From 53649d3574cc63b3120dc3d7f2e8bfbb33f8e73b Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 13 Dec 2023 15:55:59 +0000 Subject: [PATCH 01/10] added all imports --- cmd/config.go | 4 ++-- cmd/keyloader.go | 8 ++++---- cmd/root.go | 8 +++----- cmd/root_test.go | 8 ++++---- cmd/run.go | 24 ++++++++++++------------ cmd/run_test.go | 10 +++++----- cmd/sign.go | 10 +++++----- cmd/sign_test.go | 4 ++-- cmd/verify.go | 14 +++++++------- cmd/verify_test.go | 16 ++++++++-------- docgen/docs.go | 2 +- go.mod | 4 ++-- go.sum | 8 ++++---- main.go | 2 +- options/options.go | 4 ++-- options/run.go | 4 ++-- options/signers.go | 2 +- 17 files changed, 65 insertions(+), 67 deletions(-) diff --git a/cmd/config.go b/cmd/config.go index 430c1813..55df613a 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -20,11 +20,11 @@ import ( "os" "strings" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/witness/options" "github.com/spf13/cobra" "github.com/spf13/pflag" "github.com/spf13/viper" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/witness/options" ) func initConfig(rootCmd *cobra.Command, rootOptions *options.RootOptions) error { diff --git a/cmd/keyloader.go b/cmd/keyloader.go index 467c3a8f..4fb42153 100644 --- a/cmd/keyloader.go +++ b/cmd/keyloader.go @@ -19,11 +19,11 @@ import ( "fmt" "strings" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/witness/options" "github.com/spf13/pflag" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/witness/options" ) // signerProvidersFromFlags looks at all flags that were set by the user to determine which signer providers we should use diff --git a/cmd/root.go b/cmd/root.go index 1bbf7fd9..4799b698 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,14 +18,12 @@ import ( "fmt" "os" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/witness/options" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/witness/options" ) -var ( - ro = &options.RootOptions{} -) +var ro = &options.RootOptions{} func New() *cobra.Command { cmd := &cobra.Command{ diff --git a/cmd/root_test.go b/cmd/root_test.go index 4a5a20f2..db94b80d 100644 --- a/cmd/root_test.go +++ b/cmd/root_test.go @@ -26,12 +26,12 @@ import ( "testing" "time" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/go-witness/signer/file" + "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/go-witness/signer/file" - "github.com/testifysec/witness/options" ) const ( diff --git a/cmd/run.go b/cmd/run.go index 59350447..ad19a30c 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -20,19 +20,19 @@ import ( "encoding/json" "fmt" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/archivista" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/commandrun" + "github.com/in-toto/go-witness/attestation/material" + "github.com/in-toto/go-witness/attestation/product" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/registry" + "github.com/in-toto/go-witness/timestamp" + "github.com/in-toto/witness/options" "github.com/spf13/cobra" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/archivista" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/commandrun" - "github.com/testifysec/go-witness/attestation/material" - "github.com/testifysec/go-witness/attestation/product" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/registry" - "github.com/testifysec/go-witness/timestamp" - "github.com/testifysec/witness/options" ) func RunCmd() *cobra.Command { diff --git a/cmd/run_test.go b/cmd/run_test.go index ef717b9c..03cd2db3 100644 --- a/cmd/run_test.go +++ b/cmd/run_test.go @@ -24,13 +24,13 @@ import ( "path/filepath" "testing" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/go-witness/signer/file" + "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/go-witness/signer/file" - "github.com/testifysec/witness/options" ) func TestRunRSAKeyPair(t *testing.T) { diff --git a/cmd/sign.go b/cmd/sign.go index d9b74232..4fc3e79e 100644 --- a/cmd/sign.go +++ b/cmd/sign.go @@ -19,12 +19,12 @@ import ( "fmt" "os" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/timestamp" + "github.com/in-toto/witness/options" "github.com/spf13/cobra" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/timestamp" - "github.com/testifysec/witness/options" ) func SignCmd() *cobra.Command { diff --git a/cmd/sign_test.go b/cmd/sign_test.go index 262f05a4..e9b63b73 100644 --- a/cmd/sign_test.go +++ b/cmd/sign_test.go @@ -22,10 +22,10 @@ import ( "os" "testing" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/witness/options" ) func Test_runSignPolicyRSA(t *testing.T) { diff --git a/cmd/verify.go b/cmd/verify.go index ec9e90bc..cf04a8a3 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -22,14 +22,14 @@ import ( "fmt" "os" + "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/archivista" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/source" + "github.com/in-toto/witness/options" "github.com/spf13/cobra" - "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/archivista" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/source" - "github.com/testifysec/witness/options" ) func VerifyCmd() *cobra.Command { diff --git a/cmd/verify_test.go b/cmd/verify_test.go index e2793163..d94cefaa 100644 --- a/cmd/verify_test.go +++ b/cmd/verify_test.go @@ -28,15 +28,15 @@ import ( "testing" "time" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/attestation/commandrun" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/policy" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/go-witness/signer/file" + "github.com/in-toto/witness/options" "github.com/stretchr/testify/require" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/attestation/commandrun" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/policy" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/go-witness/signer/file" - "github.com/testifysec/witness/options" ) func TestRunVerifyCA(t *testing.T) { diff --git a/docgen/docs.go b/docgen/docs.go index 8653beaf..f7877adc 100644 --- a/docgen/docs.go +++ b/docgen/docs.go @@ -18,8 +18,8 @@ import ( "flag" "log" + "github.com/in-toto/witness/cmd" "github.com/spf13/cobra/doc" - "github.com/testifysec/witness/cmd" ) var directory string diff --git a/go.mod b/go.mod index a54dcaaa..f2f7948d 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/testifysec/witness +module github.com/in-toto/witness go 1.19 @@ -8,7 +8,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.15.0 github.com/stretchr/testify v1.8.4 - github.com/testifysec/go-witness v0.1.17 + github.com/in-toto/go-witness v0.1.17 ) require ( diff --git a/go.sum b/go.sum index 0479a084..f95a2077 100644 --- a/go.sum +++ b/go.sum @@ -329,10 +329,10 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= -github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= -github.com/testifysec/go-witness v0.1.17 h1:4saMtJJBfFd0CiZqBljysHawhFh/5MjqwQZPxMU9nNA= -github.com/testifysec/go-witness v0.1.17/go.mod h1:ljKDAQFb949IQMmch/B7kb1pYz1tJ10sSNjqM+HNijQ= +github.com/in-toto/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= +github.com/in-toto/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= +github.com/in-toto/go-witness v0.1.17 h1:4saMtJJBfFd0CiZqBljysHawhFh/5MjqwQZPxMU9nNA= +github.com/in-toto/go-witness v0.1.17/go.mod h1:ljKDAQFb949IQMmch/B7kb1pYz1tJ10sSNjqM+HNijQ= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 h1:1i/Afw3rmaR1gF3sfVkG2X6ldkikQwA9zY380LrR5YI= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= diff --git a/main.go b/main.go index 4f17cfdc..6ef21e1f 100644 --- a/main.go +++ b/main.go @@ -15,7 +15,7 @@ package main import ( - "github.com/testifysec/witness/cmd" + "github.com/in-toto/witness/cmd" ) func main() { diff --git a/options/options.go b/options/options.go index e0246f47..b7b75cc5 100644 --- a/options/options.go +++ b/options/options.go @@ -18,9 +18,9 @@ import ( "fmt" "time" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/registry" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/registry" ) type Interface interface { diff --git a/options/run.go b/options/run.go index 0ff9e993..3cccb3f7 100644 --- a/options/run.go +++ b/options/run.go @@ -15,9 +15,9 @@ package options import ( + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/log" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/log" ) type RunOptions struct { diff --git a/options/signers.go b/options/signers.go index f17d7829..c1a727b6 100644 --- a/options/signers.go +++ b/options/signers.go @@ -15,8 +15,8 @@ package options import ( + "github.com/in-toto/go-witness/signer" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/signer" ) type SignerOptions map[string][]func(signer.SignerProvider) (signer.SignerProvider, error) From a9c82b054075b8dd0eb4243755efbd2577e17f13 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 13 Dec 2023 16:31:08 +0000 Subject: [PATCH 02/10] fixing go sum --- go.sum | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.sum b/go.sum index f95a2077..d8d7ae73 100644 --- a/go.sum +++ b/go.sum @@ -331,7 +331,7 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/in-toto/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= github.com/in-toto/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= -github.com/in-toto/go-witness v0.1.17 h1:4saMtJJBfFd0CiZqBljysHawhFh/5MjqwQZPxMU9nNA= +github.com/in-toto/go-witness v0.1.17 h1:T8GX9ejQVCioPgORH4Nr1Zc7+Nlx1SIk8YZYftNlw+M= github.com/in-toto/go-witness v0.1.17/go.mod h1:ljKDAQFb949IQMmch/B7kb1pYz1tJ10sSNjqM+HNijQ= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 h1:1i/Afw3rmaR1gF3sfVkG2X6ldkikQwA9zY380LrR5YI= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= From c7e725e071e3e3c4e0d309f2d9a4c3c484102136 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 13 Dec 2023 17:41:50 +0000 Subject: [PATCH 03/10] changing go-witness back for now, makes more sense --- cmd/config.go | 2 +- cmd/keyloader.go | 6 +++--- cmd/root.go | 2 +- cmd/root_test.go | 6 +++--- cmd/run.go | 22 +++++++++++----------- cmd/run_test.go | 8 ++++---- cmd/sign.go | 8 ++++---- cmd/sign_test.go | 2 +- cmd/verify.go | 12 ++++++------ cmd/verify_test.go | 14 +++++++------- go.mod | 2 +- go.sum | 8 ++++---- options/options.go | 4 ++-- options/run.go | 4 ++-- options/signers.go | 2 +- 15 files changed, 51 insertions(+), 51 deletions(-) diff --git a/cmd/config.go b/cmd/config.go index 55df613a..6698d85f 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -20,11 +20,11 @@ import ( "os" "strings" - "github.com/in-toto/go-witness/log" "github.com/in-toto/witness/options" "github.com/spf13/cobra" "github.com/spf13/pflag" "github.com/spf13/viper" + "github.com/testifysec/go-witness/log" ) func initConfig(rootCmd *cobra.Command, rootOptions *options.RootOptions) error { diff --git a/cmd/keyloader.go b/cmd/keyloader.go index 4fb42153..c7ee4fdf 100644 --- a/cmd/keyloader.go +++ b/cmd/keyloader.go @@ -19,11 +19,11 @@ import ( "fmt" "strings" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/log" - "github.com/in-toto/go-witness/signer" "github.com/in-toto/witness/options" "github.com/spf13/pflag" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/log" + "github.com/testifysec/go-witness/signer" ) // signerProvidersFromFlags looks at all flags that were set by the user to determine which signer providers we should use diff --git a/cmd/root.go b/cmd/root.go index 4799b698..261409b9 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,9 +18,9 @@ import ( "fmt" "os" - "github.com/in-toto/go-witness/log" "github.com/in-toto/witness/options" "github.com/spf13/cobra" + "github.com/testifysec/go-witness/log" ) var ro = &options.RootOptions{} diff --git a/cmd/root_test.go b/cmd/root_test.go index db94b80d..8e80fea7 100644 --- a/cmd/root_test.go +++ b/cmd/root_test.go @@ -26,12 +26,12 @@ import ( "testing" "time" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/signer" - "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/signer" + "github.com/testifysec/go-witness/signer/file" ) const ( diff --git a/cmd/run.go b/cmd/run.go index ad19a30c..5967768f 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -20,19 +20,19 @@ import ( "encoding/json" "fmt" - witness "github.com/in-toto/go-witness" - "github.com/in-toto/go-witness/archivista" - "github.com/in-toto/go-witness/attestation" - "github.com/in-toto/go-witness/attestation/commandrun" - "github.com/in-toto/go-witness/attestation/material" - "github.com/in-toto/go-witness/attestation/product" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/dsse" - "github.com/in-toto/go-witness/log" - "github.com/in-toto/go-witness/registry" - "github.com/in-toto/go-witness/timestamp" "github.com/in-toto/witness/options" "github.com/spf13/cobra" + witness "github.com/testifysec/go-witness" + "github.com/testifysec/go-witness/archivista" + "github.com/testifysec/go-witness/attestation" + "github.com/testifysec/go-witness/attestation/commandrun" + "github.com/testifysec/go-witness/attestation/material" + "github.com/testifysec/go-witness/attestation/product" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/dsse" + "github.com/testifysec/go-witness/log" + "github.com/testifysec/go-witness/registry" + "github.com/testifysec/go-witness/timestamp" ) func RunCmd() *cobra.Command { diff --git a/cmd/run_test.go b/cmd/run_test.go index 03cd2db3..8dce47e9 100644 --- a/cmd/run_test.go +++ b/cmd/run_test.go @@ -24,13 +24,13 @@ import ( "path/filepath" "testing" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/dsse" - "github.com/in-toto/go-witness/signer" - "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/dsse" + "github.com/testifysec/go-witness/signer" + "github.com/testifysec/go-witness/signer/file" ) func TestRunRSAKeyPair(t *testing.T) { diff --git a/cmd/sign.go b/cmd/sign.go index 4fc3e79e..9be676a3 100644 --- a/cmd/sign.go +++ b/cmd/sign.go @@ -19,12 +19,12 @@ import ( "fmt" "os" - witness "github.com/in-toto/go-witness" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/dsse" - "github.com/in-toto/go-witness/timestamp" "github.com/in-toto/witness/options" "github.com/spf13/cobra" + witness "github.com/testifysec/go-witness" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/dsse" + "github.com/testifysec/go-witness/timestamp" ) func SignCmd() *cobra.Command { diff --git a/cmd/sign_test.go b/cmd/sign_test.go index e9b63b73..d98a1fbc 100644 --- a/cmd/sign_test.go +++ b/cmd/sign_test.go @@ -22,10 +22,10 @@ import ( "os" "testing" - "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/testifysec/go-witness/cryptoutil" ) func Test_runSignPolicyRSA(t *testing.T) { diff --git a/cmd/verify.go b/cmd/verify.go index cf04a8a3..fa899496 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -22,14 +22,14 @@ import ( "fmt" "os" - "github.com/in-toto/go-witness" - "github.com/in-toto/go-witness/archivista" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/dsse" - "github.com/in-toto/go-witness/log" - "github.com/in-toto/go-witness/source" "github.com/in-toto/witness/options" "github.com/spf13/cobra" + witness "github.com/testifysec/go-witness" + "github.com/testifysec/go-witness/archivista" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/dsse" + "github.com/testifysec/go-witness/log" + "github.com/testifysec/go-witness/source" ) func VerifyCmd() *cobra.Command { diff --git a/cmd/verify_test.go b/cmd/verify_test.go index d94cefaa..ca03297a 100644 --- a/cmd/verify_test.go +++ b/cmd/verify_test.go @@ -28,15 +28,15 @@ import ( "testing" "time" - witness "github.com/in-toto/go-witness" - "github.com/in-toto/go-witness/attestation/commandrun" - "github.com/in-toto/go-witness/cryptoutil" - "github.com/in-toto/go-witness/dsse" - "github.com/in-toto/go-witness/policy" - "github.com/in-toto/go-witness/signer" - "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/require" + witness "github.com/testifysec/go-witness" + "github.com/testifysec/go-witness/attestation/commandrun" + "github.com/testifysec/go-witness/cryptoutil" + "github.com/testifysec/go-witness/dsse" + "github.com/testifysec/go-witness/policy" + "github.com/testifysec/go-witness/signer" + "github.com/testifysec/go-witness/signer/file" ) func TestRunVerifyCA(t *testing.T) { diff --git a/go.mod b/go.mod index f2f7948d..af96936e 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.15.0 github.com/stretchr/testify v1.8.4 - github.com/in-toto/go-witness v0.1.17 + github.com/testifysec/go-witness v0.1.17 ) require ( diff --git a/go.sum b/go.sum index d8d7ae73..0479a084 100644 --- a/go.sum +++ b/go.sum @@ -329,10 +329,10 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/in-toto/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= -github.com/in-toto/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= -github.com/in-toto/go-witness v0.1.17 h1:T8GX9ejQVCioPgORH4Nr1Zc7+Nlx1SIk8YZYftNlw+M= -github.com/in-toto/go-witness v0.1.17/go.mod h1:ljKDAQFb949IQMmch/B7kb1pYz1tJ10sSNjqM+HNijQ= +github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= +github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= +github.com/testifysec/go-witness v0.1.17 h1:4saMtJJBfFd0CiZqBljysHawhFh/5MjqwQZPxMU9nNA= +github.com/testifysec/go-witness v0.1.17/go.mod h1:ljKDAQFb949IQMmch/B7kb1pYz1tJ10sSNjqM+HNijQ= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 h1:1i/Afw3rmaR1gF3sfVkG2X6ldkikQwA9zY380LrR5YI= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= diff --git a/options/options.go b/options/options.go index b7b75cc5..e0246f47 100644 --- a/options/options.go +++ b/options/options.go @@ -18,9 +18,9 @@ import ( "fmt" "time" - "github.com/in-toto/go-witness/log" - "github.com/in-toto/go-witness/registry" "github.com/spf13/cobra" + "github.com/testifysec/go-witness/log" + "github.com/testifysec/go-witness/registry" ) type Interface interface { diff --git a/options/run.go b/options/run.go index 3cccb3f7..0ff9e993 100644 --- a/options/run.go +++ b/options/run.go @@ -15,9 +15,9 @@ package options import ( - "github.com/in-toto/go-witness/attestation" - "github.com/in-toto/go-witness/log" "github.com/spf13/cobra" + "github.com/testifysec/go-witness/attestation" + "github.com/testifysec/go-witness/log" ) type RunOptions struct { diff --git a/options/signers.go b/options/signers.go index c1a727b6..f17d7829 100644 --- a/options/signers.go +++ b/options/signers.go @@ -15,8 +15,8 @@ package options import ( - "github.com/in-toto/go-witness/signer" "github.com/spf13/cobra" + "github.com/testifysec/go-witness/signer" ) type SignerOptions map[string][]func(signer.SignerProvider) (signer.SignerProvider, error) From e828be014b37f37303e88f4d2a0f3054154a248d Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 15 Dec 2023 12:01:55 +0000 Subject: [PATCH 04/10] moved witness to using new in-toto/go-witness module Signed-off-by: chaosinthecrd --- cmd/config.go | 2 +- cmd/keyloader.go | 6 ++--- cmd/root.go | 2 +- cmd/root_test.go | 6 ++--- cmd/run.go | 22 ++++++++-------- cmd/run_test.go | 8 +++--- cmd/sign.go | 8 +++--- cmd/sign_test.go | 2 +- cmd/verify.go | 12 ++++----- cmd/verify_test.go | 14 +++++----- go.mod | 26 ++++++++++++++----- go.sum | 65 ++++++++++++++++++++++++++++++++++------------ options/options.go | 4 +-- options/run.go | 4 +-- options/signers.go | 2 +- 15 files changed, 113 insertions(+), 70 deletions(-) diff --git a/cmd/config.go b/cmd/config.go index 6698d85f..55df613a 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -20,11 +20,11 @@ import ( "os" "strings" + "github.com/in-toto/go-witness/log" "github.com/in-toto/witness/options" "github.com/spf13/cobra" "github.com/spf13/pflag" "github.com/spf13/viper" - "github.com/testifysec/go-witness/log" ) func initConfig(rootCmd *cobra.Command, rootOptions *options.RootOptions) error { diff --git a/cmd/keyloader.go b/cmd/keyloader.go index c7ee4fdf..4fb42153 100644 --- a/cmd/keyloader.go +++ b/cmd/keyloader.go @@ -19,11 +19,11 @@ import ( "fmt" "strings" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/signer" "github.com/in-toto/witness/options" "github.com/spf13/pflag" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/signer" ) // signerProvidersFromFlags looks at all flags that were set by the user to determine which signer providers we should use diff --git a/cmd/root.go b/cmd/root.go index 261409b9..4799b698 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,9 +18,9 @@ import ( "fmt" "os" + "github.com/in-toto/go-witness/log" "github.com/in-toto/witness/options" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/log" ) var ro = &options.RootOptions{} diff --git a/cmd/root_test.go b/cmd/root_test.go index 8e80fea7..db94b80d 100644 --- a/cmd/root_test.go +++ b/cmd/root_test.go @@ -26,12 +26,12 @@ import ( "testing" "time" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/go-witness/signer/file" ) const ( diff --git a/cmd/run.go b/cmd/run.go index 5967768f..ad19a30c 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -20,19 +20,19 @@ import ( "encoding/json" "fmt" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/archivista" + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/commandrun" + "github.com/in-toto/go-witness/attestation/material" + "github.com/in-toto/go-witness/attestation/product" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/registry" + "github.com/in-toto/go-witness/timestamp" "github.com/in-toto/witness/options" "github.com/spf13/cobra" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/archivista" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/attestation/commandrun" - "github.com/testifysec/go-witness/attestation/material" - "github.com/testifysec/go-witness/attestation/product" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/registry" - "github.com/testifysec/go-witness/timestamp" ) func RunCmd() *cobra.Command { diff --git a/cmd/run_test.go b/cmd/run_test.go index 8dce47e9..03cd2db3 100644 --- a/cmd/run_test.go +++ b/cmd/run_test.go @@ -24,13 +24,13 @@ import ( "path/filepath" "testing" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/go-witness/signer/file" ) func TestRunRSAKeyPair(t *testing.T) { diff --git a/cmd/sign.go b/cmd/sign.go index 9be676a3..4fc3e79e 100644 --- a/cmd/sign.go +++ b/cmd/sign.go @@ -19,12 +19,12 @@ import ( "fmt" "os" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/timestamp" "github.com/in-toto/witness/options" "github.com/spf13/cobra" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/timestamp" ) func SignCmd() *cobra.Command { diff --git a/cmd/sign_test.go b/cmd/sign_test.go index d98a1fbc..e9b63b73 100644 --- a/cmd/sign_test.go +++ b/cmd/sign_test.go @@ -22,10 +22,10 @@ import ( "os" "testing" + "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/witness/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/testifysec/go-witness/cryptoutil" ) func Test_runSignPolicyRSA(t *testing.T) { diff --git a/cmd/verify.go b/cmd/verify.go index fa899496..e44af9d3 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -22,14 +22,14 @@ import ( "fmt" "os" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/archivista" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/source" "github.com/in-toto/witness/options" "github.com/spf13/cobra" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/archivista" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/source" ) func VerifyCmd() *cobra.Command { diff --git a/cmd/verify_test.go b/cmd/verify_test.go index ca03297a..d94cefaa 100644 --- a/cmd/verify_test.go +++ b/cmd/verify_test.go @@ -28,15 +28,15 @@ import ( "testing" "time" + witness "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/attestation/commandrun" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/dsse" + "github.com/in-toto/go-witness/policy" + "github.com/in-toto/go-witness/signer" + "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/require" - witness "github.com/testifysec/go-witness" - "github.com/testifysec/go-witness/attestation/commandrun" - "github.com/testifysec/go-witness/cryptoutil" - "github.com/testifysec/go-witness/dsse" - "github.com/testifysec/go-witness/policy" - "github.com/testifysec/go-witness/signer" - "github.com/testifysec/go-witness/signer/file" ) func TestRunVerifyCA(t *testing.T) { diff --git a/go.mod b/go.mod index af96936e..759e26cf 100644 --- a/go.mod +++ b/go.mod @@ -3,12 +3,12 @@ module github.com/in-toto/witness go 1.19 require ( + github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.6.1 + github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.15.0 github.com/stretchr/testify v1.8.4 - github.com/testifysec/go-witness v0.1.17 ) require ( @@ -32,7 +32,7 @@ require ( github.com/agnivade/levenshtein v1.1.1 // indirect github.com/aws/aws-sdk-go v1.44.334 // indirect github.com/cloudflare/circl v1.3.3 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/digitorus/pkcs7 v0.0.0-20230220124406-51331ccfc40f // indirect github.com/digitorus/timestamp v0.0.0-20230220124323-d542479a2425 // indirect @@ -44,19 +44,26 @@ require ( github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/go-git/go-git/v5 v5.5.2 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/gobwas/glob v0.2.3 // indirect + github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-containerregistry v0.13.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-3 // indirect github.com/imdario/mergo v0.3.13 // indirect - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect github.com/open-policy-agent/opa v0.49.2 // indirect github.com/owenrumney/go-sarif v1.1.1 // indirect github.com/pelletier/go-toml/v2 v2.0.6 // indirect @@ -73,7 +80,6 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect - github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 // indirect github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect @@ -82,20 +88,26 @@ require ( github.com/yashtewari/glob-intersection v0.1.0 // indirect github.com/zeebo/errs v1.3.0 // indirect golang.org/x/crypto v0.14.0 // indirect - golang.org/x/mod v0.8.0 // indirect + golang.org/x/mod v0.10.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect - golang.org/x/tools v0.6.0 // indirect + golang.org/x/tools v0.9.3 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/grpc v1.56.3 // indirect google.golang.org/protobuf v1.31.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apimachinery v0.26.11 // indirect + k8s.io/klog/v2 v2.90.0 // indirect + k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) replace github.com/sigstore/rekor => github.com/testifysec/rekor v0.4.0-dsse-intermediates-2 diff --git a/go.sum b/go.sum index 0479a084..9a7972ba 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw= github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM= -github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -133,11 +133,15 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-rod/rod v0.112.6 h1:zMirUmhsBeshMWyf285BD0UGtGq54HfThLDGSjcP3lU= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -188,6 +192,9 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k= github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -218,8 +225,12 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe h1:SNafk19rV7gMlu3YyFuVkj/9vsXnMp6yrFMXDguT3fE= +github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe/go.mod h1:AJU7zhcITsaufiqYMFPLZM66/vwmHVQtZeC2/JFxw7w= +github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c h1:BrnFYv8TI/uFBkB+WkY5npqveeNFG/fVf1k4Hd9LMl8= +github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c/go.mod h1:uiBFKD3cykEKWZzzc5Vshy3YeKAwlafIm9/7NGx+Xck= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= @@ -228,10 +239,13 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= @@ -255,6 +269,11 @@ github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zk github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/open-policy-agent/opa v0.49.2 h1:n8ntRq/yDWy+cmYaqSLrHXmrT3tX8WlK28vjFQdC6W8= github.com/open-policy-agent/opa v0.49.2/go.mod h1:7L3lN5qe8xboRmEHxC5lGjo5KsRMdK+CCLiFoOCP7rU= @@ -302,8 +321,8 @@ github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk= github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -316,6 +335,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -329,18 +349,14 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 h1:GAUgHyg4ss2DDTIYG9RuVxap2smkAGtzpXcOvNxlLic= -github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76/go.mod h1:6OYeTa1OOoVuqo9i8t6GAHtwg0CgofZVfwgVt7DgrwI= -github.com/testifysec/go-witness v0.1.17 h1:4saMtJJBfFd0CiZqBljysHawhFh/5MjqwQZPxMU9nNA= -github.com/testifysec/go-witness v0.1.17/go.mod h1:ljKDAQFb949IQMmch/B7kb1pYz1tJ10sSNjqM+HNijQ= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 h1:1i/Afw3rmaR1gF3sfVkG2X6ldkikQwA9zY380LrR5YI= github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4/go.mod h1:vAqWV3zEs89byeFsAYoh/Q14vJTgJkHwnnRCWBBBINY= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= -github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= @@ -370,7 +386,7 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.step.sm/crypto v0.25.0 h1:a+7sKyozZH9B30s0dHluygxreUxI1NtCBEmuNXx7a4k= +go.step.sm/crypto v0.25.2 h1:NgoI3bcNF0iLI+Rwq00brlJyFfMqseLOa8L8No3Daog= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -420,8 +436,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -485,7 +501,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -598,6 +614,7 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= @@ -606,11 +623,12 @@ golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -721,6 +739,8 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= @@ -743,6 +763,17 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/apimachinery v0.26.11 h1:w//840HHdwSRKqD15j9YX9HLlU6RPlfrvW0xEhLk2+0= +k8s.io/apimachinery v0.26.11/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= +k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= +k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE= +k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/options/options.go b/options/options.go index e0246f47..b7b75cc5 100644 --- a/options/options.go +++ b/options/options.go @@ -18,9 +18,9 @@ import ( "fmt" "time" + "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/registry" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/log" - "github.com/testifysec/go-witness/registry" ) type Interface interface { diff --git a/options/run.go b/options/run.go index 0ff9e993..3cccb3f7 100644 --- a/options/run.go +++ b/options/run.go @@ -15,9 +15,9 @@ package options import ( + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/log" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/attestation" - "github.com/testifysec/go-witness/log" ) type RunOptions struct { diff --git a/options/signers.go b/options/signers.go index f17d7829..c1a727b6 100644 --- a/options/signers.go +++ b/options/signers.go @@ -15,8 +15,8 @@ package options import ( + "github.com/in-toto/go-witness/signer" "github.com/spf13/cobra" - "github.com/testifysec/go-witness/signer" ) type SignerOptions map[string][]func(signer.SignerProvider) (signer.SignerProvider, error) From 98b06f1d0aaf2f607302c198f6b5cd792bee5f7d Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 15 Dec 2023 12:09:22 +0000 Subject: [PATCH 05/10] adding change to test now following newer version of policy --- cmd/verify_test.go | 3 ++- go.mod | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cmd/verify_test.go b/cmd/verify_test.go index d94cefaa..c4e08311 100644 --- a/cmd/verify_test.go +++ b/cmd/verify_test.go @@ -37,6 +37,7 @@ import ( "github.com/in-toto/go-witness/signer/file" "github.com/in-toto/witness/options" "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestRunVerifyCA(t *testing.T) { @@ -313,7 +314,7 @@ func makepolicy(t *testing.T, functionary policy.Functionary, publicKey policy.P } p := policy.Policy{ - Expires: time.Now().Add(1 * time.Hour), + Expires: metav1.Time{Time: time.Now().Add(1 * time.Hour)}, PublicKeys: map[string]policy.PublicKey{}, Steps: map[string]policy.Step{}, } diff --git a/go.mod b/go.mod index 759e26cf..894b6a05 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.15.0 github.com/stretchr/testify v1.8.4 + k8s.io/apimachinery v0.26.11 ) require ( @@ -103,7 +104,6 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apimachinery v0.26.11 // indirect k8s.io/klog/v2 v2.90.0 // indirect k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect From 9514e0a9281e895d9b08cd7db65269c929e2fc36 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 15 Dec 2023 12:13:42 +0000 Subject: [PATCH 06/10] running docgen as changes found from use of new module --- cmd/verify_test.go | 6 ------ docs/witness_run.md | 3 ++- docs/witness_sign.md | 3 ++- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/cmd/verify_test.go b/cmd/verify_test.go index c4e08311..a5316f49 100644 --- a/cmd/verify_test.go +++ b/cmd/verify_test.go @@ -352,14 +352,8 @@ func createTestRSAKey() (cryptoutil.Signer, cryptoutil.Verifier, []byte, []byte, } pemBytes := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: keyBytes}) - if err != nil { - return nil, nil, nil, nil, err - } privKeyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privKey)}) - if err != nil { - return nil, nil, nil, nil, err - } return signer, verifier, pemBytes, privKeyBytes, nil } diff --git a/docs/witness_run.md b/docs/witness_run.md index 713056a0..6c5851b7 100644 --- a/docs/witness_run.md +++ b/docs/witness_run.md @@ -22,7 +22,8 @@ witness run [cmd] [flags] -k, --signer-file-key-path string Path to the file containing the private key --signer-fulcio-oidc-client-id string OIDC client ID to use for authentication --signer-fulcio-oidc-issuer string OIDC issuer to use for authentication - --signer-fulcio-token string Raw token to use for authentication + --signer-fulcio-token string Raw token string to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token-path) + --signer-fulcio-token-path string Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token) --signer-fulcio-url string Fulcio address to sign with --signer-spiffe-socket-path string Path to the SPIFFE Workload API Socket --signer-vault-altnames strings Alt names to use for the generated certificate. All alt names must be allowed by the vault role policy diff --git a/docs/witness_sign.md b/docs/witness_sign.md index 980fecf7..c20b5fd3 100644 --- a/docs/witness_sign.md +++ b/docs/witness_sign.md @@ -22,7 +22,8 @@ witness sign [file] [flags] -k, --signer-file-key-path string Path to the file containing the private key --signer-fulcio-oidc-client-id string OIDC client ID to use for authentication --signer-fulcio-oidc-issuer string OIDC issuer to use for authentication - --signer-fulcio-token string Raw token to use for authentication + --signer-fulcio-token string Raw token string to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token-path) + --signer-fulcio-token-path string Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token) --signer-fulcio-url string Fulcio address to sign with --signer-spiffe-socket-path string Path to the SPIFFE Workload API Socket --signer-vault-altnames strings Alt names to use for the generated certificate. All alt names must be allowed by the vault role policy From da03354064a92bdc92fbdca7105dcb5ad301f4ee Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 15 Dec 2023 13:20:22 +0000 Subject: [PATCH 07/10] checking for duplicate attestors declared on `witness run` Signed-off-by: chaosinthecrd --- cmd/run.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/cmd/run.go b/cmd/run.go index ad19a30c..c5d13cf2 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -85,12 +85,22 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers . attestors = append(attestors, commandrun.New(commandrun.WithCommand(args), commandrun.WithTracing(ro.Tracing))) } - addtlAttestors, err := attestation.Attestors(ro.Attestations) - if err != nil { - return fmt.Errorf("failed to create attestors := %w", err) + for _, a := range ro.Attestations { + for _, att := range attestors { + if a == att.Name() { + log.Warnf("Attestator %s already declared, skipping", a) + break + } else { + attestor, err := attestation.AddAttestor(a) + if err != nil { + return fmt.Errorf("failed to create attestor: %w", err) + } + attestors = append(attestors, attestor) + break + } + } } - attestors = append(attestors, addtlAttestors...) for _, attestor := range attestors { setters, ok := ro.AttestorOptSetters[attestor.Name()] if !ok { From 7955bff1c5dbad449af7540a0a5e10f137dd6fc0 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 15 Dec 2023 13:28:53 +0000 Subject: [PATCH 08/10] updating go mod --- go.sum | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.sum b/go.sum index 9a7972ba..ddd56a99 100644 --- a/go.sum +++ b/go.sum @@ -227,8 +227,6 @@ github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe h1:SNafk19rV7gMlu3YyFuVkj/9vsXnMp6yrFMXDguT3fE= github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe/go.mod h1:AJU7zhcITsaufiqYMFPLZM66/vwmHVQtZeC2/JFxw7w= -github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c h1:BrnFYv8TI/uFBkB+WkY5npqveeNFG/fVf1k4Hd9LMl8= -github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c/go.mod h1:uiBFKD3cykEKWZzzc5Vshy3YeKAwlafIm9/7NGx+Xck= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= From 7377a06bb8cb95b626315034d3dc80a4efd5884a Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 18 Dec 2023 17:45:18 +0000 Subject: [PATCH 09/10] updating go sum Signed-off-by: chaosinthecrd --- go.sum | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/go.sum b/go.sum index a92aecd1..6b8ac902 100644 --- a/go.sum +++ b/go.sum @@ -225,12 +225,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= -github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe h1:SNafk19rV7gMlu3YyFuVkj/9vsXnMp6yrFMXDguT3fE= -github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe/go.mod h1:AJU7zhcITsaufiqYMFPLZM66/vwmHVQtZeC2/JFxw7w= github.com/in-toto/archivista v0.2.0 h1:FViuHMVVETborvOqlmSYdROY8RmX3CO0V0MOhU/Rl20= github.com/in-toto/archivista v0.2.0/go.mod h1:qt9uN4TkHWUgR5A2wxRqQIBizSl32P2nI2AjESskkr0= -github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c h1:BrnFYv8TI/uFBkB+WkY5npqveeNFG/fVf1k4Hd9LMl8= -github.com/in-toto/go-witness v0.1.18-0.20231214175634-5b5647c42b3c/go.mod h1:uiBFKD3cykEKWZzzc5Vshy3YeKAwlafIm9/7NGx+Xck= github.com/in-toto/go-witness v0.2.0 h1:lxp3+Kc4Der2C1jV9ZePjSCEHUr2NsB4sImXI5sZHu4= github.com/in-toto/go-witness v0.2.0/go.mod h1:Jr6ZlYoVfTS3hjUSmJ10J8qiHjpF1cfSE4NLAIJpbLw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -359,8 +355,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= +github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= From 4ccf0d5f8f4ce2e44163f23e8dbff250837a2362 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Tue, 19 Dec 2023 11:38:31 +0000 Subject: [PATCH 10/10] removing autobuild for declarative in CodeQL Signed-off-by: chaosinthecrd --- .github/workflows/codeql.yml | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6ea96390..9c06392a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -57,20 +57,11 @@ jobs: # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # NOTE: Removed autobuild step as it was leading to hanging in Github Actions + - name: Build + run: | + echo "running make build" + make build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9