/go.mod h1:gDpcHw4VwpoL5C6N1Ud1YtBsc+ikRDwDelDlWRyYoE8= github.com/sigstore/sigstore v1.2.1-0.20220424143412-3d41663116d5/go.mod h1:OvpZniSE9oRPnW7+mhxljRt2RAQU+TwcnhYbqQsPwPc= -github.com/sigstore/sigstore v1.2.1-0.20220512194100-3ed986cc9758 h1:aPTpIAQnvKu35chooOLwaH78YUXLQX1XqOZo8a1wmso= -github.com/sigstore/sigstore v1.2.1-0.20220512194100-3ed986cc9758/go.mod h1:BFjjR8iTGW8SZZnZXi+rlhTfaajln4LWKO4TzAixMi0= +github.com/sigstore/sigstore v1.2.1-0.20220526001230-8dc4fa90a468 h1:UZfTfGy/yiCG+pNyVwTw+PA2aiR33VIb0z0LORq9Gvg= +github.com/sigstore/sigstore v1.2.1-0.20220526001230-8dc4fa90a468/go.mod h1:xAQdMn1pZ7FcOtHU6chqIsvVKt9KGb4mJZljPQUdcpA= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -2074,7 +2082,6 @@ github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU= -github.com/spf13/viper v1.11.0/go.mod h1:djo0X/bA5+tYVoCn+C7cAYJGcVn/qYLFTG8gdUsX7Zk= github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ= github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI= github.com/spiffe/go-spiffe/v2 v2.1.0 h1:IZRlWhyFpPbJOiK8K+MwEFPU/QCdaW4Zf5bmIKBd3XM= @@ -2271,18 +2278,15 @@ go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3C go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/api/v3 v3.5.2/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc= go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/pkg/v3 v3.5.2/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.4 h1:lrneYvz923dvC14R54XcA7FXoZ3mlGZAgmwhfm7HqOg= go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.etcd.io/etcd/client/v2 v2.305.2/go.mod h1:2D7ZejHVMIfog1221iLSYlQRzrtECw3kz4I4VAQm3qI= go.etcd.io/etcd/client/v2 v2.305.4 h1:Dcx3/MYyfKcPNLpR4VVQUP5KgYrBeJtktBwEKkw08Ao= go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+DHwTGEbU= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= @@ -2607,6 +2611,7 @@ golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220516155154-20f960328961/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 h1:NWy5+hlRbC7HK+PmcXVUmW1IMyFce7to56IUvhUFm7Y= golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2803,6 +2808,7 @@ golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -3203,8 +3209,9 @@ google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ= google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0/go.mod h1:DNq5QpG7LJqD2AamLZ7zvKE0DEpVl2BSEVjFycAAjRY= google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE= @@ -3251,8 +3258,9 @@ gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4= gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI= +gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/linkedin/goavro.v1 v1.0.5/go.mod h1:Aw5GdAbizjOEl0kAMHV9iHmA8reZzW/OKuJAl4Hb9F0= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= From 59aeb39844549785df1a5a11f56c5b38cde678a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jun 2022 09:21:46 +0200 Subject: [PATCH 09/13] Bump actions/cache from 3.0.3 to 3.0.4 (#71) * Bump actions/cache from 3.0.3 to 3.0.4 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/30f413bfed0a2bc738fdfd409e5a9e96b24545fd...c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * update version comment Signed-off-by: cpanato Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- .github/workflows/release.yml | 2 +- .github/workflows/validate-release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 545edeb3..642b1c47 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: go-version: 1.18 check-latest: true - - uses: actions/cache@30f413bfed0a2bc738fdfd409e5a9e96b24545fd # v3.0.3 + - uses: actions/cache@c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d # v3.0.4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 4f1c6efa..40b50d64 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -18,7 +18,7 @@ jobs: go-version: 1.18 check-latest: true - - uses: actions/cache@30f413bfed0a2bc738fdfd409e5a9e96b24545fd # v3.0.3 + - uses: actions/cache@c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d # v3.0.4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} From f3013fdea1cf64f4edd3f841562a5b83a8196228 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jun 2022 09:36:44 +0200 Subject: [PATCH 10/13] Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 (#70) * Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/536b37ec5d5b543420bdfd9b744c5965bd4d8730...7e0881f8fe90b25e305bbf0309761e9314607e25) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * update version comment Signed-off-by: cpanato Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: cpanato --- .github/workflows/release.yml | 2 +- .github/workflows/validate-release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 642b1c47..352f3cb6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - - uses: sigstore/cosign-installer@536b37ec5d5b543420bdfd9b744c5965bd4d8730 # v2.3.0 + - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 # v2.4.0 - uses: anchore/sbom-action/download-syft@bb716408e75840bbb01e839347cd213767269d4a # v0.11.0 - uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 with: diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 40b50d64..e4ae32da 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -25,7 +25,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - - uses: sigstore/cosign-installer@536b37ec5d5b543420bdfd9b744c5965bd4d8730 # v2.3.0 + - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 # v2.4.0 - uses: anchore/sbom-action/download-syft@bb716408e75840bbb01e839347cd213767269d4a # v0.11.0 - uses: goreleaser/goreleaser-action@68acf3b1adf004ac9c2f0a4259e85c5f66e99bef # v3.0.0 with: From 84791902516c8cab59f73b7107f688887b240e94 Mon Sep 17 00:00:00 2001 From: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com> Date: Mon, 13 Jun 2022 13:18:58 -0500 Subject: [PATCH 11/13] Add Homebrew install instructions to README (#73) Signed-off-by: Josh Dolitsky --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9e8cfb58..549fd5de 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,14 @@ keyless Sigstore to sign Git commits with your own GitHub / OIDC identity. ## Installation +Using Homebrew: + +```sh +brew install sigstore/tap/gitsign +``` + +Using Go: + ```sh go install github.com/sigstore/gitsign@latest ``` From 2e8ad3c85fdc6d50646a80882dc120cb51c4c21f Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Tue, 14 Jun 2022 10:10:18 -0400 Subject: [PATCH 12/13] Export rekor package. (#60) * Export rekor package. This is used within pkg/git, so exporting the matching interface to stay consistent. - Removes separate Get/Verify funcs for a single Verify func. - Both Verify and Write now take in x509 certs instead of []byte. - Swap commit/sig params in Writer interface. Signed-off-by: Billy Lynch --- clients.go | 7 ++--- internal/git/git.go | 6 ++--- pkg/git/verify.go | 17 ------------ {internal => pkg}/rekor/rekor.go | 45 ++++++++++++++++---------------- 4 files changed, 29 insertions(+), 46 deletions(-) rename {internal => pkg}/rekor/rekor.go (75%) diff --git a/clients.go b/clients.go index 03078297..a94b0e5e 100644 --- a/clients.go +++ b/clients.go @@ -16,11 +16,12 @@ package main import ( "github.com/sigstore/gitsign/internal" - "github.com/sigstore/gitsign/internal/rekor" + gitrekor "github.com/sigstore/gitsign/pkg/rekor" + rekor "github.com/sigstore/rekor/pkg/client" ) // newRekorClient returns a new Rekor client respecting gitsign environment // variables, or using the default if not set. -func newRekorClient() (*rekor.Client, error) { - return rekor.New(internal.EnvOrValue("GITSIGN_REKOR_URL", "https://rekor.sigstore.dev")) +func newRekorClient() (*gitrekor.Client, error) { + return gitrekor.New(internal.EnvOrValue("GITSIGN_REKOR_URL", "https://rekor.sigstore.dev"), rekor.WithUserAgent("gitsign")) } diff --git a/internal/git/git.go b/internal/git/git.go index 00aeae82..cf8b244c 100644 --- a/internal/git/git.go +++ b/internal/git/git.go @@ -24,9 +24,9 @@ import ( "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" "github.com/sigstore/gitsign/internal/fulcio" - "github.com/sigstore/gitsign/internal/rekor" "github.com/sigstore/gitsign/internal/signature" "github.com/sigstore/gitsign/pkg/git" + "github.com/sigstore/gitsign/pkg/rekor" "github.com/sigstore/rekor/pkg/generated/models" ) @@ -52,7 +52,7 @@ func Sign(ctx context.Context, rekor rekor.Writer, ident *fulcio.Identity, data if err != nil { return nil, nil, fmt.Errorf("error signing commit hash: %w", err) } - if _, err := rekor.Write(ctx, commitSig, []byte(commit), sv.Cert); err != nil { + if _, err := rekor.Write(ctx, commit, commitSig, cert); err != nil { return nil, nil, fmt.Errorf("error uploading tlog (commit): %w", err) } @@ -105,7 +105,7 @@ func Verify(ctx context.Context, rekor rekor.Verifier, data, sig []byte, detache return nil, err } - tlog, err := git.VerifyRekor(ctx, rekor, commit, cert) + tlog, err := rekor.Verify(ctx, commit, cert) if err != nil { return nil, fmt.Errorf("failed to validate rekor entry: %w", err) } diff --git a/pkg/git/verify.go b/pkg/git/verify.go index 2b4bae37..14cbe210 100644 --- a/pkg/git/verify.go +++ b/pkg/git/verify.go @@ -16,7 +16,6 @@ package git import ( - "context" "crypto/x509" "encoding/pem" "fmt" @@ -24,8 +23,6 @@ import ( cms "github.com/github/smimesign/ietf-cms" "github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots" - "github.com/sigstore/gitsign/internal/rekor" - "github.com/sigstore/rekor/pkg/generated/models" ) // VerifySignature verifies for a given Git data + signature pair. @@ -77,17 +74,3 @@ func VerifySignature(data, sig []byte, detached bool) (*x509.Certificate, error) return cert, nil } - -// VerifyRekor verifies the given commit + cert exists in the Rekor transparency log. -func VerifyRekor(ctx context.Context, rekor rekor.Verifier, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error) { - tlog, err := rekor.Get(ctx, commitSHA, cert) - if err != nil { - return nil, fmt.Errorf("failed to locate rekor entry: %w", err) - } - - if err := rekor.Verify(ctx, tlog); err != nil { - return nil, fmt.Errorf("failed to validate rekor entry: %w", err) - } - - return tlog, nil -} diff --git a/internal/rekor/rekor.go b/pkg/rekor/rekor.go similarity index 75% rename from internal/rekor/rekor.go rename to pkg/rekor/rekor.go index b0f2c2b8..2c53d9b5 100644 --- a/internal/rekor/rekor.go +++ b/pkg/rekor/rekor.go @@ -22,7 +22,6 @@ import ( "crypto/x509" "encoding/base64" "encoding/hex" - "encoding/pem" "errors" "fmt" "strings" @@ -43,21 +42,23 @@ import ( "github.com/sigstore/sigstore/pkg/cryptoutils" ) +// Verifier represents a mechanism to get and verify Rekor entries for the given Git commit. type Verifier interface { - Get(ctx context.Context, commit string, cert *x509.Certificate) (*models.LogEntryAnon, error) - Verify(context.Context, *models.LogEntryAnon) error + Verify(ctx context.Context, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error) } +// Writer represents a mechanism to write content to Rekor. type Writer interface { - Write(ctx context.Context, sig, data, cert []byte) (*models.LogEntryAnon, error) + Write(ctx context.Context, commitSHA string, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error) } +// Client implements a basic rekor implementation for writing and verifying Rekor data. type Client struct { *client.Rekor } -func New(url string) (*Client, error) { - c, err := rekor.GetRekorClient(url, rekor.WithUserAgent("gitsign")) +func New(url string, opts ...rekor.Option) (*Client, error) { + c, err := rekor.GetRekorClient(url, opts...) if err != nil { return nil, err } @@ -66,16 +67,21 @@ func New(url string) (*Client, error) { }, nil } -func (c *Client) Write(ctx context.Context, sig, data, cert []byte) (*models.LogEntryAnon, error) { - return cosign.TLogUpload(ctx, c.Rekor, sig, data, cert) +func (c *Client) Write(ctx context.Context, commitSHA string, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error) { + pem, err := cryptoutils.MarshalCertificateToPEM(cert) + if err != nil { + return nil, err + } + return cosign.TLogUpload(ctx, c.Rekor, sig, []byte(commitSHA), pem) } -func (c *Client) Get(ctx context.Context, commit string, cert *x509.Certificate) (*models.LogEntryAnon, error) { - pk, err := publicKeyFromCert(cert) +func (c *Client) get(ctx context.Context, data []byte, cert *x509.Certificate) (*models.LogEntryAnon, error) { + pem, err := cryptoutils.MarshalCertificateToPEM(cert) if err != nil { return nil, err } - uuids, err := c.findTLogEntriesByPayloadAndPK(ctx, []byte(commit), pk) + + uuids, err := c.findTLogEntriesByPayloadAndPK(ctx, data, pem) if err != nil { return nil, err } @@ -93,7 +99,7 @@ func (c *Client) Get(ctx context.Context, commit string, cert *x509.Certificate) } // Verify that the cert used in the tlog matches the cert - // used to sign the commit. + // used to sign the data. tlogCerts, err := extractCerts(e) if err != nil { fmt.Println("could not extract cert", err) @@ -131,19 +137,12 @@ func (c *Client) findTLogEntriesByPayloadAndPK(ctx context.Context, payload, pub return searchIndex.GetPayload(), nil } -func publicKeyFromCert(cert *x509.Certificate) ([]byte, error) { - pk, err := x509.MarshalPKIXPublicKey(cert.PublicKey) +func (c *Client) Verify(ctx context.Context, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error) { + e, err := c.get(ctx, []byte(commitSHA), cert) if err != nil { - return nil, fmt.Errorf("error marshalling public key: %w", err) + return nil, err } - return pem.EncodeToMemory(&pem.Block{ - Type: "PUBLIC KEY", - Bytes: pk, - }), nil -} - -func (c *Client) Verify(ctx context.Context, e *models.LogEntryAnon) error { - return cosign.VerifyTLogEntry(ctx, c.Rekor, e) + return e, cosign.VerifyTLogEntry(ctx, c.Rekor, e) } // extractCerts is taken from cosign's cmd/cosign/cli/verify/verify_blob.go. From 308e723b53ef38e2126d771e52d209c28a748b8d Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Tue, 14 Jun 2022 16:11:09 +0200 Subject: [PATCH 13/13] update/fix version flag (#66) * update/fix version flag Signed-off-by: cpanato --- .goreleaser.yaml | 1 + Makefile | 4 ++- main.go | 15 +++------ pkg/version/version.go | 64 +++++++++++++++++++++++++++++++++++++ pkg/version/version_test.go | 27 ++++++++++++++++ 5 files changed, 99 insertions(+), 12 deletions(-) create mode 100644 pkg/version/version.go create mode 100644 pkg/version/version_test.go diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 07a9b595..9532c5c4 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -19,6 +19,7 @@ builds: - "-s -w" - "-extldflags=-zrelro" - "-extldflags=-znow" + - "-buildid= -X github.com/sigstore/gitsign/pkg/version.gitVersion={{ .Version }}" nfpms: - id: default diff --git a/Makefile b/Makefile index 04ae6c63..00253fa0 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -LDFLAGS ?= +GIT_VERSION ?= $(shell git describe --tags --always --dirty) + +LDFLAGS=-buildid= -X github.com/sigstore/gitsign/pkg/version.gitVersion=$(GIT_VERSION) .PHONY: build build: diff --git a/main.go b/main.go index f4198e68..c8bccb62 100644 --- a/main.go +++ b/main.go @@ -20,12 +20,12 @@ import ( "fmt" "io" "os" - "runtime/debug" "github.com/pborman/getopt/v2" // Enable OIDC providers _ "github.com/sigstore/cosign/pkg/providers/all" + "github.com/sigstore/gitsign/pkg/version" ) const ( @@ -89,16 +89,9 @@ func runCommand() error { } if *versionFlag { - version := "unknown" - info, ok := debug.ReadBuildInfo() - if ok { - for _, s := range info.Settings { - if s.Key == "vcs.revision" { - version = s.Value - } - } - } - fmt.Println(version) + v := version.GetVersionInfo() + fmt.Printf("gitsign version %s\n", v.GitVersion) + return nil } diff --git a/pkg/version/version.go b/pkg/version/version.go new file mode 100644 index 00000000..cb21f5c4 --- /dev/null +++ b/pkg/version/version.go @@ -0,0 +1,64 @@ +// +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package version + +import ( + "runtime/debug" +) + +// Base version information. +// +// This is the fallback data used when version information from git is not +// provided via go ldflags. +var ( + // Output of "git describe". The prerequisite is that the + // branch should be tagged using the correct versioning strategy. + gitVersion = "devel" +) + +type Info struct { + GitVersion string `json:"gitVersion"` +} + +func getBuildInfo() *debug.BuildInfo { + bi, ok := debug.ReadBuildInfo() + if !ok { + return nil + } + return bi +} + +func getGitVersion(bi *debug.BuildInfo) string { + if bi == nil { + return "unknown" + } + + // https://github.com/golang/go/issues/29228 + if bi.Main.Version == "(devel)" || bi.Main.Version == "" { + return gitVersion + } + + return bi.Main.Version +} + +// GetVersionInfo represents known information on how this binary was built. +func GetVersionInfo() Info { + buildInfo := getBuildInfo() + gitVersion = getGitVersion(buildInfo) + return Info{ + GitVersion: gitVersion, + } +} diff --git a/pkg/version/version_test.go b/pkg/version/version_test.go new file mode 100644 index 00000000..34c2e377 --- /dev/null +++ b/pkg/version/version_test.go @@ -0,0 +1,27 @@ +// +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package version + +import ( + "testing" +) + +func TestVersionText(t *testing.T) { + sut := GetVersionInfo() + if sut.GitVersion != gitVersion { + t.Errorf("GetVersionInfo: got %q, want %q", sut, gitVersion) + } +}