diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 8732ec6..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: CodeQL -on: - pull_request: - branches: - - main - push: - branches: - - main -jobs: - codeql: - name: Analysis - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - # Override language selection by uncommenting this and choosing your languages - # with: - # languages: go, javascript, csharp, python, cpp, java - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index bf8bcc4..cb243b3 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go-version: [1.19.1] + go-version: [1.21.1] steps: - name: Set up Go ${{ matrix.go-version }} uses: actions/setup-go@v3 @@ -28,14 +28,27 @@ jobs: run: | go build ./... go vet ./... - curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.48.0 - $(go env GOPATH)/bin/golangci-lint run --config ./.golangci.yml + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: "Set up Go" + uses: actions/setup-go@v3 + with: + go-version: 1.21.1 + - name: Check out code + uses: actions/checkout@v3 + - name: Lint + uses: golangci/golangci-lint-action@v3 + with: + version: latest + args: --config ./.golangci.yml --timeout=2m test: name: Text ${{ matrix.os }} runs-on: ${{ matrix.os }} strategy: matrix: - go-version: [1.19.1] + go-version: [1.21.1] os: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }} @@ -47,3 +60,20 @@ jobs: - name: Test on ${{ matrix.os }} run: | go test ./... + vulncheck: + name: Vulncheck + needs: Lint + runs-on: ubuntu-latest + steps: + - name: Check out code into the Go module directory + uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: 1.21.1 + check-latest: true + - name: Get govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + shell: bash + - name: Run govulncheck + run: govulncheck ./... + shell: bash diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml deleted file mode 100644 index 50f153b..0000000 --- a/.github/workflows/vulncheck.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: VulnCheck -on: - pull_request: - branches: - - main - push: - branches: - - main -jobs: - vulncheck: - name: Analysis - runs-on: ubuntu-latest - steps: - - name: Check out code into the Go module directory - uses: actions/checkout@v3 - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: 1.19.1 - check-latest: true - - name: Install govulncheck - run: go install golang.org/x/vuln/cmd/govulncheck@latest - shell: bash - - name: Run govulncheck - run: govulncheck ./... - shell: bash diff --git a/.golangci.yml b/.golangci.yml index 2b6a6f0..afd2b48 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -5,26 +5,30 @@ linters-settings: misspell: locale: US + staticcheck: + checks: ["all", "-SA1019"] + linters: disable-all: true enable: - typecheck - goimports - misspell + - staticcheck - govet + - revive - ineffassign - gosimple - - deadcode - - unparam - unused - - structcheck - prealloc - unconvert + - gofumpt issues: exclude-use-default: false exclude: - - should have a package comment - - error strings should not be capitalized or end with punctuation or a newline + - "var-naming: don't use ALL_CAPS in Go names; use CamelCase" + - "package-comments: should have a package comment" + service: golangci-lint-version: 1.48.0 # use the fixed version to not introduce new linters unexpectedly diff --git a/cmd/minisign/minisign.go b/cmd/minisign/minisign.go index f8f0d1d..e6ae83c 100644 --- a/cmd/minisign/minisign.go +++ b/cmd/minisign/minisign.go @@ -48,7 +48,7 @@ Options: -v Print version information. ` -var version string = "v0.0.0-dev" +var version = "v0.0.0-dev" func main() { log.SetFlags(0) @@ -135,12 +135,12 @@ func generateKeyPair(secKeyFile, pubKeyFile string, force bool) { } if dir := filepath.Dir(secKeyFile); dir != "" && dir != "." && dir != "/" { - if err := os.MkdirAll(dir, 0755); err != nil { + if err := os.MkdirAll(dir, 0o755); err != nil { log.Fatalf("Error: %v", err) } } if dir := filepath.Dir(pubKeyFile); dir != "" && dir != "." && dir != "/" { - if err := os.MkdirAll(dir, 0755); err != nil { + if err := os.MkdirAll(dir, 0o755); err != nil { log.Fatalf("Error: %v", err) } } @@ -169,11 +169,11 @@ func generateKeyPair(secKeyFile, pubKeyFile string, force bool) { } fmt.Print("done\n\n") - var fileFlags = os.O_CREATE | os.O_WRONLY | os.O_TRUNC + fileFlags := os.O_CREATE | os.O_WRONLY | os.O_TRUNC if !force { fileFlags |= os.O_EXCL // fail if the file already exists } - skFile, err := os.OpenFile(secKeyFile, fileFlags, 0600) + skFile, err := os.OpenFile(secKeyFile, fileFlags, 0o600) if err != nil { log.Fatalf("Error: %v", err) } @@ -182,7 +182,7 @@ func generateKeyPair(secKeyFile, pubKeyFile string, force bool) { log.Fatalf("Error: %v", err) } - pkFile, err := os.OpenFile(pubKeyFile, fileFlags, 0644) + pkFile, err := os.OpenFile(pubKeyFile, fileFlags, 0o644) if err != nil { log.Fatalf("Error: %v", err) } @@ -234,7 +234,7 @@ func signFiles(secKeyFile, sigFile, untrustedComment, trustedComment string, fil if sigFile != "" { if dir := filepath.Dir(sigFile); dir != "" && dir != "." && dir != "/" { - if err := os.MkdirAll(dir, 0755); err != nil { + if err := os.MkdirAll(dir, 0o755); err != nil { log.Fatalf("Error: %v", err) } } @@ -247,14 +247,14 @@ func signFiles(secKeyFile, sigFile, untrustedComment, trustedComment string, fil log.Fatalf("Error: %v", err) } - var tComment, uComment = trustedComment, untrustedComment + tComment, uComment := trustedComment, untrustedComment if uComment == "" { uComment = "signature from minisign secret key" } if tComment == "" { tComment = fmt.Sprintf("timestamp:%d\tfilename:%s", time.Now().Unix(), filepath.Base(name)) } - var reader = minisign.NewReader(file) + reader := minisign.NewReader(file) if _, err = io.Copy(io.Discard, reader); err != nil { file.Close() log.Fatalf("Error: %v", err) @@ -262,15 +262,16 @@ func signFiles(secKeyFile, sigFile, untrustedComment, trustedComment string, fil signature = reader.SignWithComments(privateKey, tComment, uComment) file.Close() - var signatureFile = name + ".minisig" + signatureFile := name + ".minisig" if sigFile != "" { signatureFile = sigFile } - if err = os.WriteFile(signatureFile, signature, 0644); err != nil { + if err = os.WriteFile(signatureFile, signature, 0o644); err != nil { log.Fatalf("Error: %v", err) } } } + func verifyFile(sigFile, pubFile, pubKeyString string, printOutput, quiet, prettyQuiet, requireHash bool, files ...string) { if len(files) == 0 { log.Fatalf("Error: no files to verify. Use -m to specify a file path") @@ -382,7 +383,7 @@ func recreateKeyPair(secKeyFile, pubKeyFile string, force bool) { publicKey := privateKey.Public().(minisign.PublicKey) rawPublicKey, _ := publicKey.MarshalText() - if err = os.WriteFile(pubKeyFile, rawPublicKey, 0644); err != nil { + if err = os.WriteFile(pubKeyFile, rawPublicKey, 0o644); err != nil { log.Fatalf("Error: %v", err) } } diff --git a/go.mod b/go.mod index 8842055..5b1c832 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,10 @@ module aead.dev/minisign -go 1.16 +go 1.20 require ( - golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 - golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46 // indirect - golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 + golang.org/x/crypto v0.13.0 + golang.org/x/term v0.12.0 ) + +require golang.org/x/sys v0.12.0 // indirect diff --git a/go.sum b/go.sum index 186d8e2..537083b 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,6 @@ -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46 h1:V066+OYJ66oTjnhm4Yrn7SXIwSCiDQJxpBxmvqb1N1c= -golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=