Lint fixes (Mic92#539)

* fix various additional linter errors

* extend golangci checks

.golangci.yml

@@ -0,0 +1,12 @@
+linters:
+  presets:
+    - bugs
+    - unused
+  enable:
+    - gofmt
+    - misspell
+    - revive
+    - stylecheck
+  disable:
+    # direnv is not a web server, context is not strictly necessary.
+    - noctx

pkgs/sops-import-keys-hook/hook_test.go

@@ -29,15 +29,15 @@ func TestShellHook(t *testing.T) {
 	}
 	tempdir, err := os.MkdirTemp("", "testdir")
 	ok(t, err)
-	cmd := exec.Command("cp", "-vra", assets+"/.", tempdir)
+	cmd := exec.Command("cp", "-vra", assets+"/.", tempdir) // nolint:gosec
 	fmt.Printf("$ %s\n", strings.Join(cmd.Args, " "))
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	ok(t, cmd.Run())
 
 	defer os.RemoveAll(tempdir)
 
-	cmd = exec.Command("nix-shell", path.Join(assets, "shell.nix"), "--run", "gpg --list-keys")
+	cmd = exec.Command("nix-shell", path.Join(assets, "shell.nix"), "--run", "gpg --list-keys") // nolint:gosec
 	var stdoutBuf, stderrBuf bytes.Buffer
 	cmd.Stdout = &stdoutBuf
 	cmd.Stderr = &stderrBuf

pkgs/sops-install-secrets/darwin.go

@@ -19,7 +19,7 @@ func RuntimeDir() (string, error) {
 	out, err := exec.Command("getconf", "DARWIN_USER_TEMP_DIR").Output()
 	rundir := strings.TrimRight(string(out[:]), " \t\n")
 	if err != nil {
-		return "", fmt.Errorf("Cannot get DARWIN_USER_TEMP_DIR: %v", err)
+		return "", fmt.Errorf("cannot get DARWIN_USER_TEMP_DIR: %v", err)
 	}
 	return strings.TrimSuffix(rundir, "/"), nil
 }
@@ -28,7 +28,7 @@ func SecureSymlinkChown(symlinkToCheck string, expectedTarget string, owner, gro
 	// not sure what O_PATH is needed for anyways
 	fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC|unix.O_SYMLINK|unix.O_NOFOLLOW, 0)
 	if err != nil {
-		return fmt.Errorf("Failed to open %s: %w", symlinkToCheck, err)
+		return fmt.Errorf("failed to open %s: %w", symlinkToCheck, err)
 	}
 	defer unix.Close(fd)
 
@@ -53,9 +53,9 @@ func SecureSymlinkChown(symlinkToCheck string, expectedTarget string, owner, gro
 // mydev=`hdiutil attach -nomount ram://$NUMSECTORS`
 // newfs_hfs $mydev
 // mount -t hfs $mydev /tmp/mymount
-func MountSecretFs(mountpoint string, keysGid int, _useTmpfs bool, userMode bool) error {
+func MountSecretFs(mountpoint string, keysGID int, _useTmpfs bool, userMode bool) error {
 	if err := os.MkdirAll(mountpoint, 0o751); err != nil {
-		return fmt.Errorf("Cannot create directory '%s': %w", mountpoint, err)
+		return fmt.Errorf("cannot create directory '%s': %w", mountpoint, err)
 	}
 	if _, err := os.Stat(mountpoint + "/sops-nix-secretfs"); !errors.Is(err, os.ErrNotExist) {
 		return nil // secret fs already exists
@@ -88,7 +88,11 @@ func MountSecretFs(mountpoint string, keysGid int, _useTmpfs bool, userMode bool
 	log.Printf("mount ret %v. out: %s", err, out)
 
 	// There is no documented way to check for memfs mountpoint. Thus we place a file.
-	_, err = os.Create(mountpoint + "/sops-nix-secretfs")
+	path := mountpoint + "/sops-nix-secretfs"
+	_, err = os.Create(path)
+	if err != nil {
+		return fmt.Errorf("cannot create file '%s': %w", path, err)
+	}
 
 	// This would be the way to check on unix.
 	//buf := unix.Statfs_t{}
@@ -103,8 +107,8 @@ func MountSecretFs(mountpoint string, keysGid int, _useTmpfs bool, userMode bool
 	//}
 
 	if !userMode {
-		if err := os.Chown(mountpoint, 0, int(keysGid)); err != nil {
-			return fmt.Errorf("Cannot change owner/group of '%s' to 0/%d: %w", mountpoint, keysGid, err)
+		if err := os.Chown(mountpoint, 0, int(keysGID)); err != nil {
+			return fmt.Errorf("cannot change owner/group of '%s' to 0/%d: %w", mountpoint, keysGID, err)
 		}
 	}
 

pkgs/sops-install-secrets/linux.go

@@ -13,7 +13,7 @@ import (
 func RuntimeDir() (string, error) {
 	rundir, ok := os.LookupEnv("XDG_RUNTIME_DIR")
 	if !ok {
-		return "", fmt.Errorf("$XDG_RUNTIME_DIR is not set!")
+		return "", fmt.Errorf("$XDG_RUNTIME_DIR is not set")
 	}
 	return rundir, nil
 }
@@ -22,7 +22,7 @@ func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int)
 	// fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC|unix.O_PATH|unix.O_NOFOLLOW, 0)
 	fd, err := unix.Open(symlinkToCheck, unix.O_CLOEXEC|unix.O_PATH|unix.O_NOFOLLOW, 0)
 	if err != nil {
-		return fmt.Errorf("Failed to open %s: %w", symlinkToCheck, err)
+		return fmt.Errorf("failed to open %s: %w", symlinkToCheck, err)
 	}
 	defer unix.Close(fd)
 
@@ -50,35 +50,35 @@ func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int)
 	return nil
 }
 
-func MountSecretFs(mountpoint string, keysGid int, useTmpfs bool, userMode bool) error {
+func MountSecretFs(mountpoint string, keysGID int, useTmpfs bool, userMode bool) error {
 	if err := os.MkdirAll(mountpoint, 0o751); err != nil {
-		return fmt.Errorf("Cannot create directory '%s': %w", mountpoint, err)
+		return fmt.Errorf("cannot create directory '%s': %w", mountpoint, err)
 	}
 
 	// We can't create a ramfs as user
 	if userMode {
 		return nil
 	}
 
-	var fstype string = "ramfs"
-	var fsmagic int32 = RAMFS_MAGIC
+	var fstype = "ramfs"
+	var fsmagic = RamfsMagic
 	if useTmpfs {
 		fstype = "tmpfs"
-		fsmagic = TMPFS_MAGIC
+		fsmagic = TmpfsMagic
 	}
 
 	buf := unix.Statfs_t{}
 	if err := unix.Statfs(mountpoint, &buf); err != nil {
-		return fmt.Errorf("Cannot get statfs for directory '%s': %w", mountpoint, err)
+		return fmt.Errorf("cannot get statfs for directory '%s': %w", mountpoint, err)
 	}
 	if int32(buf.Type) != fsmagic {
 		if err := unix.Mount("none", mountpoint, fstype, unix.MS_NODEV|unix.MS_NOSUID, "mode=0751"); err != nil {
-			return fmt.Errorf("Cannot mount: %s", err)
+			return fmt.Errorf("cannot mount: %w", err)
 		}
 	}
 
-	if err := os.Chown(mountpoint, 0, int(keysGid)); err != nil {
-		return fmt.Errorf("Cannot change owner/group of '%s' to 0/%d: %w", mountpoint, keysGid, err)
+	if err := os.Chown(mountpoint, 0, int(keysGID)); err != nil {
+		return fmt.Errorf("cannot change owner/group of '%s' to 0/%d: %w", mountpoint, keysGID, err)
 	}
 
 	return nil