From d55dd87cc8760df5f175a80b7eb2cdc49db520c1 Mon Sep 17 00:00:00 2001
From: Tugdual Saunier <tugdual.saunier@gmail.com>
Date: Fri, 9 May 2025 11:01:13 +0200
Subject: [PATCH] ci: add golangci-lint

and resorb tech debt
---
 .github/workflows/test.yaml | 10 +++++++++-
 .golangci.yml               | 30 ++++++++++++++++++++++++++++++
 cert.go                     | 10 +++++++---
 truststore_darwin.go        |  5 ++++-
 truststore_linux.go         |  2 +-
 truststore_nss.go           |  8 +++++---
 6 files changed, 56 insertions(+), 9 deletions(-)
 create mode 100644 .golangci.yml

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index e09280f..fd04f7c 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -5,6 +5,14 @@ on:
     push:
 
 jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v8
+
   test:
     runs-on: ubuntu-latest
     strategy:
@@ -20,7 +28,7 @@ jobs:
         - '1.24'
     name: Go ${{ matrix.go }} test
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setup go
diff --git a/.golangci.yml b/.golangci.yml
new file mode 100644
index 0000000..7638c33
--- /dev/null
+++ b/.golangci.yml
@@ -0,0 +1,30 @@
+version: "2"
+
+run:
+  issues-exit-code: 1
+
+formatters:
+  enable:
+    - gofmt
+    - gci
+
+linters:
+  enable:
+    - wrapcheck
+  settings:
+    wrapcheck:
+      ignore-package-globs:
+        # We already make sure your own packages wrap errors properly
+        - github.com/symfony-cli/*
+    errcheck:
+        exclude-functions:
+          - github.com/symfony-cli/terminal.Printf
+          - github.com/symfony-cli/terminal.Println
+          - github.com/symfony-cli/terminal.Printfln
+          - github.com/symfony-cli/terminal.Eprintf
+          - github.com/symfony-cli/terminal.Eprintln
+          - github.com/symfony-cli/terminal.Eprintfln
+          - github.com/symfony-cli/terminal.Eprint
+          - fmt.Fprintln
+          - fmt.Fprintf
+          - fmt.Fprint
diff --git a/cert.go b/cert.go
index 0fe950b..7217f4e 100644
--- a/cert.go
+++ b/cert.go
@@ -144,7 +144,7 @@ func (ca *CA) Install(force bool) error {
 			return err
 		}
 		f, _ := os.OpenFile(ca.trustedpath, os.O_RDONLY|os.O_CREATE, 0644)
-		f.Close()
+		_ = f.Close()
 		terminal.Println("The local CA is now installed in the system trust store!")
 	}
 	if hasNSS() && (force || !ca.checkNSS()) {
@@ -168,7 +168,9 @@ func (ca *CA) Uninstall() error {
 	hasCertutil := certutilPath() != ""
 	if hasNSS() {
 		if hasCertutil {
-			ca.uninstallNSS()
+			if err := ca.uninstallNSS(); err != nil {
+				terminal.Printf("<warning>WARNING</> an error happened during CA uninstallation from %s: %s!\n", NSSBrowsers, err)
+			}
 		} else if CertutilInstallHelp != "" {
 			terminal.Printf("<warning>WARNING</> \"certutil\" is not available, so the CA can't be automatically uninstalled from %s (if it was ever installed)!\n", NSSBrowsers)
 			terminal.Printf("You can install \"certutil\" with \"%s\" and re-run the command\n", CertutilInstallHelp)
@@ -204,7 +206,9 @@ func Cert(filename string) (tls.Certificate, error) {
 		if err != nil {
 			return tls.Certificate{}, errors.WithStack(err)
 		}
-		defer ioutil.WriteFile(filename, pfxData, 0644)
+		if err := errors.WithStack(ioutil.WriteFile(filename, pfxData, 0644)); err != nil {
+			return tls.Certificate{}, err
+		}
 
 		certs := [][]byte{domainCert.Raw}
 		for _, c := range caCerts {
diff --git a/truststore_darwin.go b/truststore_darwin.go
index b7cca6e..510bcbf 100644
--- a/truststore_darwin.go
+++ b/truststore_darwin.go
@@ -62,7 +62,10 @@ func (ca *CA) installPlatform() error {
 		return errors.Wrap(err, "failed to create temp file")
 	}
 
-	defer os.Remove(plistFile.Name())
+	defer func(name string) {
+		// a failure during removal of this file is not important
+		_ = os.Remove(name)
+	}(plistFile.Name())
 
 	cmd = commandWithSudo("security", "trust-settings-export", "-d", plistFile.Name())
 	if out, err := cmd.CombinedOutput(); err != nil {
diff --git a/truststore_linux.go b/truststore_linux.go
index 2ca8c6a..c3947e5 100644
--- a/truststore_linux.go
+++ b/truststore_linux.go
@@ -57,7 +57,7 @@ func getSystemTrust() (string, []string) {
 }
 
 func (ca *CA) systemTrustFilename(systemTrustFilenamePattern string) string {
-	return fmt.Sprintf(systemTrustFilenamePattern, strings.Replace(ca.caUniqueName(), " ", "_", -1))
+	return fmt.Sprintf(systemTrustFilenamePattern, strings.ReplaceAll(ca.caUniqueName(), " ", "_"))
 }
 
 func (ca *CA) installPlatform() error {
diff --git a/truststore_nss.go b/truststore_nss.go
index 34d8f75..908607d 100644
--- a/truststore_nss.go
+++ b/truststore_nss.go
@@ -102,9 +102,9 @@ func (ca *CA) installNSS() error {
 	return nil
 }
 
-func (ca *CA) uninstallNSS() {
+func (ca *CA) uninstallNSS() error {
 	certutilPath := certutilPath()
-	ca.forEachNSSProfile(func(profile string) error {
+	_, err := ca.forEachNSSProfile(func(profile string) error {
 		err := exec.Command(certutilPath, "-V", "-d", profile, "-u", "L", "-n", ca.caUniqueName()).Run()
 		if err != nil {
 			return nil
@@ -115,6 +115,8 @@ func (ca *CA) uninstallNSS() {
 		}
 		return nil
 	})
+
+	return err
 }
 
 func (ca *CA) forEachNSSProfile(f func(profile string) error) (int, error) {
@@ -156,5 +158,5 @@ func execCertutil(cmd *exec.Cmd) ([]byte, error) {
 		cmd.Args = append(cmd.Args, origArgs...)
 		out, err = cmd.CombinedOutput()
 	}
-	return out, err
+	return out, errors.WithStack(err)
 }