Replace dirhash package

crl_test.go

@@ -109,7 +109,7 @@ func TestParallelCRLLazyInitialization(t *testing.T) {
 	var wg sync.WaitGroup
 	for i := 0; i < 10; i++ {
 		wg.Add(1)
-		go func(cert *Certificate) {
+		go func(_ *Certificate) {
 			defer wg.Done()
 			_, err := crl.DER()
 			assert.Nil(t, err)

go.mod

@@ -1,14 +1,11 @@
 module github.com/tsaarni/certyaml
 
-go 1.22.0
-
-toolchain go1.22.4
+go 1.19
 
 require (
 	github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08
 	github.com/stretchr/testify v1.9.0
 	github.com/tsaarni/x500dn v1.0.0
-	golang.org/x/mod v0.21.0
 	sigs.k8s.io/yaml v1.4.0
 )
 

go.sum

@@ -12,8 +12,6 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tsaarni/x500dn v1.0.0 h1:LvaWTkqRpse4VHBhB5uwf3wytokK4vF9IOyNAEyiA+U=
 github.com/tsaarni/x500dn v1.0.0/go.mod h1:QaHa3EcUKC4dfCAZmj8+ZRGLKukWgpGv9H3oOCsAbcE=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

internal/manifest/manifest_test.go

@@ -19,20 +19,22 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
+	"io/fs"
 	"math/big"
 	"net"
 	"net/url"
 	"os"
 	"path"
+	"path/filepath"
 	"sort"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"golang.org/x/mod/sumdb/dirhash"
 )
 
 func TestManifestHandling(t *testing.T) {
@@ -87,12 +89,12 @@ func TestStateHandling(t *testing.T) {
 	assert.Nil(t, err)
 
 	// Check stable hashing: calling generate again on same manifest does not alter the state.
-	h1, err := dirhash.HashDir(dir, "", dirhash.Hash1)
+	h1, err := dirHash(dir)
 	assert.Nil(t, err)
 	err = GenerateCertificates(&output, "testdata/certs-state-1.yaml", path.Join(dir, "state.yaml"), dir)
 	assert.Nil(t, err)
 
-	h2, err := dirhash.HashDir(dir, "", dirhash.Hash1)
+	h2, err := dirHash(dir)
 	assert.Nil(t, err)
 	assert.Equal(t, h1, h2)
 
@@ -102,15 +104,15 @@ func TestStateHandling(t *testing.T) {
 	err = GenerateCertificates(&output, "testdata/certs-state-1.yaml", path.Join(dir, "state.yaml"), dir)
 	assert.Nil(t, err)
 
-	h3, err := dirhash.HashDir(dir, "", dirhash.Hash1)
+	h3, err := dirHash(dir)
 	assert.Nil(t, err)
 	assert.NotEqual(t, h2, h3)
 
 	// Check that files are re-generated if manifest changes.
 	err = GenerateCertificates(&output, "testdata/certs-state-2.yaml", path.Join(dir, "state.yaml"), dir)
 	assert.Nil(t, err)
 
-	h4, err := dirhash.HashDir(dir, "", dirhash.Hash1)
+	h4, err := dirHash(dir)
 	assert.Nil(t, err)
 	assert.NotEqual(t, h3, h4)
 }
@@ -298,3 +300,29 @@ func TestInvalidRevocation(t *testing.T) {
 	err = GenerateCertificates(&output, "testdata/cert-invalid-revoke-self-signed.yaml", path.Join(dir, "state.yaml"), dir)
 	assert.NotNil(t, err)
 }
+
+// Helpers
+
+// dirHash returns a hash of all files in a directory.
+func dirHash(dir string) (string, error) {
+	hash := sha256.New()
+
+	err := filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if !d.IsDir() {
+			buf, err := os.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			hash.Write(buf)
+		}
+		return nil
+	})
+	if err != nil {
+		return "", err
+	}
+
+	return string(hash.Sum(nil)), nil
+}