update Go version and dependencies

This commit updates the module version from
Go 1.16 to Go 1.20 and updates the module
dependencies.

Signed-off-by: Andreas Auernhammer <[email protected]>

Author: aead

.github/workflows/codeql.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.19.1]
+        go-version: [1.21.1]
     steps:
     - name: Set up Go ${{ matrix.go-version }}
       uses: actions/setup-go@v3
@@ -28,14 +28,27 @@ jobs:
       run: |
          go build ./...
          go vet ./...
-         curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.48.0
-         $(go env GOPATH)/bin/golangci-lint run --config ./.golangci.yml
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Set up Go"
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.21.1
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: Lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          args: --config ./.golangci.yml --timeout=2m
   test:
     name: Text ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.19.1]
+        go-version: [1.21.1]
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
     - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
@@ -47,3 +60,20 @@ jobs:
     - name: Test on ${{ matrix.os }}
       run: |
          go test ./...
+  vulncheck:
+    name: Vulncheck
+    needs: Lint
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: 1.21.1
+        check-latest: true
+    - name: Get govulncheck
+      run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      shell: bash
+    - name: Run govulncheck
+      run: govulncheck ./...
+      shell: bash

.github/workflows/go.yml

@@ -5,26 +5,30 @@ linters-settings:
   misspell:
     locale: US
 
+  staticcheck:
+    checks: ["all", "-SA1019"]
+
 linters:
   disable-all: true
   enable:
     - typecheck
     - goimports
     - misspell
+    - staticcheck
     - govet
+    - revive
     - ineffassign
     - gosimple
-    - deadcode
-    - unparam
     - unused
-    - structcheck
     - prealloc
     - unconvert
+    - gofumpt
 
 issues:
   exclude-use-default: false
   exclude:
-      - should have a package comment
-      - error strings should not be capitalized or end with punctuation or a newline
+      - "var-naming: don't use ALL_CAPS in Go names; use CamelCase"
+      - "package-comments: should have a package comment"
+
 service:
   golangci-lint-version: 1.48.0 # use the fixed version to not introduce new linters unexpectedly

.github/workflows/vulncheck.yml

@@ -48,7 +48,7 @@ Options:
     -v               Print version information.
 `
 
-var version string = "v0.0.0-dev"
+var version = "v0.0.0-dev"
 
 func main() {
 	log.SetFlags(0)
@@ -135,12 +135,12 @@ func generateKeyPair(secKeyFile, pubKeyFile string, force bool) {
 	}
 
 	if dir := filepath.Dir(secKeyFile); dir != "" && dir != "." && dir != "/" {
-		if err := os.MkdirAll(dir, 0755); err != nil {
+		if err := os.MkdirAll(dir, 0o755); err != nil {
 			log.Fatalf("Error: %v", err)
 		}
 	}
 	if dir := filepath.Dir(pubKeyFile); dir != "" && dir != "." && dir != "/" {
-		if err := os.MkdirAll(dir, 0755); err != nil {
+		if err := os.MkdirAll(dir, 0o755); err != nil {
 			log.Fatalf("Error: %v", err)
 		}
 	}
@@ -169,11 +169,11 @@ func generateKeyPair(secKeyFile, pubKeyFile string, force bool) {
 	}
 	fmt.Print("done\n\n")
 
-	var fileFlags = os.O_CREATE | os.O_WRONLY | os.O_TRUNC
+	fileFlags := os.O_CREATE | os.O_WRONLY | os.O_TRUNC
 	if !force {
 		fileFlags |= os.O_EXCL // fail if the file already exists
 	}
-	skFile, err := os.OpenFile(secKeyFile, fileFlags, 0600)
+	skFile, err := os.OpenFile(secKeyFile, fileFlags, 0o600)
 	if err != nil {
 		log.Fatalf("Error: %v", err)
 	}
@@ -182,7 +182,7 @@ func generateKeyPair(secKeyFile, pubKeyFile string, force bool) {
 		log.Fatalf("Error: %v", err)
 	}
 
-	pkFile, err := os.OpenFile(pubKeyFile, fileFlags, 0644)
+	pkFile, err := os.OpenFile(pubKeyFile, fileFlags, 0o644)
 	if err != nil {
 		log.Fatalf("Error: %v", err)
 	}
@@ -234,7 +234,7 @@ func signFiles(secKeyFile, sigFile, untrustedComment, trustedComment string, fil
 
 	if sigFile != "" {
 		if dir := filepath.Dir(sigFile); dir != "" && dir != "." && dir != "/" {
-			if err := os.MkdirAll(dir, 0755); err != nil {
+			if err := os.MkdirAll(dir, 0o755); err != nil {
 				log.Fatalf("Error: %v", err)
 			}
 		}
@@ -247,30 +247,31 @@ func signFiles(secKeyFile, sigFile, untrustedComment, trustedComment string, fil
 			log.Fatalf("Error: %v", err)
 		}
 
-		var tComment, uComment = trustedComment, untrustedComment
+		tComment, uComment := trustedComment, untrustedComment
 		if uComment == "" {
 			uComment = "signature from minisign secret key"
 		}
 		if tComment == "" {
 			tComment = fmt.Sprintf("timestamp:%d\tfilename:%s", time.Now().Unix(), filepath.Base(name))
 		}
-		var reader = minisign.NewReader(file)
+		reader := minisign.NewReader(file)
 		if _, err = io.Copy(io.Discard, reader); err != nil {
 			file.Close()
 			log.Fatalf("Error: %v", err)
 		}
 		signature = reader.SignWithComments(privateKey, tComment, uComment)
 		file.Close()
 
-		var signatureFile = name + ".minisig"
+		signatureFile := name + ".minisig"
 		if sigFile != "" {
 			signatureFile = sigFile
 		}
-		if err = os.WriteFile(signatureFile, signature, 0644); err != nil {
+		if err = os.WriteFile(signatureFile, signature, 0o644); err != nil {
 			log.Fatalf("Error: %v", err)
 		}
 	}
 }
+
 func verifyFile(sigFile, pubFile, pubKeyString string, printOutput, quiet, prettyQuiet, requireHash bool, files ...string) {
 	if len(files) == 0 {
 		log.Fatalf("Error: no files to verify. Use -m to specify a file path")
@@ -382,7 +383,7 @@ func recreateKeyPair(secKeyFile, pubKeyFile string, force bool) {
 
 	publicKey := privateKey.Public().(minisign.PublicKey)
 	rawPublicKey, _ := publicKey.MarshalText()
-	if err = os.WriteFile(pubKeyFile, rawPublicKey, 0644); err != nil {
+	if err = os.WriteFile(pubKeyFile, rawPublicKey, 0o644); err != nil {
 		log.Fatalf("Error: %v", err)
 	}
 }

.golangci.yml

@@ -1,9 +1,10 @@
 module aead.dev/minisign
 
-go 1.16
+go 1.20
 
 require (
-	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
-	golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46 // indirect
-	golang.org/x/term v0.0.0-20201117132131-f5c789dd3221
+	golang.org/x/crypto v0.13.0
+	golang.org/x/term v0.12.0
 )
+
+require golang.org/x/sys v0.12.0 // indirect

cmd/minisign/minisign.go

@@ -1,11 +1,6 @@
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46 h1:V066+OYJ66oTjnhm4Yrn7SXIwSCiDQJxpBxmvqb1N1c=
-golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=