From 0ccecd6eae26d17e25188fdd820c28bd4379a60d Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Wed, 1 Mar 2023 15:51:42 -0500 Subject: [PATCH] upgrade to go 1.20.1 (#245) * upgrade to go 1.20 Signed-off-by: cpanato * update golangci-lint config and fix lints Signed-off-by: cpanato * update rand generator Signed-off-by: cpanato * update to use go1.20.1 Signed-off-by: cpanato --------- Signed-off-by: cpanato --- .github/workflows/tests.yaml | 2 +- .golangci.yml | 32 ++++++++++++++--------------- Dockerfile | 4 ++-- go.mod | 2 +- pkg/ntpmonitor/ntpmonitor.go | 8 ++++++-- pkg/ntpmonitor/randomchoice.go | 4 ++-- pkg/ntpmonitor/randomchoice_test.go | 8 ++++---- pkg/verification/verify_test.go | 2 +- 8 files changed, 33 insertions(+), 29 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index ccc789b2..8970f8ac 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -95,5 +95,5 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 with: - version: v1.50 + version: v1.51 args: --timeout=5m --verbose diff --git a/.golangci.yml b/.golangci.yml index 21fea43a..81f3d0f7 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -15,26 +15,26 @@ linters: enable: - - deadcode - - errcheck - - gofmt - - goimports - - gosec - - gocritic - - golint - - misspell + - errcheck + - gofmt + - goimports + - gosec + - gocritic + - misspell + - revive + - unused output: uniq-by-line: false issues: exclude-rules: - - path: _test\.go - linters: - - errcheck - - gosec - - path: pkg/signer/tink.go - linters: - - staticcheck - text: SA1019 + - path: _test\.go + linters: + - errcheck + - gosec + - path: pkg/signer/tink.go + linters: + - staticcheck + text: SA1019 max-issues-per-linter: 0 max-same-issues: 0 run: diff --git a/Dockerfile b/Dockerfile index a37fce31..d12195af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.19.5@sha256:bb9811fad43a7d6fd2173248d8331b2dcf5ac9af20976b1937ecd214c5b8c383 AS builder +FROM golang:1.20.1@sha256:9911e9376e45de1ba865b16d878c0f7d063391fe4b7cedf39869874126741e62 AS builder ENV APP_ROOT=/opt/app-root ENV GOPATH=$APP_ROOT @@ -29,7 +29,7 @@ RUN go build -ldflags "${SERVER_LDFLAGS}" ./cmd/timestamp-server RUN CGO_ENABLED=0 go build -gcflags "all=-N -l" -ldflags "${SERVER_LDFLAGS}" -o timestamp-server_debug ./cmd/timestamp-server # Multi-Stage production build -FROM golang:1.19.5@sha256:bb9811fad43a7d6fd2173248d8331b2dcf5ac9af20976b1937ecd214c5b8c383 as deploy +FROM golang:1.20.1@sha256:9911e9376e45de1ba865b16d878c0f7d063391fe4b7cedf39869874126741e62 as deploy # Retrieve the binary from the previous stage COPY --from=builder /opt/app-root/src/timestamp-server /usr/local/bin/timestamp-server diff --git a/go.mod b/go.mod index cbd77639..60824c5d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/timestamp-authority -go 1.19 +go 1.20 require ( cloud.google.com/go/security v1.12.0 diff --git a/pkg/ntpmonitor/ntpmonitor.go b/pkg/ntpmonitor/ntpmonitor.go index 8ee945cf..3c253511 100644 --- a/pkg/ntpmonitor/ntpmonitor.go +++ b/pkg/ntpmonitor/ntpmonitor.go @@ -18,6 +18,7 @@ package ntpmonitor import ( "errors" "fmt" + "math/rand" "sync/atomic" "time" @@ -151,9 +152,12 @@ func (n *NTPMonitor) Start() { delta := time.Duration(n.cfg.MaxTimeDelta) * time.Second log.Logger.Info("ntp monitoring starting") + + //nolint:gosec + r := rand.New(rand.NewSource(time.Now().UTC().UnixNano())) // initialize local pseudorandom generator //nolint:gosec + for n.run.Load() { - // Get a random set of servers - servers := RandomChoice(n.cfg.Servers, n.cfg.NumServers) + servers := RandomChoice(n.cfg.Servers, n.cfg.NumServers, r) responses := n.queryServers(delta, servers) // Did enough NTP servers respond? diff --git a/pkg/ntpmonitor/randomchoice.go b/pkg/ntpmonitor/randomchoice.go index 9fa80d50..a2a7db93 100644 --- a/pkg/ntpmonitor/randomchoice.go +++ b/pkg/ntpmonitor/randomchoice.go @@ -22,7 +22,7 @@ import ( // RandomChoice returns a random selection of n items from the slice s. // The choice is made using a PSEUDO RANDOM selection. // If n is greater than len(s), an empty slice is returned. -func RandomChoice[T any](s []T, n int) []T { +func RandomChoice[T any](s []T, n int, r *rand.Rand) []T { if n > len(s) || n < 1 { return []T{} } @@ -41,7 +41,7 @@ func RandomChoice[T any](s []T, n int) []T { // The use of deterministic (pseudo) random generators are // ok for this use-case. //nolint:gosec - i := rand.Intn(len(indices)) + i := r.Intn(len(indices)) result = append(result, s[indices[i]]) if len(result) == n { diff --git a/pkg/ntpmonitor/randomchoice_test.go b/pkg/ntpmonitor/randomchoice_test.go index 5e75c324..670a2df5 100644 --- a/pkg/ntpmonitor/randomchoice_test.go +++ b/pkg/ntpmonitor/randomchoice_test.go @@ -53,8 +53,9 @@ func TestEmptySelection(t *testing.T) { }, } + r := rand.New(rand.NewSource(seed)) // initialize local pseudorandom generator for _, c := range cases { - got := RandomChoice(c.input, c.n) + got := RandomChoice(c.input, c.n, r) if len(got) != 0 { t.Fail() } @@ -84,11 +85,10 @@ func TestSelection(t *testing.T) { }, } - // Math.rand is deterministic based on a given seed - rand.Seed(seed) + r := rand.New(rand.NewSource(seed)) // initialize local pseudorandom generator for _, c := range cases { - got := RandomChoice(c.input, c.n) + got := RandomChoice(c.input, c.n, r) if len(got) != len(c.want) { t.Fail() } diff --git a/pkg/verification/verify_test.go b/pkg/verification/verify_test.go index ccfd749c..ceb9879a 100644 --- a/pkg/verification/verify_test.go +++ b/pkg/verification/verify_test.go @@ -545,7 +545,7 @@ func TestVerifyTSRWithChain(t *testing.T) { root := certChain[2] // invalidate the intermediate certificate - var invalidIntermediate x509.Certificate = *certChain[1] + var invalidIntermediate = *certChain[1] invalidIntermediate.RawIssuer = nil invalidIntermediate.Issuer = pkix.Name{}