Rename sigstore-verifier to sigstore-go

.gitignore

@@ -1,3 +1,3 @@
 .idea
-/sigstore-verifier
+/sigstore-go
 /tufdata

Makefile

@@ -1,6 +1,6 @@
 .PHONY: build
 build:
-	go build ./cmd/sigstore-verifier
+	go build ./cmd/sigstore-go
 	go build -o conformance ./cmd/conformance
 
 .PHONY: test

README.md

@@ -12,7 +12,7 @@ Features:
 - Support for custom [trusted root](https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_trustroot.proto)
 - Basic CLI
 
-For an example of how to use this library, see [cmd/sigstore-verifier](./cmd/sigstore-verifier/main.go), or see the CLI examples below.
+For an example of how to use this library, see [cmd/sigstore-go](./cmd/sigstore-go/main.go), or see the CLI examples below.
 
 ## Background
 
@@ -25,28 +25,28 @@ Sigstore already has a canonical Go client implementation, [cosign](https://gith
 
 ## Installation
 
-You can use the CLI with `go run` as in the below examples, or compile/install the `sigstore-verifier` CLI:
+You can use the CLI with `go run` as in the below examples, or compile/install the `sigstore-go` CLI:
 
 ```bash
 $ make install
 ```
 ## Examples
 
 ```bash
-$ go run cmd/sigstore-verifier/main.go -trustedrootJSONpath examples/trusted-root-public-good.json examples/bundle-provenance.json
+$ go run cmd/sigstore-go/main.go -trustedrootJSONpath examples/trusted-root-public-good.json examples/bundle-provenance.json
 Verification successful!
 ```
 
 ```bash
-$ go run cmd/sigstore-verifier/main.go -tufRootURL tuf-repo-cdn.sigstore.dev examples/bundle-provenance.json
+$ go run cmd/sigstore-go/main.go -tufRootURL tuf-repo-cdn.sigstore.dev examples/bundle-provenance.json
 Verification successful!
 ```
 
 Alternatively, you can install a binary of the CLI like so:
 
 ```shell
-$ go install ./cmd/sigstore-verifier
-$ sigstore-verifier examples/bundle-provenance.json
+$ go install ./cmd/sigstore-go
+$ sigstore-go examples/bundle-provenance.json
 ```
 
 ## Testing

SUPPORT.md

@@ -6,7 +6,7 @@ This project uses GitHub issues to track bugs and feature requests. Please searc
 
 For help or questions about using this project, please use discussions.
 
-`sigstore-verifier` is under active development and maintained by GitHub staff **AND THE COMMUNITY**. We will do our best to respond to support, feature requests, and community questions in a timely manner.
+`sigstore-go` is under active development and maintained by GitHub staff **AND THE COMMUNITY**. We will do our best to respond to support, feature requests, and community questions in a timely manner.
 
 ## GitHub Support Policy
 

cmd/conformance/main.go

@@ -13,10 +13,10 @@ import (
 	protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1"
 	protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
 
-	"github.com/github/sigstore-verifier/pkg/bundle"
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/tuf"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/bundle"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/tuf"
+	"github.com/github/sigstore-go/pkg/verify"
 )
 
 var bundlePath *string

cmd/sigstore-verifier/main.go

@@ -13,10 +13,10 @@ import (
 	"os"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/bundle"
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/tuf"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/bundle"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/tuf"
+	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/signature"
 )
 

go.mod

@@ -1,4 +1,4 @@
-module github.com/github/sigstore-verifier
+module github.com/github/sigstore-go
 
 go 1.21
 

pkg/bundle/bundle.go

@@ -15,8 +15,8 @@ import (
 	"golang.org/x/mod/semver"
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/github/sigstore-verifier/pkg/tlog"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/tlog"
+	"github.com/github/sigstore-go/pkg/verify"
 )
 
 const SigstoreBundleMediaType01 = "application/vnd.dev.sigstore.bundle+json;version=0.1"

pkg/bundle/signature_content.go

@@ -4,7 +4,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 )

pkg/bundle/verification_content.go

@@ -5,8 +5,8 @@ import (
 	"crypto/x509"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/verify"
 )
 
 type CertificateChain struct {

pkg/fulcio/certificate/summarize_test.go

@@ -3,8 +3,8 @@ package certificate_test
 import (
 	"testing"
 
-	"github.com/github/sigstore-verifier/pkg/fulcio/certificate"
-	"github.com/github/sigstore-verifier/pkg/testing/data"
+	"github.com/github/sigstore-go/pkg/fulcio/certificate"
+	"github.com/github/sigstore-go/pkg/testing/data"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/testing/ca/ca.go

@@ -21,10 +21,10 @@ import (
 
 	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
 	"github.com/digitorus/timestamp"
-	"github.com/github/sigstore-verifier/pkg/bundle"
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/tlog"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/bundle"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/tlog"
+	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/go-openapi/runtime"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/models"

pkg/testing/data/data.go

@@ -6,8 +6,8 @@ import (
 	"os"
 	"testing"
 
-	"github.com/github/sigstore-verifier/pkg/bundle"
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/bundle"
+	"github.com/github/sigstore-go/pkg/root"
 	protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/protobuf/encoding/protojson"

pkg/tlog/entry.go

@@ -27,7 +27,7 @@ import (
 	rekorVerify "github.com/sigstore/rekor/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/signature"
 
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/root"
 )
 
 type Entry struct {

pkg/verify/certificate.go

@@ -5,7 +5,7 @@ import (
 	"errors"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/root"
 )
 
 func VerifyLeafCertificate(observerTimestamp time.Time, leafCert x509.Certificate, trustedMaterial root.TrustedMaterial) error { // nolint: revive

pkg/verify/certificate_identity.go

@@ -5,7 +5,7 @@ import (
 	"errors"
 	"regexp"
 
-	"github.com/github/sigstore-verifier/pkg/fulcio/certificate"
+	"github.com/github/sigstore-go/pkg/fulcio/certificate"
 )
 
 type SubjectAlternativeNameMatcher struct {

pkg/verify/certificate_identity_test.go

@@ -3,7 +3,7 @@ package verify
 import (
 	"testing"
 
-	"github.com/github/sigstore-verifier/pkg/fulcio/certificate"
+	"github.com/github/sigstore-go/pkg/fulcio/certificate"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/interface.go

@@ -5,8 +5,8 @@ import (
 	"errors"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/tlog"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/tlog"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"

pkg/verify/sct.go

@@ -5,7 +5,7 @@ import (
 	"encoding/hex"
 	"fmt"
 
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/root"
 	"github.com/google/certificate-transparency-go/ctutil"
 	ctx509 "github.com/google/certificate-transparency-go/x509"
 	"github.com/google/certificate-transparency-go/x509util"

pkg/verify/signature.go

@@ -10,7 +10,7 @@ import (
 	"hash"
 	"io"
 
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/root"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/sigstore/pkg/signature"
 	sigdsse "github.com/sigstore/sigstore/pkg/signature/dsse"

pkg/verify/signature_test.go

@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/github/sigstore-verifier/pkg/testing/ca"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/testing/ca"
+	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/signed_entity.go

@@ -6,8 +6,8 @@ import (
 	"io"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/fulcio/certificate"
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/fulcio/certificate"
+	"github.com/github/sigstore-go/pkg/root"
 	"github.com/in-toto/in-toto-golang/in_toto"
 )
 

pkg/verify/signed_entity_test.go

@@ -6,9 +6,9 @@ import (
 
 	"encoding/json"
 
-	"github.com/github/sigstore-verifier/pkg/fulcio/certificate"
-	"github.com/github/sigstore-verifier/pkg/testing/data"
-	v "github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/fulcio/certificate"
+	"github.com/github/sigstore-go/pkg/testing/data"
+	v "github.com/github/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/tlog.go

@@ -16,8 +16,8 @@ import (
 	rekorVerify "github.com/sigstore/rekor/pkg/verify"
 	"github.com/sigstore/sigstore/pkg/signature"
 
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/tlog"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/tlog"
 )
 
 // VerifyArtifactTransparencyLog verifies that the given entity has been logged

pkg/verify/tlog_test.go

@@ -4,9 +4,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/testing/ca"
-	"github.com/github/sigstore-verifier/pkg/tlog"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/testing/ca"
+	"github.com/github/sigstore-go/pkg/tlog"
+	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/verify/tsa.go

@@ -9,7 +9,7 @@ import (
 
 	tsaverification "github.com/sigstore/timestamp-authority/pkg/verification"
 
-	"github.com/github/sigstore-verifier/pkg/root"
+	"github.com/github/sigstore-go/pkg/root"
 )
 
 // VerifyTimestampAuthority verifies that the given entity has been timestamped

pkg/verify/tsa_test.go

@@ -4,9 +4,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/github/sigstore-verifier/pkg/root"
-	"github.com/github/sigstore-verifier/pkg/testing/ca"
-	"github.com/github/sigstore-verifier/pkg/verify"
+	"github.com/github/sigstore-go/pkg/root"
+	"github.com/github/sigstore-go/pkg/testing/ca"
+	"github.com/github/sigstore-go/pkg/verify"
 	"github.com/stretchr/testify/assert"
 )