add golangci-lint

.github/workflows/golangci-lint.yml

@@ -0,0 +1,35 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - master
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  # pull-requests: read
+
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+          cache: false
+
+      - name: golangci-lint /
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: v1.56
+
+      - name: golangci-lint /ego
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: v1.56
+          working-directory: ego

.golangci.yml

@@ -0,0 +1,6 @@
+run:
+  timeout: 10m
+  build-tags: [ego_mock_eclient]
+
+linters:
+  enable: [gofumpt]

attestation/attestation.go

@@ -57,5 +57,6 @@ func VerifyAzureAttestationToken(token string, providerURL string) (Report, erro
 		Debug:           report.Debug,
 		UniqueID:        report.UniqueID,
 		SignerID:        report.SignerID,
-		ProductID:       report.ProductID}, nil
+		ProductID:       report.ProductID,
+	}, nil
 }

eclient/doc.go

@@ -11,13 +11,16 @@ Use this package for programs that don't run in an enclave themselves but intera
 enclaved programs. Those non-enclaved programs are often called third parties or relying parties.
 
 This package requires libcrypto. On Ubuntu install it with:
+
 	sudo apt install libssl-dev
 
 This package requires the following environment variables to be set during build:
+
 	CGO_CFLAGS=-I/opt/ego/include
 	CGO_LDFLAGS=-L/opt/ego/lib
 
 Or if using the EGo snap:
+
 	CGO_CFLAGS=-I/snap/ego-dev/current/opt/ego/include
 	CGO_LDFLAGS=-L/snap/ego-dev/current/opt/ego/lib
 

ecrypto/doc.go

@@ -7,7 +7,7 @@
 /*
 Package ecrypto provides convenience functions for cryptography inside an enclave.
 
-Sealing
+# Sealing
 
 Sealing is the process of encrypting data with a key derived from the enclave and the CPU it is running on.
 Sealed data can only be decrypted by the same enclave and CPU. Use it to persist data to disk.

ecrypto/ecrypto.go

@@ -29,9 +29,11 @@ type enclaveSealer struct{}
 func (enclaveSealer) GetUniqueSealKey() (key, keyInfo []byte, err error) {
 	return enclave.GetUniqueSealKey()
 }
+
 func (enclaveSealer) GetProductSealKey() (key, keyInfo []byte, err error) {
 	return enclave.GetProductSealKey()
 }
+
 func (enclaveSealer) GetSealKey(keyInfo []byte) ([]byte, error) {
 	return enclave.GetSealKey(keyInfo)
 }

ecrypto/ecrypto_test.go

@@ -22,9 +22,11 @@ type stubSealer struct{}
 func (stubSealer) GetUniqueSealKey() (key, keyInfo []byte, err error) {
 	return []byte("1234567890123456"), []byte("unique"), nil
 }
+
 func (stubSealer) GetProductSealKey() (key, keyInfo []byte, err error) {
 	return []byte("2345678901234567"), []byte("product"), nil
 }
+
 func (stubSealer) GetSealKey(keyInfo []byte) ([]byte, error) {
 	switch string(keyInfo) {
 	case "unique":

ego/cli/bundle.go

@@ -39,7 +39,7 @@ func (c *Cli) Bundle(filename string, outputFilename string) (reterr error) {
 	if err != nil {
 		return err
 	}
-	defer c.fs.Remove(tarFilename)
+	defer func() { _ = c.fs.Remove(tarFilename) }()
 
 	if outputFilename == "" {
 		outputFilename = filepath.Base(filename) + "-bundle"
@@ -51,7 +51,7 @@ func (c *Cli) Bundle(filename string, outputFilename string) (reterr error) {
 	}
 	defer func() {
 		if reterr != nil {
-			c.fs.Remove(outputFilename)
+			_ = c.fs.Remove(outputFilename)
 		}
 	}()
 
@@ -125,7 +125,7 @@ func (c *Cli) buildImage(enclaveFilename string) (tempFileName string, reterr er
 	}
 	defer func() {
 		if reterr != nil {
-			c.fs.Remove(tempFile.Name())
+			_ = c.fs.Remove(tempFile.Name())
 		}
 	}()
 	defer tempFile.Close()

ego/cli/elf_test.go

@@ -9,7 +9,6 @@ package cli
 import (
 	"debug/elf"
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -31,15 +30,15 @@ var elfUnsigned = func() []byte {
 		panic(err)
 	}
 
-	dir, err := ioutil.TempDir("", "")
+	dir, err := os.MkdirTemp("", "")
 	if err != nil {
 		panic(err)
 	}
 	defer os.RemoveAll(dir)
 
 	// write minimal source file
 	const src = `package main;import _"time";func main(){}`
-	if err := ioutil.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil {
+	if err := os.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil {
 		panic(err)
 	}
 
@@ -54,7 +53,7 @@ var elfUnsigned = func() []byte {
 	}
 
 	// read resulting executable
-	data, err := ioutil.ReadFile(filepath.Join(dir, outFile))
+	data, err := os.ReadFile(filepath.Join(dir, outFile))
 	if err != nil {
 		panic(err)
 	}

ego/cli/install.go

@@ -11,7 +11,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"os/exec"
@@ -23,10 +23,12 @@ import (
 
 const shellToUse = "bash"
 
-var ErrTargetNotSupported = errors.New("component not found")
-var ErrInstallUserQuit = errors.New("user denied installation")
-var ErrExitCodeValue = errors.New("exit code not 0")
-var ErrSysInfoFail = errors.New("could not determine necessary details about operating system")
+var (
+	ErrTargetNotSupported = errors.New("component not found")
+	ErrInstallUserQuit    = errors.New("user denied installation")
+	ErrExitCodeValue      = errors.New("exit code not 0")
+	ErrSysInfoFail        = errors.New("could not determine necessary details about operating system")
+)
 
 type installInfoV1 struct {
 	Desc     map[string]string
@@ -184,7 +186,7 @@ func httpGet(url string) ([]byte, error) {
 	if resp.StatusCode != http.StatusOK {
 		return nil, fmt.Errorf("http response has status %v", resp.Status)
 	}
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}

ego/cli/install_test.go

@@ -45,8 +45,10 @@ func (i *installerRunner) ClearRun() {
 	i.run = make([]*exec.Cmd, 0)
 }
 
-const ubuntu1804 = "ID=ubuntu\nVERSION_ID=18.04"
-const ubuntu2004 = "ID=ubuntu\nVERSION_ID=20.04"
+const (
+	ubuntu1804 = "ID=ubuntu\nVERSION_ID=18.04"
+	ubuntu2004 = "ID=ubuntu\nVERSION_ID=20.04"
+)
 
 var jsonData = `
 {
@@ -129,30 +131,31 @@ var jsonData = `
 // Test whether getOsInfo can correctly determine details from os-release
 func TestInstallGetOsInfo(t *testing.T) {
 	assert := assert.New(t)
+	require := require.New(t)
 	runner := installerRunner{}
 	fs := afero.NewMemMapFs()
 
 	cli := NewCli(&runner, fs)
 
-	cli.fs.WriteFile("/etc/os-release", []byte("ID=\"ubuntu\"\nsome other infos\nVERSION_ID=\"20.04\""), 0)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("ID=\"ubuntu\"\nsome other infos\nVERSION_ID=\"20.04\""), 0))
 	id, versionID, err := cli.getOsInfo()
 	assert.Equal("ubuntu", id)
 	assert.Equal("20.04", versionID)
 	assert.Equal(nil, err)
 
-	cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0))
 	id, versionID, err = cli.getOsInfo()
 	assert.Equal("foo", id)
 	assert.Equal("bar", versionID)
 	assert.Equal(nil, err)
 
-	cli.fs.WriteFile("/etc/os-release", []byte("VERSION_ID=20.04"), 0)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("VERSION_ID=20.04"), 0))
 	id, versionID, err = cli.getOsInfo()
 	assert.Equal("", id)
 	assert.Equal("", versionID)
 	assert.NotEqual(nil, err)
 
-	cli.fs.WriteFile("/etc/os-release", []byte("IID=ubuntu\nVERSION_ID=20.04"), 0)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("IID=ubuntu\nVERSION_ID=20.04"), 0))
 	id, versionID, err = cli.getOsInfo()
 	assert.Equal("", id)
 	assert.Equal("", versionID)
@@ -162,12 +165,13 @@ func TestInstallGetOsInfo(t *testing.T) {
 // Run tests that should all pass the installation
 func TestInstallValidTests(t *testing.T) {
 	assert := assert.New(t)
+	require := require.New(t)
 
 	runner := installerRunner{}
 	cli := NewCli(&runner, afero.NewMemMapFs())
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		io.WriteString(w, jsonData)
+		_, _ = io.WriteString(w, jsonData)
 	}))
 	askTrue := func(string) bool { return true }
 
@@ -180,7 +184,7 @@ func TestInstallValidTests(t *testing.T) {
 	fmt.Println("Valid nonflc tests:")
 	fmt.Println("------------------------------------------------------------------------------------")
 	for osReleaseData, testComponents := range validNonflcTests {
-		cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0600)
+		require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0o600))
 		for _, component := range testComponents {
 			fmt.Print("\nStarting installation of \"", component, "\"\n")
 			assert.Equal(nil, cli.install(askTrue, "nonflc", component, server.URL))
@@ -206,7 +210,7 @@ func TestInstallValidTests(t *testing.T) {
 	fmt.Println("Valid flc tests:")
 	fmt.Println("------------------------------------------------------------------------------------")
 	for osReleaseData, testComponents := range validFlcTests {
-		cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0600)
+		require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0o600))
 		for _, component := range testComponents {
 			fmt.Print("\nStarting installation of \"", component, "\"\n")
 			assert.Equal(nil, cli.install(askTrue, "flc", component, server.URL))
@@ -224,7 +228,6 @@ func TestInstallValidTests(t *testing.T) {
 			fmt.Println("------------------------------------------------------------------------------------")
 		}
 	}
-
 }
 
 // Run tests that should all fail the installation process
@@ -236,7 +239,7 @@ func TestInstallNotValidTests(t *testing.T) {
 	cli := NewCli(&runner, afero.NewMemMapFs())
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		io.WriteString(w, jsonData)
+		_, _ = io.WriteString(w, jsonData)
 	}))
 
 	askTrue := func(string) bool { return true }
@@ -249,7 +252,7 @@ func TestInstallNotValidTests(t *testing.T) {
 	unvalidTests[ubuntu2004] = []string{"az-dcap-client", "echo abc", "?libsgx-launch", "! libsgx-launch", "|libsgx-launch", "  . libsgx-launch"}
 
 	for osReleaseData, testComponents := range unvalidTests {
-		cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0600)
+		require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0o600))
 		for _, component := range testComponents {
 			fmt.Print("\nStarting installation of \"", component, "\"\n")
 			assert.NotEqual(nil, cli.install(askTrue, "nonflc", component, server.URL))
@@ -269,15 +272,15 @@ func TestExactCommand(t *testing.T) {
 	cli := NewCli(&runner, afero.NewMemMapFs())
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		io.WriteString(w, jsonData)
+		_, _ = io.WriteString(w, jsonData)
 	}))
 
 	askTrue := func(string) bool { return true }
 
 	fmt.Println("\n\nExact Command Test")
 	fmt.Println("------------------------------------------------------------------------------------")
 
-	cli.fs.WriteFile("/etc/os-release", []byte(ubuntu1804), 0600)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu1804), 0o600))
 	assert.Equal(nil, cli.install(askTrue, "flc", "sgx-driver", server.URL))
 	cmds := runner.run
 	fmt.Println(cmds[0].Dir)
@@ -299,7 +302,7 @@ func TestInstallErrorCheck(t *testing.T) {
 	cli := NewCli(&runner, afero.NewMemMapFs())
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		io.WriteString(w, jsonData)
+		_, _ = io.WriteString(w, jsonData)
 	}))
 
 	askTrue := func(string) bool { return true }
@@ -308,31 +311,31 @@ func TestInstallErrorCheck(t *testing.T) {
 	fmt.Println("\n\nTest Install Errors")
 
 	// os-release file does not contain necessary information, but no error
-	cli.fs.WriteFile("/etc/os-release", []byte(""), 0600)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(""), 0o600))
 	assert.NotEqual(nil, cli.install(askTrue, "flc", "sgx-driver", server.URL))
 	runner.ClearRun()
 	fmt.Println("------------------------------------------------------------------------------------")
 
 	// os "foo" does not exist in json file
-	cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0600)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0o600))
 	assert.Equal(nil, cli.install(askTrue, "flc", "sgx-driver", server.URL))
 	runner.ClearRun()
 	fmt.Println("------------------------------------------------------------------------------------")
 
 	// no available components to install for nonsgx
-	cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0600)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0o600))
 	assert.Equal(nil, cli.install(askTrue, "nonsgx", "sgx-driver", server.URL))
 	runner.ClearRun()
 	fmt.Println("------------------------------------------------------------------------------------")
 
 	// component "foo" does not exist in json file
-	cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0600)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0o600))
 	assert.Equal(ErrTargetNotSupported, cli.install(askTrue, "nonflc", "foo", server.URL))
 	runner.ClearRun()
 	fmt.Println("------------------------------------------------------------------------------------")
 
 	// askFalse: user does not want to continue installation, so installation stops without error
-	cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0600)
+	require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0o600))
 	assert.Equal(ErrInstallUserQuit, cli.install(askFalse, "nonflc", "sgx-driver", server.URL))
 	require.Len(runner.run, 0)
 	runner.ClearRun()

ego/cmd/bundle/main.go

@@ -66,7 +66,7 @@ func run(fs afero.Fs, selfElfFile *elf.File, runner launch.Runner) (int, error)
 	if err != nil {
 		return 1, err
 	}
-	defer fs.RemoveAll(tempEGoRootPath)
+	defer func() { _ = fs.RemoveAll(tempEGoRootPath) }()
 
 	// Register cleanup handler to clean-up on STRG+C
 	cleanupHandler(tempEGoRootPath)