From 096293c0c2fcdc86762f77fd0d220ee9e4ed6e15 Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Wed, 7 Feb 2024 21:56:33 +0000 Subject: [PATCH 1/3] chore: bump module Go version to 1.21 --- go.mod | 2 +- go.sum | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6a9c7e36..f089178f 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sylabs/sif/v2 -go 1.20 +go 1.21 require ( github.com/ProtonMail/go-crypto v1.0.0 diff --git a/go.sum b/go.sum index 507a4f03..2af060fa 100644 --- a/go.sum +++ b/go.sum @@ -1,19 +1,25 @@ github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= +github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= +github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -21,6 +27,7 @@ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= +github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -30,15 +37,20 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e h1:RLTpX495BXToqxpM90Ws4hXEo4Wfh81jr9DX1n/4WOo= github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e/go.mod h1:EAuqr9VFWxBi9nD5jc/EA2MT1RFty9288TF6zdtYoCU= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= +github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= +github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y= github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= @@ -57,11 +69,14 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opentelemetry.io/otel v1.15.0 h1:NIl24d4eiLJPM0vKn4HjLYM+UZf6gSfi9Z+NmCxkWbk= +go.opentelemetry.io/otel v1.15.0/go.mod h1:qfwLEbWhLPk5gyWrne4XnF0lC8wtywbuJbgfAE3zbek= go.opentelemetry.io/otel/trace v1.15.0 h1:5Fwje4O2ooOxkfyqI/kJwxWotggDLix4BSAvpE1wlpo= +go.opentelemetry.io/otel/trace v1.15.0/go.mod h1:CUsmE2Ht1CRkvE8OsMESvraoZrrcgD1J2W8GV1ev0Y4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= @@ -109,12 +124,15 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 7ad27b6f86d0a902c07f595dbeecb74dd2fd5cfd Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Wed, 7 Feb 2024 22:16:50 +0000 Subject: [PATCH 2/3] refactor: simplify slice logic --- pkg/integrity/select.go | 45 +++++++++++++------------------------- pkg/integrity/sign.go | 14 ++++-------- pkg/integrity/sign_test.go | 10 ++++----- pkg/integrity/verify.go | 8 +++---- 4 files changed, 27 insertions(+), 50 deletions(-) diff --git a/pkg/integrity/select.go b/pkg/integrity/select.go index e0323684..b85817f1 100644 --- a/pkg/integrity/select.go +++ b/pkg/integrity/select.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved. +// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file // distributed with the sources of this project regarding your rights to use or distribute this // software. @@ -7,9 +7,10 @@ package integrity import ( "bytes" + "cmp" "errors" "fmt" - "sort" + "slices" "github.com/ProtonMail/go-crypto/openpgp/clearsign" "github.com/sylabs/sif/v2/pkg/sif" @@ -20,21 +21,18 @@ var ( errNoGroupsFound = errors.New("no groups found") ) -// insertSorted inserts unique vals into the sorted slice s. -func insertSorted(s []uint32, vals ...uint32) []uint32 { - for _, val := range vals { - val := val - - i := sort.Search(len(s), func(i int) bool { return s[i] >= val }) - if i < len(s) && s[i] == val { - continue - } +// insertSorted inserts v into the sorted slice s. If s already contains v, the original slice is +// returned. +func insertSorted[S ~[]E, E cmp.Ordered](s S, v E) S { //nolint:ireturn + return insertSortedFunc(s, v, cmp.Compare[E]) +} - s = append(s, 0) - copy(s[i+1:], s[i:]) - s[i] = val +// insertSorted inserts v into the sorted slice s, using comparison function cmp. If s already +// contains v, the original slice is returned. +func insertSortedFunc[S ~[]E, E any](s S, v E, cmp func(E, E) int) S { //nolint:ireturn + if i, found := slices.BinarySearchFunc(s, v, cmp); !found { + return slices.Insert(s, i, v) } - return s } @@ -191,22 +189,9 @@ func getFingerprints(sigs []sif.Descriptor) ([][]byte, error) { return nil, err } - if len(fp) == 0 { - continue - } - - // Check if fingerprint is already in list. - i := sort.Search(len(fps), func(i int) bool { - return bytes.Compare(fps[i], fp) >= 0 - }) - if i < len(fps) && bytes.Equal(fps[i], fp) { - continue + if len(fp) > 0 { + fps = insertSortedFunc(fps, fp, bytes.Compare) } - - // Insert into (sorted) list. - fps = append(fps, []byte{}) - copy(fps[i+1:], fps[i:]) - fps[i] = fp } return fps, nil diff --git a/pkg/integrity/sign.go b/pkg/integrity/sign.go index 749bca5a..b5052421 100644 --- a/pkg/integrity/sign.go +++ b/pkg/integrity/sign.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved. +// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file // distributed with the sources of this project regarding your rights to use or distribute this // software. @@ -13,7 +13,7 @@ import ( "errors" "fmt" "io" - "sort" + "slices" "time" "github.com/ProtonMail/go-crypto/openpgp" @@ -138,13 +138,7 @@ func (gs *groupSigner) addObject(od sif.Descriptor) error { } // Insert into sorted descriptor list, if not already present. - i := sort.Search(len(gs.ods), func(i int) bool { return gs.ods[i].ID() >= od.ID() }) - if i < len(gs.ods) && gs.ods[i].ID() == od.ID() { - return nil - } - gs.ods = append(gs.ods, sif.Descriptor{}) - copy(gs.ods[i+1:], gs.ods[i:]) - gs.ods[i] = od + gs.ods = insertSortedFunc(gs.ods, od, func(a, b sif.Descriptor) int { return int(a.ID()) - int(b.ID()) }) return nil } @@ -284,7 +278,7 @@ func withGroupedObjects(f *sif.FileImage, ids []uint32, fn func(uint32, []uint32 groupObjectIDs[groupID] = append(groupObjectIDs[groupID], id) } - sort.Slice(groupIDs, func(i, j int) bool { return groupIDs[i] < groupIDs[j] }) + slices.Sort(groupIDs) for _, groupID := range groupIDs { if err := fn(groupID, groupObjectIDs[groupID]); err != nil { diff --git a/pkg/integrity/sign_test.go b/pkg/integrity/sign_test.go index 62a5289f..821f61ea 100644 --- a/pkg/integrity/sign_test.go +++ b/pkg/integrity/sign_test.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved. +// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file // distributed with the sources of this project regarding your rights to use or distribute this // software. @@ -12,7 +12,7 @@ import ( "errors" "os" "path/filepath" - "reflect" + "slices" "testing" "github.com/ProtonMail/go-crypto/openpgp" @@ -82,7 +82,7 @@ func TestOptSignGroupObjects(t *testing.T) { for _, od := range gs.ods { got = append(got, od.ID()) } - if want := tt.ids; !reflect.DeepEqual(got, want) { + if want := tt.ids; !slices.Equal(got, want) { t.Errorf("got objects %v, want %v", got, want) } } @@ -221,7 +221,7 @@ func TestNewGroupSigner(t *testing.T) { for _, od := range s.ods { got = append(got, od.ID()) } - if want := tt.wantObjects; !reflect.DeepEqual(got, want) { + if want := tt.wantObjects; !slices.Equal(got, want) { t.Errorf("got objects %v, want %v", got, want) } @@ -561,7 +561,7 @@ func TestNewSigner(t *testing.T) { got = append(got, od.ID()) } - if !reflect.DeepEqual(got, want) { + if !slices.Equal(got, want) { t.Errorf("got objects %v, want %v", got, want) } } diff --git a/pkg/integrity/verify.go b/pkg/integrity/verify.go index 77e86837..e45afcbd 100644 --- a/pkg/integrity/verify.go +++ b/pkg/integrity/verify.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved. +// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file // distributed with the sources of this project regarding your rights to use or distribute this // software. @@ -14,7 +14,7 @@ import ( "errors" "fmt" "io" - "sort" + "slices" "strings" "github.com/ProtonMail/go-crypto/openpgp" @@ -572,9 +572,7 @@ func (v *Verifier) fingerprints(any bool) ([][]byte, error) { } } - sort.Slice(fps, func(i, j int) bool { - return bytes.Compare(fps[i], fps[j]) < 0 - }) + slices.SortFunc(fps, bytes.Compare) return fps, nil } From df206d4b01bbe4058210eb7b7da753f820855349 Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Mon, 12 Feb 2024 19:37:30 +0000 Subject: [PATCH 3/3] refactor: simplify minID calculation --- pkg/integrity/select.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/pkg/integrity/select.go b/pkg/integrity/select.go index b85817f1..b9393639 100644 --- a/pkg/integrity/select.go +++ b/pkg/integrity/select.go @@ -10,6 +10,7 @@ import ( "cmp" "errors" "fmt" + "math" "slices" "github.com/ProtonMail/go-crypto/openpgp/clearsign" @@ -141,20 +142,16 @@ func getGroupSignatures(f *sif.FileImage, groupID uint32, legacy bool) ([]sif.De // in the object group with identifier groupID. If no such object group is found, errGroupNotFound // is returned. func getGroupMinObjectID(f *sif.FileImage, groupID uint32) (uint32, error) { - minID := ^uint32(0) + var minID uint32 = math.MaxUint32 f.WithDescriptors(func(od sif.Descriptor) bool { - if od.GroupID() != groupID { - return false - } - - if id := od.ID(); id < minID { - minID = id + if od.GroupID() == groupID { + minID = min(minID, od.ID()) } return false }) - if minID == ^uint32(0) { + if minID == math.MaxUint32 { return 0, errGroupNotFound } return minID, nil