Update module name

Signed-off-by: Hayden Blauzvern <[email protected]>

cmd/conformance/main.go

@@ -27,10 +27,10 @@ import (
 	protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1"
 	protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
 
-	"github.com/github/sigstore-go/pkg/bundle"
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/tuf"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/bundle"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/tuf"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 )
 
 var bundlePath *string

cmd/sigstore-go/main.go

@@ -27,10 +27,10 @@ import (
 	"os"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/bundle"
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/tuf"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/bundle"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/tuf"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/signature"
 )
 

go.mod

@@ -1,4 +1,4 @@
-module github.com/github/sigstore-go
+module github.com/sigstore/sigstore-go
 
 go 1.21
 

pkg/bundle/bundle.go

@@ -29,8 +29,8 @@ import (
 	"golang.org/x/mod/semver"
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/github/sigstore-go/pkg/tlog"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/tlog"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 )
 
 const SigstoreBundleMediaType01 = "application/vnd.dev.sigstore.bundle+json;version=0.1"

pkg/bundle/signature_content.go

@@ -18,9 +18,9 @@ import (
 	"encoding/base64"
 	"encoding/json"
 
-	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 )
 
 type MessageSignature struct {

pkg/bundle/verification_content.go

@@ -19,8 +19,8 @@ import (
 	"crypto/x509"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 )
 
 type CertificateChain struct {

pkg/fulcio/certificate/summarize_test.go

@@ -17,8 +17,8 @@ package certificate_test
 import (
 	"testing"
 
-	"github.com/github/sigstore-go/pkg/fulcio/certificate"
-	"github.com/github/sigstore-go/pkg/testing/data"
+	"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
+	"github.com/sigstore/sigstore-go/pkg/testing/data"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/testing/ca/ca.go

@@ -35,10 +35,6 @@ import (
 
 	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
 	"github.com/digitorus/timestamp"
-	"github.com/github/sigstore-go/pkg/bundle"
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/tlog"
-	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/go-openapi/runtime"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/models"
@@ -47,6 +43,10 @@ import (
 	"github.com/sigstore/rekor/pkg/types/hashedrekord"
 	"github.com/sigstore/rekor/pkg/types/intoto"
 	"github.com/sigstore/rekor/pkg/types/rekord"
+	"github.com/sigstore/sigstore-go/pkg/bundle"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/tlog"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
 	sigdsse "github.com/sigstore/sigstore/pkg/signature/dsse"

pkg/testing/data/data.go

@@ -20,9 +20,9 @@ import (
 	"os"
 	"testing"
 
-	"github.com/github/sigstore-go/pkg/bundle"
-	"github.com/github/sigstore-go/pkg/root"
 	protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1"
+	"github.com/sigstore/sigstore-go/pkg/bundle"
+	"github.com/sigstore/sigstore-go/pkg/root"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/protobuf/encoding/protojson"
 )

pkg/tlog/entry.go

@@ -41,7 +41,7 @@ import (
 	rekorVerify "github.com/sigstore/rekor/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/signature"
 
-	"github.com/github/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/root"
 )
 
 type Entry struct {

pkg/verify/certificate.go

@@ -19,7 +19,7 @@ import (
 	"errors"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/root"
 )
 
 func VerifyLeafCertificate(observerTimestamp time.Time, leafCert x509.Certificate, trustedMaterial root.TrustedMaterial) error { // nolint: revive

pkg/verify/certificate_identity.go

@@ -19,7 +19,7 @@ import (
 	"errors"
 	"regexp"
 
-	"github.com/github/sigstore-go/pkg/fulcio/certificate"
+	"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
 )
 
 type SubjectAlternativeNameMatcher struct {
@@ -94,7 +94,7 @@ func NewCertificateIdentity(sanMatcher SubjectAlternativeNameMatcher, extensions
 	certID := CertificateIdentity{SubjectAlternativeName: sanMatcher, Extensions: extensions}
 
 	if certID.Issuer == "" {
-		return CertificateIdentity{}, errors.New("When verifying a certificate identity, the Issuer field can't be empty")
+		return CertificateIdentity{}, errors.New("when verifying a certificate identity, the Issuer field can't be empty")
 	}
 
 	return certID, nil
@@ -119,7 +119,7 @@ func (i CertificateIdentities) Verify(cert certificate.Summary) (*CertificateIde
 		}
 	}
 
-	return nil, errors.New("No matching certificate identity found")
+	return nil, errors.New("no matching certificate identity found")
 }
 
 // Verify checks if the actualCert matches the CertificateIdentity's SAN and

pkg/verify/certificate_identity_test.go

@@ -17,7 +17,7 @@ package verify
 import (
 	"testing"
 
-	"github.com/github/sigstore-go/pkg/fulcio/certificate"
+	"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/interface.go

@@ -19,11 +19,11 @@ import (
 	"errors"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/tlog"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/tlog"
 )
 
 var errNotImplemented = errors.New("not implemented")

pkg/verify/sct.go

@@ -19,10 +19,10 @@ import (
 	"encoding/hex"
 	"fmt"
 
-	"github.com/github/sigstore-go/pkg/root"
 	"github.com/google/certificate-transparency-go/ctutil"
 	ctx509 "github.com/google/certificate-transparency-go/x509"
 	"github.com/google/certificate-transparency-go/x509util"
+	"github.com/sigstore/sigstore-go/pkg/root"
 )
 
 // VerifySignedCertificateTimestamp, given a threshold, TrustedMaterial, and a
@@ -48,7 +48,7 @@ func VerifySignedCertificateTimestamp(leafCert *x509.Certificate, threshold int,
 		encodedKeyID := hex.EncodeToString(sct.LogID.KeyID[:])
 		key, ok := ctlogs[encodedKeyID]
 		if !ok {
-			return fmt.Errorf("Unable to find ctlogs key for %s", encodedKeyID)
+			return fmt.Errorf("unable to find ctlogs key for %s", encodedKeyID)
 		}
 
 		for _, fulcioCa := range fulcioCerts {
@@ -72,7 +72,7 @@ func VerifySignedCertificateTimestamp(leafCert *x509.Certificate, threshold int,
 	}
 
 	if verified < threshold {
-		return fmt.Errorf("Only able to verify %d SCT entries; unable to meet threshold of %d", verified, threshold)
+		return fmt.Errorf("only able to verify %d SCT entries; unable to meet threshold of %d", verified, threshold)
 	}
 
 	return nil

pkg/verify/signature.go

@@ -24,8 +24,8 @@ import (
 	"hash"
 	"io"
 
-	"github.com/github/sigstore-go/pkg/root"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
+	"github.com/sigstore/sigstore-go/pkg/root"
 	"github.com/sigstore/sigstore/pkg/signature"
 	sigdsse "github.com/sigstore/sigstore/pkg/signature/dsse"
 	"github.com/sigstore/sigstore/pkg/signature/options"

pkg/verify/signature_test.go

@@ -21,8 +21,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/github/sigstore-go/pkg/testing/ca"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/testing/ca"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/signed_entity.go

@@ -20,9 +20,9 @@ import (
 	"io"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/fulcio/certificate"
-	"github.com/github/sigstore-go/pkg/root"
 	"github.com/in-toto/in-toto-golang/in_toto"
+	"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
+	"github.com/sigstore/sigstore-go/pkg/root"
 )
 
 type SignedEntityVerifier struct {

pkg/verify/signed_entity_test.go

@@ -20,9 +20,9 @@ import (
 
 	"encoding/json"
 
-	"github.com/github/sigstore-go/pkg/fulcio/certificate"
-	"github.com/github/sigstore-go/pkg/testing/data"
-	v "github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/fulcio/certificate"
+	"github.com/sigstore/sigstore-go/pkg/testing/data"
+	v "github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/tlog.go

@@ -30,8 +30,8 @@ import (
 	rekorVerify "github.com/sigstore/rekor/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/signature"
 
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/tlog"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/tlog"
 )
 
 // VerifyArtifactTransparencyLog verifies that the given entity has been logged
@@ -174,7 +174,7 @@ func VerifyArtifactTransparencyLog(entity SignedEntity, trustedMaterial root.Tru
 
 		// Check tlog entry time against bundle certificates
 		if !verificationContent.ValidAtTime(entry.IntegratedTime(), trustedMaterial) {
-			return nil, errors.New("Integrated time outside certificate validity")
+			return nil, errors.New("integrated time outside certificate validity")
 		}
 	}
 

pkg/verify/tlog_test.go

@@ -18,9 +18,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/testing/ca"
-	"github.com/github/sigstore-go/pkg/tlog"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/testing/ca"
+	"github.com/sigstore/sigstore-go/pkg/tlog"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/tsa.go

@@ -23,7 +23,7 @@ import (
 
 	tsaverification "github.com/sigstore/timestamp-authority/pkg/verification"
 
-	"github.com/github/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/root"
 )
 
 // VerifyTimestampAuthority verifies that the given entity has been timestamped
@@ -104,5 +104,5 @@ func verifySignedTimestamp(signedTimestamp []byte, dsseSignatureBytes []byte, tr
 		return timestamp.Time, nil
 	}
 
-	return time.Time{}, errors.New("Unable to verify signed timestamps")
+	return time.Time{}, errors.New("unable to verify signed timestamps")
 }

pkg/verify/tsa_test.go

@@ -18,9 +18,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/github/sigstore-go/pkg/root"
-	"github.com/github/sigstore-go/pkg/testing/ca"
-	"github.com/github/sigstore-go/pkg/verify"
+	"github.com/sigstore/sigstore-go/pkg/root"
+	"github.com/sigstore/sigstore-go/pkg/testing/ca"
+	"github.com/sigstore/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )