Bump the go_modules group across 1 directory with 2 updates (#385 )

replace mholt/archiver with mholt/archives (#384 )
forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383 )
2026-02-24 23:03:49 +00:00 · 2025-01-10 19:59:36 -05:00 · 2025-01-10 19:15:00 -05:00 · 2025-01-10 17:14:44 -05:00 · 2025-01-09 15:21:03 -05:00 · 2024-12-14 01:02:58 -05:00
28 changed files with 1365 additions and 679 deletions
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,7 +53,7 @@ jobs:
        with:
          distribution: goreleaser
          version: "~> v2"
-          args: "release --clean --parallelism 1 --timeout 60m"
+          args: "release --clean --timeout 60m"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -10,7 +10,7 @@
 dist/
 tmp/
 bin/
-store/
+/store/
 registry/
 fileserver/
 cmd/hauler/binaries
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -3,15 +3,11 @@ version: 2
 project_name: hauler
 before:
  hooks:
-    - rm -rf cmd/hauler/binaries
-    - mkdir -p cmd/hauler/binaries
-    - touch cmd/hauler/binaries/file
    - go mod tidy
    - go mod download
    - go fmt ./...
    - go vet ./...
    - go test ./... -cover -race -covermode=atomic -coverprofile=coverage.out
-    - rm -rf cmd/hauler/binaries

 release:
  prerelease: auto
@@ -32,11 +28,6 @@ builds:
      - arm64
    ldflags:
      - -s -w -X {{ .Env.vpkg }}.gitVersion={{ .Version }} -X {{ .Env.vpkg }}.gitCommit={{ .ShortCommit }} -X {{ .Env.vpkg }}.gitTreeState={{if .IsGitDirty}}dirty{{else}}clean{{end}} -X {{ .Env.vpkg }}.buildDate={{ .Date }}
-    hooks:
-      pre:
-        - wget -P cmd/hauler/binaries/ https://github.com/hauler-dev/cosign/releases/download/{{ .Env.cosign_version }}/cosign-{{ .Os }}-{{ .Arch }}{{ if eq .Os "windows" }}.exe{{ end }}
-      post:
-        - rm -rf cmd/hauler/binaries
    env:
      - CGO_ENABLED=0
      - GOEXPERIMENT=boringcrypto
--- a/12
+++ b/12
@@ -10,28 +10,24 @@ GO_COVERPROFILE=coverage.out
 # set build variables
 BIN_DIRECTORY=bin
 DIST_DIRECTORY=dist
-BINARIES_DIRECTORY=cmd/hauler/binaries

 # local build of hauler for current platform
 # references/configuration from .goreleaser.yaml
 build:
-	goreleaser build --clean --snapshot --parallelism 1 --timeout 60m --single-target
+	goreleaser build --clean --snapshot --timeout 60m --single-target

 # local build of hauler for all platforms
 # references/configuration from .goreleaser.yaml
 build-all:
-	goreleaser build --clean --snapshot --parallelism 1 --timeout 60m
+	goreleaser build --clean --snapshot --timeout 60m

 # local release of hauler for all platforms
 # references/configuration from .goreleaser.yaml
 release:
-	goreleaser release --clean --snapshot --parallelism 1 --timeout 60m
+	goreleaser release --clean --snapshot --timeout 60m

 # install depedencies
 install:
-	rm -rf $(BINARIES_DIRECTORY)
-	mkdir -p $(BINARIES_DIRECTORY)
-	touch cmd/hauler/binaries/file
 	go mod tidy
 	go mod download
 	CGO_ENABLED=0 go install ./cmd/...
@@ -50,4 +46,4 @@ test:

 # cleanup artifacts
 clean:
-	rm -rf $(BIN_DIRECTORY) $(BINARIES_DIRECTORY) $(DIST_DIRECTORY) $(GO_COVERPROFILE)
+	rm -rf $(BIN_DIRECTORY) $(DIST_DIRECTORY) $(GO_COVERPROFILE)
--- a/cmd/hauler/cli/cli.go
+++ b/cmd/hauler/cli/cli.go
@@ -2,17 +2,15 @@ package cli

 import (
 	"context"
-	"embed"

+	cranecmd "github.com/google/go-containerregistry/cmd/crane/cmd"
 	"github.com/spf13/cobra"
-
 	"hauler.dev/go/hauler/internal/flags"
 	"hauler.dev/go/hauler/pkg/consts"
-	"hauler.dev/go/hauler/pkg/cosign"
 	"hauler.dev/go/hauler/pkg/log"
 )

-func New(ctx context.Context, binaries embed.FS, ro *flags.CliRootOpts) *cobra.Command {
+func New(ctx context.Context, ro *flags.CliRootOpts) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:     "hauler",
 		Short:   "Airgap Swiss Army Knife",
@@ -22,12 +20,6 @@ func New(ctx context.Context, binaries embed.FS, ro *flags.CliRootOpts) *cobra.C
 			l.SetLevel(ro.LogLevel)
 			l.Debugf("running cli command [%s]", cmd.CommandPath())

-			// ensure cosign binary is available
-			if err := cosign.EnsureBinaryExists(ctx, binaries, ro); err != nil {
-				l.Errorf("cosign binary missing: %v", err)
-				return err
-			}
-
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -37,7 +29,7 @@ func New(ctx context.Context, binaries embed.FS, ro *flags.CliRootOpts) *cobra.C

 	flags.AddRootFlags(cmd, ro)

-	addLogin(cmd, ro)
+	cmd.AddCommand(cranecmd.NewCmdAuthLogin("hauler"))
 	addStore(cmd, ro)
 	addVersion(cmd, ro)
 	addCompletion(cmd, ro)
--- a/cmd/hauler/cli/completion.go
+++ b/cmd/hauler/cli/completion.go
@@ -5,6 +5,7 @@ import (
 	"os"

 	"github.com/spf13/cobra"
+
 	"hauler.dev/go/hauler/internal/flags"
 )

--- a/cmd/hauler/cli/login.go
+++ b/cmd/hauler/cli/login.go
@@ -1,62 +0,0 @@
-package cli
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/spf13/cobra"
-	"oras.land/oras-go/pkg/content"
-
-	"hauler.dev/go/hauler/internal/flags"
-	"hauler.dev/go/hauler/pkg/cosign"
-)
-
-func addLogin(parent *cobra.Command, ro *flags.CliRootOpts) {
-	o := &flags.LoginOpts{}
-
-	cmd := &cobra.Command{
-		Use:     "login",
-		Short:   "Login to a registry",
-		Long:    "Login to an OCI Compliant Registry (stored at ~/.docker/config.json)",
-		Example: "# login to registry.example.com\nhauler login registry.example.com -u bob -p haulin",
-		Args:    cobra.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, arg []string) error {
-			ctx := cmd.Context()
-
-			if o.PasswordStdin {
-				contents, err := io.ReadAll(os.Stdin)
-				if err != nil {
-					return err
-				}
-				o.Password = strings.TrimSuffix(string(contents), "\n")
-				o.Password = strings.TrimSuffix(o.Password, "\r")
-			}
-
-			if o.Username == "" && o.Password == "" {
-				return fmt.Errorf("username and password required")
-			}
-
-			return login(ctx, o, arg[0], ro)
-		},
-	}
-	o.AddFlags(cmd)
-
-	parent.AddCommand(cmd)
-}
-
-func login(ctx context.Context, o *flags.LoginOpts, registry string, ro *flags.CliRootOpts) error {
-	ropts := content.RegistryOptions{
-		Username: o.Username,
-		Password: o.Password,
-	}
-
-	err := cosign.RegistryLogin(ctx, nil, registry, ropts, ro)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
--- a/cmd/hauler/cli/store.go
+++ b/cmd/hauler/cli/store.go
@@ -138,7 +138,7 @@ func addStoreServeRegistry(rso *flags.StoreRootOpts, ro *flags.CliRootOpts) *cob
 				return err
 			}

-			return store.ServeRegistryCmd(ctx, o, s, ro)
+			return store.ServeRegistryCmd(ctx, o, s, rso, ro)
 		},
 	}

--- a/cmd/hauler/cli/store/add.go
+++ b/cmd/hauler/cli/store/add.go
@@ -5,13 +5,13 @@ import (
 	"os"

 	"github.com/google/go-containerregistry/pkg/name"
-	"hauler.dev/go/hauler/pkg/artifacts/file/getter"
-	"hauler.dev/go/hauler/pkg/consts"
 	"helm.sh/helm/v3/pkg/action"

 	"hauler.dev/go/hauler/internal/flags"
 	"hauler.dev/go/hauler/pkg/apis/hauler.cattle.io/v1alpha1"
 	"hauler.dev/go/hauler/pkg/artifacts/file"
+	"hauler.dev/go/hauler/pkg/artifacts/file/getter"
+	"hauler.dev/go/hauler/pkg/consts"
 	"hauler.dev/go/hauler/pkg/content/chart"
 	"hauler.dev/go/hauler/pkg/cosign"
 	"hauler.dev/go/hauler/pkg/log"
--- a/cmd/hauler/cli/store/copy.go
+++ b/cmd/hauler/cli/store/copy.go
@@ -19,7 +19,7 @@ func CopyCmd(ctx context.Context, o *flags.CopyOpts, s *store.Layout, targetRef
 	components := strings.SplitN(targetRef, "://", 2)
 	switch components[0] {
 	case "dir":
-		l.Debugf("identified directory target reference")
+		l.Debugf("identified directory target reference of [%s]", components[1])
 		fs := content.NewFile(components[1])
 		defer fs.Close()

@@ -29,7 +29,7 @@ func CopyCmd(ctx context.Context, o *flags.CopyOpts, s *store.Layout, targetRef
 		}

 	case "registry":
-		l.Debugf("identified registry target reference")
+		l.Debugf("identified registry target reference of [%s]", components[1])
 		ropts := content.RegistryOptions{
 			Username:  o.Username,
 			Password:  o.Password,
@@ -37,13 +37,6 @@ func CopyCmd(ctx context.Context, o *flags.CopyOpts, s *store.Layout, targetRef
 			PlainHTTP: o.PlainHTTP,
 		}

-		if ropts.Username != "" {
-			err := cosign.RegistryLogin(ctx, s, components[1], ropts, ro)
-			if err != nil {
-				return err
-			}
-		}
-
 		err := cosign.LoadImages(ctx, s, components[1], ropts, ro)
 		if err != nil {
 			return err
--- a/cmd/hauler/cli/store/load.go
+++ b/cmd/hauler/cli/store/load.go
@@ -4,9 +4,8 @@ import (
 	"context"
 	"os"

-	"github.com/mholt/archiver/v3"
-
 	"hauler.dev/go/hauler/internal/flags"
+	"hauler.dev/go/hauler/pkg/archives"
 	"hauler.dev/go/hauler/pkg/consts"
 	"hauler.dev/go/hauler/pkg/content"
 	"hauler.dev/go/hauler/pkg/log"
@@ -53,9 +52,9 @@ func unarchiveLayoutTo(ctx context.Context, archivePath string, dest string, tem
 	}
 	defer os.RemoveAll(tempDir)

-	l.Debugf("using temporary directory at %s", tempDir)
+	l.Debugf("using temporary directory at [%s]", tempDir)

-	if err := archiver.Unarchive(archivePath, tempDir); err != nil {
+	if err := archives.Unarchive(ctx, archivePath, tempDir); err != nil {
 		return err
 	}

--- a/cmd/hauler/cli/store/save.go
+++ b/cmd/hauler/cli/store/save.go
@@ -15,10 +15,10 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/layout"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
-	"github.com/mholt/archiver/v3"
 	imagev1 "github.com/opencontainers/image-spec/specs-go/v1"

 	"hauler.dev/go/hauler/internal/flags"
+	"hauler.dev/go/hauler/pkg/archives"
 	"hauler.dev/go/hauler/pkg/consts"
 	"hauler.dev/go/hauler/pkg/log"
 )
@@ -38,9 +38,14 @@ func SaveCmd(ctx context.Context, o *flags.SaveOpts, outputFile string) error {
 		storeDir = consts.DefaultStoreName
 	}

+	// Maps to handle compression and archival types
+	compressionMap := archives.CompressionMap
+	archivalMap := archives.ArchivalMap
+
 	// TODO: Support more formats?
-	a := archiver.NewTarZstd()
-	a.OverwriteExisting = true
+	// Select the correct compression and archival type based on user input
+	compression := compressionMap["zst"]
+	archival := archivalMap["tar"]

 	absOutputfile, err := filepath.Abs(outputFile)
 	if err != nil {
@@ -56,11 +61,13 @@ func SaveCmd(ctx context.Context, o *flags.SaveOpts, outputFile string) error {
 		return err
 	}

+	// create the manifest.json file
 	if err := writeExportsManifest(ctx, ".", o.Platform); err != nil {
 		return err
 	}

-	err = a.Archive([]string{"."}, absOutputfile)
+	// create the archive
+	err = archives.Archive(ctx, ".", absOutputfile, compression, archival)
 	if err != nil {
 		return err
 	}
@@ -106,7 +113,7 @@ func writeExportsManifest(ctx context.Context, dir string, platformStr string) e
 	for _, desc := range imx.Manifests {
 		l.Debugf("descriptor [%s] >>> %s", desc.Digest.String(), desc.MediaType)
 		if artifactType := types.MediaType(desc.ArtifactType); artifactType != "" && !artifactType.IsImage() && !artifactType.IsIndex() {
-			l.Debugf("descriptor [%s] <<< SKIPPING ARTIFACT (%q)", desc.Digest.String(), desc.ArtifactType)
+			l.Debugf("descriptor [%s] <<< SKIPPING ARTIFACT [%q]", desc.Digest.String(), desc.ArtifactType)
 			continue
 		}
 		if desc.Annotations != nil {
@@ -157,7 +164,7 @@ func writeExportsManifest(ctx context.Context, dir string, platformStr string) e
 							}
 						}
 					default:
-						l.Debugf("descriptor [%s] <<< SKIPPING KIND (%q)", desc.Digest.String(), kind)
+						l.Debugf("descriptor [%s] <<< SKIPPING KIND [%q]", desc.Digest.String(), kind)
 					}
 				}
 			}
--- a/cmd/hauler/cli/store/serve.go
+++ b/cmd/hauler/cli/store/serve.go
@@ -2,7 +2,10 @@ package store

 import (
 	"context"
+	"fmt"
+	"net/http"
 	"os"
+	"strings"

 	"github.com/distribution/distribution/v3/configuration"
 	dcontext "github.com/distribution/distribution/v3/context"
@@ -10,6 +13,7 @@ import (
 	_ "github.com/distribution/distribution/v3/registry/storage/driver/filesystem"
 	_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
 	"github.com/distribution/distribution/v3/version"
+	"gopkg.in/yaml.v3"

 	"hauler.dev/go/hauler/internal/flags"
 	"hauler.dev/go/hauler/internal/server"
@@ -17,7 +21,35 @@ import (
 	"hauler.dev/go/hauler/pkg/store"
 )

-func ServeRegistryCmd(ctx context.Context, o *flags.ServeRegistryOpts, s *store.Layout, ro *flags.CliRootOpts) error {
+func DefaultRegistryConfig(o *flags.ServeRegistryOpts, rso *flags.StoreRootOpts, ro *flags.CliRootOpts) *configuration.Configuration {
+	cfg := &configuration.Configuration{
+		Version: "0.1",
+		Storage: configuration.Storage{
+			"cache":      configuration.Parameters{"blobdescriptor": "inmemory"},
+			"filesystem": configuration.Parameters{"rootdirectory": o.RootDir},
+			"maintenance": configuration.Parameters{
+				"readonly": map[any]any{"enabled": o.ReadOnly},
+			},
+		},
+	}
+
+	if o.TLSCert != "" && o.TLSKey != "" {
+		cfg.HTTP.TLS.Certificate = o.TLSCert
+		cfg.HTTP.TLS.Key = o.TLSKey
+	}
+
+	cfg.HTTP.Addr = fmt.Sprintf(":%d", o.Port)
+	cfg.HTTP.Headers = http.Header{
+		"X-Content-Type-Options": []string{"nosniff"},
+	}
+
+	cfg.Log.Level = configuration.Loglevel(ro.LogLevel)
+	cfg.Validation.Manifests.URLs.Allow = []string{".+"}
+
+	return cfg
+}
+
+func ServeRegistryCmd(ctx context.Context, o *flags.ServeRegistryOpts, s *store.Layout, rso *flags.StoreRootOpts, ro *flags.CliRootOpts) error {
 	l := log.FromContext(ctx)
 	ctx = dcontext.WithVersion(ctx, version.Version)

@@ -33,7 +65,7 @@ func ServeRegistryCmd(ctx context.Context, o *flags.ServeRegistryOpts, s *store.

 	tr.Close()

-	cfg := o.DefaultRegistryConfig()
+	cfg := DefaultRegistryConfig(o, rso, ro)
 	if o.ConfigFile != "" {
 		ucfg, err := loadConfig(o.ConfigFile)
 		if err != nil {
@@ -43,6 +75,16 @@ func ServeRegistryCmd(ctx context.Context, o *flags.ServeRegistryOpts, s *store.
 	}

 	l.Infof("starting registry on port [%d]", o.Port)
+
+	yamlConfig, err := yaml.Marshal(cfg)
+	if err != nil {
+		l.Errorf("failed to validate/output registry configuration: %v", err)
+	} else {
+		l.Infof("using registry configuration... \n%s", strings.TrimSpace(string(yamlConfig)))
+	}
+
+	l.Debugf("detailed registry configuration: %+v", cfg)
+
 	r, err := server.NewRegistry(ctx, cfg)
 	if err != nil {
 		return err
--- a/cmd/hauler/cli/store/sync.go
+++ b/cmd/hauler/cli/store/sync.go
@@ -29,7 +29,7 @@ func SyncCmd(ctx context.Context, o *flags.SyncOpts, s *store.Layout, rso *flags

 	// if passed products, check for a remote manifest to retrieve and use.
 	for _, product := range o.Products {
-		l.Infof("processing content file for product: '%s'", product)
+		l.Infof("processing content file for product [%s]", product)
 		parts := strings.Split(product, "=")
 		tag := strings.ReplaceAll(parts[1], "+", "-")

@@ -40,7 +40,7 @@ func SyncCmd(ctx context.Context, o *flags.SyncOpts, s *store.Layout, rso *flags
 		}

 		manifestLoc := fmt.Sprintf("%s/hauler/%s-manifest.yaml:%s", ProductRegistry, parts[0], tag)
-		l.Infof("retrieving product manifest from: '%s'", manifestLoc)
+		l.Infof("retrieving product manifest from [%s]", manifestLoc)
 		img := v1alpha1.Image{
 			Name: manifestLoc,
 		}
@@ -66,7 +66,7 @@ func SyncCmd(ctx context.Context, o *flags.SyncOpts, s *store.Layout, rso *flags

 	// if passed a local manifest, process it
 	for _, filename := range o.ContentFiles {
-		l.Debugf("processing content file: '%s'", filename)
+		l.Debugf("processing content file: [%s]", filename)
 		fi, err := os.Open(filename)
 		if err != nil {
 			return err
--- a/cmd/hauler/main.go
+++ b/cmd/hauler/main.go
@@ -2,7 +2,6 @@ package main

 import (
 	"context"
-	"embed"
 	"os"

 	"hauler.dev/go/hauler/cmd/hauler/cli"
@@ -10,9 +9,6 @@ import (
 	"hauler.dev/go/hauler/pkg/log"
 )

-//go:embed binaries/*
-var binaries embed.FS
-
 func main() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -20,8 +16,7 @@ func main() {
 	logger := log.NewLogger(os.Stdout)
 	ctx = logger.WithContext(ctx)

-	// pass the embedded binaries to the cli package
-	if err := cli.New(ctx, binaries, &flags.CliRootOpts{}).ExecuteContext(ctx); err != nil {
+	if err := cli.New(ctx, &flags.CliRootOpts{}).ExecuteContext(ctx); err != nil {
 		logger.Errorf("%v", err)
 		cancel()
 		os.Exit(1)
--- a/go.mod
+++ b/go.mod
@@ -4,25 +4,28 @@ go 1.23

 toolchain go1.23.4

+replace github.com/sigstore/cosign/v2 => github.com/hauler-dev/cosign/v2 v2.4.2-0.20250108143133-b8416a2c645e
+
 require (
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be
 	github.com/containerd/containerd v1.7.23
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
-	github.com/docker/go-metrics v0.0.1
-	github.com/google/go-containerregistry v0.16.1
+	github.com/google/go-containerregistry v0.20.2
 	github.com/gorilla/handlers v1.5.1
-	github.com/gorilla/mux v1.8.0
-	github.com/mholt/archiver/v3 v3.5.1
+	github.com/gorilla/mux v1.8.1
+	github.com/mholt/archives v0.1.0
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/rs/zerolog v1.31.0
+	github.com/sigstore/cosign/v2 v2.4.1
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/afero v1.10.0
+	github.com/spf13/afero v1.11.0
 	github.com/spf13/cobra v1.8.1
-	golang.org/x/sync v0.8.0
+	golang.org/x/sync v0.10.0
+	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.16.3
 	k8s.io/apimachinery v0.31.3
 	k8s.io/client-go v0.31.3
@@ -30,89 +33,192 @@ require (
 )

 require (
+	cloud.google.com/go/auth v0.9.3 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 // indirect
+	cuelang.org/go v0.9.2 // indirect
 	dario.cat/mergo v1.0.1 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0 // indirect
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
+	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/STARRY-S/zip v0.2.1 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
-	github.com/andybalholm/brotli v1.0.4 // indirect
+	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
+	github.com/agnivade/levenshtein v1.1.1 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
+	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
+	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
+	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
+	github.com/alibabacloud-go/debug v1.0.0 // indirect
+	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.1 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/credentials-go v1.3.2 // indirect
+	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
+	github.com/aws/smithy-go v1.20.4 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/bodgit/plumbing v1.3.0 // indirect
+	github.com/bodgit/sevenzip v1.6.0 // indirect
+	github.com/bodgit/windows v1.0.1 // indirect
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
 	github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd // indirect
 	github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b // indirect
 	github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 // indirect
+	github.com/buildkite/agent/v3 v3.81.0 // indirect
+	github.com/buildkite/go-pipeline v0.13.1 // indirect
+	github.com/buildkite/interpolate v0.1.3 // indirect
+	github.com/buildkite/roko v1.2.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
+	github.com/chzyer/readline v1.5.1 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cockroachdb/apd/v3 v3.2.1 // indirect
 	github.com/containerd/errdefs v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
+	github.com/coreos/go-oidc/v3 v3.11.0 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.3.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
+	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
+	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v25.0.1+incompatible // indirect
+	github.com/docker/cli v27.1.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker v25.0.6+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
+	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 // indirect
-	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
+	github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/emicklei/proto v1.12.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
+	github.com/go-piv/piv-go v1.11.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gomodule/redigo v1.8.2 // indirect
-	github.com/google/btree v1.0.1 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/btree v1.1.2 // indirect
+	github.com/google/certificate-transparency-go v1.2.1 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-github/v55 v55.0.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/in-toto/attestation v1.1.0 // indirect
+	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
-	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/manifoldco/promptui v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
@@ -120,49 +226,102 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/mozillazg/docker-credential-acr-helper v0.4.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/nwaples/rardecode v1.1.0 // indirect
+	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
+	github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 // indirect
+	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/oleiade/reflections v1.1.0 // indirect
+	github.com/open-policy-agent/opa v0.68.0 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pborman/uuid v1.2.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pierrec/lz4/v4 v4.1.15 // indirect
-	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/pierrec/lz4/v4 v4.1.21 // indirect
+	github.com/prometheus/client_golang v1.20.2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf // indirect
+	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/rubenv/sql-migrate v1.7.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sassoftware/relic v7.2.1+incompatible // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
+	github.com/segmentio/ksuid v1.0.4 // indirect
+	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/sigstore/fulcio v1.6.3 // indirect
+	github.com/sigstore/protobuf-specs v0.3.2 // indirect
+	github.com/sigstore/rekor v1.3.6 // indirect
+	github.com/sigstore/sigstore v1.8.9 // indirect
+	github.com/sigstore/sigstore-go v0.6.1 // indirect
+	github.com/sigstore/timestamp-authority v1.2.2 // indirect
+	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
+	github.com/sorairolake/lzip-go v0.3.5 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/ulikunitz/xz v0.5.10 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
+	github.com/spf13/viper v1.19.0 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.3.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
+	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
+	github.com/thales-e-security/pool v0.0.2 // indirect
+	github.com/therootcompany/xz v1.0.1 // indirect
+	github.com/theupdateframework/go-tuf v0.7.0 // indirect
+	github.com/theupdateframework/go-tuf/v2 v2.0.1 // indirect
+	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
+	github.com/transparency-dev/merkle v0.0.2 // indirect
+	github.com/ulikunitz/xz v0.5.12 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
+	github.com/xanzy/go-gitlab v0.109.0 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43 // indirect
 	github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 // indirect
 	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
-	go.opentelemetry.io/otel v1.28.0 // indirect
-	go.opentelemetry.io/otel/metric v1.28.0 // indirect
-	go.opentelemetry.io/otel/trace v1.28.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
+	github.com/zeebo/errs v1.3.0 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	go.step.sm/crypto v0.51.2 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
+	golang.org/x/mod v0.20.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/term v0.25.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/grpc v1.65.0 // indirect
+	google.golang.org/api v0.196.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/grpc v1.66.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.31.3 // indirect
 	k8s.io/apiextensions-apiserver v0.31.3 // indirect
 	k8s.io/apiserver v0.31.3 // indirect
@@ -175,6 +334,7 @@ require (
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/kustomize/api v0.18.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
+	sigs.k8s.io/release-utils v0.8.4 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/internal/flags/login.go
+++ b/internal/flags/login.go
@@ -1,16 +0,0 @@
-package flags
-
-import "github.com/spf13/cobra"
-
-type LoginOpts struct {
-	Username      string
-	Password      string
-	PasswordStdin bool
-}
-
-func (o *LoginOpts) AddFlags(cmd *cobra.Command) {
-	f := cmd.Flags()
-	f.StringVarP(&o.Username, "username", "u", "", "(Optional) Username to use for authentication")
-	f.StringVarP(&o.Password, "password", "p", "", "(Optional) Password to use for authentication")
-	f.BoolVar(&o.PasswordStdin, "password-stdin", false, "(Optional) Password to use for authentication (from stdin)")
-}
--- a/internal/flags/serve.go
+++ b/internal/flags/serve.go
@@ -1,10 +1,6 @@
 package flags

 import (
-	"fmt"
-	"net/http"
-
-	"github.com/distribution/distribution/v3/configuration"
 	"github.com/spf13/cobra"
 	"hauler.dev/go/hauler/pkg/consts"
 )
@@ -35,34 +31,6 @@ func (o *ServeRegistryOpts) AddFlags(cmd *cobra.Command) {
 	cmd.MarkFlagsRequiredTogether("tls-cert", "tls-key")
 }

-func (o *ServeRegistryOpts) DefaultRegistryConfig() *configuration.Configuration {
-	cfg := &configuration.Configuration{
-		Version: "0.1",
-		Storage: configuration.Storage{
-			"cache":      configuration.Parameters{"blobdescriptor": "inmemory"},
-			"filesystem": configuration.Parameters{"rootdirectory": o.RootDir},
-			"maintenance": configuration.Parameters{
-				"readonly": map[any]any{"enabled": o.ReadOnly},
-			},
-		},
-	}
-
-	if o.TLSCert != "" && o.TLSKey != "" {
-		cfg.HTTP.TLS.Certificate = o.TLSCert
-		cfg.HTTP.TLS.Key = o.TLSKey
-	}
-
-	cfg.HTTP.Addr = fmt.Sprintf(":%d", o.Port)
-	cfg.HTTP.Headers = http.Header{
-		"X-Content-Type-Options": []string{"nosniff"},
-	}
-
-	cfg.Log.Level = "info"
-	cfg.Validation.Manifests.URLs.Allow = []string{".+"}
-
-	return cfg
-}
-
 type ServeFilesOpts struct {
 	*StoreRootOpts

--- a/internal/flags/store.go
+++ b/internal/flags/store.go
@@ -41,7 +41,7 @@ func (o *StoreRootOpts) Store(ctx context.Context) (*store.Layout, error) {
 		return nil, err
 	}

-	l.Debugf("using store at %s", abs)
+	l.Debugf("using store at [%s]", abs)

 	if _, err := os.Stat(abs); errors.Is(err, os.ErrNotExist) {
 		if err := os.MkdirAll(abs, os.ModePerm); err != nil {
--- a/internal/server/registry.go
+++ b/internal/server/registry.go
@@ -11,7 +11,6 @@ import (
 	"github.com/distribution/distribution/v3/configuration"
 	"github.com/distribution/distribution/v3/registry"
 	"github.com/distribution/distribution/v3/registry/handlers"
-	"github.com/docker/go-metrics"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -22,14 +21,6 @@ func NewRegistry(ctx context.Context, cfg *configuration.Configuration) (*regist
 		return nil, err
 	}

-	if cfg.HTTP.Debug.Prometheus.Enabled {
-		path := cfg.HTTP.Debug.Prometheus.Path
-		if path == "" {
-			path = "/metrics"
-		}
-		http.Handle(path, metrics.Handler())
-	}
-
 	return r, nil
 }

@@ -45,7 +36,7 @@ func NewTempRegistry(ctx context.Context, root string) *tmpRegistryServer {
 			"filesystem": configuration.Parameters{"rootdirectory": root},
 		},
 	}
-	// Add validation configuration
+
 	cfg.Validation.Manifests.URLs.Allow = []string{".+"}

 	cfg.Log.Level = "error"
--- a/pkg/apis/hauler.cattle.io/v1alpha1/groupversion_info.go
+++ b/pkg/apis/hauler.cattle.io/v1alpha1/groupversion_info.go
@@ -1,8 +1,9 @@
 package v1alpha1

 import (
-	"hauler.dev/go/hauler/pkg/consts"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	"hauler.dev/go/hauler/pkg/consts"
 )

 var (
--- a/pkg/archives/archiver.go
+++ b/pkg/archives/archiver.go
@@ -0,0 +1,103 @@
+package archives
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/mholt/archives"
+	"hauler.dev/go/hauler/pkg/log"
+)
+
+// Maps to handle compression and archival types
+var CompressionMap = map[string]archives.Compression{
+	"gz":  archives.Gz{},
+	"bz2": archives.Bz2{},
+	"xz":  archives.Xz{},
+	"zst": archives.Zstd{},
+	"lz4": archives.Lz4{},
+	"br":  archives.Brotli{},
+}
+
+var ArchivalMap = map[string]archives.Archival{
+	"tar": archives.Tar{},
+	"zip": archives.Zip{},
+}
+
+// check if a path exists
+func isExist(path string) bool {
+	_, statErr := os.Stat(path)
+	return !os.IsNotExist(statErr)
+}
+
+// Archive is a function that archives the files in a directory
+// dir: the directory to Archive
+// outfile: the output file
+// compression: the compression to use (gzip, bzip2, etc.)
+// archival: the archival to use (tar, zip, etc.)
+func Archive(ctx context.Context, dir, outfile string, compression archives.Compression, archival archives.Archival) error {
+	l := log.FromContext(ctx)
+	l.Debugf("Starting the archival process for directory: %s", dir)
+
+	// remove outfile
+	l.Debugf("Removing any existing output file: %s", outfile)
+	if err := os.RemoveAll(outfile); err != nil {
+		errMsg := fmt.Errorf("failed to remove existing output file '%s': %w", outfile, err)
+		l.Debugf(errMsg.Error())
+		return errMsg
+	}
+
+	if !isExist(dir) {
+		errMsg := fmt.Errorf("directory '%s' does not exist, cannot proceed with archival", dir)
+		l.Debugf(errMsg.Error())
+		return errMsg
+	}
+
+	// map files on disk to their paths in the archive
+	l.Debugf("Mapping files in directory: %s", dir)
+	archiveDirName := filepath.Base(filepath.Clean(dir))
+	if dir == "." {
+		archiveDirName = ""
+	}
+	files, err := archives.FilesFromDisk(context.Background(), nil, map[string]string{
+		dir: archiveDirName,
+	})
+	if err != nil {
+		errMsg := fmt.Errorf("error mapping files from directory '%s': %w", dir, err)
+		l.Debugf(errMsg.Error())
+		return errMsg
+	}
+	l.Debugf("Successfully mapped files for directory: %s", dir)
+
+	// create the output file we'll write to
+	l.Debugf("Creating output file: %s", outfile)
+	outf, err := os.Create(outfile)
+	if err != nil {
+		errMsg := fmt.Errorf("error creating output file '%s': %w", outfile, err)
+		l.Debugf(errMsg.Error())
+		return errMsg
+	}
+	defer func() {
+		l.Debugf("Closing output file: %s", outfile)
+		outf.Close()
+	}()
+
+	// define the archive format
+	l.Debugf("Defining the archive format with compression: %T and archival: %T", compression, archival)
+	format := archives.CompressedArchive{
+		Compression: compression,
+		Archival:    archival,
+	}
+
+	// create the archive
+	l.Debugf("Starting archive creation: %s", outfile)
+	err = format.Archive(context.Background(), outf, files)
+	if err != nil {
+		errMsg := fmt.Errorf("error during archive creation for output file '%s': %w", outfile, err)
+		l.Debugf(errMsg.Error())
+		return errMsg
+	}
+	l.Debugf("Archive created successfully: %s", outfile)
+	return nil
+}
--- a/pkg/archives/unarchiver.go
+++ b/pkg/archives/unarchiver.go
@@ -0,0 +1,158 @@
+package archives
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/mholt/archives"
+	"hauler.dev/go/hauler/pkg/log"
+)
+
+const (
+	dirPermissions  = 0o700 // Default directory permissions
+	filePermissions = 0o600 // Default file permissions
+)
+
+// securePath ensures the path is safely relative to the target directory.
+func securePath(basePath, relativePath string) (string, error) {
+	relativePath = filepath.Clean("/" + relativePath)                         // Normalize path with a leading slash
+	relativePath = strings.TrimPrefix(relativePath, string(os.PathSeparator)) // Remove leading separator
+
+	dstPath := filepath.Join(basePath, relativePath)
+
+	if !strings.HasPrefix(filepath.Clean(dstPath)+string(os.PathSeparator), filepath.Clean(basePath)+string(os.PathSeparator)) {
+		return "", fmt.Errorf("illegal file path: %s", dstPath)
+	}
+	return dstPath, nil
+}
+
+// createDirWithPermissions creates a directory with specified permissions.
+func createDirWithPermissions(ctx context.Context, path string, mode os.FileMode) error {
+	l := log.FromContext(ctx)
+	l.Debugf("Creating directory: %s", path)
+	if err := os.MkdirAll(path, mode); err != nil {
+		return fmt.Errorf("mkdir: %w", err)
+	}
+	return nil
+}
+
+// setPermissions applies permissions to a file or directory.
+func setPermissions(path string, mode os.FileMode) error {
+	if err := os.Chmod(path, mode); err != nil {
+		return fmt.Errorf("chmod: %w", err)
+	}
+	return nil
+}
+
+// handleFile handles the extraction of a file from the archive.
+func handleFile(ctx context.Context, f archives.FileInfo, dst string) error {
+	l := log.FromContext(ctx)
+	l.Debugf("Handling file: %s", f.NameInArchive)
+
+	// Validate and construct the destination path
+	dstPath, pathErr := securePath(dst, f.NameInArchive)
+	if pathErr != nil {
+		return pathErr
+	}
+
+	// Ensure the parent directory exists
+	parentDir := filepath.Dir(dstPath)
+	if dirErr := createDirWithPermissions(ctx, parentDir, dirPermissions); dirErr != nil {
+		return dirErr
+	}
+
+	// Handle directories
+	if f.IsDir() {
+		// Create the directory with permissions from the archive
+		if dirErr := createDirWithPermissions(ctx, dstPath, f.Mode()); dirErr != nil {
+			return fmt.Errorf("creating directory: %w", dirErr)
+		}
+		l.Debugf("Successfully created directory: %s", dstPath)
+		return nil
+	}
+
+	// Ignore symlinks (or hardlinks)
+	if f.LinkTarget != "" {
+		l.Debugf("Skipping symlink: %s -> %s", dstPath, f.LinkTarget)
+		return nil
+	}
+
+	// Check and handle parent directory permissions
+	originalMode, statErr := os.Stat(parentDir)
+	if statErr != nil {
+		return fmt.Errorf("stat parent directory: %w", statErr)
+	}
+
+	// If parent directory is read-only, temporarily make it writable
+	if originalMode.Mode().Perm()&0o200 == 0 {
+		l.Debugf("Parent directory is read-only, temporarily making it writable: %s", parentDir)
+		if chmodErr := os.Chmod(parentDir, originalMode.Mode()|0o200); chmodErr != nil {
+			return fmt.Errorf("chmod parent directory: %w", chmodErr)
+		}
+		defer func() {
+			// Restore the original permissions after writing
+			if chmodErr := os.Chmod(parentDir, originalMode.Mode()); chmodErr != nil {
+				l.Debugf("Failed to restore original permissions for %s: %v", parentDir, chmodErr)
+			}
+		}()
+	}
+
+	// Handle regular files
+	reader, openErr := f.Open()
+	if openErr != nil {
+		return fmt.Errorf("open file: %w", openErr)
+	}
+	defer reader.Close()
+
+	dstFile, createErr := os.OpenFile(dstPath, os.O_CREATE|os.O_WRONLY, f.Mode())
+	if createErr != nil {
+		return fmt.Errorf("create file: %w", createErr)
+	}
+	defer dstFile.Close()
+
+	if _, copyErr := io.Copy(dstFile, reader); copyErr != nil {
+		return fmt.Errorf("copy: %w", copyErr)
+	}
+	l.Debugf("Successfully extracted file: %s", dstPath)
+	return nil
+}
+
+// Unarchive unarchives a tarball to a directory, symlinks and hardlinks are ignored.
+func Unarchive(ctx context.Context, tarball, dst string) error {
+	l := log.FromContext(ctx)
+	l.Debugf("Unarchiving %s to %s", tarball, dst)
+	archiveFile, openErr := os.Open(tarball)
+	if openErr != nil {
+		return fmt.Errorf("open tarball %s: %w", tarball, openErr)
+	}
+	defer archiveFile.Close()
+
+	format, input, identifyErr := archives.Identify(context.Background(), tarball, archiveFile)
+	if identifyErr != nil {
+		return fmt.Errorf("identify format: %w", identifyErr)
+	}
+
+	extractor, ok := format.(archives.Extractor)
+	if !ok {
+		return fmt.Errorf("unsupported format for extraction")
+	}
+
+	if dirErr := createDirWithPermissions(ctx, dst, dirPermissions); dirErr != nil {
+		return fmt.Errorf("creating destination directory: %w", dirErr)
+	}
+
+	handler := func(ctx context.Context, f archives.FileInfo) error {
+		return handleFile(ctx, f, dst)
+	}
+
+	if extractErr := extractor.Extract(context.Background(), input, handler); extractErr != nil {
+		return fmt.Errorf("extracting files: %w", extractErr)
+	}
+
+	l.Debugf("Unarchiving completed successfully.")
+	return nil
+}
--- a/pkg/cosign/cosign.go
+++ b/pkg/cosign/cosign.go
@@ -1,39 +1,34 @@
 package cosign

 import (
-	"bufio"
 	"context"
-	"embed"
 	"fmt"
-	"os"
-	"os/exec"
-	"os/user"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"time"
-
-	"oras.land/oras-go/pkg/content"
-
+	"github.com/sigstore/cosign/v2/cmd/cosign/cli"
+	"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/v2/cmd/cosign/cli/verify"
 	"hauler.dev/go/hauler/internal/flags"
 	"hauler.dev/go/hauler/pkg/artifacts/image"
 	"hauler.dev/go/hauler/pkg/consts"
 	"hauler.dev/go/hauler/pkg/log"
 	"hauler.dev/go/hauler/pkg/store"
+	"oras.land/oras-go/pkg/content"
+	"os"
+	"time"
 )

 // VerifyFileSignature verifies the digital signature of a file using Sigstore/Cosign.
 func VerifySignature(ctx context.Context, s *store.Layout, keyPath string, ref string, rso *flags.StoreRootOpts, ro *flags.CliRootOpts) error {
+	l := log.FromContext(ctx)
 	operation := func() error {
-		cosignBinaryPath, err := getCosignPath(ro.HaulerDir)
-		if err != nil {
-			return err
+		v := &verify.VerifyCommand{
+			KeyRef: keyPath,
 		}

-		cmd := exec.Command(cosignBinaryPath, "verify", "--insecure-ignore-tlog", "--key", keyPath, ref)
-		output, err := cmd.CombinedOutput()
+		err := log.CaptureOutput(l, true, func() error {
+			return v.Exec(ctx, []string{ref})
+		})
 		if err != nil {
-			return fmt.Errorf("error verifying signature: %v\n%s", err, output)
+			return err
 		}

 		return nil
@@ -54,9 +49,8 @@ func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string
 	}

 	operation := func() error {
-		cosignBinaryPath, err := getCosignPath(ro.HaulerDir)
-		if err != nil {
-			return err
+		o := &options.SaveOptions{
+			Directory: s.Root,
 		}

 		// check to see if the image is multi-arch
@@ -64,58 +58,21 @@ func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string
 		if err != nil {
 			return err
 		}
-		l.Debugf("multi-arch image: %v", isMultiArch)
+		l.Debugf("multi-arch image [%v]", isMultiArch)

-		cmd := exec.Command(cosignBinaryPath, "save", ref, "--dir", s.Root)
 		// Conditionally add platform.
 		if platform != "" && isMultiArch {
 			l.Debugf("platform for image [%s]", platform)
-			cmd.Args = append(cmd.Args, "--platform", platform)
+			o.Platform = platform
 		}

-		stdout, err := cmd.StdoutPipe()
-		if err != nil {
-			return err
-		}
-		stderr, err := cmd.StderrPipe()
-		if err != nil {
-			return err
-		}
-		// start the command after having set up the pipe
-		if err := cmd.Start(); err != nil {
-			return err
-		}
-
-		// read command's stdout line by line
-		output := bufio.NewScanner(stdout)
-		for output.Scan() {
-			l.Debugf(output.Text()) // write each line to your log, or anything you need
-		}
-		if err := output.Err(); err != nil {
-			cmd.Wait()
-			return err
-		}
-
-		// read command's stderr line by line
-		errors := bufio.NewScanner(stderr)
-		for errors.Scan() {
-			if ro.IgnoreErrors {
-				l.Warnf(errors.Text())
-			}
-			l.Errorf(errors.Text())
-		}
-		if err := errors.Err(); err != nil {
-			cmd.Wait()
-			return err
-		}
-
-		// Wait for the command to finish
-		err = cmd.Wait()
+		err = cli.SaveCmd(ctx, *o, ref)
 		if err != nil {
 			return err
 		}

 		return nil
+
 	}

 	return RetryOperation(ctx, rso, ro, operation)
@@ -125,77 +82,33 @@ func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string
 func LoadImages(ctx context.Context, s *store.Layout, registry string, ropts content.RegistryOptions, ro *flags.CliRootOpts) error {
 	l := log.FromContext(ctx)

-	cosignBinaryPath, err := getCosignPath(ro.HaulerDir)
-	if err != nil {
-		return err
+	o := &options.LoadOptions{
+		Directory: s.Root,
+		Registry: options.RegistryOptions{
+			Name: registry,
+		},
 	}

-	cmd := exec.Command(cosignBinaryPath, "load", "--registry", registry, "--dir", s.Root)
-
 	// Conditionally add extra registry flags.
 	if ropts.Insecure {
-		cmd.Args = append(cmd.Args, "--allow-insecure-registry=true")
+		o.Registry.AllowInsecure = true
 	}
 	if ropts.PlainHTTP {
-		cmd.Args = append(cmd.Args, "--allow-http-registry=true")
+		o.Registry.AllowHTTPRegistry = true
 	}

-	stdout, err := cmd.StdoutPipe()
+	if ropts.Username != "" {
+		o.Registry.AuthConfig.Username = ropts.Username
+		o.Registry.AuthConfig.Password = ropts.Password
+	}
+
+	// execute the cosign load and capture the output in our logger
+	err := log.CaptureOutput(l, false, func() error {
+		return cli.LoadCmd(ctx, *o, "")
+	})
 	if err != nil {
 		return err
 	}
-	stderr, err := cmd.StderrPipe()
-	if err != nil {
-		return err
-	}
-	// start the command after having set up the pipe
-	if err := cmd.Start(); err != nil {
-		return err
-	}
-
-	// read command's stdout line by line
-	output := bufio.NewScanner(stdout)
-	for output.Scan() {
-		l.Infof(output.Text()) // write each line to your log, or anything you need
-	}
-	if err := output.Err(); err != nil {
-		cmd.Wait()
-		return err
-	}
-
-	// read command's stderr line by line
-	errors := bufio.NewScanner(stderr)
-	for errors.Scan() {
-		l.Errorf(errors.Text()) // write each line to your log, or anything you need
-	}
-	if err := errors.Err(); err != nil {
-		cmd.Wait()
-		return err
-	}
-
-	// Wait for the command to finish
-	err = cmd.Wait()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RegistryLogin - performs cosign login
-func RegistryLogin(ctx context.Context, s *store.Layout, registry string, ropts content.RegistryOptions, ro *flags.CliRootOpts) error {
-	log := log.FromContext(ctx)
-	cosignBinaryPath, err := getCosignPath(ro.HaulerDir)
-	if err != nil {
-		return err
-	}
-
-	cmd := exec.Command(cosignBinaryPath, "login", registry, "-u", ropts.Username, "-p", ropts.Password)
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("error logging into registry: %v, output: %s", err, output)
-	}
-	log.Infof(strings.Trim(string(output), "\n"))

 	return nil
 }
@@ -238,78 +151,3 @@ func RetryOperation(ctx context.Context, rso *flags.StoreRootOpts, ro *flags.Cli
 	// If all attempts fail, return an error
 	return fmt.Errorf("operation unsuccessful after %d attempts", rso.Retries)
 }
-
-func EnsureBinaryExists(ctx context.Context, bin embed.FS, ro *flags.CliRootOpts) error {
-	l := log.FromContext(ctx)
-
-	// Set up a path for the binary to be copied
-	binaryPath, err := getCosignPath(ro.HaulerDir)
-	if err != nil {
-		return fmt.Errorf("error: %v", err)
-	}
-
-	l.Debugf("using hauler directory at %s", filepath.Dir(binaryPath))
-
-	// Determine the architecture so that we pull the correct embedded binary
-	arch := runtime.GOARCH
-	rOS := runtime.GOOS
-	binaryName := "cosign"
-	if rOS == "windows" {
-		binaryName = fmt.Sprintf("cosign-%s-%s.exe", rOS, arch)
-	} else {
-		binaryName = fmt.Sprintf("cosign-%s-%s", rOS, arch)
-	}
-
-	// retrieve the embedded binary
-	f, err := bin.ReadFile(fmt.Sprintf("binaries/%s", binaryName))
-	if err != nil {
-		return fmt.Errorf("error: %v", err)
-	}
-
-	// write the binary to the filesystem
-	err = os.WriteFile(binaryPath, f, 0755)
-	if err != nil {
-		return fmt.Errorf("error: %v", err)
-	}
-
-	return nil
-}
-
-// getCosignPath returns the binary path
-func getCosignPath(haulerDir string) (string, error) {
-
-	if haulerDir == "" {
-		haulerDir = os.Getenv(consts.HaulerDir)
-	}
-
-	if haulerDir == "" {
-		// Get the current user's information
-		currentUser, err := user.Current()
-		if err != nil {
-			return "", fmt.Errorf("error retrieving user information: %v", err)
-		}
-
-		// Get the current user's home directory
-		homeDir := currentUser.HomeDir
-		haulerDir = filepath.Join(homeDir, consts.DefaultHaulerDirName)
-	}
-
-	// Create the .hauler directory (if it doesn't exist)
-	if _, err := os.Stat(haulerDir); os.IsNotExist(err) {
-		if err := os.MkdirAll(haulerDir, 0755); err != nil {
-			return "", fmt.Errorf("error creating %s directory: %v", consts.DefaultHaulerDirName, err)
-		}
-	}
-
-	// Determine the binary name
-	rOS := runtime.GOOS
-	binaryName := "cosign"
-	if rOS == "windows" {
-		binaryName = "cosign.exe"
-	}
-
-	// Construct the path to the binary
-	binaryPath := filepath.Join(haulerDir, binaryName)
-
-	return binaryPath, nil
-}
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@@ -7,6 +7,7 @@ import (

 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
+
 	"hauler.dev/go/hauler/pkg/consts"
 )

--- a/pkg/log/logcapture.go
+++ b/pkg/log/logcapture.go
@@ -0,0 +1,99 @@
+package log
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"sync"
+)
+
+// CustomWriter forwards log messages to the application's logger
+type CustomWriter struct {
+	logger Logger
+	level  string
+}
+
+func (cw *CustomWriter) Write(p []byte) (n int, err error) {
+	message := strings.TrimSpace(string(p))
+	if message != "" {
+		if cw.level == "error" {
+			cw.logger.Errorf("%s", message)
+		} else if cw.level == "info" {
+			cw.logger.Infof("%s", message)
+		} else {
+			cw.logger.Debugf("%s", message)
+		}
+	}
+	return len(p), nil
+}
+
+// logStream reads lines from a reader and writes them to the provided writer
+func logStream(reader io.Reader, customWriter *CustomWriter, wg *sync.WaitGroup) {
+	defer wg.Done()
+
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		customWriter.Write([]byte(scanner.Text()))
+	}
+	if err := scanner.Err(); err != nil && err != io.EOF {
+		customWriter.logger.Errorf("error reading log stream: %v", err)
+	}
+}
+
+// CaptureOutput redirects stdout and stderr to custom loggers and executes the provided function
+func CaptureOutput(logger Logger, debug bool, fn func() error) error {
+	// Create pipes for capturing stdout and stderr
+	stdoutReader, stdoutWriter, err := os.Pipe()
+	if err != nil {
+		return fmt.Errorf("failed to create stdout pipe: %w", err)
+	}
+	stderrReader, stderrWriter, err := os.Pipe()
+	if err != nil {
+		return fmt.Errorf("failed to create stderr pipe: %w", err)
+	}
+
+	// Save original stdout and stderr
+	origStdout := os.Stdout
+	origStderr := os.Stderr
+
+	// Redirect stdout and stderr
+	os.Stdout = stdoutWriter
+	os.Stderr = stderrWriter
+
+	// Use WaitGroup to wait for logging goroutines to finish
+	var wg sync.WaitGroup
+	wg.Add(2)
+
+	// Start logging goroutines
+	if !debug {
+		go logStream(stdoutReader, &CustomWriter{logger: logger, level: "info"}, &wg)
+		go logStream(stderrReader, &CustomWriter{logger: logger, level: "error"}, &wg)
+	} else {
+		go logStream(stdoutReader, &CustomWriter{logger: logger, level: "debug"}, &wg)
+		go logStream(stderrReader, &CustomWriter{logger: logger, level: "debug"}, &wg)
+	}
+
+	// Run the provided function in a separate goroutine
+	fnErr := make(chan error, 1)
+	go func() {
+		fnErr <- fn()
+		stdoutWriter.Close() // Close writers to signal EOF to readers
+		stderrWriter.Close()
+	}()
+
+	// Wait for logging goroutines to finish
+	wg.Wait()
+
+	// Restore original stdout and stderr
+	os.Stdout = origStdout
+	os.Stderr = origStderr
+
+	// Check for errors from the function
+	if err := <-fnErr; err != nil {
+		return fmt.Errorf("function execution failed: %w", err)
+	}
+
+	return nil
+}
--- a/pkg/reference/reference.go
+++ b/pkg/reference/reference.go
@@ -8,6 +8,7 @@ import (
 	"strings"

 	gname "github.com/google/go-containerregistry/pkg/name"
+
 	"hauler.dev/go/hauler/pkg/consts"
 )
Author	SHA1	Message	Date
dependabot[bot]	5f5cd64c2f	Bump the go_modules group across 1 directory with 2 updates (#385 )	2025-01-10 19:59:36 -05:00
Adam Martin	882713b725	replace mholt/archiver with mholt/archives (#384 )	2025-01-10 19:15:00 -05:00
Adam Martin	a20d7bf950	forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383 ) * only ignore project-root/store not all store paths * remove embedded cosign binary in favor of fork library	2025-01-10 17:14:44 -05:00
Zack Brady	e97adcdfed	cleaned up registry and improved logging (#378 ) * cleaned up registry and improved logging * last bit of logging improvements/import clean up --------- Signed-off-by: Zack Brady <zackbrady123@gmail.com>	2025-01-09 15:21:03 -05:00
dependabot[bot]	cc17b030a9	Bump golang.org/x/crypto in the go_modules group across 1 directory (#377 ) Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.28.0 to 0.31.0 - [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-14 01:02:58 -05:00