upgrade to go 1.20.1 (#245)

* upgrade to go 1.20 Signed-off-by: cpanato <ctadeu@gmail.com> * update golangci-lint config and fix lints Signed-off-by: cpanato <ctadeu@gmail.com> * update rand generator Signed-off-by: cpanato <ctadeu@gmail.com> * update to use go1.20.1 Signed-off-by: cpanato <ctadeu@gmail.com> --------- Signed-off-by: cpanato <ctadeu@gmail.com>
sigstore · Mar 1, 2023 · 0ccecd6 · 0ccecd6
1 parent 5b0c16b
commit 0ccecd6
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 29 deletions.
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -95,5 +95,5 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0
         with:
-          version: v1.50
+          version: v1.51
           args: --timeout=5m --verbose
diff --git a/.golangci.yml b/.golangci.yml
@@ -15,26 +15,26 @@
 
 linters:
   enable:
-  - deadcode
-  - errcheck
-  - gofmt
-  - goimports
-  - gosec
-  - gocritic
-  - golint
-  - misspell
+    - errcheck
+    - gofmt
+    - goimports
+    - gosec
+    - gocritic
+    - misspell
+    - revive
+    - unused
 output:
   uniq-by-line: false
 issues:
   exclude-rules:
-  - path: _test\.go
-    linters:
-    - errcheck
-    - gosec
-  - path: pkg/signer/tink.go 
-    linters:
-    - staticcheck
-    text: SA1019
+    - path: _test\.go
+      linters:
+        - errcheck
+        - gosec
+    - path: pkg/signer/tink.go
+      linters:
+        - staticcheck
+      text: SA1019
   max-issues-per-linter: 0
   max-same-issues: 0
 run:

diff --git a/Dockerfile b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.19.5@sha256:bb9811fad43a7d6fd2173248d8331b2dcf5ac9af20976b1937ecd214c5b8c383 AS builder
+FROM golang:1.20.1@sha256:9911e9376e45de1ba865b16d878c0f7d063391fe4b7cedf39869874126741e62 AS builder
 ENV APP_ROOT=/opt/app-root
 ENV GOPATH=$APP_ROOT
 
@@ -29,7 +29,7 @@ RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/timestamp-server
 RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o timestamp-server_debug ./cmd/timestamp-server
 
 # Multi-Stage production build
-FROM golang:1.19.5@sha256:bb9811fad43a7d6fd2173248d8331b2dcf5ac9af20976b1937ecd214c5b8c383  as deploy
+FROM golang:1.20.1@sha256:9911e9376e45de1ba865b16d878c0f7d063391fe4b7cedf39869874126741e62 as deploy
 
 # Retrieve the binary from the previous stage
 COPY --from=builder /opt/app-root/src/timestamp-server /usr/local/bin/timestamp-server

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/sigstore/timestamp-authority
 
-go 1.19
+go 1.20
 
 require (
 	cloud.google.com/go/security v1.12.0

diff --git a/pkg/ntpmonitor/ntpmonitor.go b/pkg/ntpmonitor/ntpmonitor.go
@@ -18,6 +18,7 @@ package ntpmonitor
 import (
 	"errors"
 	"fmt"
+	"math/rand"
 	"sync/atomic"
 	"time"
 
@@ -151,9 +152,12 @@ func (n *NTPMonitor) Start() {
 
 	delta := time.Duration(n.cfg.MaxTimeDelta) * time.Second
 	log.Logger.Info("ntp monitoring starting")
+
+	//nolint:gosec
+	r := rand.New(rand.NewSource(time.Now().UTC().UnixNano())) // initialize local pseudorandom generator //nolint:gosec
+
 	for n.run.Load() {
-		// Get a random set of servers
-		servers := RandomChoice(n.cfg.Servers, n.cfg.NumServers)
+		servers := RandomChoice(n.cfg.Servers, n.cfg.NumServers, r)
 		responses := n.queryServers(delta, servers)
 
 		// Did enough NTP servers respond?

diff --git a/pkg/ntpmonitor/randomchoice.go b/pkg/ntpmonitor/randomchoice.go
@@ -22,7 +22,7 @@ import (
 // RandomChoice returns a random selection of n items from the slice s.
 // The choice is made using a PSEUDO RANDOM selection.
 // If n is greater than len(s), an empty slice is returned.
-func RandomChoice[T any](s []T, n int) []T {
+func RandomChoice[T any](s []T, n int, r *rand.Rand) []T {
 	if n > len(s) || n < 1 {
 		return []T{}
 	}
@@ -41,7 +41,7 @@ func RandomChoice[T any](s []T, n int) []T {
 		// The use of deterministic (pseudo) random generators are
 		// ok for this use-case.
 		//nolint:gosec
-		i := rand.Intn(len(indices))
+		i := r.Intn(len(indices))
 
 		result = append(result, s[indices[i]])
 		if len(result) == n {

diff --git a/pkg/ntpmonitor/randomchoice_test.go b/pkg/ntpmonitor/randomchoice_test.go
@@ -53,8 +53,9 @@ func TestEmptySelection(t *testing.T) {
 		},
 	}
 
+	r := rand.New(rand.NewSource(seed)) // initialize local pseudorandom generator
 	for _, c := range cases {
-		got := RandomChoice(c.input, c.n)
+		got := RandomChoice(c.input, c.n, r)
 		if len(got) != 0 {
 			t.Fail()
 		}
@@ -84,11 +85,10 @@ func TestSelection(t *testing.T) {
 		},
 	}
 
-	// Math.rand is deterministic based on a given seed
-	rand.Seed(seed)
+	r := rand.New(rand.NewSource(seed)) // initialize local pseudorandom generator
 
 	for _, c := range cases {
-		got := RandomChoice(c.input, c.n)
+		got := RandomChoice(c.input, c.n, r)
 		if len(got) != len(c.want) {
 			t.Fail()
 		}

diff --git a/pkg/verification/verify_test.go b/pkg/verification/verify_test.go
@@ -545,7 +545,7 @@ func TestVerifyTSRWithChain(t *testing.T) {
 	root := certChain[2]
 
 	// invalidate the intermediate certificate
-	var invalidIntermediate x509.Certificate = *certChain[1]
+	var invalidIntermediate = *certChain[1]
 	invalidIntermediate.RawIssuer = nil
 	invalidIntermediate.Issuer = pkix.Name{}