From 8541365341552a6510238577a8358b8567826fcd Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Wed, 21 Feb 2024 10:30:46 +0100
Subject: [PATCH] sigstore: replace use of deprecated module go-tuf

---
 go.mod                        | 4 ++--
 internal/sigstore/BUILD.bazel | 2 +-
 internal/sigstore/sign.go     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 1c2cf2ac2..90b4738c8 100644
--- a/go.mod
+++ b/go.mod
@@ -120,7 +120,6 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4
-	github.com/theupdateframework/go-tuf v0.7.0
 	github.com/tink-crypto/tink-go/v2 v2.0.0
 	github.com/vincent-petithory/dataurl v1.0.0
 	go.etcd.io/etcd/api/v3 v3.5.12
@@ -332,11 +331,12 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/samber/lo v1.38.1 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.8.0
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/theupdateframework/go-tuf v0.7.0 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
diff --git a/internal/sigstore/BUILD.bazel b/internal/sigstore/BUILD.bazel
index 2ebcf9af8..64af82a87 100644
--- a/internal/sigstore/BUILD.bazel
+++ b/internal/sigstore/BUILD.bazel
@@ -12,6 +12,7 @@ go_library(
     importpath = "github.com/edgelesssys/constellation/v2/internal/sigstore",
     visibility = ["//:__subpackages__"],
     deps = [
+        "@com_github_secure_systems_lab_go_securesystemslib//encrypted",
         "@com_github_sigstore_rekor//pkg/client",
         "@com_github_sigstore_rekor//pkg/generated/client",
         "@com_github_sigstore_rekor//pkg/generated/client/entries",
@@ -21,7 +22,6 @@ go_library(
         "@com_github_sigstore_rekor//pkg/verify",
         "@com_github_sigstore_sigstore//pkg/cryptoutils",
         "@com_github_sigstore_sigstore//pkg/signature",
-        "@com_github_theupdateframework_go_tuf//encrypted",
     ],
 )
 
diff --git a/internal/sigstore/sign.go b/internal/sigstore/sign.go
index 5aa400f23..a98e6be9d 100644
--- a/internal/sigstore/sign.go
+++ b/internal/sigstore/sign.go
@@ -17,8 +17,8 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/secure-systems-lab/go-securesystemslib/encrypted"
 	"github.com/sigstore/sigstore/pkg/signature"
-	"github.com/theupdateframework/go-tuf/encrypted"
 )
 
 const (