tmp

oasisprotocol · Oct 10, 2024 · 4ef7753 · 4ef7753
1 parent 9d07d92
commit 4ef7753
Show file tree

Hide file tree

Showing 10 changed files with 17 additions and 30 deletions.
diff --git a/docker/oasis-core-dev/Dockerfile b/docker/oasis-core-dev/Dockerfile
@@ -6,7 +6,7 @@ ARG GO_NANCY_VERSION=1.0.33
 ARG GO_NANCY_CHECKSUM=a4bf5290d41b095c04f941ed5380674770c79d59735e33b1bd07a5cd5fbb135d
 ARG GO_PROTOC_VERSION=3.6.1
 ARG GO_PROTOC_GEN_GO_VERSION=1.21.0
-ARG GOLANGCILINT_VERSION=1.56.1
+ARG GOLANGCILINT_VERSION=1.61.0
 ARG GOCOVMERGE_VERSION=b5bfa59ec0adc420475f97f89b58045c721d761c
 ARG GOFUMPT_VERSION=v0.6.0
 ARG GOIMPORTS_VERSION=v0.18.0

diff --git a/go/.golangci.yml b/go/.golangci.yml
@@ -10,8 +10,9 @@ linters-settings:
       # https://github.com/securego/gosec#available-rules
       - G402
       - G404
+      - G115 # Integer conversion with overflow check; many false positives
   govet:
-    check-shadowing: true
+    shadow: true
     # Enable once suggested fixes are shown: https://github.com/golangci/golangci-lint/issues/2134
     #enable:
     #  - fieldalignment
@@ -57,10 +58,9 @@ linters:
   disable-all: true
   enable:
     - bodyclose
+    - copyloopvar
     - depguard
     - errcheck
-    - exportloopref
-    - gas
     - goconst
     - gocyclo
     - gofumpt
@@ -70,7 +70,6 @@ linters:
     - gosimple
     - govet
     - ineffassign
-    - megacheck
     - misspell
     - revive
     - rowserrcheck
@@ -80,11 +79,6 @@ linters:
     - unused
 
 run:
-  skip-dirs:
-    # golang-ci-lint requires that files compile for certain linters
-    # to run, and Go plugins do not compile unless `-buildmode=plugin`
-    # is set, which linters do not do.
-    - oasis-test-runner/scenario/pluginsigner/example_signer_plugin
 
 exclude-use-default: false
 
@@ -93,3 +87,8 @@ issues:
     - EXC0014 # un-exclude revive `exported` which warns about incorrect comments on exported items.
   exclude:
     - context-as-argument # revive
+  exclude-dirs:
+    # golang-ci-lint requires that files compile for certain linters
+    # to run, and Go plugins do not compile unless `-buildmode=plugin`
+    # is set, which linters do not do.
+    - oasis-test-runner/scenario/pluginsigner/example_signer_plugin
diff --git a/go/common/args.go b/go/common/args.go
@@ -17,8 +17,8 @@ func TrimArgs(osArgs []string) []string {
 
 	for i, w := range osArgs {
 		if w == argSeparator {
-			return append([]string{osArgs[0]}, osArgs[i+1:]...)
+			return append([]string{osArgs[0]}, osArgs[i+1:]...) //nolint:gosec // false G602 out of range
 		}
 	}
-	return osArgs[0:1]
+	return osArgs[0:1] //nolint:gosec // false G602 out of range
 }
diff --git a/go/common/grpc/auth/auth_tls.go b/go/common/grpc/auth/auth_tls.go
@@ -3,7 +3,6 @@ package auth
 import (
 	"context"
 	"crypto/x509"
-	"fmt"
 	"sync"
 
 	"google.golang.org/grpc/codes"
@@ -34,7 +33,7 @@ func (auth *PeerCertAuthenticator) AuthFunc(ctx context.Context, _ interface{})
 		return status.Errorf(codes.PermissionDenied, "grpc: unexpected peer authentication credentials")
 	}
 	if nPeerCerts := len(tlsAuth.State.PeerCertificates); nPeerCerts != 1 {
-		return status.Errorf(codes.PermissionDenied, fmt.Sprintf("grpc: unexpected number of peer certificates: %d", nPeerCerts))
+		return status.Errorf(codes.PermissionDenied, "grpc: unexpected number of peer certificates: %d", nPeerCerts)
 	}
 	peerCert := tlsAuth.State.PeerCertificates[0]
 	subject := accessctl.SubjectFromX509Certificate(peerCert)

diff --git a/go/common/grpc/auth/auth_tls_pubkeys.go b/go/common/grpc/auth/auth_tls_pubkeys.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"context"
-	"fmt"
 	"sync"
 
 	"google.golang.org/grpc/codes"
@@ -35,7 +34,7 @@ func (auth *PeerPubkeyAuthenticator) AuthFunc(ctx context.Context, _ interface{}
 		return status.Errorf(codes.PermissionDenied, "grpc: unexpected peer authentication credentials")
 	}
 	if nPeerCerts := len(tlsAuth.State.PeerCertificates); nPeerCerts != 1 {
-		return status.Errorf(codes.PermissionDenied, fmt.Sprintf("grpc: unexpected number of peer certificates: %d", nPeerCerts))
+		return status.Errorf(codes.PermissionDenied, "grpc: unexpected number of peer certificates: %d", nPeerCerts)
 	}
 	peerCertRaw := tlsAuth.State.PeerCertificates[0].Raw
 
@@ -46,7 +45,7 @@ func (auth *PeerPubkeyAuthenticator) AuthFunc(ctx context.Context, _ interface{}
 		Keys:       auth.whitelist,
 	})
 	if err != nil {
-		return status.Errorf(codes.PermissionDenied, err.Error())
+		return status.Errorf(codes.PermissionDenied, "%s", err.Error())
 	}
 
 	return nil

diff --git a/go/consensus/cometbft/apps/roothash/transactions.go b/go/consensus/cometbft/apps/roothash/transactions.go
@@ -49,7 +49,6 @@ func (app *rootHashApplication) executorCommit(
 	if ctx.IsCheckOnly() {
 		// Notify subscribers about observed commitments.
 		for _, ec := range cc.Commits {
-			ec := ec
 			app.ecn.DeliverExecutorCommitment(cc.ID, &ec)
 		}
 		return nil

diff --git a/go/oasis-test-runner/scenario/e2e/runtime/keymanager_client.go b/go/oasis-test-runner/scenario/e2e/runtime/keymanager_client.go
@@ -115,7 +115,7 @@ func (c *keyManagerRPCClient) fetchPublicKey(ctx context.Context, generation uin
 		if msg == fmt.Sprintf("master secret generation %d not found", generation) {
 			return nil, nil
 		}
-		return nil, fmt.Errorf(msg)
+		return nil, fmt.Errorf("%s", msg)
 	}
 
 	var key secrets.SignedPublicKey
@@ -160,7 +160,7 @@ func (c *keyManagerRPCClient) fetchEphemeralPublicKey(ctx context.Context, epoch
 		if msg == fmt.Sprintf("ephemeral secret for epoch %d not found", epoch) {
 			return nil, nil
 		}
-		return nil, fmt.Errorf(msg)
+		return nil, fmt.Errorf("%s", msg)
 	}
 
 	var key secrets.SignedPublicKey

diff --git a/go/p2p/rpc/client.go b/go/p2p/rpc/client.go
@@ -392,8 +392,6 @@ func (c *client) CallMulti(
 	resultCh := make(chan result, len(peers))
 
 	for _, peer := range peers {
-		peer := peer // Make sure goroutine below operates on the right instance.
-
 		pool.Submit(func() {
 			// Abort early in case we are done.
 			select {

diff --git a/go/runtime/host/loadbalance/loadbalance.go b/go/runtime/host/loadbalance/loadbalance.go
@@ -90,8 +90,6 @@ func (lb *lbRuntime) Call(ctx context.Context, body *protocol.Body) (*protocol.B
 		}
 		resCh := make(chan *result)
 		for _, rt := range lb.instances {
-			rt := rt // Make sure goroutine below operates on the right instance.
-
 			go func() {
 				rsp, err := rt.Call(ctx, body)
 				resCh <- &result{
@@ -167,9 +165,6 @@ func (lb *lbRuntime) WatchEvents() (<-chan *host.Event, pubsub.ClosableSubscript
 func (lb *lbRuntime) Start() {
 	lb.startOnce.Do(func() {
 		for idx, rt := range lb.instances {
-			idx := idx
-			rt := rt // Make sure goroutine below operates on the right instance.
-
 			// Subscribe to runtime events before starting runtime to make sure we don't miss the
 			// started event.
 			evCh, sub := rt.WatchEvents()
@@ -227,8 +222,6 @@ func (lb *lbRuntime) Abort(ctx context.Context, force bool) error {
 	// We don't know which instance to abort, so we abort all instances.
 	errCh := make(chan error)
 	for _, rt := range lb.instances {
-		rt := rt // Make sure goroutine below operates on the right instance.
-
 		go func() {
 			errCh <- rt.Abort(ctx, force)
 		}()

diff --git a/go/storage/mkvs/debug.go b/go/storage/mkvs/debug.go
@@ -46,6 +46,6 @@ func (t *tree) doDumpLocal(ctx context.Context, w io.Writer, ptr *node.Pointer,
 
 		fmt.Fprintf(w, "%s- %s -> %v [%v/%s]", prefix, n.Key, value, n.Clean, n.Hash)
 	default:
-		fmt.Fprintf(w, prefix+"<UNKNOWN>")
+		fmt.Fprintf(w, "%s", prefix+"<UNKNOWN>")
 	}
 }