pkg/cosign: remove dependency on deprecated github.com/pkg/errors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
sigstore · May 16, 2022 · 24b1428 · 24b1428
1 parent 45b4f88
commit 24b1428
Show file tree

Hide file tree

Showing 18 changed files with 135 additions and 139 deletions.
diff --git a/pkg/cosign/attestation/attestation.go b/pkg/cosign/attestation/attestation.go
@@ -26,7 +26,6 @@ import (
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 
 	"github.com/in-toto/in-toto-golang/in_toto"
-	"github.com/pkg/errors"
 )
 
 const (
@@ -189,7 +188,7 @@ func generateCustomPredicate(rawPayload []byte, customType, timestamp string) (i
 
 	var result map[string]interface{}
 	if err := json.Unmarshal(rawPayload, &result); err != nil {
-		return nil, errors.Wrapf(err, "invalid JSON payload for predicate type %s", customType)
+		return nil, fmt.Errorf("invalid JSON payload for predicate type %s: %w", customType, err)
 	}
 
 	return result, nil
@@ -203,7 +202,7 @@ func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo stri
 	}
 	err = json.Unmarshal(rawPayload, &predicate)
 	if err != nil {
-		return "", errors.Wrap(err, "unmarshal Provenance predicate")
+		return "", fmt.Errorf("unmarshal Provenance predicate: %w", err)
 	}
 	return in_toto.ProvenanceStatement{
 		StatementHeader: generateStatementHeader(digest, repo, slsa.PredicateSLSAProvenance),
@@ -219,7 +218,7 @@ func generateLinkStatement(rawPayload []byte, digest string, repo string) (inter
 	}
 	err = json.Unmarshal(rawPayload, &link)
 	if err != nil {
-		return "", errors.Wrap(err, "unmarshal Link statement")
+		return "", fmt.Errorf("unmarshal Link statement: %w", err)
 	}
 	return in_toto.LinkStatement{
 		StatementHeader: generateStatementHeader(digest, repo, in_toto.PredicateLinkV1),

diff --git a/pkg/cosign/common.go b/pkg/cosign/common.go
@@ -17,12 +17,12 @@ package cosign
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"syscall"
 
-	"github.com/pkg/errors"
 	"golang.org/x/term"
 )
 

diff --git a/pkg/cosign/fetch.go b/pkg/cosign/fetch.go
@@ -24,7 +24,6 @@ import (
 	"runtime"
 
 	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/pkg/cosign/bundle"
 	ociremote "github.com/sigstore/cosign/pkg/oci/remote"
 	"knative.dev/pkg/pool"
@@ -69,14 +68,14 @@ func FetchSignaturesForReference(ctx context.Context, ref name.Reference, opts .
 
 	sigs, err := simg.Signatures()
 	if err != nil {
-		return nil, errors.Wrap(err, "remote image")
+		return nil, fmt.Errorf("remote image: %w", err)
 	}
 	l, err := sigs.Get()
 	if err != nil {
-		return nil, errors.Wrap(err, "fetching signatures")
+		return nil, fmt.Errorf("fetching signatures: %w", err)
 	}
 	if len(l) == 0 {
-		return nil, fmt.Errorf("no signatures associated with %v", ref)
+		return nil, fmt.Errorf("no signatures associated with %v: %w", ref, err)
 	}
 
 	g := pool.New(runtime.NumCPU())
@@ -119,14 +118,14 @@ func FetchAttestationsForReference(ctx context.Context, ref name.Reference, opts
 
 	atts, err := simg.Attestations()
 	if err != nil {
-		return nil, errors.Wrap(err, "remote image")
+		return nil, fmt.Errorf("remote image: %w", err)
 	}
 	l, err := atts.Get()
 	if err != nil {
-		return nil, errors.Wrap(err, "fetching attestations")
+		return nil, fmt.Errorf("fetching attestations: %w", err)
 	}
 	if len(l) == 0 {
-		return nil, fmt.Errorf("no attestations associated with %v", ref)
+		return nil, fmt.Errorf("no attestations associated with %v: %w", ref, err)
 	}
 
 	g := pool.New(runtime.NumCPU())
@@ -153,7 +152,7 @@ func FetchAttestationsForReference(ctx context.Context, ref name.Reference, opts
 func FetchLocalSignedPayloadFromPath(path string) (*LocalSignedPayload, error) {
 	contents, err := ioutil.ReadFile(path)
 	if err != nil {
-		return nil, errors.Wrapf(err, "reading %s", path)
+		return nil, fmt.Errorf("reading %s: %w", path, err)
 	}
 	var b *LocalSignedPayload
 	if err := json.Unmarshal(contents, &b); err != nil {

diff --git a/pkg/cosign/git/github/github.go b/pkg/cosign/git/github/github.go
@@ -18,14 +18,14 @@ package github
 import (
 	"context"
 	"encoding/base64"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"strings"
 
 	"github.com/google/go-github/v42/github"
-	"github.com/pkg/errors"
 	"golang.org/x/oauth2"
 
 	"github.com/sigstore/cosign/pkg/cosign"
@@ -44,7 +44,7 @@ func New() *Gh {
 func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) error {
 	keys, err := cosign.GenerateKeyPair(pf)
 	if err != nil {
-		return errors.Wrap(err, "generating key pair")
+		return fmt.Errorf("generating key pair: %w", err)
 	}
 
 	var httpClient *http.Client
@@ -66,7 +66,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 
 	key, getRepoPubKeyResp, err := client.Actions.GetRepoPublicKey(ctx, owner, repo)
 	if err != nil {
-		return errors.Wrap(err, "could not get repository public key")
+		return fmt.Errorf("could not get repository public key: %w", err)
 	}
 
 	if getRepoPubKeyResp.StatusCode < 200 && getRepoPubKeyResp.StatusCode >= 300 {
@@ -82,7 +82,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 
 	passwordSecretEnvResp, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, passwordSecretEnv)
 	if err != nil {
-		return errors.Wrap(err, "could not create \"COSIGN_PASSWORD\" github actions secret")
+		return fmt.Errorf("could not create \"COSIGN_PASSWORD\" github actions secret: %w", err)
 	}
 
 	if passwordSecretEnvResp.StatusCode < 200 && passwordSecretEnvResp.StatusCode >= 300 {
@@ -100,7 +100,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 
 	privateKeySecretEnvResp, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, privateKeySecretEnv)
 	if err != nil {
-		return errors.Wrap(err, "could not create \"COSIGN_PRIVATE_KEY\" github actions secret")
+		return fmt.Errorf("could not create \"COSIGN_PRIVATE_KEY\" github actions secret: %w", err)
 	}
 
 	if privateKeySecretEnvResp.StatusCode < 200 && privateKeySecretEnvResp.StatusCode >= 300 {
@@ -118,7 +118,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 
 	publicKeySecretEnvResp, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, publicKeySecretEnv)
 	if err != nil {
-		return errors.Wrap(err, "could not create \"COSIGN_PUBLIC_KEY\" github actions secret")
+		return fmt.Errorf("could not create \"COSIGN_PUBLIC_KEY\" github actions secret: %w", err)
 	}
 
 	if publicKeySecretEnvResp.StatusCode < 200 && publicKeySecretEnvResp.StatusCode >= 300 {

diff --git a/pkg/cosign/git/gitlab/gitlab.go b/pkg/cosign/git/gitlab/gitlab.go
@@ -17,11 +17,11 @@ package gitlab
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
 
-	"github.com/pkg/errors"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/xanzy/go-gitlab"
 )
@@ -39,7 +39,7 @@ func New() *Gl {
 func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) error {
 	keys, err := cosign.GenerateKeyPair(pf)
 	if err != nil {
-		return errors.Wrap(err, "generating key pair")
+		return fmt.Errorf("generating key pair: %w", err)
 	}
 
 	token, tokenExists := os.LookupEnv("GITLAB_TOKEN")
@@ -52,12 +52,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 	if url, baseURLExists := os.LookupEnv("GITLAB_HOST"); baseURLExists {
 		client, err = gitlab.NewClient(token, gitlab.WithBaseURL(url))
 		if err != nil {
-			return errors.Wrap(err, "could not create GitLab client")
+			return fmt.Errorf("could not create GitLab client: %w", err)
 		}
 	} else {
 		client, err = gitlab.NewClient(token)
 		if err != nil {
-			return errors.Wrap(err, "could not create GitLab client")
+			return fmt.Errorf("could not create GitLab client: %w", err)
 		}
 	}
 
@@ -70,12 +70,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 		EnvironmentScope: gitlab.String("*"),
 	})
 	if err != nil {
-		return errors.Wrap(err, "could not create \"COSIGN_PASSWORD\" variable")
+		return fmt.Errorf("could not create \"COSIGN_PASSWORD\" variable: %w", err)
 	}
 
 	if passwordResp.StatusCode < 200 && passwordResp.StatusCode >= 300 {
 		bodyBytes, _ := io.ReadAll(passwordResp.Body)
-		return errors.Errorf("%s", bodyBytes)
+		return fmt.Errorf("%s", bodyBytes)
 	}
 
 	fmt.Fprintln(os.Stderr, "Password written to \"COSIGN_PASSWORD\" variable")
@@ -88,12 +88,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 		Masked:       gitlab.Bool(false),
 	})
 	if err != nil {
-		return errors.Wrap(err, "could not create \"COSIGN_PRIVATE_KEY\" variable")
+		return fmt.Errorf("could not create \"COSIGN_PRIVATE_KEY\" variable: %w", err)
 	}
 
 	if privateKeyResp.StatusCode < 200 && privateKeyResp.StatusCode >= 300 {
 		bodyBytes, _ := io.ReadAll(privateKeyResp.Body)
-		return errors.Errorf("%s", bodyBytes)
+		return fmt.Errorf("%s", bodyBytes)
 	}
 
 	fmt.Fprintln(os.Stderr, "Private key written to \"COSIGN_PRIVATE_KEY\" variable")
@@ -106,12 +106,12 @@ func (g *Gl) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 		Masked:       gitlab.Bool(false),
 	})
 	if err != nil {
-		return errors.Wrap(err, "could not create \"COSIGN_PUBLIC_KEY\" variable")
+		return fmt.Errorf("could not create \"COSIGN_PUBLIC_KEY\" variable: %w", err)
 	}
 
 	if publicKeyResp.StatusCode < 200 && publicKeyResp.StatusCode >= 300 {
 		bodyBytes, _ := io.ReadAll(publicKeyResp.Body)
-		return errors.Errorf("%s", bodyBytes)
+		return fmt.Errorf("%s", bodyBytes)
 	}
 
 	fmt.Fprintln(os.Stderr, "Public key written to \"COSIGN_PUBLIC_KEY\" variable")
@@ -136,25 +136,25 @@ func (g *Gl) GetSecret(ctx context.Context, ref string, key string) (string, err
 	if url, baseURLExists := os.LookupEnv("GITLAB_HOST"); baseURLExists {
 		client, err = gitlab.NewClient(token, gitlab.WithBaseURL(url))
 		if err != nil {
-			return varPubKeyValue, errors.Wrap(err, "could not create GitLab client")
+			return varPubKeyValue, fmt.Errorf("could not create GitLab client): %w", err)
 		}
 	} else {
 		client, err = gitlab.NewClient(token)
 		if err != nil {
-			return varPubKeyValue, errors.Wrap(err, "could not create GitLab client")
+			return varPubKeyValue, fmt.Errorf("could not create GitLab client: %w", err)
 		}
 	}
 
 	varPubKey, pubKeyResp, err := client.ProjectVariables.GetVariable(ref, key, nil)
 	if err != nil {
-		return varPubKeyValue, errors.Wrap(err, "could not retrieve \"COSIGN_PUBLIC_KEY\" variable")
+		return varPubKeyValue, fmt.Errorf("could not retrieve \"COSIGN_PUBLIC_KEY\" variable: %w", err)
 	}
 
 	varPubKeyValue = varPubKey.Value
 
 	if pubKeyResp.StatusCode < 200 && pubKeyResp.StatusCode >= 300 {
 		bodyBytes, _ := io.ReadAll(pubKeyResp.Body)
-		return varPubKeyValue, errors.Errorf("%s", bodyBytes)
+		return varPubKeyValue, fmt.Errorf("%s", bodyBytes)
 	}
 
 	return varPubKeyValue, nil

diff --git a/pkg/cosign/keys.go b/pkg/cosign/keys.go
@@ -25,11 +25,11 @@ import (
 	_ "crypto/sha256" // for `crypto.SHA256`
 	"crypto/x509"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 
-	"github.com/pkg/errors"
 	"github.com/theupdateframework/go-tuf/encrypted"
 
 	"github.com/sigstore/cosign/pkg/oci/static"
@@ -84,10 +84,10 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
 	case RSAPrivateKeyPemType:
 		rsaPk, err := x509.ParsePKCS1PrivateKey(p.Bytes)
 		if err != nil {
-			return nil, fmt.Errorf("error parsing rsa private key")
+			return nil, fmt.Errorf("error parsing rsa private key: %w", err)
 		}
 		if err = cryptoutils.ValidatePubKey(rsaPk.Public()); err != nil {
-			return nil, errors.Wrap(err, "error validating rsa key")
+			return nil, fmt.Errorf("error validating rsa key: %w", err)
 		}
 		pk = rsaPk
 	case ECPrivateKeyPemType:
@@ -96,7 +96,7 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
 			return nil, fmt.Errorf("error parsing ecdsa private key")
 		}
 		if err = cryptoutils.ValidatePubKey(ecdsaPk.Public()); err != nil {
-			return nil, errors.Wrap(err, "error validating ecdsa key")
+			return nil, fmt.Errorf("error validating ecdsa key: %w", err)
 		}
 		pk = ecdsaPk
 	case PrivateKeyPemType:
@@ -107,17 +107,17 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
 		switch k := pkcs8Pk.(type) {
 		case *rsa.PrivateKey:
 			if err = cryptoutils.ValidatePubKey(k.Public()); err != nil {
-				return nil, errors.Wrap(err, "error validating rsa key")
+				return nil, fmt.Errorf("error validating rsa key: %w", err)
 			}
 			pk = k
 		case *ecdsa.PrivateKey:
 			if err = cryptoutils.ValidatePubKey(k.Public()); err != nil {
-				return nil, errors.Wrap(err, "error validating ecdsa key")
+				return nil, fmt.Errorf("error validating ecdsa key: %w", err)
 			}
 			pk = k
 		case ed25519.PrivateKey:
 			if err = cryptoutils.ValidatePubKey(k.Public()); err != nil {
-				return nil, errors.Wrap(err, "error validating ed25519 key")
+				return nil, fmt.Errorf("error validating ed25519 key: %w", err)
 			}
 			pk = k
 		default:
@@ -132,7 +132,7 @@ func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
 func marshalKeyPair(keypair Keys, pf PassFunc) (key *KeysBytes, err error) {
 	x509Encoded, err := x509.MarshalPKCS8PrivateKey(keypair.private)
 	if err != nil {
-		return nil, errors.Wrap(err, "x509 encoding private key")
+		return nil, fmt.Errorf("x509 encoding private key: %w", err)
 	}
 
 	password := []byte{}
@@ -204,12 +204,12 @@ func LoadPrivateKey(key []byte, pass []byte) (signature.SignerVerifier, error) {
 
 	x509Encoded, err := encrypted.Decrypt(p.Bytes, pass)
 	if err != nil {
-		return nil, errors.Wrap(err, "decrypt")
+		return nil, fmt.Errorf("decrypt: %w", err)
 	}
 
 	pk, err := x509.ParsePKCS8PrivateKey(x509Encoded)
 	if err != nil {
-		return nil, errors.Wrap(err, "parsing private key")
+		return nil, fmt.Errorf("parsing private key: %w", err)
 	}
 	switch pk := pk.(type) {
 	case *rsa.PrivateKey: