cli/command/trust: use stdlib errors

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

cli/command/trust/key_generate.go

@@ -11,7 +11,6 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/lazyregexp"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary"
 	"github.com/theupdateframework/notary/trustmanager"
@@ -88,7 +87,7 @@ func validateAndGenerateKey(streams command.Streams, keyName string, workingDir
 	pubPEM, err := generateKeyAndOutputPubPEM(keyName, privKeyFileStore)
 	if err != nil {
 		_, _ = fmt.Fprint(streams.Out(), err)
-		return errors.Wrapf(err, "failed to generate key for %s", keyName)
+		return fmt.Errorf("failed to generate key for %s: %w", keyName, err)
 	}
 
 	// Output the public key to a file in the CWD or specified dir
@@ -126,7 +125,7 @@ func writePubKeyPEMToDir(pubPEM pem.Block, keyName, workingDir string) (string,
 	pubFileName := strings.Join([]string{keyName, "pub"}, ".")
 	pubFilePath := filepath.Join(workingDir, pubFileName)
 	if err := os.WriteFile(pubFilePath, pem.EncodeToMemory(&pubPEM), notary.PrivNoExecPerms); err != nil {
-		return "", errors.Wrapf(err, "failed to write public key to %s", pubFilePath)
+		return "", fmt.Errorf("failed to write public key to %s: %w", pubFilePath, err)
 	}
 	return pubFilePath, nil
 }

cli/command/trust/key_load.go

@@ -3,6 +3,7 @@ package trust
 import (
 	"bytes"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -11,7 +12,6 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary"
 	"github.com/theupdateframework/notary/storage"
@@ -60,10 +60,10 @@ func loadPrivKey(streams command.Streams, keyPath string, options keyLoadOptions
 	passRet := trust.GetPassphraseRetriever(streams.In(), streams.Out())
 	keyBytes, err := getPrivKeyBytesFromPath(keyPath)
 	if err != nil {
-		return errors.Wrapf(err, "refusing to load key from %s", keyPath)
+		return fmt.Errorf("refusing to load key from %s: %w", keyPath, err)
 	}
 	if err := loadPrivKeyBytesToStore(keyBytes, privKeyImporters, keyPath, options.keyName, passRet); err != nil {
-		return errors.Wrapf(err, "error importing key from %s", keyPath)
+		return fmt.Errorf("error importing key from %s: %w", keyPath, err)
 	}
 	_, _ = fmt.Fprintln(streams.Out(), "Successfully imported key from", keyPath)
 	return nil
@@ -95,7 +95,7 @@ func loadPrivKeyBytesToStore(privKeyBytes []byte, privKeyImporters []trustmanage
 		return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", keyPath)
 	}
 	if privKeyBytes, err = decodePrivKeyIfNecessary(privKeyBytes, passRet); err != nil {
-		return errors.Wrapf(err, "cannot load key from provided file %s", keyPath)
+		return fmt.Errorf("cannot load key from provided file %s: %w", keyPath, err)
 	}
 	// Make a reader, rewind the file pointer
 	return trustmanager.ImportKeys(bytes.NewReader(privKeyBytes), privKeyImporters, keyName, "", passRet)

cli/command/trust/revoke.go

@@ -2,6 +2,7 @@ package trust
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/docker/cli/cli"
@@ -9,7 +10,6 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/prompt"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary/client"
 	"github.com/theupdateframework/notary/tuf/data"
@@ -63,7 +63,7 @@ func revokeTrust(ctx context.Context, dockerCLI command.Cli, remote string, opti
 	}
 	defer clearChangeList(notaryRepo)
 	if err := revokeSignature(notaryRepo, tag); err != nil {
-		return errors.Wrapf(err, "could not remove signature for %s", remote)
+		return fmt.Errorf("could not remove signature for %s: %w", remote, err)
 	}
 	_, _ = fmt.Fprintf(dockerCLI.Out(), "Successfully deleted signature for %s\n", remote)
 	return nil

cli/command/trust/sign.go

@@ -2,6 +2,7 @@ package trust
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"path"
@@ -16,7 +17,6 @@ import (
 	imagetypes "github.com/moby/moby/api/types/image"
 	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/moby/moby/client"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	notaryclient "github.com/theupdateframework/notary/client"
 	"github.com/theupdateframework/notary/tuf/data"
@@ -127,7 +127,7 @@ func signAndPublishToTarget(out io.Writer, imgRefAndAuth trust.ImageRefAndAuth,
 		err = notaryRepo.Publish()
 	}
 	if err != nil {
-		return errors.Wrapf(err, "failed to sign %s:%s", imgRefAndAuth.RepoInfo().Name.Name(), tag)
+		return fmt.Errorf("failed to sign %s:%s: %w", imgRefAndAuth.RepoInfo().Name.Name(), tag, err)
 	}
 	_, _ = fmt.Fprintf(out, "Successfully signed %s:%s\n", imgRefAndAuth.RepoInfo().Name.Name(), tag)
 	return nil
@@ -212,7 +212,7 @@ func initNotaryRepoWithSigners(notaryRepo notaryclient.Repository, newSigner dat
 		return err
 	}
 	if err := addStagedSigner(notaryRepo, newSigner, []data.PublicKey{signerKey}); err != nil {
-		return errors.Wrapf(err, "could not add signer to repo: %s", strings.TrimPrefix(newSigner.String(), "targets/"))
+		return fmt.Errorf("could not add signer to repo: %s: %w", strings.TrimPrefix(newSigner.String(), "targets/"), err)
 	}
 
 	return notaryRepo.Publish()

cli/command/trust/signer_add.go

@@ -2,6 +2,7 @@ package trust
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -14,7 +15,6 @@ import (
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/lazyregexp"
 	"github.com/docker/cli/opts"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary/client"
 	"github.com/theupdateframework/notary/tuf/data"
@@ -106,7 +106,7 @@ func addSignerToRepo(ctx context.Context, dockerCLI command.Cli, signerName stri
 	newSignerRoleName := data.RoleName(path.Join(data.CanonicalTargetsRole.String(), signerName))
 
 	if err := addStagedSigner(notaryRepo, newSignerRoleName, signerPubKeys); err != nil {
-		return errors.Wrapf(err, "could not add signer to repo: %s", strings.TrimPrefix(newSignerRoleName.String(), "targets/"))
+		return fmt.Errorf("could not add signer to repo: %s: %w", strings.TrimPrefix(newSignerRoleName.String(), "targets/"), err)
 	}
 
 	return notaryRepo.Publish()
@@ -118,20 +118,20 @@ func ingestPublicKeys(pubKeyPaths []string) ([]data.PublicKey, error) {
 		// Read public key bytes from PEM file, limit to 1 KiB
 		pubKeyFile, err := os.OpenFile(pubKeyPath, os.O_RDONLY, 0o666)
 		if err != nil {
-			return nil, errors.Wrap(err, "unable to read public key from file")
+			return nil, fmt.Errorf("unable to read public key from file: %w", err)
 		}
 		defer pubKeyFile.Close()
 		// limit to
 		l := io.LimitReader(pubKeyFile, 1<<20)
 		pubKeyBytes, err := io.ReadAll(l)
 		if err != nil {
-			return nil, errors.Wrap(err, "unable to read public key from file")
+			return nil, fmt.Errorf("unable to read public key from file: %w", err)
 		}
 
 		// Parse PEM bytes into type PublicKey
 		pubKey, err := tufutils.ParsePEMPublicKey(pubKeyBytes)
 		if err != nil {
-			return nil, errors.Wrapf(err, "could not parse public key from file: %s", pubKeyPath)
+			return nil, fmt.Errorf("could not parse public key from file: %s: %w", pubKeyPath, err)
 		}
 		pubKeys = append(pubKeys, pubKey)
 	}

cli/command/trust/signer_remove.go

@@ -2,6 +2,7 @@ package trust
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -10,7 +11,6 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/prompt"
-	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/theupdateframework/notary/client"
 	"github.com/theupdateframework/notary/tuf/data"
@@ -49,7 +49,7 @@ func removeSigner(ctx context.Context, dockerCLI command.Cli, options signerRemo
 		}
 	}
 	if len(errRepos) > 0 {
-		return errors.Errorf("error removing signer from: %s", strings.Join(errRepos, ", "))
+		return fmt.Errorf("error removing signer from: %s", strings.Join(errRepos, ", "))
 	}
 	return nil
 }
@@ -98,7 +98,7 @@ func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, si
 
 	signerDelegation := data.RoleName("targets/" + signerName)
 	if signerDelegation == releasesRoleTUFName {
-		return false, errors.Errorf("releases is a reserved keyword and cannot be removed")
+		return false, errors.New("releases is a reserved keyword and cannot be removed")
 	}
 	notaryRepo, err := newNotaryClient(dockerCLI, imgRefAndAuth, trust.ActionsPushAndPull)
 	if err != nil {
@@ -106,7 +106,7 @@ func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, si
 	}
 	delegationRoles, err := notaryRepo.GetDelegationRoles()
 	if err != nil {
-		return false, errors.Wrapf(err, "error retrieving signers for %s", repoName)
+		return false, fmt.Errorf("error retrieving signers for %s: %w", repoName, err)
 	}
 	var role data.Role
 	for _, delRole := range delegationRoles {
@@ -116,7 +116,7 @@ func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, si
 		}
 	}
 	if role.Name == "" {
-		return false, errors.Errorf("no signer %s for repository %s", signerName, repoName)
+		return false, fmt.Errorf("no signer %s for repository %s", signerName, repoName)
 	}
 	allRoles, err := notaryRepo.ListRoles()
 	if err != nil {