diff --git a/README.md b/README.md index 0716460ed..5185deec1 100644 --- a/README.md +++ b/README.md @@ -27,21 +27,19 @@ stack on GCP using Terraform, we also got you [covered there](./terraform/). # Background -Currently in various e2e tests we (the community) do not exercise all the -components of the Sigstore when running tests. This results in us skipping -some validation tests (for example, but not limited to, –insecure-skip-verify -flag), or using public instances for some of the tests. Part of the reason is -that there are currently some manual steps or some assumptions baked in some -places that make this trickier than is strictly necessary. This repository is -meant to make it easier to test projects that utilize sigstore by making it easy -to spin up a whole sigstore stack in a k8s cluster so that you can do proper -integration testing. +This repository is meant to make it easier to test projects that utilize +sigstore by making it easy to spin up a whole sigstore stack in a k8s cluster so +that you can do proper integration testing. With the provided `action` it's easy +also to add this capability to your GitHub Action testing. If you are interested in figuring out the nitty/gritty manual way of standing up a sigstore stack, a wonderful very detailed document for standing all the pieces from scratch is given in Luke Hinds’ “[Sigstore the hard way](https://github.com/lukehinds/sigstore-the-hard-way)” +If you are interested in standing up a stack on your local machine, a great +documentation for all of them are provided by Thomas Strömberg +"[sigstore-the-local-way](https://github.com/tstromberg/sigstore-the-local-way)" # Overview @@ -107,6 +105,22 @@ rekor-system and the ConfigMap that is created by ‘**createtree**’ Job, we c have the following (some stuff omitted for readability) in our Rekor Deployment to ensure that Rekor will not start prior to TreeID having been properly provisioned. +Rekor also needs a Signing Key that it will use, and we create one with +[CreateSecret](./cmd/rekor/createsecret/main.go). It will create two secrets, +one holding the Private Signing key as well as the password used to encrypt it +with. By default the secret is named `rekor-signing-secret` and contains two +keys: + + * signing-secret - Holds the encrypted private key for signing + * signing-secret-password - Holds the password used to encrypt the key above. + +That secret then gets mounted / used by Rekor as demonstrated below. + + Also a secret holding the Rekor public key is created, which by default is + named `rekor-pub-key` and contains one key that we need to construct a proper + tuf root later on. + + * public - Rekor public key ``` @@ -128,16 +142,24 @@ spec: configMapKeyRef: name: rekor-config key: treeID - + - name: SECRET_SIGNING_PWD + valueFrom: + secretKeyRef: + name: rekor-secrets + key: signing-secret-password + volumeMounts: + - name: rekor-secrets + mountPath: "/var/run/rekor-secrets" + readOnly: true + volumes: + - name: rekor-secrets + secret: + secretName: rekor-signing-secret + items: + - key: signing-secret + path: signing-secret ``` -In addition to creating a tree, we will also create a secret holding the -public key of the Rekor client that we'll need to be able to construct a proper -tuf root later on. This is handled by a rekor createsecret job and it creates -a `rekor-pub-key` secret in the `rekor-system` namespace holding a single -entry in it called `public` that holds the public key for the Rekor. - - ## [CTLog](https://github.com/google/certificate-transparency-go) CTLog is the first piece in the puzzle that requires a bit more wrangling diff --git a/cmd/rekor/createsecret/main.go b/cmd/rekor/createsecret/main.go index ec54aaa60..83d9428a7 100644 --- a/cmd/rekor/createsecret/main.go +++ b/cmd/rekor/createsecret/main.go @@ -15,11 +15,15 @@ package main import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "encoding/pem" "flag" "log" "os" - "github.com/sigstore/rekor/pkg/client" "github.com/sigstore/scaffolding/pkg/secret" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -28,9 +32,18 @@ import ( "sigs.k8s.io/release-utils/version" ) +const ( + // Key created in the secret holding the encrypted private key. + signingKeySecretKey = "signing-secret" + // Key created in the secret holding the encrypt private key passord. + signingKeySecretPasswordKey = "signing-secret-password" +) + var ( - rekorURL = flag.String("rekor_url", "http://rekor.rekor-system.svc", "Address of the Rekor server") - secretName = flag.String("secret", "rekor-pub-key", "Secret to create the rekor public key in.") + signingSecretName = flag.String("signing-secret", "rekor-signing-secret", "Secret to create the signing secret that Rekor will use.") + signingKeyPassword = flag.String("signing-secret-pwd", "scaffoldtest", "Password to encrypt the signing secret with.") + rekorURL = flag.String("rekor_url", "http://rekor.rekor-system.svc", "Address of the Rekor server") + secretName = flag.String("secret", "rekor-pub-key", "Secret to create the rekor public key in.") ) func main() { @@ -57,20 +70,52 @@ func main() { } nsSecrets := clientset.CoreV1().Secrets(ns) - c, err := client.GetRekorClient(*rekorURL) + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + logging.FromContext(ctx).Fatalf("Failed to generate private key: %v", err) + } + // Encode private key to PKCS #8 ASN.1 PEM. + marshalledPrivKey, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + logging.FromContext(ctx).Fatalf("Failed to marshal private key: %v", err) + } + block := &pem.Block{ + Type: "PRIVATE KEY", + Bytes: marshalledPrivKey, + } + // Encrypt the pem + encryptedBlock, err := x509.EncryptPEMBlock(rand.Reader, block.Type, block.Bytes, []byte(*signingKeyPassword), x509.PEMCipherAES256) // nolint if err != nil { - logging.FromContext(ctx).Fatalf("Failed to construct rekor client", err) + logging.FromContext(ctx).Fatalf("Failed to encrypt private key: %v", err) } - // Create a secret holding our public key for OOB consumption of it. - // I know it's little bit fake because we call into it but at least we - // create it here so at least it's available for OOB. - rekorKey, err := c.Pubkey.GetPublicKey(nil) + + privPEM := pem.EncodeToMemory(encryptedBlock) + if privPEM == nil { + logging.FromContext(ctx).Fatalf("Failed to encode encrypted private key: %v", err) + } + + marshalledPubKey, err := x509.MarshalPKIXPublicKey(privateKey.Public()) if err != nil { - logging.FromContext(ctx).Fatalf("Unable to fetch rekor key: %v", err) + logging.FromContext(ctx).Panicf("Failed to marshal the public key: %v", err) + } + pubPEM := pem.EncodeToMemory( + &pem.Block{ + Type: "PUBLIC KEY", + Bytes: marshalledPubKey, + }, + ) + + signingSecretData := map[string][]byte{ + signingKeySecretKey: privPEM, + signingKeySecretPasswordKey: []byte(*signingKeyPassword), + } + + if err := secret.ReconcileSecret(ctx, *signingSecretName, ns, signingSecretData, nsSecrets); err != nil { + logging.FromContext(ctx).Fatalf("Unable to reconcile secret %s: %v", *signingSecretName, err) } - data := map[string][]byte{"public": []byte(rekorKey.Payload)} - if err := secret.ReconcileSecret(ctx, *secretName, ns, data, nsSecrets); err != nil { - logging.FromContext(ctx).Fatalf("Unable to reconcile secret: %v", err) + publicKeyData := map[string][]byte{"public": pubPEM} + if err := secret.ReconcileSecret(ctx, *secretName, ns, publicKeyData, nsSecrets); err != nil { + logging.FromContext(ctx).Fatalf("Unable to reconcile secret %s: %v", *secretName, err) } } diff --git a/config/rekor/rekor/300-rekor.yaml b/config/rekor/rekor/300-rekor.yaml index 62b991406..d0b9b6f8d 100644 --- a/config/rekor/rekor/300-rekor.yaml +++ b/config/rekor/rekor/300-rekor.yaml @@ -19,7 +19,11 @@ spec: serviceAccountName: rekor containers: - name: rekor - image: gcr.io/projectsigstore/rekor-server@sha256:af91aee88c6d8efb3175b441420a4c61691ec5d6a72303c8ef47750c1dfd2325 # v0.11.0 + # This has been built from here to pick up the file based signer change: + # https://github.com/sigstore/rekor/actions/runs/3061668501/jobs/4941722492 + # Which contains this change that we need. + # https://github.com/sigstore/rekor/pull/1049 + image: gcr.io/projectsigstore/rekor/ci/rekor/rekor-server@sha256:91a6fa93804e1c0b48942a6a0e38b30b851a9f281a65e84a05cd85c138450d7f ports: - containerPort: 3000 args: [ @@ -32,7 +36,8 @@ spec: "--enable_retrieve_api=true", "--trillian_log_server.tlog_id=$(TREE_ID)", "--log_type=prod", - "--rekor_server.signer=memory", + "--rekor_server.signer=/var/run/rekor-secrets/signing-secret", + "--rekor_server.signer-pwd=$(SECRET_SIGNING_PWD)", "--enable_attestation_storage=true", "--attestation_storage_bucket=file:///tmp/", # "--rekor_server.timestamp_chain=$(TIMESTAMP_CHAIN)" @@ -43,3 +48,19 @@ spec: configMapKeyRef: name: rekor-config key: treeID + - name: SECRET_SIGNING_PWD + valueFrom: + secretKeyRef: + name: rekor-signing-secret + key: signing-secret-password + volumeMounts: + - name: rekor-secrets + mountPath: "/var/run/rekor-secrets" + readOnly: true + volumes: + - name: rekor-secrets + secret: + secretName: rekor-signing-secret + items: + - key: signing-secret + path: signing-secret diff --git a/go.mod b/go.mod index 8f95795fa..7d7a32860 100644 --- a/go.mod +++ b/go.mod @@ -17,8 +17,8 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/sigstore/cosign v1.11.1 github.com/sigstore/fulcio v0.5.3 - github.com/sigstore/rekor v0.12.0 - github.com/sigstore/sigstore v1.4.1-0.20220908184735-abe183b160e9 + github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2 + github.com/sigstore/sigstore v1.4.1 github.com/theupdateframework/go-tuf v0.5.0 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 @@ -44,7 +44,7 @@ require ( contrib.go.opencensus.io/exporter/stackdriver v0.13.12 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect - github.com/aws/aws-sdk-go v1.44.93 // indirect + github.com/aws/aws-sdk-go v1.44.96 // indirect github.com/benbjohnson/clock v1.1.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect @@ -57,7 +57,7 @@ require ( github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/stargz-snapshotter/estargz v0.12.0 // indirect - github.com/coreos/go-oidc/v3 v3.3.0 // indirect + github.com/coreos/go-oidc/v3 v3.4.0 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect @@ -130,7 +130,7 @@ require ( github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.0.1 // indirect + github.com/pelletier/go-toml/v2 v2.0.5 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_model v0.2.0 // indirect @@ -152,10 +152,10 @@ require ( github.com/spf13/cobra v1.5.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.12.0 // indirect + github.com/spf13/viper v1.13.0 // indirect github.com/spiffe/go-spiffe/v2 v2.1.1 // indirect github.com/stretchr/testify v1.8.0 // indirect - github.com/subosito/gotenv v1.3.0 // indirect + github.com/subosito/gotenv v1.4.1 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect diff --git a/go.sum b/go.sum index eced40a44..96ccd24a8 100644 --- a/go.sum +++ b/go.sum @@ -181,8 +181,8 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.44.93 h1:hAgd9fuaptBatSft27/5eBMdcA8+cIMqo96/tZ6rKl8= -github.com/aws/aws-sdk-go v1.44.93/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/aws/aws-sdk-go v1.44.96 h1:S9paaqnJ0AJ95t5AB+iK8RM6YNZN0W0Lek1gOVJsEr8= +github.com/aws/aws-sdk-go v1.44.96/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= @@ -262,8 +262,8 @@ github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkE github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-oidc/v3 v3.3.0 h1:Y1LV3mP+QT3MEycATZpAiwfyN+uxZLqVbAHJUuOJEe4= -github.com/coreos/go-oidc/v3 v3.3.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw= +github.com/coreos/go-oidc/v3 v3.4.0 h1:xz7elHb/LDwm/ERpwHd+5nb7wFHL32rsr6bBOgaeu6g= +github.com/coreos/go-oidc/v3 v3.4.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -1050,8 +1050,8 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU= -github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= +github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= +github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw= @@ -1183,10 +1183,10 @@ github.com/sigstore/cosign v1.11.1 h1:y9IlANx0kTe5bt4wVkauJkfgWjMwmFId1H2y782hXm github.com/sigstore/cosign v1.11.1/go.mod h1:PURIOXUUu1KmXTJ1x11DHH/X9CyaoYpa9AxRphagu+s= github.com/sigstore/fulcio v0.5.3 h1:fwdl2BHv1RjL3GJJ44T+tPsvmQ028zv54psxVhSwUGA= github.com/sigstore/fulcio v0.5.3/go.mod h1:4yzMqOao6r9Nul1Dgt4LL7loKdkkgbDemLYrXUuAc+Y= -github.com/sigstore/rekor v0.12.0 h1:WjZ2/ayd4A4A05P5hVnrX0ceB/asgQhxl8szF28dNQI= -github.com/sigstore/rekor v0.12.0/go.mod h1:a86yBaT/qbHgBTAx0eP3Je+K5NQktx5KHlQPypdyYY8= -github.com/sigstore/sigstore v1.4.1-0.20220908184735-abe183b160e9 h1:yvNMALJQjiRSjOB3bHWE1bfyhwoKYEq/nJ2fetXd2kM= -github.com/sigstore/sigstore v1.4.1-0.20220908184735-abe183b160e9/go.mod h1:dZodsbajYeE3w4kyKpv2V18mZo29lb7zVY/oDn8UHIU= +github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2 h1:LD8LcwygdD2DxaINWwbkaUEBAknr205wmn66/N05s7c= +github.com/sigstore/rekor v0.12.1-0.20220915152154-4bb6f441c1b2/go.mod h1:C/jZ3EZywl/Kew48fGMWQoh+1LxOMk0BkP3DHmtB+8M= +github.com/sigstore/sigstore v1.4.1 h1:e/tfXseQRymIjgiykskciGrp75AZVCfYokZ2r9tg5vw= +github.com/sigstore/sigstore v1.4.1/go.mod h1:4+s4d6oTDdoQkf5lwpZBoOlWWV+hXhur1my9WdN5PjU= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= @@ -1244,8 +1244,8 @@ github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/y github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/spf13/viper v1.9.0/go.mod h1:+i6ajR7OX2XaiBkrcZJFK21htRk7eDeLg7+O6bhUPP4= -github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ= -github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI= +github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU= +github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= github.com/spiffe/go-spiffe/v2 v2.1.1 h1:RT9kM8MZLZIsPTH+HKQEP5yaAk3yd/VBzlINaRjXs8k= github.com/spiffe/go-spiffe/v2 v2.1.1/go.mod h1:5qg6rpqlwIub0JAiF1UK9IMD6BpPTmvG6yfSgDBs5lg= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= @@ -1272,8 +1272,8 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI= -github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs= +github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= +github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48= @@ -1473,8 +1473,8 @@ go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=