From 667f5f19e23ca03e75f58b15443221413fae3ee6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Fri, 21 Jul 2023 23:03:06 +0200 Subject: [PATCH] BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The github.com/theupdateframework/go-tuf/encrypted subpackage is deprecated, switch to the new location. Separetely, this is a BREAKING change: the key encryption parameters of encrypted.Encrypt have been changed, so the keys generated by the new code can't be loaded by older implementations. (Old keys can continue to be used by new implementations.) Signed-off-by: Miloslav Trmač --- go.mod | 3 ++- go.sum | 2 ++ signature/sigstore/copied.go | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 8440aa590..9ec21f8fb 100644 --- a/go.mod +++ b/go.mod @@ -25,13 +25,13 @@ require ( github.com/opencontainers/selinux v1.11.0 github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f github.com/proglottis/gpgme v0.1.3 + github.com/secure-systems-lab/go-securesystemslib v0.7.0 github.com/sigstore/fulcio v1.4.0 github.com/sigstore/rekor v1.2.2 github.com/sigstore/sigstore v1.7.2 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 github.com/sylabs/sif/v2 v2.12.0 - github.com/theupdateframework/go-tuf v0.5.2 github.com/ulikunitz/xz v0.5.11 github.com/vbatts/tar-split v0.11.5 github.com/vbauerster/mpb/v8 v8.5.2 @@ -106,6 +106,7 @@ require ( github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect + github.com/theupdateframework/go-tuf v0.5.2 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 83a47d3e1..741326ec0 100644 --- a/go.sum +++ b/go.sum @@ -301,6 +301,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y= +github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg= +github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI= github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= diff --git a/signature/sigstore/copied.go b/signature/sigstore/copied.go index f9c7f6a5e..2e510f60e 100644 --- a/signature/sigstore/copied.go +++ b/signature/sigstore/copied.go @@ -10,9 +10,9 @@ import ( "errors" "fmt" + "github.com/secure-systems-lab/go-securesystemslib/encrypted" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/sigstore/sigstore/pkg/signature" - "github.com/theupdateframework/go-tuf/encrypted" ) // The following code was copied from github.com/sigstore.