Merge pull request #82 from joemiller/joem/lint-fixes

chore: go and goreleaser lint fixes

Author: joemiller

.goreleaser.yml

@@ -1,3 +1,5 @@
+version: 2
+
 project_name: yk-attest-verify
 
 builds:
@@ -30,7 +32,7 @@ builds:
 archives:
   # binary-only releases - all platforms
   - id: binaries
-    format: binary
+    formats: [binary]
     name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
   # archive releases containing: binary, readme, and license. tarballs (macos, linux), zip (windows)
   - id: archives
@@ -42,7 +44,7 @@ archives:
       {{- else }}{{ .Arch }}{{ end }}
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [zip]
 
 checksum:
   name_template: "checksums.txt"
@@ -74,6 +76,8 @@ brews:
     homepage: "https://github.com/joemiller/yk-attest-verify"
     description: "Validate and enforce policy on YubiKey PIV and OpenPGP attestation certificates"
 
+# dockers section temporarily kept - dockers_v2 migration pending
+# TODO: migrate to dockers_v2 once structure is confirmed
 dockers:
   # primary docker image for amd64 arch
   - dockerfile: Dockerfile

cmd/helpers.go

@@ -78,6 +78,6 @@ func (o *result) PrintResultJSON(attestation interface{}) error {
 	if err != nil {
 		return err
 	}
-	fmt.Fprintf(o.Cmd.OutOrStdout(), "%s\n", data)
+	fmt.Fprintf(o.Cmd.OutOrStdout(), "%s\n", data) //nolint:errcheck
 	return nil
 }

cmd/pgp.go

@@ -100,11 +100,11 @@ func pgpVerify(cmd *cobra.Command, args []string) error {
 	if sshPubKeyFile != "" {
 		pubkeyraw, err := os.ReadFile(sshPubKeyFile)
 		if err != nil {
-			return fmt.Errorf("Error reading SSH pub key %s: %w", sshPubKeyFile, err)
+			return fmt.Errorf("error reading SSH pub key %s: %w", sshPubKeyFile, err)
 		}
 		sshPubKey, _, _, _, err = ssh.ParseAuthorizedKey(pubkeyraw)
 		if err != nil {
-			return fmt.Errorf("Error parsing SSH pub key %s: %w", sshPubKeyFile, err)
+			return fmt.Errorf("error parsing SSH pub key %s: %w", sshPubKeyFile, err)
 		}
 	}
 
@@ -226,14 +226,14 @@ func pgpVerify(cmd *cobra.Command, args []string) error {
 }
 
 func printPGPAttestation(w io.Writer, attestation *pgp.Attestation) {
-	fmt.Fprintln(w, "YubiKey OPGP Attestation:")
-	fmt.Fprintf(w, " - Generation Date: %s\n", attestation.GenerationDate)
-	fmt.Fprintf(w, " - Cardholder     : %s\n", attestation.Cardholder)
-	fmt.Fprintf(w, " - Key slot       : %s\n", attestation.Slot)
-	fmt.Fprintf(w, " - Key source     : %s\n", attestation.Keysource)
-	fmt.Fprintf(w, " - Key fingerprint: %s\n", attestation.Fingerprint)
-	fmt.Fprintf(w, " - YubiKey Version: v%d.%d.%d\n", attestation.Version.Major, attestation.Version.Minor, attestation.Version.Patch)
-	fmt.Fprintf(w, " - Serial #       : %d\n", attestation.Serial)
-	fmt.Fprintf(w, " - Formfactor     : %s\n", attestation.Formfactor)
-	fmt.Fprintf(w, " - Touch Policy   : %s\n", attestation.TouchPolicy)
+	fmt.Fprintln(w, "YubiKey OPGP Attestation:")                                                                                       //nolint:errcheck
+	fmt.Fprintf(w, " - Generation Date: %s\n", attestation.GenerationDate)                                                             //nolint:errcheck
+	fmt.Fprintf(w, " - Cardholder     : %s\n", attestation.Cardholder)                                                                 //nolint:errcheck
+	fmt.Fprintf(w, " - Key slot       : %s\n", attestation.Slot)                                                                       //nolint:errcheck
+	fmt.Fprintf(w, " - Key source     : %s\n", attestation.Keysource)                                                                  //nolint:errcheck
+	fmt.Fprintf(w, " - Key fingerprint: %s\n", attestation.Fingerprint)                                                                //nolint:errcheck
+	fmt.Fprintf(w, " - YubiKey Version: v%d.%d.%d\n", attestation.Version.Major, attestation.Version.Minor, attestation.Version.Patch) //nolint:errcheck
+	fmt.Fprintf(w, " - Serial #       : %d\n", attestation.Serial)                                                                     //nolint:errcheck
+	fmt.Fprintf(w, " - Formfactor     : %s\n", attestation.Formfactor)                                                                 //nolint:errcheck
+	fmt.Fprintf(w, " - Touch Policy   : %s\n", attestation.TouchPolicy)                                                                //nolint:errcheck
 }

cmd/piv.go

@@ -94,11 +94,11 @@ func pivVerify(cmd *cobra.Command, args []string) error {
 	if sshPubKeyFile != "" {
 		pubkeyraw, err := os.ReadFile(sshPubKeyFile)
 		if err != nil {
-			return fmt.Errorf("Error reading SSH pub key %s: %w", sshPubKeyFile, err)
+			return fmt.Errorf("error reading SSH pub key %s: %w", sshPubKeyFile, err)
 		}
 		sshPubKey, _, _, _, err = ssh.ParseAuthorizedKey(pubkeyraw)
 		if err != nil {
-			return fmt.Errorf("Error parsing SSH pub key %s: %w", sshPubKeyFile, err)
+			return fmt.Errorf("error parsing SSH pub key %s: %w", sshPubKeyFile, err)
 		}
 	}
 
@@ -212,11 +212,11 @@ func pivVerify(cmd *cobra.Command, args []string) error {
 }
 
 func printPIVAttestation(w io.Writer, attestation *piv.Attestation) {
-	fmt.Fprintln(w, "YubiKey PIV Attestation:")
-	fmt.Fprintf(w, " - Key slot       : %s\n", attestation.Slot)
-	fmt.Fprintf(w, " - YubiKey Version: v%d.%d.%d\n", attestation.Version.Major, attestation.Version.Minor, attestation.Version.Patch)
-	fmt.Fprintf(w, " - Serial #       : %d\n", attestation.Serial)
-	fmt.Fprintf(w, " - Formfactor     : %s\n", attestation.Formfactor)
-	fmt.Fprintf(w, " - PIN Policy     : %s\n", attestation.PINPolicy)
-	fmt.Fprintf(w, " - Touch Policy   : %s\n", attestation.TouchPolicy)
+	fmt.Fprintln(w, "YubiKey PIV Attestation:")                                                                                        //nolint:errcheck
+	fmt.Fprintf(w, " - Key slot       : %s\n", attestation.Slot)                                                                       //nolint:errcheck
+	fmt.Fprintf(w, " - YubiKey Version: v%d.%d.%d\n", attestation.Version.Major, attestation.Version.Minor, attestation.Version.Patch) //nolint:errcheck
+	fmt.Fprintf(w, " - Serial #       : %d\n", attestation.Serial)                                                                     //nolint:errcheck
+	fmt.Fprintf(w, " - Formfactor     : %s\n", attestation.Formfactor)                                                                 //nolint:errcheck
+	fmt.Fprintf(w, " - PIN Policy     : %s\n", attestation.PINPolicy)                                                                  //nolint:errcheck
+	fmt.Fprintf(w, " - Touch Policy   : %s\n", attestation.TouchPolicy)                                                                //nolint:errcheck
 }

pkg/pgp/attestation.go

@@ -106,7 +106,8 @@ func (f Formfactor) MarshalJSON() ([]byte, error) {
 type TouchPolicy int
 
 // Touch policies supported by this package.
-//     $ ykman openpgp set-touch
+//
+//	$ ykman openpgp set-touch
 const (
 	TouchPolicyDisabled        TouchPolicy = iota // No touch required
 	TouchPolicyEnabled                            // Touch required
@@ -302,8 +303,9 @@ func (a *Attestation) addExt(e pkix.Extension) error {
 
 // parseSlot parses the common-name from the attestation cert's subject. The format
 // is described in: https://developers.yubico.com/PGP/Attestation.html -
-//     Subject will be the string "YubiKey OPGP Attestation " with the
-//     attested slot appended ("SIG", "DEC", or "AUT")
+//
+//	Subject will be the string "YubiKey OPGP Attestation " with the
+//	attested slot appended ("SIG", "DEC", or "AUT")
 func parseSlot(subject string) (Slot, error) {
 	if len(subject) < 3 {
 		return Slot(""), fmt.Errorf("subject less than 3 chars, unable to determine slot")
@@ -318,5 +320,5 @@ func parseSlot(subject string) (Slot, error) {
 	case "AUT":
 		return SlotAuthenticate, nil
 	}
-	return Slot(""), fmt.Errorf("Unknown slot '%v'", slot)
+	return Slot(""), fmt.Errorf("unknown slot '%v'", slot)
 }

pkg/pgp/verify.go

@@ -22,12 +22,11 @@ type Policy struct {
 // `ykman openpgp attest` command. The AttestSignerCert used to sign the attestation cert (signer)
 // can be exported from the Yubikey using the `ykman openpgp export-certificate ATT`:
 //
-//    # create an attestation cert covering the key in the authentication (AUT) key slot
-//     ykman openpgp attest AUT attest.pem
-//
-//    # export the attestation (ATT) singer cert used to sign the cert above.
-//    ykman openpgp attest AUT signer.pem
+//	# create an attestation cert covering the key in the authentication (AUT) key slot
+//	 ykman openpgp attest AUT attest.pem
 //
+//	# export the attestation (ATT) singer cert used to sign the cert above.
+//	ykman openpgp attest AUT signer.pem
 type VerificationRequest struct {
 	AttestCert       *x509.Certificate
 	AttestSignerCert *x509.Certificate
@@ -40,7 +39,8 @@ type VerificationErrors []error
 // Error implements the error interface for VerificationErrors and returns a
 // summary of the error messages. To inspect the list of errors individually you
 // would cast the err to VerificationError and inspect the list.
-//    errs := err.(VerificationErrors)
+//
+//	errs := err.(VerificationErrors)
 func (ve VerificationErrors) Error() string {
 	if len(ve) == 0 {
 		return ""
@@ -108,7 +108,7 @@ verifyCert:
 
 	attestation, err := ParseAttestation(req.AttestCert)
 	if err != nil {
-		errs = append(errs, fmt.Errorf("Unable to parse attestation cert: %v", err))
+		errs = append(errs, fmt.Errorf("unable to parse attestation cert: %v", err))
 		return nil, errs
 	}
 

pkg/piv/attestation.go

@@ -40,13 +40,14 @@ var (
 type Slot string
 
 // Slot represents the YubiKey card slot that is covered by the attestation.
-//     $ yubico-piv-tool -h
-//       9a is for PIV Authentication
-//       9c is for Digital Signature (PIN always checked)
-//       9d is for Key Management
-//       9e is for Card Authentication (PIN never checked)
-//       82-95 is for Retired Key Management
-//       f9 is for Attestation
+//
+//	$ yubico-piv-tool -h
+//	  9a is for PIV Authentication
+//	  9c is for Digital Signature (PIN always checked)
+//	  9d is for Key Management
+//	  9e is for Card Authentication (PIN never checked)
+//	  82-95 is for Retired Key Management
+//	  f9 is for Attestation
 const (
 	SlotAuthenticate  = Slot("9a")
 	SlotSignature     = Slot("9c")
@@ -282,8 +283,9 @@ func (a *Attestation) addExt(e pkix.Extension) error {
 
 // parseSlot parses the common-name from the attestation cert's subject. The format
 // is described in: https://developers.yubico.com/PIV/Introduction/PIV_attestation.html
-//     Subject will be the string "YubiKey PIV Attestation " with the
-//     attested slot appended.
+//
+//	Subject will be the string "YubiKey PIV Attestation " with the
+//	attested slot appended.
 func parseSlot(subject string) (Slot, error) {
 	if len(subject) < 2 {
 		return Slot(""), fmt.Errorf("subject less than 2 chars, unable to determine slot")
@@ -300,5 +302,5 @@ func parseSlot(subject string) (Slot, error) {
 	case "9e":
 		return SlotKeyCardAuth, nil
 	}
-	return Slot(""), fmt.Errorf("Unknown slot '%v'", slot)
+	return Slot(""), fmt.Errorf("unknown slot '%v'", slot)
 }

pkg/piv/verify.go

@@ -41,12 +41,11 @@ type Policy struct {
 //
 // Attestation (AttestCert) certs can be generated with the `yubico-piv-tool` utility
 //
-//    # generate an attestation cert against the 9a slot:
-//     yubico-piv-tool --action=attest --slot=9a >piv-attest.pem
-//
-//    # export the signer cert:
-//     yubico-piv-tool --action=read-certificate --slot=f9 >piv-attestation-signer.pem
+//	# generate an attestation cert against the 9a slot:
+//	 yubico-piv-tool --action=attest --slot=9a >piv-attest.pem
 //
+//	# export the signer cert:
+//	 yubico-piv-tool --action=read-certificate --slot=f9 >piv-attestation-signer.pem
 type VerificationRequest struct {
 	AttestCert       *x509.Certificate
 	AttestSignerCert *x509.Certificate
@@ -59,7 +58,8 @@ type VerificationErrors []error
 // Error implements the error interface for VerificationErrors and returns a
 // summary of the error messages. To inspect the list of errors individually you
 // would cast the err to VerificationError and inspect the list.
-//    errs := err.(VerificationErrors)
+//
+//	errs := err.(VerificationErrors)
 func (ve VerificationErrors) Error() string {
 	if len(ve) == 0 {
 		return ""
@@ -126,7 +126,7 @@ verifyCert:
 
 	attestation, err := ParseAttestation(req.AttestCert)
 	if err != nil {
-		errs = append(errs, fmt.Errorf("Unable to parse attestation cert: %v", err))
+		errs = append(errs, fmt.Errorf("unable to parse attestation cert: %v", err))
 		return nil, errs
 	}