diff --git a/go.mod b/go.mod index e9ab88a6..bb0b19ec 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/google/go-containerregistry v0.20.4 github.com/sigstore/cosign/v2 v2.5.0 github.com/sigstore/rekor v1.3.10 - github.com/sigstore/sigstore v1.9.4 + github.com/sigstore/sigstore v1.9.5 github.com/sirupsen/logrus v1.9.3 github.com/theupdateframework/go-tuf v0.7.0 ) diff --git a/go.sum b/go.sum index 2552eee8..39f13e9f 100644 --- a/go.sum +++ b/go.sum @@ -482,8 +482,8 @@ github.com/sigstore/protobuf-specs v0.4.1 h1:5SsMqZbdkcO/DNHudaxuCUEjj6x29tS2Xby github.com/sigstore/protobuf-specs v0.4.1/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= github.com/sigstore/rekor v1.3.10 h1:/mSvRo4MZ/59ECIlARhyykAlQlkmeAQpvBPlmJtZOCU= github.com/sigstore/rekor v1.3.10/go.mod h1:JvryKJ40O0XA48MdzYUPu0y4fyvqt0C4iSY7ri9iu3A= -github.com/sigstore/sigstore v1.9.4 h1:64+OGed80+A4mRlNzRd055vFcgBeDghjZw24rPLZgDU= -github.com/sigstore/sigstore v1.9.4/go.mod h1:Q7tGTC3gbtK7c3jcxEmGc2MmK4rRpIRzi3bxRFWKvEY= +github.com/sigstore/sigstore v1.9.5 h1:Wm1LT9yF4LhQdEMy5A2JeGRHTrAWGjT3ubE5JUSrGVU= +github.com/sigstore/sigstore v1.9.5/go.mod h1:VtxgvGqCmEZN9X2zhFSOkfXxvKUjpy8RpUW39oCtoII= github.com/sigstore/sigstore-go v0.7.1 h1:lyzi3AjO6+BHc5zCf9fniycqPYOt3RaC08M/FRmQhVY= github.com/sigstore/sigstore-go v0.7.1/go.mod h1:AIRj4I3LC82qd07VFm3T2zXYiddxeBV1k/eoS8nTz0E= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.1 h1:/YcNq687WnXpIRXl04nLfJX741G4iW+w+7Nem2Zy0f4= diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/kms/kms.go b/vendor/github.com/sigstore/sigstore/pkg/signature/kms/kms.go index 7baf9504..9432dfe4 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/signature/kms/kms.go +++ b/vendor/github.com/sigstore/sigstore/pkg/signature/kms/kms.go @@ -23,6 +23,7 @@ import ( "fmt" "os/exec" "strings" + "sync" "github.com/sigstore/sigstore/pkg/signature" "github.com/sigstore/sigstore/pkg/signature/kms/cliplugin" @@ -45,10 +46,15 @@ type ProviderInit func(context.Context, string, crypto.Hash, ...signature.RPCOpt // AddProvider adds the provider implementation into the local cache func AddProvider(keyResourceID string, init ProviderInit) { + providersMapMu.Lock() + defer providersMapMu.Unlock() providersMap[keyResourceID] = init } -var providersMap = map[string]ProviderInit{} +var ( + providersMapMu sync.RWMutex + providersMap = map[string]ProviderInit{} +) // Get returns a KMS SignerVerifier for the given resource string and hash function. // If no matching built-in provider is found, it will try to use the plugin system as a provider. @@ -58,6 +64,8 @@ var providersMap = map[string]ProviderInit{} // - the plugin program, can't be found. // It also returns an error if initializing the SignerVerifier fails. func Get(ctx context.Context, keyResourceID string, hashFunc crypto.Hash, opts ...signature.RPCOption) (SignerVerifier, error) { + providersMapMu.RLock() + defer providersMapMu.RUnlock() for ref, pi := range providersMap { if strings.HasPrefix(keyResourceID, ref) { sv, err := pi(ctx, keyResourceID, hashFunc, opts...) @@ -77,6 +85,8 @@ func Get(ctx context.Context, keyResourceID string, hashFunc crypto.Hash, opts . // SupportedProviders returns list of initialized providers func SupportedProviders() []string { keys := make([]string, 0, len(providersMap)) + providersMapMu.RLock() + defer providersMapMu.RUnlock() for key := range providersMap { keys = append(keys, key) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 8ef92faa..ad5809cb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -398,7 +398,7 @@ github.com/sigstore/rekor/pkg/types/rekord github.com/sigstore/rekor/pkg/types/rekord/v0.0.1 github.com/sigstore/rekor/pkg/util github.com/sigstore/rekor/pkg/verify -# github.com/sigstore/sigstore v1.9.4 +# github.com/sigstore/sigstore v1.9.5 ## explicit; go 1.23.0 github.com/sigstore/sigstore/pkg/cryptoutils github.com/sigstore/sigstore/pkg/signature