From 70f1147394894be7cf286ba030409c4b085aeeb1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 11 Aug 2025 15:27:18 +0200 Subject: [PATCH] cli/command/trust: use stdlib errors Signed-off-by: Sebastiaan van Stijn --- cli/command/trust/key_generate.go | 5 ++--- cli/command/trust/key_load.go | 8 ++++---- cli/command/trust/revoke.go | 4 ++-- cli/command/trust/sign.go | 6 +++--- cli/command/trust/signer_add.go | 10 +++++----- cli/command/trust/signer_remove.go | 10 +++++----- 6 files changed, 21 insertions(+), 22 deletions(-) diff --git a/cli/command/trust/key_generate.go b/cli/command/trust/key_generate.go index 9943c47720..a966840c10 100644 --- a/cli/command/trust/key_generate.go +++ b/cli/command/trust/key_generate.go @@ -11,7 +11,6 @@ import ( "github.com/docker/cli/cli/command" "github.com/docker/cli/cli/trust" "github.com/docker/cli/internal/lazyregexp" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/theupdateframework/notary" "github.com/theupdateframework/notary/trustmanager" @@ -88,7 +87,7 @@ func validateAndGenerateKey(streams command.Streams, keyName string, workingDir pubPEM, err := generateKeyAndOutputPubPEM(keyName, privKeyFileStore) if err != nil { _, _ = fmt.Fprint(streams.Out(), err) - return errors.Wrapf(err, "failed to generate key for %s", keyName) + return fmt.Errorf("failed to generate key for %s: %w", keyName, err) } // Output the public key to a file in the CWD or specified dir @@ -126,7 +125,7 @@ func writePubKeyPEMToDir(pubPEM pem.Block, keyName, workingDir string) (string, pubFileName := strings.Join([]string{keyName, "pub"}, ".") pubFilePath := filepath.Join(workingDir, pubFileName) if err := os.WriteFile(pubFilePath, pem.EncodeToMemory(&pubPEM), notary.PrivNoExecPerms); err != nil { - return "", errors.Wrapf(err, "failed to write public key to %s", pubFilePath) + return "", fmt.Errorf("failed to write public key to %s: %w", pubFilePath, err) } return pubFilePath, nil } diff --git a/cli/command/trust/key_load.go b/cli/command/trust/key_load.go index b4ce1d4d51..5880cfa825 100644 --- a/cli/command/trust/key_load.go +++ b/cli/command/trust/key_load.go @@ -3,6 +3,7 @@ package trust import ( "bytes" "encoding/pem" + "errors" "fmt" "io" "os" @@ -11,7 +12,6 @@ import ( "github.com/docker/cli/cli" "github.com/docker/cli/cli/command" "github.com/docker/cli/cli/trust" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/theupdateframework/notary" "github.com/theupdateframework/notary/storage" @@ -60,10 +60,10 @@ func loadPrivKey(streams command.Streams, keyPath string, options keyLoadOptions passRet := trust.GetPassphraseRetriever(streams.In(), streams.Out()) keyBytes, err := getPrivKeyBytesFromPath(keyPath) if err != nil { - return errors.Wrapf(err, "refusing to load key from %s", keyPath) + return fmt.Errorf("refusing to load key from %s: %w", keyPath, err) } if err := loadPrivKeyBytesToStore(keyBytes, privKeyImporters, keyPath, options.keyName, passRet); err != nil { - return errors.Wrapf(err, "error importing key from %s", keyPath) + return fmt.Errorf("error importing key from %s: %w", keyPath, err) } _, _ = fmt.Fprintln(streams.Out(), "Successfully imported key from", keyPath) return nil @@ -95,7 +95,7 @@ func loadPrivKeyBytesToStore(privKeyBytes []byte, privKeyImporters []trustmanage return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", keyPath) } if privKeyBytes, err = decodePrivKeyIfNecessary(privKeyBytes, passRet); err != nil { - return errors.Wrapf(err, "cannot load key from provided file %s", keyPath) + return fmt.Errorf("cannot load key from provided file %s: %w", keyPath, err) } // Make a reader, rewind the file pointer return trustmanager.ImportKeys(bytes.NewReader(privKeyBytes), privKeyImporters, keyName, "", passRet) diff --git a/cli/command/trust/revoke.go b/cli/command/trust/revoke.go index 303c7b8c2d..b2e4ad20aa 100644 --- a/cli/command/trust/revoke.go +++ b/cli/command/trust/revoke.go @@ -2,6 +2,7 @@ package trust import ( "context" + "errors" "fmt" "github.com/docker/cli/cli" @@ -9,7 +10,6 @@ import ( "github.com/docker/cli/cli/command/image" "github.com/docker/cli/cli/trust" "github.com/docker/cli/internal/prompt" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/theupdateframework/notary/client" "github.com/theupdateframework/notary/tuf/data" @@ -63,7 +63,7 @@ func revokeTrust(ctx context.Context, dockerCLI command.Cli, remote string, opti } defer clearChangeList(notaryRepo) if err := revokeSignature(notaryRepo, tag); err != nil { - return errors.Wrapf(err, "could not remove signature for %s", remote) + return fmt.Errorf("could not remove signature for %s: %w", remote, err) } _, _ = fmt.Fprintf(dockerCLI.Out(), "Successfully deleted signature for %s\n", remote) return nil diff --git a/cli/command/trust/sign.go b/cli/command/trust/sign.go index 3a290987bf..755794484a 100644 --- a/cli/command/trust/sign.go +++ b/cli/command/trust/sign.go @@ -2,6 +2,7 @@ package trust import ( "context" + "errors" "fmt" "io" "path" @@ -16,7 +17,6 @@ import ( imagetypes "github.com/moby/moby/api/types/image" registrytypes "github.com/moby/moby/api/types/registry" "github.com/moby/moby/client" - "github.com/pkg/errors" "github.com/spf13/cobra" notaryclient "github.com/theupdateframework/notary/client" "github.com/theupdateframework/notary/tuf/data" @@ -127,7 +127,7 @@ func signAndPublishToTarget(out io.Writer, imgRefAndAuth trust.ImageRefAndAuth, err = notaryRepo.Publish() } if err != nil { - return errors.Wrapf(err, "failed to sign %s:%s", imgRefAndAuth.RepoInfo().Name.Name(), tag) + return fmt.Errorf("failed to sign %s:%s: %w", imgRefAndAuth.RepoInfo().Name.Name(), tag, err) } _, _ = fmt.Fprintf(out, "Successfully signed %s:%s\n", imgRefAndAuth.RepoInfo().Name.Name(), tag) return nil @@ -212,7 +212,7 @@ func initNotaryRepoWithSigners(notaryRepo notaryclient.Repository, newSigner dat return err } if err := addStagedSigner(notaryRepo, newSigner, []data.PublicKey{signerKey}); err != nil { - return errors.Wrapf(err, "could not add signer to repo: %s", strings.TrimPrefix(newSigner.String(), "targets/")) + return fmt.Errorf("could not add signer to repo: %s: %w", strings.TrimPrefix(newSigner.String(), "targets/"), err) } return notaryRepo.Publish() diff --git a/cli/command/trust/signer_add.go b/cli/command/trust/signer_add.go index 1553470741..35d14fb4bd 100644 --- a/cli/command/trust/signer_add.go +++ b/cli/command/trust/signer_add.go @@ -2,6 +2,7 @@ package trust import ( "context" + "errors" "fmt" "io" "os" @@ -14,7 +15,6 @@ import ( "github.com/docker/cli/cli/trust" "github.com/docker/cli/internal/lazyregexp" "github.com/docker/cli/opts" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/theupdateframework/notary/client" "github.com/theupdateframework/notary/tuf/data" @@ -106,7 +106,7 @@ func addSignerToRepo(ctx context.Context, dockerCLI command.Cli, signerName stri newSignerRoleName := data.RoleName(path.Join(data.CanonicalTargetsRole.String(), signerName)) if err := addStagedSigner(notaryRepo, newSignerRoleName, signerPubKeys); err != nil { - return errors.Wrapf(err, "could not add signer to repo: %s", strings.TrimPrefix(newSignerRoleName.String(), "targets/")) + return fmt.Errorf("could not add signer to repo: %s: %w", strings.TrimPrefix(newSignerRoleName.String(), "targets/"), err) } return notaryRepo.Publish() @@ -118,20 +118,20 @@ func ingestPublicKeys(pubKeyPaths []string) ([]data.PublicKey, error) { // Read public key bytes from PEM file, limit to 1 KiB pubKeyFile, err := os.OpenFile(pubKeyPath, os.O_RDONLY, 0o666) if err != nil { - return nil, errors.Wrap(err, "unable to read public key from file") + return nil, fmt.Errorf("unable to read public key from file: %w", err) } defer pubKeyFile.Close() // limit to l := io.LimitReader(pubKeyFile, 1<<20) pubKeyBytes, err := io.ReadAll(l) if err != nil { - return nil, errors.Wrap(err, "unable to read public key from file") + return nil, fmt.Errorf("unable to read public key from file: %w", err) } // Parse PEM bytes into type PublicKey pubKey, err := tufutils.ParsePEMPublicKey(pubKeyBytes) if err != nil { - return nil, errors.Wrapf(err, "could not parse public key from file: %s", pubKeyPath) + return nil, fmt.Errorf("could not parse public key from file: %s: %w", pubKeyPath, err) } pubKeys = append(pubKeys, pubKey) } diff --git a/cli/command/trust/signer_remove.go b/cli/command/trust/signer_remove.go index 10d2c2933b..90659a53a1 100644 --- a/cli/command/trust/signer_remove.go +++ b/cli/command/trust/signer_remove.go @@ -2,6 +2,7 @@ package trust import ( "context" + "errors" "fmt" "strings" @@ -10,7 +11,6 @@ import ( "github.com/docker/cli/cli/command/image" "github.com/docker/cli/cli/trust" "github.com/docker/cli/internal/prompt" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/theupdateframework/notary/client" "github.com/theupdateframework/notary/tuf/data" @@ -49,7 +49,7 @@ func removeSigner(ctx context.Context, dockerCLI command.Cli, options signerRemo } } if len(errRepos) > 0 { - return errors.Errorf("error removing signer from: %s", strings.Join(errRepos, ", ")) + return fmt.Errorf("error removing signer from: %s", strings.Join(errRepos, ", ")) } return nil } @@ -98,7 +98,7 @@ func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, si signerDelegation := data.RoleName("targets/" + signerName) if signerDelegation == releasesRoleTUFName { - return false, errors.Errorf("releases is a reserved keyword and cannot be removed") + return false, errors.New("releases is a reserved keyword and cannot be removed") } notaryRepo, err := newNotaryClient(dockerCLI, imgRefAndAuth, trust.ActionsPushAndPull) if err != nil { @@ -106,7 +106,7 @@ func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, si } delegationRoles, err := notaryRepo.GetDelegationRoles() if err != nil { - return false, errors.Wrapf(err, "error retrieving signers for %s", repoName) + return false, fmt.Errorf("error retrieving signers for %s: %w", repoName, err) } var role data.Role for _, delRole := range delegationRoles { @@ -116,7 +116,7 @@ func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, si } } if role.Name == "" { - return false, errors.Errorf("no signer %s for repository %s", signerName, repoName) + return false, fmt.Errorf("no signer %s for repository %s", signerName, repoName) } allRoles, err := notaryRepo.ListRoles() if err != nil {