Linter fixes

.github/workflows/go.yml

@@ -40,4 +40,3 @@ jobs:
 
     - name: Run golangci-lint
       uses: actions-contrib/golangci-lint@v1
-      continue-on-error: true #TODO : fix linter errors

certstrap.go

@@ -50,8 +50,7 @@ func main() {
 		cmd.NewRevokeCommand(),
 	}
 	app.Before = func(c *cli.Context) error {
-		cmd.InitDepot(c.String("depot-path"))
-		return nil
+		return cmd.InitDepot(c.String("depot-path"))
 	}
 
 	if err := app.Run(os.Args); err != nil {

cmd/init.go

@@ -131,6 +131,11 @@ func initAction(c *cli.Context) {
 	var key *pkix.Key
 	if c.IsSet("key") {
 		keyBytes, err := ioutil.ReadFile(c.String("key"))
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "Read Key error:", err)
+			os.Exit(1)
+		}
+
 		key, err = pkix.NewKeyFromPrivateKeyPEM(keyBytes)
 		if err != nil {
 			fmt.Fprintln(os.Stderr, "Read Key error:", err)
@@ -163,7 +168,7 @@ func initAction(c *cli.Context) {
 			fmt.Fprintln(os.Stderr, "Print CA certificate error:", err)
 			os.Exit(1)
 		} else {
-			fmt.Printf(string(crtBytes))
+			fmt.Println(string(crtBytes))
 		}
 	}
 

cmd/request_cert.go

@@ -157,6 +157,11 @@ func newCertAction(c *cli.Context) {
 	keyFilepath := fileName(c, "key", depotDir, formattedName, "key")
 	if c.IsSet("key") && fileExists(c.String("key")) {
 		keyBytes, err := ioutil.ReadFile(c.String("key"))
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "Read Key error:", err)
+			os.Exit(1)
+		}
+
 		key, err = pkix.NewKeyFromPrivateKeyPEM(keyBytes)
 		if err != nil {
 			fmt.Fprintln(os.Stderr, "Read Key error:", err)
@@ -191,7 +196,7 @@ func newCertAction(c *cli.Context) {
 			fmt.Fprintln(os.Stderr, "Print certificate request error:", err)
 			os.Exit(1)
 		} else {
-			fmt.Printf(string(csrBytes))
+			fmt.Println(string(csrBytes))
 		}
 	}
 

cmd/revoke_test.go

@@ -36,7 +36,9 @@ func TestRevokeCmd(t *testing.T) {
 	fs := flag.NewFlagSet("test", flag.ContinueOnError)
 	fs.String("CA", "", "")
 	fs.String("CN", "", "")
-	fs.Parse([]string{"-CA", "ca", "-CN", "cn"})
+	if err := fs.Parse([]string{"-CA", "ca", "-CN", "cn"}); err != nil {
+		t.Fatal("could not parse flags")
+	}
 
 	new(revokeCommand).run(cli.NewContext(nil, fs, nil))
 

cmd/sign.go

@@ -158,7 +158,7 @@ func newSignAction(c *cli.Context) {
 			fmt.Fprintln(os.Stderr, "Print certificate error:", err)
 			os.Exit(1)
 		} else {
-			fmt.Printf(string(crtBytes))
+			fmt.Println(string(crtBytes))
 		}
 	}
 

cmd/util.go

@@ -57,7 +57,7 @@ func createPassPhrase() ([]byte, error) {
 		return nil, err
 	}
 
-	if bytes.Compare(pass1, pass2) != 0 {
+	if !bytes.Equal(pass1, pass2) {
 		return nil, errors.New("Passphrases do not match.")
 	}
 	return pass1, nil

depot/depot.go

@@ -136,6 +136,7 @@ func (d *FileDepot) Delete(tag *Tag) error {
 func (d *FileDepot) List() []*Tag {
 	var tags = make([]*Tag, 0)
 
+	//nolint:errcheck
 	filepath.Walk(d.dirPath, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return nil

depot/depot_test.go

@@ -58,18 +58,20 @@ func TestDepotCRUD(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed getting file from Depot:", err)
 	}
-	if bytes.Compare(dataRead, []byte(data)) != 0 {
+	if !bytes.Equal(dataRead, []byte(data)) {
 		t.Fatal("Failed getting the previous data")
 	}
 
 	if err = d.Put(tag, []byte(data)); err == nil || !os.IsExist(err) {
 		t.Fatal("Expect not to put file into Depot:", err)
 	}
 
-	d.Delete(tag)
+	if err := d.Delete(tag); err != nil {
+		t.Fatal("Failed to delete a tag:", err)
+	}
 
 	if d.Check(tag) {
-		t.Fatal("Failed deleting file from Depot:", err)
+		t.Fatal("Expected the tag to be deleted")
 	}
 }
 
@@ -85,7 +87,9 @@ func TestDepotPutNil(t *testing.T) {
 		t.Fatal("Failed putting file into Depot:", err)
 	}
 
-	d.Delete(tag)
+	if err := d.Delete(tag); err != nil {
+		t.Fatal("Failed to delete a tag:", err)
+	}
 }
 
 func TestDepotCheckFailure(t *testing.T) {
@@ -104,7 +108,9 @@ func TestDepotCheckFailure(t *testing.T) {
 		t.Fatal("Expect not to checking out file with nonexist name")
 	}
 
-	d.Delete(tag)
+	if err := d.Delete(tag); err != nil {
+		t.Fatal("Failed to delete a tag:", err)
+	}
 }
 
 func TestDepotGetFailure(t *testing.T) {
@@ -123,7 +129,9 @@ func TestDepotGetFailure(t *testing.T) {
 		t.Fatal("Expect not to checking out file with nonexist name")
 	}
 
-	d.Delete(tag)
+	if err := d.Delete(tag); err != nil {
+		t.Fatal("Failed to delete a tag:", err)
+	}
 }
 
 func TestDepotList(t *testing.T) {
@@ -158,7 +166,7 @@ func TestDepotGetFile(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed getting file from Depot:", err)
 	}
-	if bytes.Compare(file.Data, []byte(data)) != 0 {
+	if !bytes.Equal(file.Data, []byte(data)) {
 		t.Fatal("Failed getting the previous data")
 	}
 

pkix/cert.go

@@ -87,9 +87,9 @@ func (c *Certificate) GetRawCertificate() (*x509.Certificate, error) {
 // GetExpirationDuration gets time duration before expiration
 func (c *Certificate) GetExpirationDuration() time.Duration {
 	if err := c.buildX509Certificate(); err != nil {
-		return time.Unix(0, 0).Sub(time.Now())
+		return time.Until(time.Unix(0, 0))
 	}
-	return c.crt.NotAfter.Sub(time.Now())
+	return time.Until(c.crt.NotAfter)
 }
 
 // CheckAuthority checks the authority of certificate against itself.

pkix/cert_test.go

@@ -112,7 +112,7 @@ func TestCertificateAuthority(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(certAuthPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(certAuthPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 }
@@ -153,7 +153,7 @@ func TestBadCertificate(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(badCertAuthPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(badCertAuthPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 }

pkix/crl_test.go

@@ -69,7 +69,7 @@ func TestCertificateRevocationList(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(crlPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(crlPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 }

pkix/csr.go

@@ -187,6 +187,8 @@ func checkSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm,
 		return x509.ErrUnsupportedAlgorithm
 	}
 	h := hashType.New()
+
+	// nolint:errcheck
 	h.Write(signed)
 	digest := h.Sum(nil)
 	switch pub := csr.PublicKey.(type) {

pkix/csr_test.go

@@ -115,7 +115,7 @@ func TestCertificateSigningRequest(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(csrPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(csrPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 }
@@ -134,7 +134,7 @@ func TestOldStyleCertificateSigningRequest(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(csrPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(csrPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 }

pkix/key_test.go

@@ -148,7 +148,7 @@ func TestRSAKeyExport(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(rsaPrivKeyAuthPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(rsaPrivKeyAuthPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 }
@@ -164,7 +164,7 @@ func TestRSAKeyExportEncrypted(t *testing.T) {
 	if err != nil {
 		t.Fatal("Failed exporting PEM-format bytes:", err)
 	}
-	if bytes.Compare(pemBytes, []byte(rsaPrivKeyAuthPEM)) != 0 {
+	if !bytes.Equal(pemBytes, []byte(rsaPrivKeyAuthPEM)) {
 		t.Fatal("Failed exporting the same PEM-format bytes")
 	}
 
@@ -189,7 +189,7 @@ func TestRSAKeyGenerateSubjectKeyID(t *testing.T) {
 		t.Fatal("Failed generating SubjectKeyId:", err)
 	}
 	correctID, _ := base64.StdEncoding.DecodeString(subjectKeyIDOfRSAPubKeyAuthBASE64)
-	if bytes.Compare(id, correctID) != 0 {
+	if !bytes.Equal(id, correctID) {
 		t.Fatal("Failed generating correct SubjectKeyId")
 	}
 }