Modernize go dev environment (home-assistant#162)

* Use bookworm as dev container * Use %w (wrapping format verb) for errors This allows to enable errorlint. * Avoid deprecated io/ioutil * Disable gosec linter The cmdline.txt is a system configuration, those are typically readable on a Linux system. The file is on a FAT partition anyways, so the file permissions are mandated by mount options anyways. * Use Go version 1.19 by default * Enable bugs linters Enable the preset bugs plus enable the default ones which are not part of the bugs preset explicitly.
jethub-homeassistant · Sep 4, 2023 · 592c913 · 592c913
1 parent 6bb69c1
commit 592c913
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 419 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,5 +1,5 @@
 # [Choice] Go version: 1, 1.15, 1.14
-ARG VARIANT=1-bullseye
+ARG VARIANT=1-bookworm
 FROM mcr.microsoft.com/vscode/devcontainers/go:${VARIANT}
 
 # [Option] Install Node.js

diff --git a/.golangci.yaml b/.golangci.yaml
@@ -0,0 +1,7 @@
+linters:
+  presets:
+    - bugs
+  enable:
+    - gosimple
+    - ineffassign
+    - unused
diff --git a/apparmor/apparmor.go b/apparmor/apparmor.go
@@ -47,7 +47,7 @@ func (d apparmor) LoadProfile(profilePath string, cachePath string) (bool, *dbus
 	cmd := exec.Command(appArmorParserCmd, "--replace", "--write-cache", "--cache-loc", cachePath, profilePath)
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return false, dbus.MakeFailedError(fmt.Errorf("Can't load profile '%s': %s", profilePath, err))
+		return false, dbus.MakeFailedError(fmt.Errorf("Can't load profile '%s': %w", profilePath, err))
 	}
 
 	logging.Info.Printf("Load profile '%s': %s", profilePath, out)
@@ -61,7 +61,7 @@ func (d apparmor) UnloadProfile(profilePath string, cachePath string) (bool, *db
 
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return false, dbus.MakeFailedError(fmt.Errorf("Can't unload profile '%s': %s", profilePath, err))
+		return false, dbus.MakeFailedError(fmt.Errorf("Can't unload profile '%s': %w", profilePath, err))
 	}
 
 	logging.Info.Printf("Unload profile '%s': %s", profilePath, out)

diff --git a/cgroup/cgroup.go b/cgroup/cgroup.go
@@ -39,7 +39,7 @@ func (d cgroup) AddDevicesAllowed(containerID string, permission string) (bool,
 		permissions := []string{permission}
 		resources, err := CreateDeviceUpdateResources(permissions)
 		if err != nil {
-			error := fmt.Errorf("Error creating device resources for '%s': %s", containerID, err)
+			error := fmt.Errorf("Error creating device resources for '%s': %w", containerID, err)
 			logging.Error.Printf("%s", error)
 			return false, dbus.MakeFailedError(error)
 		}
@@ -49,22 +49,22 @@ func (d cgroup) AddDevicesAllowed(containerID string, permission string) (bool,
 		// Pass resources as OCI LinuxResources JSON object
 		stdin, err := cmd.StdinPipe()
 		if err != nil {
-			error := fmt.Errorf("Error creating stdin pipe for '%s': %s", containerID, err)
+			error := fmt.Errorf("Error creating stdin pipe for '%s': %w", containerID, err)
 			logging.Error.Printf("%s", error)
 			return false, dbus.MakeFailedError(error)
 		}
 		enc := json.NewEncoder(stdin)
 		err = enc.Encode(resources)
 		if err != nil {
-			error := fmt.Errorf("Error encoding JSON for '%s': %s", containerID, err)
+			error := fmt.Errorf("Error encoding JSON for '%s': %w", containerID, err)
 			logging.Error.Printf("%s", error)
 			return false, dbus.MakeFailedError(error)
 		}
 		stdin.Close()
 
 		stdoutStderr, err := cmd.CombinedOutput()
 		if err != nil {
-			error := fmt.Errorf("Error calling runc for '%s': %s, output %s", containerID, err, stdoutStderr)
+			error := fmt.Errorf("Error calling runc for '%s': %w, output %s", containerID, err, stdoutStderr)
 			logging.Error.Printf("%s", error)
 			return false, dbus.MakeFailedError(error)
 		} else {
@@ -77,7 +77,7 @@ func (d cgroup) AddDevicesAllowed(containerID string, permission string) (bool,
 		// Make sure path is relative to cgroupFSDockerDevices
 		allowedFile, err := securejoin.SecureJoin(cgroupFSDockerDevices, containerID+string(filepath.Separator)+"devices.allow")
 		if err != nil {
-			return false, dbus.MakeFailedError(fmt.Errorf("Security issues with '%s': %s", containerID, err))
+			return false, dbus.MakeFailedError(fmt.Errorf("Security issues with '%s': %w", containerID, err))
 		}
 
 		// Check if file/container exists
@@ -89,13 +89,13 @@ func (d cgroup) AddDevicesAllowed(containerID string, permission string) (bool,
 		// Write permission adjustments
 		file, err := os.Create(allowedFile)
 		if err != nil {
-			return false, dbus.MakeFailedError(fmt.Errorf("Can't open CGroup devices '%s': %s", allowedFile, err))
+			return false, dbus.MakeFailedError(fmt.Errorf("Can't open CGroup devices '%s': %w", allowedFile, err))
 		}
 		defer file.Close()
 
 		_, err = file.WriteString(permission + "\n")
 		if err != nil {
-			return false, dbus.MakeFailedError(fmt.Errorf("Can't write CGroup permission '%s': %s", permission, err))
+			return false, dbus.MakeFailedError(fmt.Errorf("Can't write CGroup permission '%s': %w", permission, err))
 		}
 
 		logging.Info.Printf("Permission '%s', granted for Container '%s' via CGroup devices.allow", permission, containerID)

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/home-assistant/os-agent
 
-go 1.15
+go 1.19
 
 require (
 	github.com/coreos/go-systemd/v22 v22.5.0
@@ -11,3 +11,8 @@ require (
 	github.com/natefinch/atomic v1.0.1
 	github.com/opencontainers/runtime-spec v1.1.0
 )
+
+require (
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+)