edgelesssys · thomasten · Mar 20, 2024 · Mar 15, 2024 · Mar 15, 2024
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -0,0 +1,35 @@
+name: golangci-lint
+on:
+ push:
+ branches:
+ - master
+ - main
+ pull_request:
+
+permissions:
+ contents: read
+ # Optional: allow read access to pull request. Use with `only-new-issues` option.
+ # pull-requests: read
+
+jobs:
+ golangci:
+ name: lint
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+
+ - uses: actions/setup-go@v5
+ with:
+ go-version: "1.21"
+ cache: false
+
+ - name: golangci-lint /
+ uses: golangci/golangci-lint-action@v4
+ with:
+ version: v1.56
+
+ - name: golangci-lint /ego
+ uses: golangci/golangci-lint-action@v4
+ with:
+ version: v1.56
+ working-directory: ego
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,6 @@
+run:
+ timeout: 10m
+ build-tags: [ego_mock_eclient]
+
+linters:
+ enable: [gofumpt]
diff --git a/attestation/attestation.go b/attestation/attestation.go
@@ -57,5 +57,6 @@ func VerifyAzureAttestationToken(token string, providerURL string) (Report, erro
  Debug: report.Debug,
  UniqueID: report.UniqueID,
  SignerID: report.SignerID,
- ProductID: report.ProductID}, nil
+ ProductID: report.ProductID,
+ }, nil
 }
diff --git a/eclient/doc.go b/eclient/doc.go
@@ -11,13 +11,16 @@ Use this package for programs that don't run in an enclave themselves but intera
 enclaved programs. Those non-enclaved programs are often called third parties or relying parties.
 
 This package requires libcrypto. On Ubuntu install it with:
+
  sudo apt install libssl-dev
 
 This package requires the following environment variables to be set during build:
+
  CGO_CFLAGS=-I/opt/ego/include
  CGO_LDFLAGS=-L/opt/ego/lib
 
 Or if using the EGo snap:
+
  CGO_CFLAGS=-I/snap/ego-dev/current/opt/ego/include
  CGO_LDFLAGS=-L/snap/ego-dev/current/opt/ego/lib
 

diff --git a/ecrypto/doc.go b/ecrypto/doc.go
@@ -7,7 +7,7 @@
 /*
 Package ecrypto provides convenience functions for cryptography inside an enclave.
 
-Sealing
+# Sealing
 
 Sealing is the process of encrypting data with a key derived from the enclave and the CPU it is running on.
 Sealed data can only be decrypted by the same enclave and CPU. Use it to persist data to disk.

diff --git a/ecrypto/ecrypto.go b/ecrypto/ecrypto.go
@@ -29,9 +29,11 @@ type enclaveSealer struct{}
 func (enclaveSealer) GetUniqueSealKey() (key, keyInfo []byte, err error) {
  return enclave.GetUniqueSealKey()
 }
+
 func (enclaveSealer) GetProductSealKey() (key, keyInfo []byte, err error) {
  return enclave.GetProductSealKey()
 }
+
 func (enclaveSealer) GetSealKey(keyInfo []byte) ([]byte, error) {
  return enclave.GetSealKey(keyInfo)
 }

diff --git a/ecrypto/ecrypto_test.go b/ecrypto/ecrypto_test.go
@@ -22,9 +22,11 @@ type stubSealer struct{}
 func (stubSealer) GetUniqueSealKey() (key, keyInfo []byte, err error) {
  return []byte("1234567890123456"), []byte("unique"), nil
 }
+
 func (stubSealer) GetProductSealKey() (key, keyInfo []byte, err error) {
  return []byte("2345678901234567"), []byte("product"), nil
 }
+
 func (stubSealer) GetSealKey(keyInfo []byte) ([]byte, error) {
  switch string(keyInfo) {
  case "unique":

diff --git a/ego/cli/bundle.go b/ego/cli/bundle.go
@@ -39,7 +39,7 @@ func (c *Cli) Bundle(filename string, outputFilename string) (reterr error) {
  if err != nil {
  return err
  }
- defer c.fs.Remove(tarFilename)
+ defer func() { _ = c.fs.Remove(tarFilename) }()
 
  if outputFilename == "" {
  outputFilename = filepath.Base(filename) + "-bundle"
@@ -51,7 +51,7 @@ func (c *Cli) Bundle(filename string, outputFilename string) (reterr error) {
  }
  defer func() {
  if reterr != nil {
- c.fs.Remove(outputFilename)
+ _ = c.fs.Remove(outputFilename)
  }
  }()
 
@@ -125,7 +125,7 @@ func (c *Cli) buildImage(enclaveFilename string) (tempFileName string, reterr er
  }
  defer func() {
  if reterr != nil {
- c.fs.Remove(tempFile.Name())
+ _ = c.fs.Remove(tempFile.Name())
  }
  }()
  defer tempFile.Close()
@@ -209,7 +209,7 @@ func (c *Cli) prepareBundle(inputFilename string, outputFilename string) (reterr
  }
  defer func() {
  if reterr != nil {
- c.fs.Remove(binaryToPack.Name())
+ _ = c.fs.Remove(binaryToPack.Name())
  }
  }()
  defer binaryToPack.Close()

diff --git a/ego/cli/bundle_test.go b/ego/cli/bundle_test.go
@@ -18,9 +18,8 @@ import (
  "path/filepath"
  "testing"
 
- "ego/config"
- "ego/internal/launch"
-
+ "github.com/edgelesssys/ego/ego/config"
+ "github.com/edgelesssys/ego/ego/internal/launch"
  "github.com/spf13/afero"
  "github.com/stretchr/testify/assert"
  "github.com/stretchr/testify/require"

diff --git a/ego/cli/cli.go b/ego/cli/cli.go
@@ -10,8 +10,7 @@ import (
  "os"
  "path/filepath"
 
- "ego/internal/launch"
-
+ "github.com/edgelesssys/ego/ego/internal/launch"
  "github.com/spf13/afero"
 )
 

diff --git a/ego/cli/elf_test.go b/ego/cli/elf_test.go
@@ -9,14 +9,12 @@ package cli
 import (
  "debug/elf"
  "encoding/json"
- "io/ioutil"
  "os"
  "os/exec"
  "path/filepath"
  "testing"
 
- "ego/config"
-
+ "github.com/edgelesssys/ego/ego/config"
  "github.com/spf13/afero"
  "github.com/stretchr/testify/assert"
  "github.com/stretchr/testify/require"
@@ -32,15 +30,15 @@ var elfUnsigned = func() []byte {
  panic(err)
  }
 
- dir, err := ioutil.TempDir("", "")
+ dir, err := os.MkdirTemp("", "")
  if err != nil {
  panic(err)
  }
  defer os.RemoveAll(dir)
 
  // write minimal source file
  const src = `package main;import _"time";func main(){}`
- if err := ioutil.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil {
+ if err := os.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil {
  panic(err)
  }
 
@@ -55,7 +53,7 @@ var elfUnsigned = func() []byte {
  }
 
  // read resulting executable
- data, err := ioutil.ReadFile(filepath.Join(dir, outFile))
+ data, err := os.ReadFile(filepath.Join(dir, outFile))
  if err != nil {
  panic(err)
  }

diff --git a/ego/cli/install.go b/ego/cli/install.go
@@ -11,7 +11,7 @@ import (
  "encoding/json"
  "errors"
  "fmt"
- "io/ioutil"
+ "io"
  "net/http"
  "os"
  "os/exec"
@@ -23,10 +23,12 @@ import (
 
 const shellToUse = "bash"
 
-var ErrTargetNotSupported = errors.New("component not found")
-var ErrInstallUserQuit = errors.New("user denied installation")
-var ErrExitCodeValue = errors.New("exit code not 0")
-var ErrSysInfoFail = errors.New("could not determine necessary details about operating system")
+var (
+ ErrTargetNotSupported = errors.New("component not found")
+ ErrInstallUserQuit = errors.New("user denied installation")
+ ErrExitCodeValue = errors.New("exit code not 0")
+ ErrSysInfoFail = errors.New("could not determine necessary details about operating system")
+)
 
 type installInfoV1 struct {
  Desc map[string]string
@@ -184,7 +186,7 @@ func httpGet(url string) ([]byte, error) {
  if resp.StatusCode != http.StatusOK {
  return nil, fmt.Errorf("http response has status %v", resp.Status)
  }
- body, err := ioutil.ReadAll(resp.Body)
+ body, err := io.ReadAll(resp.Body)
  if err != nil {
  return nil, err
  }