diff --git a/age/keysource_test.go b/age/keysource_test.go index 24bd94792..39aef834d 100644 --- a/age/keysource_test.go +++ b/age/keysource_test.go @@ -521,8 +521,9 @@ func TestMasterKey_Identities_Passphrase(t *testing.T) { t.Setenv(SopsAgeKeyEnv, mockEncryptedIdentity) //blocks calling gpg-agent os.Unsetenv("XDG_RUNTIME_DIR") - t.Setenv(SopsAgePasswordEnv, mockIdentityPassphrase) + testOnlyAgePassword = mockIdentityPassphrase got, err := key.Decrypt() + testOnlyAgePassword = "" assert.NoError(t, err) assert.EqualValues(t, mockEncryptedKeyPlain, got) @@ -540,9 +541,11 @@ func TestMasterKey_Identities_Passphrase(t *testing.T) { t.Setenv(SopsAgeKeyFileEnv, keyPath) //blocks calling gpg-agent os.Unsetenv("XDG_RUNTIME_DIR") - t.Setenv(SopsAgePasswordEnv, mockIdentityPassphrase) + testOnlyAgePassword = mockIdentityPassphrase got, err := key.Decrypt() + testOnlyAgePassword = "" + assert.NoError(t, err) assert.EqualValues(t, mockEncryptedKeyPlain, got) }) @@ -552,9 +555,11 @@ func TestMasterKey_Identities_Passphrase(t *testing.T) { t.Setenv(SopsAgeKeyEnv, mockEncryptedIdentity) //blocks calling gpg-agent os.Unsetenv("XDG_RUNTIME_DIR") - t.Setenv(SopsAgePasswordEnv, mockIdentityPassphrase) + testOnlyAgePassword = mockIdentityPassphrase got, err := key.Decrypt() + testOnlyAgePassword = "" + assert.Error(t, err) assert.ErrorContains(t, err, "failed to create reader for decrypting sops data key with age") assert.Nil(t, got) diff --git a/age/tui.go b/age/tui.go index e26ef0b8a..35f9f3ad7 100644 --- a/age/tui.go +++ b/age/tui.go @@ -22,9 +22,7 @@ import ( "golang.org/x/term" ) -const ( - SopsAgePasswordEnv = "SOPS_AGE_PASSWORD" -) +var testOnlyAgePassword string func printf(format string, v ...interface{}) { log.Printf("age: "+format, v...) @@ -34,20 +32,6 @@ func warningf(format string, v ...interface{}) { log.Printf("age: warning: "+format, v...) } -// If testOnlyPanicInsteadOfExit is true, exit will set testOnlyDidExit and -// panic instead of calling os.Exit. This way, the wrapper in TestMain can -// recover the panic and return the exit code only if it was originated in exit. -var testOnlyPanicInsteadOfExit bool -var testOnlyDidExit bool - -func exit(code int) { - if testOnlyPanicInsteadOfExit { - testOnlyDidExit = true - panic(code) - } - os.Exit(code) -} - // clearLine clears the current line on the terminal, or opens a new line if // terminal escape codes don't work. func clearLine(out io.Writer) { @@ -96,9 +80,8 @@ func withTerminal(f func(in, out *os.File) error) error { // readSecret reads a value from the terminal with no echo. The prompt is ephemeral. func readSecret(prompt string) (s []byte, err error) { if testing.Testing() { - password := os.Getenv(SopsAgePasswordEnv) - if password != "" { - return []byte(password), nil + if testOnlyAgePassword != "" { + return []byte(testOnlyAgePassword), nil } } diff --git a/azkv/keysource.go b/azkv/keysource.go index 11e761026..28cb6ebde 100644 --- a/azkv/keysource.go +++ b/azkv/keysource.go @@ -79,7 +79,7 @@ func NewMasterKeyFromURL(url string) (*MasterKey, error) { url = strings.TrimSpace(url) re := regexp.MustCompile("^(https://[^/]+)/keys/([^/]+)/([^/]+)$") parts := re.FindStringSubmatch(url) - if parts == nil || len(parts) < 3 { + if len(parts) < 3 { return nil, fmt.Errorf("could not parse %q into a valid Azure Key Vault MasterKey", url) } return NewMasterKey(parts[1], parts[2], parts[3]), nil diff --git a/cmd/sops/common/common.go b/cmd/sops/common/common.go index 1bf6dc026..6d6fa0751 100644 --- a/cmd/sops/common/common.go +++ b/cmd/sops/common/common.go @@ -222,7 +222,7 @@ func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex in for n, k := range kg { kmsKey, ok := k.(*kms.MasterKey) if ok { - if kmsKey.EncryptionContext != nil && len(kmsKey.EncryptionContext) >= 2 { + if len(kmsKey.EncryptionContext) >= 2 { duplicateValues := map[string]int{} for _, v := range kmsKey.EncryptionContext { duplicateValues[*v] = duplicateValues[*v] + 1 diff --git a/cmd/sops/main.go b/cmd/sops/main.go index 94ebcf10d..baac90561 100644 --- a/cmd/sops/main.go +++ b/cmd/sops/main.go @@ -2150,7 +2150,7 @@ func keyservices(c *cli.Context) (svcs []keyservice.KeyServiceClient) { "address", fmt.Sprintf("%s://%s", url.Scheme, addr), ).Infof("Connecting to key service") - conn, err := grpc.Dial(addr, opts...) + conn, err := grpc.NewClient(addr, opts...) if err != nil { log.Fatalf("failed to listen: %v", err) } @@ -2283,7 +2283,7 @@ func keyGroups(c *cli.Context, file string) ([]sops.KeyGroup, error) { if err != nil { errMsg = fmt.Sprintf("%s: %s", errMsg, err) } - return nil, fmt.Errorf(errMsg) + return nil, fmt.Errorf("%s", errMsg) } return conf.KeyGroups, err } diff --git a/gcpkms/keysource_test.go b/gcpkms/keysource_test.go index 153bfb260..24bbbbfb6 100644 --- a/gcpkms/keysource_test.go +++ b/gcpkms/keysource_test.go @@ -159,7 +159,7 @@ func newGRPCServer(port string) *grpc.ClientConn { } go serv.Serve(lis) - conn, err := grpc.Dial(lis.Addr().String(), grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := grpc.NewClient(lis.Addr().String(), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { log.Fatal(err) } diff --git a/shamir/shamir.go b/shamir/shamir.go index 10d7bc3ba..b3f4f1d50 100644 --- a/shamir/shamir.go +++ b/shamir/shamir.go @@ -15,7 +15,6 @@ import ( "crypto/subtle" "fmt" mathrand "math/rand" - "time" ) const ( @@ -190,7 +189,6 @@ func Split(secret []byte, parts, threshold int) ([][]byte, error) { // a non-cryptographically secure source of randomness is used. // As far as I know the x coordinates do not need to be random. - mathrand.Seed(time.Now().UnixNano()) xCoordinates := mathrand.Perm(255) // Allocate the output array, initialize the final byte