Gofumpt the code

gofumpt is a stricter version of gofmt, basically making the code more readable, and fixing the gocritic's octalLiterar warnings like this one: pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic) return (perm & 0722) == 0700 ^ Generated by gofumpt -w . Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-04-09 16:48:37 -07:00 · 2022-04-09 16:48:37 -07:00 · b951b72412
parent 1c0a796d9a
commit b951b72412
50 changed files with 77 additions and 140 deletions
--- a/common/cmd/seccomp/generate.go
+++ b/common/cmd/seccomp/generate.go
@ -27,7 +27,7 @@ func main() {
 		panic(err)
 	}
-	if err := ioutil.WriteFile(f, b, 0644); err != nil {
+	if err := ioutil.WriteFile(f, b, 0o644); err != nil {
 		panic(err)
 	}
 }
--- a/common/libimage/copier.go
+++ b/common/libimage/copier.go
@ -147,15 +147,13 @@ type copier struct {
 	destinationLookup LookupReferenceFunc
 }
-var (
+// storageAllowedPolicyScopes overrides the policy for local storage
-	// storageAllowedPolicyScopes overrides the policy for local storage
+// to ensure that we can read images from it.
-	// to ensure that we can read images from it.
+var storageAllowedPolicyScopes = signature.PolicyTransportScopes{
-	storageAllowedPolicyScopes = signature.PolicyTransportScopes{
+	"": []signature.PolicyRequirement{
-		"": []signature.PolicyRequirement{
+		signature.NewPRInsecureAcceptAnything(),
-			signature.NewPRInsecureAcceptAnything(),
+	},
-		},
+}
 	}
 )
 // getDockerAuthConfig extracts a docker auth config from the CopyOptions.  Returns
 // nil if no credentials are set.
--- a/common/libimage/image_config.go
+++ b/common/libimage/image_config.go
@ -95,9 +95,7 @@ func ImageConfigFromChanges(changes []string) (*ImageConfig, error) { // nolint:
 			// For now: we only support key=value
 			// We will attempt to strip quotation marks if present.
-			var (
+			var key, val string
 				key, val string
 			)
 			splitEnv := strings.SplitN(value, "=", 2)
 			key = splitEnv[0]
--- a/common/libimage/inspect.go
+++ b/common/libimage/inspect.go
@ -213,7 +213,6 @@ func (i *Image) inspectInfo(ctx context.Context) (*types.ImageInspectInfo, error
 	ref, err := i.StorageReference()
 	if err != nil {
 		return nil, err
 	}
--- a/common/libimage/manifest_list_test.go
+++ b/common/libimage/manifest_list_test.go
@ -42,7 +42,6 @@ func TestCreateManifestList(t *testing.T) {
 // Following test ensure that `Tag` tags the manifest list instead of resolved image.
 // Both the tags should point to same image id
 func TestCreateAndTagManifestList(t *testing.T) {
 	tagName := "testlisttagged"
 	listName := "testlist"
 	runtime, cleanup := testNewRuntime(t)
@ -80,7 +79,6 @@ func TestCreateAndTagManifestList(t *testing.T) {
 // Test tags two manifestlist and deletes one of them and
 // confirms if other one is not deleted.
 func TestCreateAndRemoveManifestList(t *testing.T) {
 	tagName := "manifestlisttagged"
 	listName := "manifestlist"
 	runtime, cleanup := testNewRuntime(t)
@ -113,5 +111,4 @@ func TestCreateAndRemoveManifestList(t *testing.T) {
 	// output should contain log of untagging the original manifestlist
 	require.True(t, rmReports[0].Removed)
 	require.Equal(t, []string{"localhost/manifestlist:latest"}, rmReports[0].Untagged)
 }
--- a/common/libimage/manifests/copy.go
+++ b/common/libimage/manifests/copy.go
@ -4,12 +4,10 @@ import (
 	"github.com/containers/image/v5/signature"
 )
-var (
+// storageAllowedPolicyScopes overrides the policy for local storage
-	// storageAllowedPolicyScopes overrides the policy for local storage
+// to ensure that we can read images from it.
-	// to ensure that we can read images from it.
+var storageAllowedPolicyScopes = signature.PolicyTransportScopes{
-	storageAllowedPolicyScopes = signature.PolicyTransportScopes{
+	"": []signature.PolicyRequirement{
-		"": []signature.PolicyRequirement{
+		signature.NewPRInsecureAcceptAnything(),
-			signature.NewPRInsecureAcceptAnything(),
+	},
-		},
+}
 	}
 )
--- a/common/libimage/pull_test.go
+++ b/common/libimage/pull_test.go
@ -185,7 +185,6 @@ func TestPullPolicy(t *testing.T) {
 	pulledImages, err = runtime.Pull(ctx, "alpine", config.PullPolicyNever, pullOptions)
 	require.NoError(t, err, "Never pull different arch alpine")
 	require.NotNil(t, pulledImages, "lookup alpine")
 }
 func TestShortNameAndIDconflict(t *testing.T) {
--- a/common/libimage/save.go
+++ b/common/libimage/save.go
@ -68,7 +68,6 @@ func (r *Runtime) Save(ctx context.Context, names []string, format, path string,
 	}
 	return errors.Errorf("unsupported format %q for saving images", format)
 }
 // saveSingleImage saves the specified image name to the specified path.
--- a/common/libnetwork/cni/cni_conversion.go
+++ b/common/libnetwork/cni/cni_conversion.go
@ -316,7 +316,7 @@ func (n *cniNetwork) createCNIConfigListFromNetwork(network *types.Network, writ
 	cniPathName := ""
 	if writeToDisk {
 		cniPathName = filepath.Join(n.cniConfigDir, network.Name+".conflist")
-		err = ioutil.WriteFile(cniPathName, b, 0644)
+		err = ioutil.WriteFile(cniPathName, b, 0o644)
 		if err != nil {
 			return nil, "", err
 		}
--- a/common/libnetwork/cni/config_test.go
+++ b/common/libnetwork/cni/config_test.go
@ -31,7 +31,6 @@ var _ = Describe("Config", func() {
 		cniConfDir, err = ioutil.TempDir("", "podman_cni_test")
 		if err != nil {
 			Fail("Failed to create tmpdir")
 		}
 		logBuffer = bytes.Buffer{}
 		logrus.SetOutput(&logBuffer)
@ -52,7 +51,6 @@ var _ = Describe("Config", func() {
 	})
 	Context("basic network config tests", func() {
 		It("check default network config exists", func() {
 			networks, err := libpodNet.NetworkList()
 			Expect(err).To(BeNil())
@ -1167,7 +1165,6 @@ var _ = Describe("Config", func() {
 	})
 	Context("network load valid existing ones", func() {
 		numberOfConfigFiles := 0
 		BeforeEach(func() {
@ -1182,7 +1179,7 @@ var _ = Describe("Config", func() {
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
-				err = ioutil.WriteFile(filepath.Join(cniConfDir, filename), data, 0700)
+				err = ioutil.WriteFile(filepath.Join(cniConfDir, filename), data, 0o700)
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
@ -1516,7 +1513,6 @@ var _ = Describe("Config", func() {
 	})
 	Context("network load invalid existing ones", func() {
 		BeforeEach(func() {
 			dir := "testfiles/invalid"
 			files, err := ioutil.ReadDir(dir)
@ -1529,7 +1525,7 @@ var _ = Describe("Config", func() {
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
-				err = ioutil.WriteFile(filepath.Join(cniConfDir, filename), data, 0700)
+				err = ioutil.WriteFile(filepath.Join(cniConfDir, filename), data, 0o700)
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
@ -1548,9 +1544,7 @@ var _ = Describe("Config", func() {
 			Expect(logString).To(ContainSubstring("broken.conflist: error parsing configuration list"))
 			Expect(logString).To(ContainSubstring("invalid_gateway.conflist could not be converted to a libpod config, skipping: failed to parse gateway ip 10.89.8"))
 		})
 	})
 })
 func grepInFile(path, match string) {
--- a/common/libnetwork/internal/util/util.go
+++ b/common/libnetwork/internal/util/util.go
@ -109,7 +109,6 @@ func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet, subnetPools []config.Su
 		return nil, err
 	}
 	return nil, errors.New("could not find free subnet from subnet pools")
 }
 // GetFreeIPv6NetworkSubnet returns a unused ipv6 subnet
--- a/common/libnetwork/netavark/config_test.go
+++ b/common/libnetwork/netavark/config_test.go
@ -31,7 +31,6 @@ var _ = Describe("Config", func() {
 		networkConfDir, err = ioutil.TempDir("", "podman_netavark_test")
 		if err != nil {
 			Fail("Failed to create tmpdir")
 		}
 		logBuffer = bytes.Buffer{}
 		logrus.SetOutput(&logBuffer)
@ -50,7 +49,6 @@ var _ = Describe("Config", func() {
 	})
 	Context("basic network config tests", func() {
 		It("check default network config exists", func() {
 			networks, err := libpodNet.NetworkList()
 			Expect(err).To(BeNil())
@ -800,7 +798,8 @@ var _ = Describe("Config", func() {
 		It("create macvlan config with internal", func() {
 			subnet := "10.0.0.0/24"
 			n, _ := types.ParseCIDR(subnet)
-			network := types.Network{Driver: "macvlan",
+			network := types.Network{
 				Driver:   "macvlan",
 				Internal: true,
 				Subnets:  []types.Subnet{{Subnet: n}},
 			}
@ -1021,11 +1020,9 @@ var _ = Describe("Config", func() {
 			Expect(err).To(BeNil())
 			EqualNetwork(network2, network1)
 		})
 	})
 	Context("network load valid existing ones", func() {
 		BeforeEach(func() {
 			dir := "testfiles/valid"
 			files, err := ioutil.ReadDir(dir)
@ -1038,7 +1035,7 @@ var _ = Describe("Config", func() {
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
-				err = ioutil.WriteFile(filepath.Join(networkConfDir, filename), data, 0700)
+				err = ioutil.WriteFile(filepath.Join(networkConfDir, filename), data, 0o700)
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
@ -1300,7 +1297,6 @@ var _ = Describe("Config", func() {
 	})
 	Context("network load invalid existing ones", func() {
 		BeforeEach(func() {
 			dir := "testfiles/invalid"
 			files, err := ioutil.ReadDir(dir)
@ -1313,7 +1309,7 @@ var _ = Describe("Config", func() {
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
-				err = ioutil.WriteFile(filepath.Join(networkConfDir, filename), data, 0700)
+				err = ioutil.WriteFile(filepath.Join(networkConfDir, filename), data, 0o700)
 				if err != nil {
 					Fail("Failed to copy test files")
 				}
@ -1331,9 +1327,7 @@ var _ = Describe("Config", func() {
 			Expect(logString).To(ContainSubstring("Network config \\\"%s/wrongID.json\\\" could not be parsed, skipping: invalid network ID \\\"someID\\\"", networkConfDir))
 			Expect(logString).To(ContainSubstring("Network config \\\"%s/invalid_gateway.json\\\" could not be parsed, skipping: gateway 10.89.100.1 not in subnet 10.89.9.0/24", networkConfDir))
 		})
 	})
 })
 func grepInFile(path, match string) {
--- a/common/libnetwork/netavark/ipam.go
+++ b/common/libnetwork/netavark/ipam.go
@ -61,7 +61,7 @@ func newIPAMError(cause error, msg string, args ...interface{}) *ipamError {
 func (n *netavarkNetwork) openDB() (*bbolt.DB, error) {
 	// linter complains about the octal value
 	// nolint:gocritic
-	db, err := bbolt.Open(n.ipamDBPath, 0600, nil)
+	db, err := bbolt.Open(n.ipamDBPath, 0o600, nil)
 	if err != nil {
 		return nil, newIPAMError(err, "failed to open database %s", n.ipamDBPath)
 	}
--- a/common/libnetwork/netavark/network.go
+++ b/common/libnetwork/netavark/network.go
@ -108,11 +108,11 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, errors.Wrap(err, "failed to parse default subnet")
 	}
-	if err := os.MkdirAll(conf.NetworkConfigDir, 0755); err != nil {
+	if err := os.MkdirAll(conf.NetworkConfigDir, 0o755); err != nil {
 		return nil, err
 	}
-	if err := os.MkdirAll(conf.NetworkRunDir, 0755); err != nil {
+	if err := os.MkdirAll(conf.NetworkRunDir, 0o755); err != nil {
 		return nil, err
 	}
--- a/common/libnetwork/network/interface.go
+++ b/common/libnetwork/network/interface.go
@ -122,7 +122,7 @@ func defaultNetworkBackend(store storage.Store, conf *config.Config) (backend ty
 		// only write when there is no error
 		if err == nil {
 			// nolint:gocritic
-			if err := ioutils.AtomicWriteFile(file, []byte(backend), 0644); err != nil {
+			if err := ioutils.AtomicWriteFile(file, []byte(backend), 0o644); err != nil {
 				logrus.Errorf("could not write network backend to file: %v", err)
 			}
 		}
--- a/common/pkg/apparmor/apparmor_linux.go
+++ b/common/pkg/apparmor/apparmor_linux.go
@ -233,7 +233,6 @@ func parseAAParserVersion(output string) (int, error) {
 	// major*10^5 + minor*10^3 + patch*10^0
 	numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel
 	return numericVersion, nil
 }
 // CheckProfileAndLoadDefault checks if the specified profile is loaded and
--- a/common/pkg/cgroups/blkio.go
+++ b/common/pkg/cgroups/blkio.go
@ -12,8 +12,7 @@ import (
 	"github.com/pkg/errors"
 )
-type blkioHandler struct {
+type blkioHandler struct{}
 }
 func getBlkioHandler() *blkioHandler {
 	return &blkioHandler{}
--- a/common/pkg/cgroups/cgroups.go
+++ b/common/pkg/cgroups/cgroups.go
@ -265,7 +265,7 @@ func createCgroupv2Path(path string) (deferredError error) {
 	for i, e := range elements[3:] {
 		current = filepath.Join(current, e)
 		if i > 0 {
-			if err := os.Mkdir(current, 0755); err != nil {
+			if err := os.Mkdir(current, 0o755); err != nil {
 				if !os.IsExist(err) {
 					return err
 				}
@ -281,7 +281,7 @@ func createCgroupv2Path(path string) (deferredError error) {
 		// We enable the controllers for all the path components except the last one.  It is not allowed to add
 		// PIDs if there are already enabled controllers.
 		if i < len(elements[3:])-1 {
-			if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), res, 0755); err != nil {
+			if err := ioutil.WriteFile(filepath.Join(current, "cgroup.subtree_control"), res, 0o755); err != nil {
 				return err
 			}
 		}
@ -323,7 +323,7 @@ func (c *CgroupControl) initialize() (err error) {
 				continue
 			}
 			path := c.getCgroupv1Path(ctr.name)
-			if err := os.MkdirAll(path, 0755); err != nil {
+			if err := os.MkdirAll(path, 0o755); err != nil {
 				return errors.Wrapf(err, "error creating cgroup path for %s", ctr.name)
 			}
 		}
@ -343,7 +343,7 @@ func (c *CgroupControl) createCgroupDirectory(controller string) (bool, error) {
 		return false, err
 	}
-	if err := os.MkdirAll(cPath, 0755); err != nil {
+	if err := os.MkdirAll(cPath, 0o755); err != nil {
 		return false, errors.Wrapf(err, "error creating cgroup for %s", controller)
 	}
 	return true, nil
@ -589,7 +589,7 @@ func (c *CgroupControl) AddPid(pid int) error {
 	if c.cgroup2 {
 		p := filepath.Join(cgroupRoot, c.path, "cgroup.procs")
-		if err := ioutil.WriteFile(p, pidString, 0644); err != nil {
+		if err := ioutil.WriteFile(p, pidString, 0o644); err != nil {
 			return errors.Wrapf(err, "write %s", p)
 		}
 		return nil
@ -612,7 +612,7 @@ func (c *CgroupControl) AddPid(pid int) error {
 			continue
 		}
 		p := filepath.Join(c.getCgroupv1Path(n), "tasks")
-		if err := ioutil.WriteFile(p, pidString, 0644); err != nil {
+		if err := ioutil.WriteFile(p, pidString, 0o644); err != nil {
 			return errors.Wrapf(err, "write %s", p)
 		}
 	}
--- a/common/pkg/cgroups/cpu.go
+++ b/common/pkg/cgroups/cpu.go
@ -12,8 +12,7 @@ import (
 	"github.com/pkg/errors"
 )
-type cpuHandler struct {
+type cpuHandler struct{}
 }
 func getCPUHandler() *cpuHandler {
 	return &cpuHandler{}
--- a/common/pkg/cgroups/cpuset.go
+++ b/common/pkg/cgroups/cpuset.go
@ -10,8 +10,7 @@ import (
 	"github.com/pkg/errors"
 )
-type cpusetHandler struct {
+type cpusetHandler struct{}
 }
 func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) {
 	if dir == cgroupRoot {
@ -33,7 +32,7 @@ func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	if err := ioutil.WriteFile(path, data, 0644); err != nil {
+	if err := ioutil.WriteFile(path, data, 0o644); err != nil {
 		return nil, errors.Wrapf(err, "write %s", path)
 	}
 	return data, nil
--- a/common/pkg/cgroups/pids.go
+++ b/common/pkg/cgroups/pids.go
@ -8,8 +8,7 @@ import (
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
-type pidHandler struct {
+type pidHandler struct{}
 }
 func getPidsHandler() *pidHandler {
 	return &pidHandler{}
@ -29,7 +28,7 @@ func (c *pidHandler) Apply(ctr *CgroupControl, res *spec.LinuxResources) error {
 	}
 	p := filepath.Join(PIDRoot, "pids.max")
-	return ioutil.WriteFile(p, []byte(fmt.Sprintf("%d\n", res.Pids.Limit)), 0644)
+	return ioutil.WriteFile(p, []byte(fmt.Sprintf("%d\n", res.Pids.Limit)), 0o644)
 }
 // Create the cgroup
--- a/common/pkg/chown/chown_unix.go
+++ b/common/pkg/chown/chown_unix.go
@ -41,7 +41,6 @@ func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error {
 			return nil
 		})
 		if err != nil {
 			return errors.Wrap(err, "failed to chown recursively host path")
 		}
--- a/common/pkg/config/config.go
+++ b/common/pkg/config/config.go
@ -579,7 +579,6 @@ type Destination struct {
 // with cgroupv2v2. Other OCI runtimes are not yet supporting cgroupv2v2. This
 // might change in the future.
 func NewConfig(userConfigPath string) (*Config, error) {
 	// Generate the default config for the system
 	config, err := DefaultConfig()
 	if err != nil {
@ -763,7 +762,6 @@ func (c *Config) addCAPPrefix() {
 // Validate is the main entry point for library configuration validation.
 func (c *Config) Validate() error {
 	if err := c.Containers.Validate(); err != nil {
 		return errors.Wrap(err, "validating containers config")
 	}
@ -820,7 +818,6 @@ func (c *EngineConfig) Validate() error {
 // It returns an `error` on validation failure, otherwise
 // `nil`.
 func (c *ContainersConfig) Validate() error {
 	if err := c.validateUlimits(); err != nil {
 		return err
 	}
@ -952,7 +949,6 @@ func (c *Config) GetDefaultEnvEx(envHost, httpProxy bool) []string {
 // Capabilities returns the capabilities parses the Add and Drop capability
 // list from the default capabiltiies for the container
 func (c *Config) Capabilities(user string, addCapabilities, dropCapabilities []string) ([]string, error) {
 	userNotRoot := func(user string) bool {
 		if user == "" || user == "root" || user == "0" {
 			return false
@ -1012,7 +1008,7 @@ func Device(device string) (src, dst, permissions string, err error) {
 // IsValidDeviceMode checks if the mode for device is valid or not.
 // IsValid mode is a composition of r (read), w (write), and m (mknod).
 func IsValidDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]bool{
+	legalDeviceMode := map[rune]bool{
 		'r': true,
 		'w': true,
 		'm': true,
@ -1063,7 +1059,6 @@ func rootlessConfigPath() (string, error) {
 }
 func stringsEq(a, b []string) bool {
 	if len(a) != len(b) {
 		return false
 	}
@ -1148,10 +1143,10 @@ func (c *Config) Write() error {
 	if err != nil {
 		return err
 	}
-	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
 		return err
 	}
-	configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
+	configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0o644)
 	if err != nil {
 		return err
 	}
--- a/common/pkg/config/config_local_test.go
+++ b/common/pkg/config/config_local_test.go
@ -132,7 +132,6 @@ var _ = Describe("Config Local", func() {
 				Size: 24,
 			}},
 		))
 	})
 	It("should fail during runtime", func() {
@ -263,7 +262,6 @@ var _ = Describe("Config Local", func() {
 		gomega.Expect(config.Engine.Env).To(gomega.BeEquivalentTo(expectedEnv))
 		gomega.Expect(os.Getenv("super")).To(gomega.BeEquivalentTo("duper"))
 		gomega.Expect(os.Getenv("foo")).To(gomega.BeEquivalentTo("bar"))
 	})
 	It("Expect Remote to be False", func() {
@ -316,7 +314,8 @@ var _ = Describe("Config Local", func() {
 		os.Setenv("CONTAINERS_CONF", tmpfile)
 		config, err := ReadCustomConfig()
 		gomega.Expect(err).To(gomega.BeNil())
-		config.Containers.Devices = []string{"/dev/null:/dev/null:rw",
+		config.Containers.Devices = []string{
 			"/dev/null:/dev/null:rw",
 			"/dev/sdc/",
 			"/dev/sdc:/dev/xvdc",
 			"/dev/sdc:rm",
@ -470,5 +469,4 @@ var _ = Describe("Config Local", func() {
 		gomega.Expect(err).To(gomega.BeNil())
 		gomega.Expect(config2.Machine.Memory).To(gomega.Equal(uint64(1024)))
 	})
 })
--- a/common/pkg/config/config_remote_test.go
+++ b/common/pkg/config/config_remote_test.go
@ -139,5 +139,4 @@ var _ = Describe("Config Remote", func() {
 		// Then
 		gomega.Expect(err).To(gomega.BeNil())
 	})
 })
--- a/common/pkg/config/config_suite_test.go
+++ b/common/pkg/config/config_suite_test.go
@ -16,9 +16,7 @@ const (
 	invalidPath = "/wrong"
 )
-var (
+var sut *Config
 	sut *Config
 )
 func beforeEach() {
 	sut = defaultConfig()
--- a/common/pkg/config/default.go
+++ b/common/pkg/config/default.go
@ -108,7 +108,6 @@ func parseSubnetPool(subnet string, size int) SubnetPool {
 		Base: &nettypes.IPNet{IPNet: *n},
 		Size: size,
 	}
 }
 const (
@ -155,7 +154,6 @@ const (
 // DefaultConfig defines the default values from containers.conf
 func DefaultConfig() (*Config, error) {
 	defaultEngineConfig, err := defaultConfigFromMemory()
 	if err != nil {
 		return nil, err
@ -397,10 +395,10 @@ func defaultTmpDir() (string, error) {
 	}
 	libpodRuntimeDir := filepath.Join(runtimeDir, "libpod")
-	if err := os.Mkdir(libpodRuntimeDir, 0700|os.ModeSticky); err != nil {
+	if err := os.Mkdir(libpodRuntimeDir, 0o700|os.ModeSticky); err != nil {
 		if !os.IsExist(err) {
 			return "", err
-		} else if err := os.Chmod(libpodRuntimeDir, 0700|os.ModeSticky); err != nil {
+		} else if err := os.Chmod(libpodRuntimeDir, 0o700|os.ModeSticky); err != nil {
 			// The directory already exist, just set the sticky bit
 			return "", errors.Wrap(err, "set sticky bit on")
 		}
--- a/common/pkg/configmaps/configmaps.go
+++ b/common/pkg/configmaps/configmaps.go
@ -99,7 +99,7 @@ func NewManager(rootPath string) (*ConfigMapManager, error) {
 		return nil, errors.Wrapf(errInvalidPath, "path must be absolute: %s", rootPath)
 	}
 	// the lockfile functions require that the rootPath dir is executable
-	if err := os.MkdirAll(rootPath, 0700); err != nil {
+	if err := os.MkdirAll(rootPath, 0o700); err != nil {
 		return nil, err
 	}
@ -234,7 +234,6 @@ func (s *ConfigMapManager) List() ([]ConfigMap, error) {
 	var ls []ConfigMap
 	for _, v := range configMaps {
 		ls = append(ls, v)
 	}
 	return ls, nil
 }
--- a/common/pkg/configmaps/configmaps_test.go
+++ b/common/pkg/configmaps/configmaps_test.go
@ -44,6 +44,7 @@ func TestAddSecretAndLookupData(t *testing.T) {
 		t.Errorf("error: configmap data not equal")
 	}
 }
 func TestAddConfigMapName(t *testing.T) {
 	manager, testpath, err := setup()
 	require.NoError(t, err)
--- a/common/pkg/configmaps/configmapsdb.go
+++ b/common/pkg/configmaps/configmapsdb.go
@ -177,7 +177,7 @@ func (s *ConfigMapManager) store(entry *ConfigMap) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(s.configMapDBPath, marshalled, 0600)
+	err = ioutil.WriteFile(s.configMapDBPath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
@ -203,7 +203,7 @@ func (s *ConfigMapManager) delete(nameOrID string) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(s.configMapDBPath, marshalled, 0600)
+	err = ioutil.WriteFile(s.configMapDBPath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
--- a/common/pkg/configmaps/filedriver/filedriver.go
+++ b/common/pkg/configmaps/filedriver/filedriver.go
@ -34,7 +34,7 @@ func NewDriver(rootPath string) (*Driver, error) {
 	fileDriver := new(Driver)
 	fileDriver.configMapsDataFilePath = filepath.Join(rootPath, configMapsDataFile)
 	// the lockfile functions require that the rootPath dir is executable
-	if err := os.MkdirAll(rootPath, 0700); err != nil {
+	if err := os.MkdirAll(rootPath, 0o700); err != nil {
 		return nil, err
 	}
@ -95,7 +95,7 @@ func (d *Driver) Store(id string, data []byte) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(d.configMapsDataFilePath, marshalled, 0600)
+	err = ioutil.WriteFile(d.configMapsDataFilePath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
@ -119,7 +119,7 @@ func (d *Driver) Delete(id string) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(d.configMapsDataFilePath, marshalled, 0600)
+	err = ioutil.WriteFile(d.configMapsDataFilePath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
--- a/common/pkg/manifests/manifests.go
+++ b/common/pkg/manifests/manifests.go
@ -16,31 +16,22 @@ import (
 type List interface {
 	AddInstance(manifestDigest digest.Digest, manifestSize int64, manifestType, os, architecture, osVersion string, osFeatures []string, variant string, features []string, annotations []string) error
 	Remove(instanceDigest digest.Digest) error
 	SetURLs(instanceDigest digest.Digest, urls []string) error
 	URLs(instanceDigest digest.Digest) ([]string, error)
 	SetAnnotations(instanceDigest *digest.Digest, annotations map[string]string) error
 	Annotations(instanceDigest *digest.Digest) (map[string]string, error)
 	SetOS(instanceDigest digest.Digest, os string) error
 	OS(instanceDigest digest.Digest) (string, error)
 	SetArchitecture(instanceDigest digest.Digest, arch string) error
 	Architecture(instanceDigest digest.Digest) (string, error)
 	SetOSVersion(instanceDigest digest.Digest, osVersion string) error
 	OSVersion(instanceDigest digest.Digest) (string, error)
 	SetVariant(instanceDigest digest.Digest, variant string) error
 	Variant(instanceDigest digest.Digest) (string, error)
 	SetFeatures(instanceDigest digest.Digest, features []string) error
 	Features(instanceDigest digest.Digest) ([]string, error)
 	SetOSFeatures(instanceDigest digest.Digest, osFeatures []string) error
 	OSFeatures(instanceDigest digest.Digest) ([]string, error)
 	Serialize(mimeType string) ([]byte, error)
 	Instances() []digest.Digest
 	OCIv1() *v1.Index
--- a/common/pkg/manifests/manifests_test.go
+++ b/common/pkg/manifests/manifests_test.go
@ -18,9 +18,7 @@ const (
 	dockerFixture    = "testdata/fedora.list.json"
 )
-var (
+var _ List = &list{}
 	_ List = &list{}
 )
 func TestMain(m *testing.M) {
 	if reexec.Init() {
--- a/common/pkg/netns/netns_linux.go
+++ b/common/pkg/netns/netns_linux.go
@ -71,7 +71,7 @@ func NewNSWithName(name string) (ns.NetNS, error) {
 	// Create the directory for mounting network namespaces
 	// This needs to be a shared mountpoint in case it is mounted in to
 	// other namespaces (containers)
-	err = os.MkdirAll(nsRunDir, 0755)
+	err = os.MkdirAll(nsRunDir, 0o755)
 	if err != nil {
 		return nil, err
 	}
--- a/common/pkg/parse/parse.go
+++ b/common/pkg/parse/parse.go
@ -141,7 +141,7 @@ func Device(device string) (src, dest, permissions string, err error) {
 // isValidDeviceMode checks if the mode for device is valid or not.
 // isValid mode is a composition of r (read), w (write), and m (mknod).
 func isValidDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]bool{
+	legalDeviceMode := map[rune]bool{
 		'r': true,
 		'w': true,
 		'm': true,
--- a/common/pkg/report/template_test.go
+++ b/common/pkg/report/template_test.go
@ -85,7 +85,6 @@ func TestTemplate_Parse(t *testing.T) {
 			}})
 			assert.NoError(t, err)
 			assert.Equal(t, "Ident\n", buf.String())
 		})
 		buf.Reset()
 	}
--- a/common/pkg/seccomp/conversion_test.go
+++ b/common/pkg/seccomp/conversion_test.go
@ -83,7 +83,6 @@ func TestSpecToSeccomp(t *testing.T) {
 		input    *specs.LinuxSeccomp
 		expected func(*Seccomp, error)
 	}{
 		{ // success
 			input: &specs.LinuxSeccomp{
 				DefaultAction: specs.ActKill,
--- a/common/pkg/seccomp/generate.go
+++ b/common/pkg/seccomp/generate.go
@ -29,7 +29,7 @@ func main() {
 		panic(err)
 	}
-	if err := ioutil.WriteFile(f, b, 0644); err != nil {
+	if err := ioutil.WriteFile(f, b, 0o644); err != nil {
 		panic(err)
 	}
 }
--- a/common/pkg/seccomp/seccomp_linux.go
+++ b/common/pkg/seccomp/seccomp_linux.go
@ -112,7 +112,7 @@ func setupSeccomp(config *Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error)
 	newConfig := &specs.LinuxSeccomp{}
 	var arch string
-	var native, err = libseccomp.GetNativeArch()
+	native, err := libseccomp.GetNativeArch()
 	if err == nil {
 		arch = native.String()
 	}
--- a/common/pkg/secrets/filedriver/filedriver.go
+++ b/common/pkg/secrets/filedriver/filedriver.go
@ -34,7 +34,7 @@ func NewDriver(rootPath string) (*Driver, error) {
 	fileDriver := new(Driver)
 	fileDriver.secretsDataFilePath = filepath.Join(rootPath, secretsDataFile)
 	// the lockfile functions require that the rootPath dir is executable
-	if err := os.MkdirAll(rootPath, 0700); err != nil {
+	if err := os.MkdirAll(rootPath, 0o700); err != nil {
 		return nil, err
 	}
@ -95,7 +95,7 @@ func (d *Driver) Store(id string, data []byte) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0600)
+	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
@ -119,7 +119,7 @@ func (d *Driver) Delete(id string) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0600)
+	err = ioutil.WriteFile(d.secretsDataFilePath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
--- a/common/pkg/secrets/secrets.go
+++ b/common/pkg/secrets/secrets.go
@ -102,7 +102,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
 		return nil, errors.Wrapf(errInvalidPath, "path must be absolute: %s", rootPath)
 	}
 	// the lockfile functions require that the rootPath dir is executable
-	if err := os.MkdirAll(rootPath, 0700); err != nil {
+	if err := os.MkdirAll(rootPath, 0o700); err != nil {
 		return nil, err
 	}
@ -237,7 +237,6 @@ func (s *SecretsManager) List() ([]Secret, error) {
 	var ls []Secret
 	for _, v := range secrets {
 		ls = append(ls, v)
 	}
 	return ls, nil
 }
--- a/common/pkg/secrets/secrets_test.go
+++ b/common/pkg/secrets/secrets_test.go
@ -44,6 +44,7 @@ func TestAddSecretAndLookupData(t *testing.T) {
 		t.Errorf("error: secret data not equal")
 	}
 }
 func TestAddSecretName(t *testing.T) {
 	manager, testpath, err := setup()
 	require.NoError(t, err)
--- a/common/pkg/secrets/secretsdb.go
+++ b/common/pkg/secrets/secretsdb.go
@ -177,7 +177,7 @@ func (s *SecretsManager) store(entry *Secret) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0600)
+	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
@ -203,7 +203,7 @@ func (s *SecretsManager) delete(nameOrID string) error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0600)
+	err = ioutil.WriteFile(s.secretsDBPath, marshalled, 0o600)
 	if err != nil {
 		return err
 	}
--- a/common/pkg/secrets/shelldriver/shelldriver_test.go
+++ b/common/pkg/secrets/shelldriver/shelldriver_test.go
@ -171,5 +171,4 @@ func TestDelete(t *testing.T) {
 			}
 		})
 	}
 }
--- a/common/pkg/subscriptions/subscriptions.go
+++ b/common/pkg/subscriptions/subscriptions.go
@ -262,7 +262,6 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string
 				data, err := readFileOrDir("", hostDirOrFile, mode.Perm())
 				if err != nil {
 					return nil, err
 				}
 				for _, s := range data {
 					if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), s.dirMode); err != nil {
@ -313,7 +312,7 @@ func addFIPSModeSubscription(mounts *[]rspec.Mount, containerRunDir, mountPoint,
 	subscriptionsDir := "/run/secrets"
 	ctrDirOnHost := filepath.Join(containerRunDir, subscriptionsDir)
 	if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) {
-		if err = idtools.MkdirAllAs(ctrDirOnHost, 0755, uid, gid); err != nil { //nolint
+		if err = idtools.MkdirAllAs(ctrDirOnHost, 0o755, uid, gid); err != nil { //nolint
 			return err
 		}
 		if err = label.Relabel(ctrDirOnHost, mountLabel, false); err != nil {
--- a/common/pkg/supplemented/supplemented_test.go
+++ b/common/pkg/supplemented/supplemented_test.go
@ -42,7 +42,7 @@ func makeLayer(t *testing.T) []byte {
 		Typeflag: tar.TypeReg,
 		Name:     "tmpfile",
 		Size:     int64(len),
-		Mode:     0644,
+		Mode:     0o644,
 		Uname:    "root",
 		Gname:    "root",
 		ModTime:  time.Now(),
--- a/common/pkg/sysinfo/sysinfo_linux_test.go
+++ b/common/pkg/sysinfo/sysinfo_linux_test.go
@ -17,14 +17,14 @@ func TestReadProcBool(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 	procFile := filepath.Join(tmpDir, "read-proc-bool")
-	err = ioutil.WriteFile(procFile, []byte("1"), 0644)
+	err = ioutil.WriteFile(procFile, []byte("1"), 0o644)
 	require.NoError(t, err)
 	if !readProcBool(procFile) {
 		t.Fatal("expected proc bool to be true, got false")
 	}
-	if err := ioutil.WriteFile(procFile, []byte("0"), 0644); err != nil {
+	if err := ioutil.WriteFile(procFile, []byte("0"), 0o644); err != nil {
 		t.Fatal(err)
 	}
 	if readProcBool(procFile) {
@ -34,7 +34,6 @@ func TestReadProcBool(t *testing.T) {
 	if readProcBool(path.Join(tmpDir, "no-exist")) {
 		t.Fatal("should be false for non-existent entry")
 	}
 }
 func TestCgroupEnabled(t *testing.T) {
@ -46,7 +45,7 @@ func TestCgroupEnabled(t *testing.T) {
 		t.Fatal("cgroupEnabled should be false")
 	}
-	err = ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644)
+	err = ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0o644)
 	require.NoError(t, err)
 	if !cgroupEnabled(cgroupDir, "test") {
--- a/common/pkg/sysinfo/sysinfo_solaris.go
+++ b/common/pkg/sysinfo/sysinfo_solaris.go
@ -46,7 +46,7 @@ func IsCPUSharesAvailable() bool {
 // New returns a new SysInfo, using the filesystem to detect which features
 // the kernel supports.
-//NOTE Solaris: If we change the below capabilities be sure
+// NOTE Solaris: If we change the below capabilities be sure
 // to update verifyPlatformContainerSettings() in daemon_solaris.go
 func New(quiet bool) *SysInfo {
 	sysInfo := &SysInfo{}
@ -64,7 +64,6 @@ func New(quiet bool) *SysInfo {
 // setCgroupMem reads the memory information for Solaris.
 func setCgroupMem(quiet bool) cgroupMemInfo {
 	return cgroupMemInfo{
 		MemoryLimit:       true,
 		SwapLimit:         true,
@ -77,7 +76,6 @@ func setCgroupMem(quiet bool) cgroupMemInfo {
 // setCgroupCPU reads the cpu information for Solaris.
 func setCgroupCPU(quiet bool) cgroupCPUInfo {
 	return cgroupCPUInfo{
 		CPUShares:          true,
 		CPUCfsPeriod:       false,
@ -89,7 +87,6 @@ func setCgroupCPU(quiet bool) cgroupCPUInfo {
 // blkio switches are not supported in Solaris.
 func setCgroupBlkioInfo(quiet bool) cgroupBlkioInfo {
 	return cgroupBlkioInfo{
 		BlkioWeight:       false,
 		BlkioWeightDevice: false,
@ -98,7 +95,6 @@ func setCgroupBlkioInfo(quiet bool) cgroupBlkioInfo {
 // setCgroupCPUsetInfo reads the cpuset information for Solaris.
 func setCgroupCPUsetInfo(quiet bool) cgroupCpusetInfo {
 	return cgroupCpusetInfo{
 		Cpuset: true,
 		Cpus:   getCPUCount(),
--- a/common/pkg/umask/umask_unix.go
+++ b/common/pkg/umask/umask_unix.go
@ -10,8 +10,8 @@ import (
 )
 func Check() {
-	oldUmask := syscall.Umask(0022) //nolint
+	oldUmask := syscall.Umask(0o022) //nolint
-	if (oldUmask & ^0022) != 0 {
+	if (oldUmask & ^0o022) != 0 {
 		logrus.Debugf("umask value too restrictive.  Forcing it to 022")
 	}
 }
--- a/common/pkg/util/util_supported.go
+++ b/common/pkg/util/util_supported.go
@ -23,7 +23,7 @@ var (
 // isWriteableOnlyByOwner checks that the specified permission mask allows write
 // access only to the owner.
 func isWriteableOnlyByOwner(perm os.FileMode) bool {
-	return (perm & 0722) == 0700
+	return (perm & 0o722) == 0o700
 }
 // GetRuntimeDir returns the runtime directory
@ -46,7 +46,7 @@ func GetRuntimeDir() (string, error) {
 		uid := fmt.Sprintf("%d", unshare.GetRootlessUID())
 		if runtimeDir == "" {
 			tmpDir := filepath.Join("/run", "user", uid)
-			if err := os.MkdirAll(tmpDir, 0700); err != nil {
+			if err := os.MkdirAll(tmpDir, 0o700); err != nil {
 				logrus.Debugf("unable to make temp dir: %v", err)
 			}
 			st, err := os.Stat(tmpDir)
@ -56,7 +56,7 @@ func GetRuntimeDir() (string, error) {
 		}
 		if runtimeDir == "" {
 			tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("podman-run-%s", uid))
-			if err := os.MkdirAll(tmpDir, 0700); err != nil {
+			if err := os.MkdirAll(tmpDir, 0o700); err != nil {
 				logrus.Debugf("unable to make temp dir %v", err)
 			}
 			st, err := os.Stat(tmpDir)