Merge pull request #1780 from felixfontein/lint

Lint
2026-02-05 12:45:21 +01:00 · 2025-03-25 20:39:11 +01:00
parent f6bc6df54e df8432b5be
commit 4d85fd35f4
7 changed files with 16 additions and 30 deletions
--- a/age/keysource_test.go
+++ b/age/keysource_test.go
@@ -521,8 +521,9 @@ func TestMasterKey_Identities_Passphrase(t *testing.T) {
 		t.Setenv(SopsAgeKeyEnv, mockEncryptedIdentity)
 		//blocks calling gpg-agent
 		os.Unsetenv("XDG_RUNTIME_DIR")
-		t.Setenv(SopsAgePasswordEnv, mockIdentityPassphrase)
+		testOnlyAgePassword = mockIdentityPassphrase
 		got, err := key.Decrypt()
+		testOnlyAgePassword = ""

 		assert.NoError(t, err)
 		assert.EqualValues(t, mockEncryptedKeyPlain, got)
@@ -540,9 +541,11 @@ func TestMasterKey_Identities_Passphrase(t *testing.T) {
 		t.Setenv(SopsAgeKeyFileEnv, keyPath)
 		//blocks calling gpg-agent
 		os.Unsetenv("XDG_RUNTIME_DIR")
-		t.Setenv(SopsAgePasswordEnv, mockIdentityPassphrase)
+		testOnlyAgePassword = mockIdentityPassphrase

 		got, err := key.Decrypt()
+		testOnlyAgePassword = ""
+
 		assert.NoError(t, err)
 		assert.EqualValues(t, mockEncryptedKeyPlain, got)
 	})
@@ -552,9 +555,11 @@ func TestMasterKey_Identities_Passphrase(t *testing.T) {
 		t.Setenv(SopsAgeKeyEnv, mockEncryptedIdentity)
 		//blocks calling gpg-agent
 		os.Unsetenv("XDG_RUNTIME_DIR")
-		t.Setenv(SopsAgePasswordEnv, mockIdentityPassphrase)
+		testOnlyAgePassword = mockIdentityPassphrase

 		got, err := key.Decrypt()
+		testOnlyAgePassword = ""
+
 		assert.Error(t, err)
 		assert.ErrorContains(t, err, "failed to create reader for decrypting sops data key with age")
 		assert.Nil(t, got)
--- a/age/tui.go
+++ b/age/tui.go
@@ -22,9 +22,7 @@ import (
 	"golang.org/x/term"
 )

-const (
-	SopsAgePasswordEnv = "SOPS_AGE_PASSWORD"
-)
+var testOnlyAgePassword string

 func printf(format string, v ...interface{}) {
 	log.Printf("age: "+format, v...)
@@ -34,20 +32,6 @@ func warningf(format string, v ...interface{}) {
 	log.Printf("age: warning: "+format, v...)
 }

-// If testOnlyPanicInsteadOfExit is true, exit will set testOnlyDidExit and
-// panic instead of calling os.Exit. This way, the wrapper in TestMain can
-// recover the panic and return the exit code only if it was originated in exit.
-var testOnlyPanicInsteadOfExit bool
-var testOnlyDidExit bool
-
-func exit(code int) {
-	if testOnlyPanicInsteadOfExit {
-		testOnlyDidExit = true
-		panic(code)
-	}
-	os.Exit(code)
-}
-
 // clearLine clears the current line on the terminal, or opens a new line if
 // terminal escape codes don't work.
 func clearLine(out io.Writer) {
@@ -96,9 +80,8 @@ func withTerminal(f func(in, out *os.File) error) error {
 // readSecret reads a value from the terminal with no echo. The prompt is ephemeral.
 func readSecret(prompt string) (s []byte, err error) {
 	if testing.Testing() {
-		password := os.Getenv(SopsAgePasswordEnv)
-		if password != "" {
-			return []byte(password), nil
+		if testOnlyAgePassword != "" {
+			return []byte(testOnlyAgePassword), nil
 		}
 	}

--- a/azkv/keysource.go
+++ b/azkv/keysource.go
@@ -79,7 +79,7 @@ func NewMasterKeyFromURL(url string) (*MasterKey, error) {
 	url = strings.TrimSpace(url)
 	re := regexp.MustCompile("^(https://[^/]+)/keys/([^/]+)/([^/]+)$")
 	parts := re.FindStringSubmatch(url)
-	if parts == nil || len(parts) < 3 {
+	if len(parts) < 3 {
 		return nil, fmt.Errorf("could not parse %q into a valid Azure Key Vault MasterKey", url)
 	}
 	return NewMasterKey(parts[1], parts[2], parts[3]), nil
--- a/cmd/sops/common/common.go
+++ b/cmd/sops/common/common.go
@@ -222,7 +222,7 @@ func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex in
 		for n, k := range kg {
 			kmsKey, ok := k.(*kms.MasterKey)
 			if ok {
-				if kmsKey.EncryptionContext != nil && len(kmsKey.EncryptionContext) >= 2 {
+				if len(kmsKey.EncryptionContext) >= 2 {
 					duplicateValues := map[string]int{}
 					for _, v := range kmsKey.EncryptionContext {
 						duplicateValues[*v] = duplicateValues[*v] + 1
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -2150,7 +2150,7 @@ func keyservices(c *cli.Context) (svcs []keyservice.KeyServiceClient) {
 			"address",
 			fmt.Sprintf("%s://%s", url.Scheme, addr),
 		).Infof("Connecting to key service")
-		conn, err := grpc.Dial(addr, opts...)
+		conn, err := grpc.NewClient(addr, opts...)
 		if err != nil {
 			log.Fatalf("failed to listen: %v", err)
 		}
@@ -2283,7 +2283,7 @@ func keyGroups(c *cli.Context, file string) ([]sops.KeyGroup, error) {
 			if err != nil {
 				errMsg = fmt.Sprintf("%s: %s", errMsg, err)
 			}
-			return nil, fmt.Errorf(errMsg)
+			return nil, fmt.Errorf("%s", errMsg)
 		}
 		return conf.KeyGroups, err
 	}
--- a/gcpkms/keysource_test.go
+++ b/gcpkms/keysource_test.go
@@ -159,7 +159,7 @@ func newGRPCServer(port string) *grpc.ClientConn {
 	}
 	go serv.Serve(lis)

-	conn, err := grpc.Dial(lis.Addr().String(), grpc.WithTransportCredentials(insecure.NewCredentials()))
+	conn, err := grpc.NewClient(lis.Addr().String(), grpc.WithTransportCredentials(insecure.NewCredentials()))
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/shamir/shamir.go
+++ b/shamir/shamir.go
@@ -15,7 +15,6 @@ import (
 	"crypto/subtle"
 	"fmt"
 	mathrand "math/rand"
-	"time"
 )

 const (
@@ -190,7 +189,6 @@ func Split(secret []byte, parts, threshold int) ([][]byte, error) {
 	// a non-cryptographically secure source of randomness is used.
 	// As far as I know the x coordinates do not need to be random.

-	mathrand.Seed(time.Now().UnixNano())
 	xCoordinates := mathrand.Perm(255)

 	// Allocate the output array, initialize the final byte