add missing third_party packages

hectorj2f · hectorj2f · commit 4b486d27d8bc · 2022-04-01T01:15:38.000+02:00
Signed-off-by: hectorj2f &lt;hectorf@vmware.com&gt;
diff --git a/cmd/cosign/cli/attest.go b/cmd/cosign/cli/attest.go
@@ -71,7 +71,7 @@ func Attest() *cobra.Command {
 				OIDCIssuer:               o.OIDC.Issuer,
 				OIDCClientID:             o.OIDC.ClientID,
 				OIDCClientSecret:         o.OIDC.ClientSecret,
-				OIDCRedirectURI:          o.OIDC.RedirectURI,
+				OIDCRedirectURL:          o.OIDC.RedirectURL,
 			}
 			for _, img := range args {
 				if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.CertChain, o.NoUpload,
diff --git a/cmd/cosign/cli/fulcio/fulcio.go b/cmd/cosign/cli/fulcio/fulcio.go
@@ -51,17 +51,17 @@ type realConnector struct {
 	flow oauthflow.TokenGetter
 }
 
-func (rf *realConnector) OIDConnect(url, clientID, secret, redirectURI string) (*oauthflow.OIDCIDToken, error) {
-	return oauthflow.OIDConnect(url, clientID, secret, redirectURI, rf.flow)
+func (rf *realConnector) OIDConnect(url, clientID, secret, redirectURL string) (*oauthflow.OIDCIDToken, error) {
+	return oauthflow.OIDConnect(url, clientID, secret, redirectURL, rf.flow)
 }
 
-func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConnector, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string) (*api.CertificateResponse, error) {
+func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConnector, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string) (*api.CertificateResponse, error) {
 	pubBytes, err := x509.MarshalPKIXPublicKey(&priv.PublicKey)
 	if err != nil {
 		return nil, err
 	}
 
-	tok, err := connector.OIDConnect(oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI)
+	tok, err := connector.OIDConnect(oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL)
 	if err != nil {
 		return nil, err
 	}
@@ -85,7 +85,7 @@ func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConn
 }
 
 // GetCert returns the PEM-encoded signature of the OIDC identity returned as part of an interactive oauth2 flow plus the PEM-encoded cert chain.
-func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*api.CertificateResponse, error) {
+func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*api.CertificateResponse, error) {
 	c := &realConnector{}
 	switch flow {
 	case FlowDevice:
@@ -99,7 +99,7 @@ func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIss
 		return nil, fmt.Errorf("unsupported oauth flow: %s", flow)
 	}
 
-	return getCertForOauthID(priv, fClient, c, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI)
+	return getCertForOauthID(priv, fClient, c, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL)
 }
 
 type Signer struct {
@@ -110,7 +110,7 @@ type Signer struct {
 	*signature.ECDSASignerVerifier
 }
 
-func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*Signer, error) {
+func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*Signer, error) {
 	priv, err := cosign.GeneratePrivateKey()
 	if err != nil {
 		return nil, errors.Wrap(err, "generating cert")
@@ -131,7 +131,7 @@ func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClien
 	default:
 		flow = FlowNormal
 	}
-	Resp, err := GetCert(ctx, priv, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI, fClient) // TODO, use the chain.
+	Resp, err := GetCert(ctx, priv, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL, fClient) // TODO, use the chain.
 	if err != nil {
 		return nil, errors.Wrap(err, "retrieving cert")
 	}
diff --git a/cmd/cosign/cli/fulcio/fulcio_test.go b/cmd/cosign/cli/fulcio/fulcio_test.go
@@ -36,7 +36,7 @@ type testFlow struct {
 	err   error
 }
 
-func (tf *testFlow) OIDConnect(url, clientID, secret, redirectURI string) (*oauthflow.OIDCIDToken, error) {
+func (tf *testFlow) OIDConnect(url, clientID, secret, redirectURL string) (*oauthflow.OIDCIDToken, error) {
 	if tf.err != nil {
 		return nil, tf.err
 	}
diff --git a/cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go b/cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go
@@ -110,8 +110,8 @@ func verifySCT(ctx context.Context, certPEM, rawSCT []byte) error {
 	return verifySctErr
 }
 
-func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*fulcio.Signer, error) {
-	fs, err := fulcio.NewSigner(ctx, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI, fClient)
+func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*fulcio.Signer, error) {
+	fs, err := fulcio.NewSigner(ctx, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL, fClient)
 	if err != nil {
 		return nil, err
 	}
diff --git a/cmd/cosign/cli/options/oidc.go b/cmd/cosign/cli/options/oidc.go
@@ -26,7 +26,7 @@ type OIDCOptions struct {
 	Issuer       string
 	ClientID     string
 	ClientSecret string
-	RedirectURI  string
+	RedirectURL  string
 }
 
 var _ Interface = (*OIDCOptions)(nil)
@@ -42,6 +42,6 @@ func (o *OIDCOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.ClientSecret, "oidc-client-secret", "",
 		"[EXPERIMENTAL] OIDC client secret for application")
 
-	cmd.Flags().StringVar(&o.RedirectURI, "oidc-redirect-uri", "",
-		"[EXPERIMENTAL] OIDC redirect URI")
+	cmd.Flags().StringVar(&o.RedirectURL, "oidc-redirect-url", "",
+		"[EXPERIMENTAL] OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.")
 }
diff --git a/cmd/cosign/cli/policy_init.go b/cmd/cosign/cli/policy_init.go
@@ -183,7 +183,7 @@ func signPolicy() *cobra.Command {
 				OIDCIssuer:               o.OIDC.Issuer,
 				OIDCClientID:             o.OIDC.ClientID,
 				OIDCClientSecret:         o.OIDC.ClientSecret,
-				OIDCRedirectURI:          o.OIDC.RedirectURI,
+				OIDCRedirectURL:          o.OIDC.RedirectURL,
 			})
 			if err != nil {
 				return err
diff --git a/cmd/cosign/cli/sign.go b/cmd/cosign/cli/sign.go
@@ -87,7 +87,7 @@ func Sign() *cobra.Command {
 				OIDCIssuer:               o.OIDC.Issuer,
 				OIDCClientID:             o.OIDC.ClientID,
 				OIDCClientSecret:         o.OIDC.ClientSecret,
-				OIDCRedirectURI:          o.OIDC.RedirectURI,
+				OIDCRedirectURL:          o.OIDC.RedirectURL,
 			}
 			annotationsMap, err := o.AnnotationsMap()
 			if err != nil {
diff --git a/cmd/cosign/cli/sign/sign.go b/cmd/cosign/cli/sign/sign.go
@@ -438,11 +438,11 @@ func keylessSigner(ctx context.Context, ko KeyOpts) (*SignerVerifier, error) {
 	var k *fulcio.Signer
 
 	if ko.InsecureSkipFulcioVerify {
-		if k, err = fulcio.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURI, fClient); err != nil {
+		if k, err = fulcio.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient); err != nil {
 			return nil, errors.Wrap(err, "getting key from Fulcio")
 		}
 	} else {
-		if k, err = fulcioverifier.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURI, fClient); err != nil {
+		if k, err = fulcioverifier.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient); err != nil {
 			return nil, errors.Wrap(err, "getting key from Fulcio")
 		}
 	}
diff --git a/cmd/cosign/cli/sign/sign_blob.go b/cmd/cosign/cli/sign/sign_blob.go
@@ -45,7 +45,7 @@ type KeyOpts struct {
 	OIDCIssuer       string
 	OIDCClientID     string
 	OIDCClientSecret string
-	OIDCRedirectURI  string
+	OIDCRedirectURL  string
 	BundlePath       string
 
 	// Modeled after InsecureSkipVerify in tls.Config, this disables
diff --git a/cmd/cosign/cli/signblob.go b/cmd/cosign/cli/signblob.go
@@ -76,7 +76,7 @@ func SignBlob() *cobra.Command {
 				OIDCIssuer:               o.OIDC.Issuer,
 				OIDCClientID:             o.OIDC.ClientID,
 				OIDCClientSecret:         o.OIDC.ClientSecret,
-				OIDCRedirectURI:          o.OIDC.RedirectURI,
+				OIDCRedirectURL:          o.OIDC.RedirectURL,
 				BundlePath:               o.BundlePath,
 			}
 			for _, blob := range args {
diff --git a/doc/cosign_attest.md b/doc/cosign_attest.md
diff --git a/doc/cosign_policy_sign.md b/doc/cosign_policy_sign.md
diff --git a/doc/cosign_sign-blob.md b/doc/cosign_sign-blob.md
diff --git a/doc/cosign_sign.md b/doc/cosign_sign.md
diff --git a/go.mod b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/secure-systems-lab/go-securesystemslib v0.3.1
 	github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7
 	github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3
-	github.com/sigstore/sigstore v1.2.1-0.20220328200116-ef48ee800626
+	github.com/sigstore/sigstore v1.2.1-0.20220330193110-d7475aecf1db
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/viper v1.10.1
 	github.com/spiffe/go-spiffe/v2 v2.0.0
@@ -113,7 +113,7 @@ require (
 	cloud.google.com/go/kms v1.4.0 // indirect
 	contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
 	contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect
-	github.com/Azure/azure-sdk-for-go v62.3.0+incompatible // indirect
+	github.com/Azure/azure-sdk-for-go v63.0.0+incompatible // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.24 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
@@ -131,7 +131,7 @@ require (
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/ReneKroon/ttlcache/v2 v2.11.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go v1.43.27 // indirect
+	github.com/aws/aws-sdk-go v1.43.28 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.14.0 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.14.0 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.9.0 // indirect
@@ -219,13 +219,11 @@ require (
 	github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 // indirect
 	github.com/jhump/protoreflect v1.9.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.14.2 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
@@ -264,7 +262,6 @@ require (
 	github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
 	github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
-	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -315,5 +312,3 @@ require (
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 )
-
-replace github.com/sigstore/sigstore => github.com/hectorj2f/sigstore v1.1.1-0.20220328195805-4ade568cebda
diff --git a/go.sum b/go.sum

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ func Attest() *cobra.Command {`
`71`	`71`	`OIDCIssuer: o.OIDC.Issuer,`
`72`	`72`	`OIDCClientID: o.OIDC.ClientID,`
`73`	`73`	`OIDCClientSecret: o.OIDC.ClientSecret,`
`74`		`- OIDCRedirectURI: o.OIDC.RedirectURI,`
	`74`	`+ OIDCRedirectURL: o.OIDC.RedirectURL,`
`75`	`75`	`}`
`76`	`76`	`for _, img := range args {`
`77`	`77`	`if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.CertChain, o.NoUpload,`
Original file line number	Diff line number	Diff line change
`@@ -51,17 +51,17 @@ type realConnector struct {`
`51`	`51`	`flow oauthflow.TokenGetter`
`52`	`52`	`}`
`53`	`53`
`54`		`-func (rf realConnector) OIDConnect(url, clientID, secret, redirectURI string) (oauthflow.OIDCIDToken, error) {`
`55`		`- return oauthflow.OIDConnect(url, clientID, secret, redirectURI, rf.flow)`
	`54`	`+func (rf realConnector) OIDConnect(url, clientID, secret, redirectURL string) (oauthflow.OIDCIDToken, error) {`
	`55`	`+ return oauthflow.OIDConnect(url, clientID, secret, redirectURL, rf.flow)`
`56`	`56`	`}`
`57`	`57`
`58`		`-func getCertForOauthID(priv ecdsa.PrivateKey, fc api.Client, connector oidcConnector, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string) (api.CertificateResponse, error) {`
	`58`	`+func getCertForOauthID(priv ecdsa.PrivateKey, fc api.Client, connector oidcConnector, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string) (api.CertificateResponse, error) {`
`59`	`59`	`pubBytes, err := x509.MarshalPKIXPublicKey(&priv.PublicKey)`
`60`	`60`	`if err != nil {`
`61`	`61`	`return nil, err`
`62`	`62`	`}`
`63`	`63`
`64`		`- tok, err := connector.OIDConnect(oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI)`
	`64`	`+ tok, err := connector.OIDConnect(oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL)`
`65`	`65`	`if err != nil {`
`66`	`66`	`return nil, err`
`67`	`67`	`}`
`@@ -85,7 +85,7 @@ func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConn`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`// GetCert returns the PEM-encoded signature of the OIDC identity returned as part of an interactive oauth2 flow plus the PEM-encoded cert chain.`
`88`		`-func GetCert(ctx context.Context, priv ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (api.CertificateResponse, error) {`
	`88`	`+func GetCert(ctx context.Context, priv ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (api.CertificateResponse, error) {`
`89`	`89`	`c := &realConnector{}`
`90`	`90`	`switch flow {`
`91`	`91`	`case FlowDevice:`
`@@ -99,7 +99,7 @@ func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIss`
`99`	`99`	`return nil, fmt.Errorf("unsupported oauth flow: %s", flow)`
`100`	`100`	`}`
`101`	`101`
`102`		`- return getCertForOauthID(priv, fClient, c, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI)`
	`102`	`+ return getCertForOauthID(priv, fClient, c, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL)`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`type Signer struct {`
`@@ -110,7 +110,7 @@ type Signer struct {`
`110`	`110`	`*signature.ECDSASignerVerifier`
`111`	`111`	`}`
`112`	`112`
`113`		`-func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*Signer, error) {`
	`113`	`+func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*Signer, error) {`
`114`	`114`	`priv, err := cosign.GeneratePrivateKey()`
`115`	`115`	`if err != nil {`
`116`	`116`	`return nil, errors.Wrap(err, "generating cert")`
`@@ -131,7 +131,7 @@ func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClien`
`131`	`131`	`default:`
`132`	`132`	`flow = FlowNormal`
`133`	`133`	`}`
`134`		`- Resp, err := GetCert(ctx, priv, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI, fClient) // TODO, use the chain.`
	`134`	`+ Resp, err := GetCert(ctx, priv, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL, fClient) // TODO, use the chain.`
`135`	`135`	`if err != nil {`
`136`	`136`	`return nil, errors.Wrap(err, "retrieving cert")`
`137`	`137`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ type testFlow struct {`
`36`	`36`	`err error`
`37`	`37`	`}`
`38`	`38`
`39`		`-func (tf testFlow) OIDConnect(url, clientID, secret, redirectURI string) (oauthflow.OIDCIDToken, error) {`
	`39`	`+func (tf testFlow) OIDConnect(url, clientID, secret, redirectURL string) (oauthflow.OIDCIDToken, error) {`
`40`	`40`	`if tf.err != nil {`
`41`	`41`	`return nil, tf.err`
`42`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -110,8 +110,8 @@ func verifySCT(ctx context.Context, certPEM, rawSCT []byte) error {`
`110`	`110`	`return verifySctErr`
`111`	`111`	`}`
`112`	`112`
`113`		`-func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*fulcio.Signer, error) {`
`114`		`- fs, err := fulcio.NewSigner(ctx, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI, fClient)`
	`113`	`+func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*fulcio.Signer, error) {`
	`114`	`+ fs, err := fulcio.NewSigner(ctx, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL, fClient)`
`115`	`115`	`if err != nil {`
`116`	`116`	`return nil, err`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func Sign() *cobra.Command {`
`87`	`87`	`OIDCIssuer: o.OIDC.Issuer,`
`88`	`88`	`OIDCClientID: o.OIDC.ClientID,`
`89`	`89`	`OIDCClientSecret: o.OIDC.ClientSecret,`
`90`		`- OIDCRedirectURI: o.OIDC.RedirectURI,`
	`90`	`+ OIDCRedirectURL: o.OIDC.RedirectURL,`
`91`	`91`	`}`
`92`	`92`	`annotationsMap, err := o.AnnotationsMap()`
`93`	`93`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -438,11 +438,11 @@ func keylessSigner(ctx context.Context, ko KeyOpts) (*SignerVerifier, error) {`
`438`	`438`	`var k *fulcio.Signer`
`439`	`439`
`440`	`440`	`if ko.InsecureSkipFulcioVerify {`
`441`		`- if k, err = fulcio.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURI, fClient); err != nil {`
	`441`	`+ if k, err = fulcio.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient); err != nil {`
`442`	`442`	`return nil, errors.Wrap(err, "getting key from Fulcio")`
`443`	`443`	`}`
`444`	`444`	`} else {`
`445`		`- if k, err = fulcioverifier.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURI, fClient); err != nil {`
	`445`	`+ if k, err = fulcioverifier.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient); err != nil {`
`446`	`446`	`return nil, errors.Wrap(err, "getting key from Fulcio")`
`447`	`447`	`}`
`448`	`448`	`}`
Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ func SignBlob() *cobra.Command {`
`76`	`76`	`OIDCIssuer: o.OIDC.Issuer,`
`77`	`77`	`OIDCClientID: o.OIDC.ClientID,`
`78`	`78`	`OIDCClientSecret: o.OIDC.ClientSecret,`
`79`		`- OIDCRedirectURI: o.OIDC.RedirectURI,`
	`79`	`+ OIDCRedirectURL: o.OIDC.RedirectURL,`
`80`	`80`	`BundlePath: o.BundlePath,`
`81`	`81`	`}`
`82`	`82`	`for _, blob := range args {`
-Original file line number
+Diff line change
 	github.com/secure-systems-lab/go-securesystemslib v0.3.1
 	github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7
 	github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3
 -	github.com/sigstore/sigstore v1.2.1-0.20220328200116-ef48ee800626
 +	github.com/sigstore/sigstore v1.2.1-0.20220330193110-d7475aecf1db
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/viper v1.10.1
 	github.com/spiffe/go-spiffe/v2 v2.0.0
 	cloud.google.com/go/kms v1.4.0 // indirect
 	contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
 	contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect
 -	github.com/Azure/azure-sdk-for-go v62.3.0+incompatible // indirect
 +	github.com/Azure/azure-sdk-for-go v63.0.0+incompatible // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.24 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/ReneKroon/ttlcache/v2 v2.11.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 -	github.com/aws/aws-sdk-go v1.43.27 // indirect
 +	github.com/aws/aws-sdk-go v1.43.28 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.14.0 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.14.0 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.9.0 // indirect
 	github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 // indirect
 	github.com/jhump/protoreflect v1.9.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 -	github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.14.2 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
 -	github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
 	github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 -	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+)
+-
 -replace github.com/sigstore/sigstore => github.com/hectorj2f/sigstore v1.1.1-0.20220328195805-4ade568cebda