Fix pkcs7

[morrowc]

Addressing Amritha's question/suggestion.

[gemini-code-assist]

Summary of Changes

Hello @morrowc, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the project's dependency on the pkcs7 cryptographic library. The change involves migrating from the go.mozilla.org implementation to one provided by github.com/avast/apkverifier/fullsailor. This update addresses a previous suggestion or issue, ensuring the project uses the intended pkcs7 functionality.

Highlights

• PKCS7 Library Update: The project's dependency on the pkcs7 cryptographic library has been switched from go.mozilla.org/pkcs7 to github.com/avast/apkverifier/fullsailor/pkcs7.
• Dependency Management: The go.mod and go.sum files were updated to reflect the new pkcs7 dependency and its corresponding checksums.

Changelog

• feature/gnsi/certz/tests/internal/setup_service/setup_service.go
  • Changed the import path for the pkcs7 package.
• go.mod
  • Replaced the go.mozilla.org/pkcs7 dependency with github.com/avast/apkverifier.
• go.sum
  • Added new checksum entries for github.com/avast/apkverifier.
  • Removed checksum entries for go.mozilla.org/pkcs7.

Activity

• The pull request was created to address a question or suggestion from "Amritha."

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[OpenConfigBot]

Pull Request Functional Test Report for #5106 / 5c607b3

No tests identified for validation.

Help

[gemini-code-assist]

Code Review

This pull request updates the PKCS#7 parsing library from an archived Mozilla package to one from Avast. While this is a good move to a more maintained library, there's a critical issue in go.mod where the new dependency has an invalid pseudo-version with a future timestamp. This will likely break builds and needs to be corrected. Additionally, there's a minor style issue in setup_service.go where a redundant import alias is used.

[gemini-code-assist]

The pseudo-version for github.com/avast/apkverifier appears to be invalid. The timestamp 20251022 is in the future, which can cause issues with dependency resolution and build reproducibility. Please use a valid version or commit hash for this dependency. For example, you can run go get github.com/avast/apkverifier/fullsailor/pkcs7@<commit-hash> to get a valid pseudo-version.

[gemini-code-assist]

The import alias pkcs7 is redundant because the imported package name is also pkcs7. According to Go best practices, explicit aliases should only be used when necessary to avoid name collisions or to use a different, more convenient name. In this case, the alias can be removed for better clarity.

Suggested change

	pkcs7 "github.com/avast/apkverifier/fullsailor/pkcs7"
	"github.com/avast/apkverifier/fullsailor/pkcs7"

References

1. The Go style guides referenced in the contribution guidelines (Effective Go, Go Code Review Comments) recommend using import aliases only when necessary to avoid name collisions or for clarity. The alias pkcs7 is redundant as it's the same as the package name and should be removed. ^(link)