sigstore · cpanato · Sep 13, 2022 · Sep 10, 2022
diff --git a/pkg/cryptoutils/certificate.go b/pkg/cryptoutils/certificate.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package cryptoutils TODO: add meaningfull description
 package cryptoutils
 
 import (

diff --git a/pkg/cryptoutils/password.go b/pkg/cryptoutils/password.go
@@ -18,7 +18,7 @@ package cryptoutils
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 
 	"golang.org/x/term"
@@ -50,7 +50,7 @@ func readPasswordFn() func() ([]byte, error) {
 	}
 	// Handle piped in passwords.
 	return func() ([]byte, error) {
-		return ioutil.ReadAll(os.Stdin)
+		return io.ReadAll(os.Stdin)
 	}
 }
 

diff --git a/pkg/fulcioroots/fulcioroots.go b/pkg/fulcioroots/fulcioroots.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package fulcioroots TODO: add meaningfull description
 package fulcioroots
 
 import (

diff --git a/pkg/oauth/interactive.go b/pkg/oauth/interactive.go
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package oauth TODO: add meaningfull description
 package oauth
 
 const (

diff --git a/pkg/oauth/internal/token.go b/pkg/oauth/internal/token.go
@@ -12,13 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package internal TODO: add meaningfull description
 package internal
 
 import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"mime"
 	"net/http"
 	"net/url"
@@ -136,7 +136,7 @@ func parseAccessTokenError(body []byte, contentType string) (respErr *ErrorToken
 // ParseAccessTokenResponse parses an RFC6749 access token response and returns either an `*oauth2.Token` on success, an `*ErrorTokenResponse` on failure, or any other error if the response cannot be parsed.
 // See: https://datatracker.ietf.org/doc/html/rfc6749#section-5
 func ParseAccessTokenResponse(tokenResp *http.Response) (token *oauth2.Token, err error) {
-	body, err := ioutil.ReadAll(io.LimitReader(tokenResp.Body, 1<<20))
+	body, err := io.ReadAll(io.LimitReader(tokenResp.Body, 1<<20))
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/oauth/internal/token_test.go b/pkg/oauth/internal/token_test.go
@@ -18,7 +18,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"reflect"
@@ -119,7 +119,7 @@ func TestParseAccessTokenSuccessResponse(t *testing.T) {
 		t.Run(tc.desc, func(t *testing.T) {
 			testResp := &http.Response{
 				StatusCode: http.StatusOK,
-				Body:       ioutil.NopCloser(bytes.NewReader(tc.respBody)),
+				Body:       io.NopCloser(bytes.NewReader(tc.respBody)),
 			}
 			if tc.respContentType != "" {
 				testResp.Header = make(http.Header, 1)
@@ -208,7 +208,7 @@ func TestParseAccessTokenFailResponse(t *testing.T) {
 		t.Run(tc.desc, func(t *testing.T) {
 			testResp := &http.Response{
 				StatusCode: tc.respStatusCode,
-				Body:       ioutil.NopCloser(bytes.NewReader(tc.respBody)),
+				Body:       io.NopCloser(bytes.NewReader(tc.respBody)),
 			}
 			if tc.respContentType != "" {
 				testResp.Header = make(http.Header, 1)

diff --git a/pkg/oauth/oidc/interactive.go b/pkg/oauth/oidc/interactive.go
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package oidc TODO: add meaningfull description
 package oidc
 
 import (

diff --git a/pkg/oauthflow/device.go b/pkg/oauthflow/device.go
@@ -13,13 +13,14 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package oauthflow TODO: add meaningfull description
 package oauthflow
 
 import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -111,7 +112,7 @@ func (d *DeviceFlowTokenGetter) deviceFlow(p *oidc.Provider, clientID, redirectU
 	}
 	defer resp.Body.Close()
 
-	b, err := ioutil.ReadAll(resp.Body)
+	b, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return "", err
 	}
@@ -146,7 +147,7 @@ func (d *DeviceFlowTokenGetter) deviceFlow(p *oidc.Provider, clientID, redirectU
 		}
 		defer resp.Body.Close()
 
-		b, err := ioutil.ReadAll(resp.Body)
+		b, err := io.ReadAll(resp.Body)
 		if err != nil {
 			return "", err
 		}
@@ -213,7 +214,7 @@ func (d *DeviceFlowTokenGetter) CodeURL() (string, error) {
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return "", fmt.Errorf("unable to read response body: %w", err)
 	}

diff --git a/pkg/signature/dsse/adapters.go b/pkg/signature/dsse/adapters.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package dsse TODO: add meaningfull description
 package dsse
 
 import (

diff --git a/pkg/signature/dsse/dsse.go b/pkg/signature/dsse/dsse.go
@@ -21,7 +21,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"io"
-	"io/ioutil"
 
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/sigstore/pkg/signature"
@@ -47,7 +46,7 @@ func (w *wrappedSigner) PublicKey(opts ...signature.PublicKeyOption) (crypto.Pub
 
 // SignMessage signs the provided stream in the reader using the DSSE encoding format
 func (w *wrappedSigner) SignMessage(r io.Reader, opts ...signature.SignOption) ([]byte, error) {
-	p, err := ioutil.ReadAll(r)
+	p, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
@@ -87,7 +86,7 @@ func (w *wrappedVerifier) PublicKey(opts ...signature.PublicKeyOption) (crypto.P
 
 // VerifySignature verifies the signature specified in an DSSE envelope
 func (w *wrappedVerifier) VerifySignature(s, _ io.Reader, opts ...signature.VerifyOption) error {
-	sig, err := ioutil.ReadAll(s)
+	sig, err := io.ReadAll(s)
 	if err != nil {
 		return err
 	}

diff --git a/pkg/signature/dsse/multidsse.go b/pkg/signature/dsse/multidsse.go
@@ -20,7 +20,6 @@ import (
 	"encoding/json"
 	"errors"
 	"io"
-	"io/ioutil"
 
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/sigstore/pkg/signature"
@@ -67,7 +66,7 @@ func (wL *wrappedMultiSigner) PublicKey(opts ...signature.PublicKeyOption) (cryp
 
 // SignMessage signs the provided stream in the reader using the DSSE encoding format
 func (wL *wrappedMultiSigner) SignMessage(r io.Reader, opts ...signature.SignOption) ([]byte, error) {
-	p, err := ioutil.ReadAll(r)
+	p, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
@@ -129,7 +128,7 @@ func (wL *wrappedMultiVerifier) PublicKey(opts ...signature.PublicKeyOption) (cr
 
 // VerifySignature verifies the signature specified in an DSSE envelope
 func (wL *wrappedMultiVerifier) VerifySignature(s, _ io.Reader, opts ...signature.VerifyOption) error {
-	sig, err := ioutil.ReadAll(s)
+	sig, err := io.ReadAll(s)
 	if err != nil {
 		return err
 	}

diff --git a/pkg/signature/kms/aws/client.go b/pkg/signature/kms/aws/client.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package aws implement the interface with amazon aws kms service
 package aws
 
 import (

diff --git a/pkg/signature/kms/azure/client.go b/pkg/signature/kms/azure/client.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package azure implement the interface with microsoft azure kms service
 package azure
 
 import (

diff --git a/pkg/signature/kms/fake/signer.go b/pkg/signature/kms/fake/signer.go
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package fake implements fake signer to be used in tests
 package fake
 
 import (

diff --git a/pkg/signature/kms/gcp/client.go b/pkg/signature/kms/gcp/client.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package gcp implement the interface with google cloud kms service
 package gcp
 
 import (

diff --git a/pkg/signature/kms/hashivault/client.go b/pkg/signature/kms/hashivault/client.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package hashivault implement the interface with hashivault kms service
 package hashivault
 
 import (

diff --git a/pkg/signature/kms/kms.go b/pkg/signature/kms/kms.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package kms implements the interface to access various ksm services
 package kms
 
 import (

diff --git a/pkg/signature/options/context.go b/pkg/signature/options/context.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package options TODO: add meaningfull description
 package options
 
 import (

diff --git a/pkg/signature/payload/payload.go b/pkg/signature/payload/payload.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package payload TODO: add meaningfull description
 package payload
 
 import (

diff --git a/pkg/signature/signer.go b/pkg/signature/signer.go
@@ -22,7 +22,7 @@ import (
 	"crypto/rsa"
 	"errors"
 	"io"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	// these ensure we have the implementations loaded
@@ -77,7 +77,7 @@ func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Signer, err
 // RSAPSSSigner is desired instead, use the LoadRSAPSSSigner() and
 // cryptoutils.UnmarshalPEMToPrivateKey() methods directly.
 func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (Signer, error) {
-	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
+	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/signature/signerverifier.go b/pkg/signature/signerverifier.go
@@ -21,7 +21,7 @@ import (
 	"crypto/ed25519"
 	"crypto/rsa"
 	"errors"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
@@ -57,7 +57,7 @@ func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Sig
 // RSAPSSSignerVerifier is desired instead, use the LoadRSAPSSSignerVerifier() and
 // cryptoutils.UnmarshalPEMToPrivateKey() methods directly.
 func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (SignerVerifier, error) {
-	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
+	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/signature/ssh/armor.go b/pkg/signature/ssh/armor.go
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package ssh TODO: add meaningfull description
 package ssh
 
 import (

diff --git a/pkg/signature/ssh/sign.go b/pkg/signature/ssh/sign.go
@@ -22,7 +22,6 @@ import (
 	"crypto/sha512"
 	"hash"
 	"io"
-	"io/ioutil"
 
 	"github.com/sigstore/sigstore/pkg/signature"
 	"golang.org/x/crypto/ssh"
@@ -99,7 +98,7 @@ func (s *Signer) PublicKey(opts ...signature.PublicKeyOption) (crypto.PublicKey,
 
 // SignMessage signs the supplied message.
 func (s *Signer) SignMessage(message io.Reader, opts ...signature.SignOption) ([]byte, error) {
-	b, err := ioutil.ReadAll(message)
+	b, err := io.ReadAll(message)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/signature/ssh/sign_test.go b/pkg/signature/ssh/sign_test.go
@@ -17,7 +17,7 @@ package ssh
 
 import (
 	"bytes"
-	"io/ioutil"
+	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
@@ -168,7 +168,7 @@ func TestFromOpenSSH(t *testing.T) {
 			sigPath := dataPath + ".sig"
 			run(t, nil, "ssh-keygen", "-Y", "sign", "-n", "file", "-f", privPath, dataPath)
 
-			sigBytes, err := ioutil.ReadFile(sigPath)
+			sigBytes, err := os.ReadFile(sigPath)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -322,7 +322,7 @@ func TestRoundTrip(t *testing.T) {
 
 func write(t *testing.T, d []byte, fp ...string) string {
 	p := filepath.Join(fp...)
-	if err := ioutil.WriteFile(p, d, 0o600); err != nil {
+	if err := os.WriteFile(p, d, 0o600); err != nil {
 		t.Fatal(err)
 	}
 	return p

diff --git a/pkg/signature/ssh/verify.go b/pkg/signature/ssh/verify.go
@@ -17,7 +17,6 @@ package ssh
 
 import (
 	"io"
-	"io/ioutil"
 
 	"github.com/sigstore/sigstore/pkg/signature"
 	"golang.org/x/crypto/ssh"
@@ -51,7 +50,7 @@ var _ signature.Verifier = (*Signer)(nil)
 
 // VerifySignature verifies a suppled signature.
 func (s *Signer) VerifySignature(signature, message io.Reader, opts ...signature.VerifyOption) error {
-	b, err := ioutil.ReadAll(signature)
+	b, err := io.ReadAll(signature)
 	if err != nil {
 		return err
 	}

diff --git a/pkg/signature/verifier.go b/pkg/signature/verifier.go
@@ -22,7 +22,7 @@ import (
 	"crypto/rsa"
 	"errors"
 	"io"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
@@ -86,7 +86,7 @@ func LoadUnsafeVerifier(publicKey crypto.PublicKey) (Verifier, error) {
 // If the publickey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a
 // RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() and cryptoutils.UnmarshalPEMToPublicKey() methods directly.
 func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash) (Verifier, error) {
-	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
+	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}