From e8a9ed4743ec70f1b8f0457987df29e70af4a39e Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Mon, 5 Jun 2023 16:08:54 +0000 Subject: [PATCH 1/6] ci: bump golangci-lint to v1.53 Disable 'depguard', enable new 'mirror' linter. Signed-off-by: Edita Kizinevic --- .github/workflows/ci.yml | 2 +- .golangci.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cb84925..04e6d7f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,7 +41,7 @@ jobs: - name: Install Lint uses: golangci/golangci-lint-action@v2 with: - version: v1.52 + version: v1.53 skip-pkg-cache: true skip-build-cache: true diff --git a/.golangci.yml b/.golangci.yml index d2567b3..8b6a5a6 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -11,7 +11,6 @@ linters: - containedctx - contextcheck - decorder - - depguard - dogsled - dupl - dupword @@ -20,6 +19,7 @@ linters: - errname - errorlint - exportloopref + - forcetypeassert - gochecknoinits - gocritic - godot @@ -38,6 +38,7 @@ linters: - ireturn - lll - maintidx + - mirror - misspell - nilnil - nolintlint From 7e709b6cb0e08569832a9f286a7eea3d574e20df Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Mon, 5 Jun 2023 16:14:46 +0000 Subject: [PATCH 2/6] ci: enable thelper linter Signed-off-by: Edita Kizinevic --- .golangci.yml | 1 + pkg/integrity/dsse_test.go | 6 ++++++ pkg/sif/select_test.go | 4 +++- pkg/siftool/siftool_test.go | 4 +++- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 8b6a5a6..bceae78 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -48,6 +48,7 @@ linters: - revive - staticcheck - tenv + - thelper - typecheck - unconvert - unparam diff --git a/pkg/integrity/dsse_test.go b/pkg/integrity/dsse_test.go index e920b1e..5731126 100644 --- a/pkg/integrity/dsse_test.go +++ b/pkg/integrity/dsse_test.go @@ -111,6 +111,8 @@ func Test_dsseEncoder_signMessage(t *testing.T) { // corruptPayloadType corrupts the payload type of e and re-signs the envelope. The result is a // cryptographically valid envelope with an unexpected payload types. func corruptPayloadType(t *testing.T, en *dsseEncoder, e *dsse.Envelope) { + t.Helper() + body, err := e.DecodeB64Payload() if err != nil { t.Fatal(err) @@ -127,6 +129,8 @@ func corruptPayloadType(t *testing.T, en *dsseEncoder, e *dsse.Envelope) { // corruptPayload corrupts the payload in e. The result is that the signature(s) in e do not match // the payload. func corruptPayload(t *testing.T, _ *dsseEncoder, e *dsse.Envelope) { + t.Helper() + body, err := e.DecodeB64Payload() if err != nil { t.Fatal(err) @@ -138,6 +142,8 @@ func corruptPayload(t *testing.T, _ *dsseEncoder, e *dsse.Envelope) { // corruptSignatures corrupts the signature(s) in e. The result is that the signature(s) in e do // not match the payload. func corruptSignatures(t *testing.T, _ *dsseEncoder, e *dsse.Envelope) { + t.Helper() + for i, sig := range e.Signatures { b, err := base64.StdEncoding.DecodeString(sig.Sig) if err != nil { diff --git a/pkg/sif/select_test.go b/pkg/sif/select_test.go index 8bc2180..b31d0bf 100644 --- a/pkg/sif/select_test.go +++ b/pkg/sif/select_test.go @@ -2,7 +2,7 @@ // Apptainer a Series of LF Projects LLC. // For website terms of use, trademark policy, privacy policy and other // project policies see https://lfprojects.org/policies -// Copyright (c) 2021, Sylabs Inc. All rights reserved. +// Copyright (c) 2021-2023, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the // LICENSE file distributed with the sources of this project regarding your // rights to use or distribute this software. @@ -275,6 +275,7 @@ func TestFileImage_WithDescriptors(t *testing.T) { { name: "ReturnTrue", fn: func(t *testing.T) func(d Descriptor) bool { + t.Helper() return func(d Descriptor) bool { if id := d.ID(); id > 1 { t.Errorf("unexpected ID: %v", id) @@ -286,6 +287,7 @@ func TestFileImage_WithDescriptors(t *testing.T) { { name: "ReturnFalse", fn: func(t *testing.T) func(d Descriptor) bool { + t.Helper() return func(d Descriptor) bool { if id := d.ID(); id > 2 { t.Errorf("unexpected ID: %v", id) diff --git a/pkg/siftool/siftool_test.go b/pkg/siftool/siftool_test.go index 587497f..aecbe44 100644 --- a/pkg/siftool/siftool_test.go +++ b/pkg/siftool/siftool_test.go @@ -4,7 +4,7 @@ // For website terms of use, trademark policy, privacy policy and other // project policies see https://lfprojects.org/policies // -// Copyright (c) 2021-2022, Sylabs Inc. All rights reserved. +// Copyright (c) 2021-2023, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the // LICENSE file distributed with the sources of this project regarding your // rights to use or distribute this software. @@ -26,6 +26,8 @@ import ( var corpus = filepath.Join("..", "..", "test", "images") func makeTestSIF(t *testing.T, withDataObject bool) string { + t.Helper() + tf, err := os.CreateTemp("", "sif-test-*") if err != nil { t.Fatal(err) From c3a906ae5fbec746c8bc0cefcc734e574a26f794 Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Mon, 5 Jun 2023 16:37:23 +0000 Subject: [PATCH 3/6] test: report file/line info for makeTestSIF errors Signed-off-by: Edita Kizinevic --- pkg/siftool/siftool_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/siftool/siftool_test.go b/pkg/siftool/siftool_test.go index aecbe44..054ea74 100644 --- a/pkg/siftool/siftool_test.go +++ b/pkg/siftool/siftool_test.go @@ -25,9 +25,8 @@ import ( var corpus = filepath.Join("..", "..", "test", "images") +//nolint:thelper // Complex enough to justify keeping file/line information on error. func makeTestSIF(t *testing.T, withDataObject bool) string { - t.Helper() - tf, err := os.CreateTemp("", "sif-test-*") if err != nil { t.Fatal(err) From ebeabeafce3d2ed1d3f32ca30a540707438b78d5 Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Tue, 13 Jun 2023 10:04:24 -0400 Subject: [PATCH 4/6] deps: bump github.com/ProtonMail/go-crypto (sylabs/sif#303) * deps: bump github.com/ProtonMail/go-crypto from v0.0.0-20230217124315-7d5c6f04bbb8 to v0.0.0-20230528122434-6f98819771a1 * fix: update test case to match new PGP error Signed-off-by: Edita Kizinevic --- go.mod | 2 +- go.sum | 42 +++++++++++++++++++++++++++++---- pkg/integrity/clearsign_test.go | 2 +- 3 files changed, 39 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 18c1958..313b6e6 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/apptainer/sif/v2 go 1.19 require ( - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 + github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 github.com/google/uuid v1.3.0 github.com/sebdah/goldie/v2 v2.5.3 github.com/secure-systems-lab/go-securesystemslib v0.6.0 diff --git a/go.sum b/go.sum index d9a1152..bb46088 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,8 @@ -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= +github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 h1:JMDGhoQvXNTqH6Y3MC0IUw6tcZvaUdujNqzK2HYWZc8= +github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= @@ -71,24 +70,57 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= diff --git a/pkg/integrity/clearsign_test.go b/pkg/integrity/clearsign_test.go index d4d7938..a329bcf 100644 --- a/pkg/integrity/clearsign_test.go +++ b/pkg/integrity/clearsign_test.go @@ -126,7 +126,7 @@ func Test_clearsignDecoder_verifyMessage(t *testing.T) { name: "CorruptedClearsign", corrupter: corruptClearsign, de: newClearsignDecoder(openpgp.EntityList{e}), - wantErr: pgperrors.SignatureError("hash tag doesn't match"), + wantErr: pgperrors.SignatureError("RSA verification failure"), }, { name: "CorruptedSignature", From 9917d5a2398ee67b147d8be6f8f3c3cffb777c7e Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Fri, 12 May 2023 19:11:28 +0000 Subject: [PATCH 5/6] ci: disable GitHub checks for CodeCov Signed-off-by: Edita Kizinevic --- .codecov.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .codecov.yml diff --git a/.codecov.yml b/.codecov.yml new file mode 100644 index 0000000..f105d5a --- /dev/null +++ b/.codecov.yml @@ -0,0 +1 @@ +github_checks: false From ef12c5dfd5fd9772b6c50e8f4fd1034110bc2989 Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:06:21 +0000 Subject: [PATCH 6/6] ci: disable codecov status Signed-off-by: Edita Kizinevic --- .codecov.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.codecov.yml b/.codecov.yml index f105d5a..52af83d 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -1 +1,6 @@ +coverage: + status: + patch: off + project: off + github_checks: false