ci: enforce all files are gofmt'd.

.travis.yml

@@ -4,13 +4,18 @@ go:
   - "1.11.x"
 
 env:
-  - GO111MODULE=on
+  - GO111MODULE="on" GOFLAGS="-mod=vendor"
 
 install:
-  - go install -mod=vendor -v ./...
+  - go install -v ./...
 
 script:
-  - go test -mod=vendor -v ./...
+  # Fast-fail on non-zero exit codes
+  - set -e
+  # Verify that all files have been gofmt'd with simplification.
+  - diff <(GOFLAGS="-mod=vendor" go fmt ./... 2>&1) <(printf "")
+  # Verify that unit tests pass
+  - go test -v ./...
 
 notifications:
   slack:

ct/x509/root_cgo_darwin.go

@@ -5,6 +5,7 @@
 // +build cgo,!arm,!arm64,!ios
 
 package x509
+
 // Use non-cgo on Darwin to prevent duplicate symbols on cgo
 
 //

ct/x509/x509_test.go

@@ -342,7 +342,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
 			UnknownExtKeyUsage: testUnknownExtKeyUsage,
 
 			BasicConstraintsValid: true,
-			IsCA: true,
+			IsCA:                  true,
 
 			OCSPServer:            []string{"http://ocsp.example.com"},
 			IssuingCertificateURL: []string{"http://crt.example.com/ca1.crt"},

tls/conn.go

@@ -49,12 +49,12 @@ type Conn struct {
 	clientProtocolFallback bool
 
 	// input/output
-	in, out  halfConn     // in.Mutex < out.Mutex
-	rawInput *block       // raw input, right off the wire
-	input    *block       // application data waiting to be read
-	hand     bytes.Buffer // handshake data waiting to be read
-	buffering bool        // whether records are buffered in sendBuf
-	sendBuf   []byte      // a buffer of records waiting to be sent
+	in, out   halfConn     // in.Mutex < out.Mutex
+	rawInput  *block       // raw input, right off the wire
+	input     *block       // application data waiting to be read
+	hand      bytes.Buffer // handshake data waiting to be read
+	buffering bool         // whether records are buffered in sendBuf
+	sendBuf   []byte       // a buffer of records waiting to be sent
 
 	tmp [16]byte
 

tls/tls_handshake.go

@@ -12,9 +12,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/zmap/zcrypto/x509/ct"
 	jsonKeys "github.com/zmap/zcrypto/json"
 	"github.com/zmap/zcrypto/x509"
+	"github.com/zmap/zcrypto/x509/ct"
 )
 
 var ErrUnimplementedCipher error = errors.New("unimplemented cipher suite")
@@ -54,10 +54,10 @@ type ParsedAndRawSCT struct {
 }
 
 type ServerHello struct {
-	Version                     TLSVersion        `json:"version"`
-	Random                      []byte            `json:"random"`
-	SessionID                   []byte            `json:"session_id"`
-	CipherSuite                 CipherSuite       `json:"cipher_suite"`
+	Version     TLSVersion  `json:"version"`
+	Random      []byte      `json:"random"`
+	SessionID   []byte      `json:"session_id"`
+	CipherSuite CipherSuite `json:"cipher_suite"`
 	// TODO FIXME: Why is this a raw uint8, not a CompressionMethod?
 	CompressionMethod           uint8             `json:"compression_method"`
 	OcspStapling                bool              `json:"ocsp_stapling"`

tls/tls_names.go

@@ -485,22 +485,22 @@ func nameForHash(h uint8) string {
 }
 
 func signatureToName(n string) uint8 {
-	for k,v := range(signatureNames) {
+	for k, v := range signatureNames {
 		if v == n {
 			return k
 		}
 	}
-	s,_ := strconv.ParseInt(strings.TrimPrefix(n, "unknown."), 10, 32)
+	s, _ := strconv.ParseInt(strings.TrimPrefix(n, "unknown."), 10, 32)
 	return uint8(s)
 }
 
 func hashToName(n string) uint8 {
-	for k,v := range(hashNames) {
+	for k, v := range hashNames {
 		if v == n {
 			return k
 		}
 	}
-	h,_ := strconv.ParseInt(strings.TrimPrefix(n, "unknown."), 10, 32)
+	h, _ := strconv.ParseInt(strings.TrimPrefix(n, "unknown."), 10, 32)
 	return uint8(h)
 }
 

verifier/doc.go

@@ -14,7 +14,7 @@
 
 // Package verifier performs detailed certificate validation mimicking the
 // behavior of popular browsers and root stores.
-// 
+//
 // It includes a Graph structure than can be used to model the PKI. It
 // implements a multigraph in which edges are certificates, and nodes are
 // (spki, subject) tuples. The head/source of the edge is the issuer, and the

x509/ct/serialization.go

@@ -6,7 +6,6 @@ package ct
 // These snippets only perform deserialization for SCTs and are recreated here to prevent pulling in the whole of the ct
 // which contains yet another version of x509,asn1 and tls
 
-
 import (
 	"encoding/binary"
 	"errors"
@@ -87,7 +86,6 @@ func readVarBytes(r io.Reader, numLenBytes int) ([]byte, error) {
 	return data, nil
 }
 
-
 // UnmarshalDigitallySigned reconstructs a DigitallySigned structure from a Reader
 func UnmarshalDigitallySigned(r io.Reader) (*DigitallySigned, error) {
 	var h byte
@@ -168,5 +166,3 @@ func DeserializeSCT(r io.Reader) (*SignedCertificateTimestamp, error) {
 		return nil, fmt.Errorf("unknown SCT version %d", sct.SCTVersion)
 	}
 }
-
-

x509/ct/serialization_test.go

@@ -132,27 +132,26 @@ func TestReadVarBytesShortRead(t *testing.T) {
 	}
 }
 
-
 const (
-	defaultSCTLogIDString          string = "iamapublickeyshatwofivesixdigest"
-	defaultSCTTimestamp            uint64 = 1234
-	defaultSCTSignatureString      string = "\x04\x03\x00\x09signature"
-	defaultSCTHexString string =
+	defaultSCTLogIDString     string = "iamapublickeyshatwofivesixdigest"
+	defaultSCTTimestamp       uint64 = 1234
+	defaultSCTSignatureString string = "\x04\x03\x00\x09signature"
+	defaultSCTHexString       string =
 	// version, 1 byte
-		"00" +
+	"00" +
 		// keyid, 32 bytes
-			"69616d617075626c69636b657973686174776f66697665736978646967657374" +
+		"69616d617075626c69636b657973686174776f66697665736978646967657374" +
 		// timestamp, 8 bytes
-			"00000000000004d2" +
+		"00000000000004d2" +
 		// extensions length, 2 bytes
-			"0000" +
+		"0000" +
 		// extensions, 0 bytes
 		// hash algo, sig algo, 2 bytes
-			"0403" +
+		"0403" +
 		// signature length, 2 bytes
-			"0009" +
+		"0009" +
 		// signature, 9 bytes
-			"7369676e6174757265"
+		"7369676e6174757265"
 )
 
 func defaultSCTLogID() SHA256Hash {