diff --git a/circle.yml b/circle.yml index 90e31701b1..dc9caefa61 100644 --- a/circle.yml +++ b/circle.yml @@ -49,7 +49,7 @@ test: pwd: $BASE_STABLE # VET - - gvm use stable && go vet ./...: + - gvm use stable && test -z "$(go tool vet -printf=false . 2>&1 | grep -v Godeps/_workspace/src/ | tee /dev/stderr)": pwd: $BASE_STABLE # LINT diff --git a/client/client_root_validation_test.go b/client/client_root_validation_test.go index 469b85e940..68612fb863 100644 --- a/client/client_root_validation_test.go +++ b/client/client_root_validation_test.go @@ -21,7 +21,7 @@ type SignedRSARootTemplate struct { RootPem string } -var passphraseRetriever = func (string, string, bool, int) (string, bool, error) { return "passphrase", false, nil} +var passphraseRetriever = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil } const validPEMEncodedRSARoot = `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLekNDQXhXZ0F3SUJBZ0lRUnlwOVFxY0pmZDNheXFkaml6OHhJREFMQmdrcWhraUc5dzBCQVFzd09ERWEKTUJnR0ExVUVDaE1SWkc5amEyVnlMbU52YlM5dWIzUmhjbmt4R2pBWUJnTlZCQU1URVdSdlkydGxjaTVqYjIwdgpibTkwWVhKNU1CNFhEVEUxTURjeE56QTJNelF5TTFvWERURTNNRGN4TmpBMk16UXlNMW93T0RFYU1CZ0dBMVVFCkNoTVJaRzlqYTJWeUxtTnZiUzl1YjNSaGNua3hHakFZQmdOVkJBTVRFV1J2WTJ0bGNpNWpiMjB2Ym05MFlYSjUKTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFvUWZmcnpzWW5zSDh2R2Y0Smg1NQpDajV3cmpVR3pEL3NIa2FGSHB0ako2VG9KR0p2NXlNQVB4enlJbnU1c0lvR0xKYXBuWVZCb0FVMFlnSTlxbEFjCllBNlN4YVN3Z202cnB2bW5sOFFuMHFjNmdlcjNpbnBHYVVKeWxXSHVQd1drdmNpbVFBcUhaeDJkUXRMN2c2a3AKcm1LZVRXcFdvV0x3M0pvQVVaVVZoWk1kNmEyMlpML0R2QXcrSHJvZ2J6NFhleWFoRmI5SUg0MDJ6UHhONnZnYQpKRUZURjBKaTFqdE5nME1vNHBiOVNIc01zaXcrTFpLN1NmZkhWS1B4dmQyMW0vYmlObXdzZ0V4QTNVOE9PRzhwCnV5Z2ZhY3lzNWM4K1pyWCtaRkcvY3Z3S3owazYvUWZKVTQwczZNaFh3NUMyV3R0ZFZtc0c5LzdyR0ZZakhvSUoKd2VEeXhnV2s3dnhLelJKSS91bjdjYWdESWFRc0tySlFjQ0hJR0ZSbHBJUjVUd1g3dmwzUjdjUm5jckRSTVZ2YwpWU0VHMmVzeGJ3N2p0eklwL3lwblZSeGNPbnk3SXlweWpLcVZlcVo2SGd4WnRUQlZyRjFPL2FIbzJrdmx3eVJTCkF1czRrdmg2ejMranpUbTlFemZYaVBRelk5QkVrNWdPTHhoVzlyYzZVaGxTK3BlNWxrYU4vSHlxeS9sUHVxODkKZk1yMnJyN2xmNVdGZEZuemU2V05ZTUFhVzdkTkE0TkUwZHlENTM0MjhaTFh4TlZQTDRXVTY2R2FjNmx5blE4bApyNXRQc1lJRlh6aDZGVmFSS0dRVXRXMWh6OWVjTzZZMjdSaDJKc3lpSXhnVXFrMm9veEU2OXVONDJ0K2R0cUtDCjFzOEcvN1Z0WThHREFMRkxZVG56THZzQ0F3RUFBYU0xTURNd0RnWURWUjBQQVFIL0JBUURBZ0NnTUJNR0ExVWQKSlFRTU1Bb0dDQ3NHQVFVRkJ3TURNQXdHQTFVZEV3RUIvd1FDTUFBd0N3WUpLb1pJaHZjTkFRRUxBNElDQVFCTQpPbGwzRy9YQno4aWRpTmROSkRXVWgrNXczb2ptd2FuclRCZENkcUVrMVdlbmFSNkR0Y2ZsSng2WjNmL213VjRvCmIxc2tPQVgxeVg1UkNhaEpIVU14TWljei9RMzhwT1ZlbEdQclduYzNUSkIrVktqR3lIWGxRRFZrWkZiKzQrZWYKd3RqN0huZ1hoSEZGRFNnam0zRWRNbmR2Z0RRN1NRYjRza09uQ05TOWl5WDdlWHhoRkJDWm1aTCtIQUxLQmoyQgp5aFY0SWNCRHFtcDUwNHQxNHJ4OS9KdnR5MGRHN2ZZN0k1MWdFUXBtNFMwMkpNTDV4dlRtMXhmYm9XSWhaT0RJCnN3RUFPK2VrQm9GSGJTMVE5S01QaklBdzNUckNISDh4OFhacTV6c1l0QUMxeVpIZENLYTI2YVdkeTU2QTllSGoKTzFWeHp3bWJOeVhSZW5WdUJZUCswd3IzSFZLRkc0Sko0WlpwTlp6UVcvcHFFUGdoQ1RKSXZJdWVLNjUyQnlVYwovL3N2K25YZDVmMTlMZUVTOXBmMGwyNTNORGFGWlBiNmFlZ0tmcXVXaDhxbFFCbVVRMkd6YVRMYnRtTmQyOE02Clc3aUw3dGtLWmUxWm5CejlSS2d0UHJEampXR1pJbmpqY09VOEV0VDRTTHE3a0NWRG1QczVNRDh2YUFtOTZKc0UKam1MQzNVdS80azdIaURZWDBpMG1PV2tGalpRTWRWYXRjSUY1RlBTcHB3c1NiVzhRaWRuWHQ1NFV0d3RGREVQegpscGpzN3liZVFFNzFKWGNNWm5WSUs0YmpSWHNFRlBJOThScElsRWRlZGJTVWRZQW5jTE5KUlQ3SFpCTVBHU3daCjBQTkp1Z2xubHIzc3JWemRXMWR6MnhRamR2THd4eTZtTlVGNnJiUUJXQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K` diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go index e2721da8ac..2107a0b9c9 100644 --- a/cmd/notary-signer/main.go +++ b/cmd/notary-signer/main.go @@ -44,10 +44,9 @@ func init() { func passphraseRetriever(keyName, alias string, createNew bool, attempts int) (passphrase string, giveup bool, err error) { //TODO(mccauley) Read from config once we have locked keys in notary-signer - return "", false, nil; + return "", false, nil } - func main() { flag.Usage = usage flag.Parse() diff --git a/cmd/notary/main.go b/cmd/notary/main.go index a9bd2bf896..5dd74953b0 100644 --- a/cmd/notary/main.go +++ b/cmd/notary/main.go @@ -86,10 +86,9 @@ func init() { fatalf("could not create Certificate X509FileStore: %v", err) } - //TODO(mccauley): Appears unused? Remove it? Or is it here for early failure? privKeyStore, err = trustmanager.NewKeyFileStore(finalPrivDir, - func (string, string, bool, int) (string, bool, error) { return "", false, nil}) + func(string, string, bool, int) (string, bool, error) { return "", false, nil }) if err != nil { fatalf("could not create KeyFileStore: %v", err) } diff --git a/cmd/notary/tuf.go b/cmd/notary/tuf.go index 2db16d3534..411ada051b 100644 --- a/cmd/notary/tuf.go +++ b/cmd/notary/tuf.go @@ -14,9 +14,9 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/pkg/term" notaryclient "github.com/docker/notary/client" + "github.com/docker/notary/trustmanager" "github.com/spf13/cobra" "github.com/spf13/viper" - "github.com/docker/notary/trustmanager" ) // FIXME: This should not be hardcoded @@ -272,23 +272,17 @@ func verify(cmd *cobra.Command, args []string) { return } -func getNotaryPassphraseRetriever() (trustmanager.PassphraseRetriever) { +func getNotaryPassphraseRetriever() trustmanager.PassphraseRetriever { userEnteredTargetsSnapshotsPass := false targetsSnapshotsPass := "" return func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) { - fmt.Printf("userEnteredTargetsSnapshotsPass: %s\n", userEnteredTargetsSnapshotsPass) - fmt.Printf("targetsSnapshotsPass: %s\n", targetsSnapshotsPass) - fmt.Printf("keyID: %s\n", keyID) - fmt.Printf("alias: %s\n", alias) - fmt.Printf("numAttempts: %s\n", numAttempts) - if numAttempts == 0 && userEnteredTargetsSnapshotsPass && (alias == "snapshot" || alias == "targets") { fmt.Println("return cached value") - return targetsSnapshotsPass, false, nil; + return targetsSnapshotsPass, false, nil } - if (numAttempts > 3 && !createNew) { + if numAttempts > 3 && !createNew { return "", true, errors.New("Too many attempts") } @@ -303,7 +297,7 @@ func getNotaryPassphraseRetriever() (trustmanager.PassphraseRetriever) { if createNew { fmt.Printf("Enter passphrase for new %s key with id %s: ", alias, keyID) - }else { + } else { fmt.Printf("Enter key passphrase for %s key with id %s: ", alias, keyID) } @@ -320,7 +314,7 @@ func getNotaryPassphraseRetriever() (trustmanager.PassphraseRetriever) { userEnteredTargetsSnapshotsPass = true targetsSnapshotsPass = retPass } - return string(passphrase), false, nil; + return string(passphrase), false, nil } if len(passphrase) < 8 { diff --git a/cryptoservice/crypto_service.go b/cryptoservice/crypto_service.go index fcbbd26888..061c0541d4 100644 --- a/cryptoservice/crypto_service.go +++ b/cryptoservice/crypto_service.go @@ -23,8 +23,8 @@ const ( // CryptoService implements Sign and Create, holding a specific GUN and keystore to // operate on type CryptoService struct { - gun string - keyStore trustmanager.KeyStore + gun string + keyStore trustmanager.KeyStore } // NewCryptoService returns an instance of CryptoService diff --git a/cryptoservice/crypto_service_test.go b/cryptoservice/crypto_service_test.go index 78f72851ef..f42d46ff75 100644 --- a/cryptoservice/crypto_service_test.go +++ b/cryptoservice/crypto_service_test.go @@ -17,8 +17,7 @@ func TestCryptoService(t *testing.T) { } } -var passphraseretriever = func (string, string, bool, int) (string, bool, error) { return "", false, nil} - +var passphraseretriever = func(string, string, bool, int) (string, bool, error) { return "", false, nil } func testCryptoService(t *testing.T, keyAlgo data.KeyAlgorithm, verifier signed.Verifier) { content := []byte("this is a secret") diff --git a/cryptoservice/unlocked_crypto_service_test.go b/cryptoservice/unlocked_crypto_service_test.go index b7417c0e3d..999b536b0a 100644 --- a/cryptoservice/unlocked_crypto_service_test.go +++ b/cryptoservice/unlocked_crypto_service_test.go @@ -9,8 +9,7 @@ import ( "github.com/stretchr/testify/assert" ) -var passphraseRetriever = func (string, string, bool, int) (string, bool, error) { return "passphrase", false, nil} - +var passphraseRetriever = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil } func TestUnlockedSigner(t *testing.T) { privKey, err := trustmanager.GenerateECDSAKey(rand.Reader) diff --git a/keystoremanager/import_export.go b/keystoremanager/import_export.go index ebb16dd183..45af640148 100644 --- a/keystoremanager/import_export.go +++ b/keystoremanager/import_export.go @@ -11,9 +11,9 @@ import ( "path/filepath" "strings" + "fmt" "github.com/Sirupsen/logrus" "github.com/docker/notary/trustmanager" - "fmt" ) var ( @@ -37,7 +37,7 @@ var ( // ExportRootKey exports the specified root key to an io.Writer in PEM format. // The key's existing encryption is preserved. func (km *KeyStoreManager) ExportRootKey(dest io.Writer, keyID string) error { - pemBytes, err := km.rootKeyStore.Get(keyID+"_root") + pemBytes, err := km.rootKeyStore.Get(keyID + "_root") if err != nil { return err } @@ -293,7 +293,6 @@ func (km *KeyStoreManager) ExportKeysByGUN(dest io.Writer, gun string, passphras privNonRootKeysSubdir := filepath.Join(privDir, nonRootKeysSubdir) - // Create temporary keystore to use as a staging area tempNonRootKeysPath := filepath.Join(tempBaseDir, privNonRootKeysSubdir) tempNonRootKeyStore, err := trustmanager.NewKeyFileStore(tempNonRootKeysPath, passphraseRetriever) diff --git a/keystoremanager/import_export_test.go b/keystoremanager/import_export_test.go index 697ab98031..fe8063fad4 100644 --- a/keystoremanager/import_export_test.go +++ b/keystoremanager/import_export_test.go @@ -36,10 +36,11 @@ func createTestServer(t *testing.T) (*httptest.Server, *http.ServeMux) { return ts, mux } + var oldPassphrase = "oldPassphrase" var exportPassphrase = "exportPassphrase" -var oldPassphraseRetriever = func (string, string, bool, int) (string, bool, error) { return oldPassphrase, false, nil} -var newPassphraseRetriever = func (string, string, bool, int) (string, bool, error) { return exportPassphrase, false, nil} +var oldPassphraseRetriever = func(string, string, bool, int) (string, bool, error) { return oldPassphrase, false, nil } +var newPassphraseRetriever = func(string, string, bool, int) (string, bool, error) { return exportPassphrase, false, nil } func TestImportExportZip(t *testing.T) { gun := "docker.com/notary" diff --git a/signer/api/api_test.go b/signer/api/api_test.go index d37826b4c9..fb70be6800 100644 --- a/signer/api/api_test.go +++ b/signer/api/api_test.go @@ -29,7 +29,7 @@ var ( createKeyBaseURL string keyInfoBaseURL string signBaseURL string - passphraseRetriever = func (string, string, bool, int) (string, bool, error) { return "passphrase", false, nil} + passphraseRetriever = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil } ) func SetupHSMEnv(t *testing.T) (*pkcs11.Ctx, pkcs11.SessionHandle) { diff --git a/signer/api/rpc_api_test.go b/signer/api/rpc_api_test.go index e4b5f5da64..042e415f15 100644 --- a/signer/api/rpc_api_test.go +++ b/signer/api/rpc_api_test.go @@ -25,11 +25,10 @@ var ( grpcServer *grpc.Server void *pb.Void pr trustmanager.PassphraseRetriever - ) func init() { - pr = func (string, string, bool, int) (string, bool, error) { return "passphrase", false, nil} + pr = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil } keyStore := trustmanager.NewKeyMemoryStore(pr) cryptoService := cryptoservice.NewCryptoService("", keyStore) cryptoServices := signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService} diff --git a/trustmanager/keyfilestore.go b/trustmanager/keyfilestore.go index ded7f27ffa..6ff37c44cb 100644 --- a/trustmanager/keyfilestore.go +++ b/trustmanager/keyfilestore.go @@ -4,13 +4,13 @@ import ( "path/filepath" "strings" - "github.com/endophage/gotuf/data" "errors" "fmt" + "github.com/endophage/gotuf/data" ) const ( - keyExtension = "key" + keyExtension = "key" aliasExtension = "alias" ) @@ -103,7 +103,6 @@ func (s *KeyMemoryStore) GetKeyAlias(name string) (string, error) { return getKeyAlias(s, name) } - // ListKeys returns a list of unique PublicKeys present on the KeyFileStore. // There might be symlinks associating Certificate IDs to Public Keys, so this // method only returns the IDs that aren't symlinks @@ -116,7 +115,6 @@ func (s *KeyMemoryStore) RemoveKey(name string) error { return removeKey(s, name) } - func addKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name, alias string, privKey data.PrivateKey) error { pemPrivKey, err := KeyToPEM(privKey) if err != nil { @@ -148,7 +146,7 @@ func addKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name, a } } - return s.Add(name + "_" + alias, pemPrivKey) + return s.Add(name+"_"+alias, pemPrivKey) } func getKeyAlias(s LimitedFileStore, keyID string) (string, error) { @@ -160,8 +158,8 @@ func getKeyAlias(s LimitedFileStore, keyID string) (string, error) { filename := file[lastPathSeparator+1:] if strings.HasPrefix(filename, name) { - aliasPlusDotKey := strings.TrimPrefix(filename, name + "_") - retVal := strings.TrimSuffix(aliasPlusDotKey, "." + keyExtension) + aliasPlusDotKey := strings.TrimPrefix(filename, name+"_") + retVal := strings.TrimSuffix(aliasPlusDotKey, "."+keyExtension) return retVal, nil } } @@ -216,7 +214,7 @@ func listKeys(s LimitedFileStore) []string { for _, f := range s.ListFiles(false) { keyID := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f))) - keyID = keyID[:strings.LastIndex(keyID,"_")] + keyID = keyID[:strings.LastIndex(keyID, "_")] keyIDList = append(keyIDList, keyID) } return keyIDList diff --git a/trustmanager/keyfilestore_test.go b/trustmanager/keyfilestore_test.go index 3f9cd8604c..1c01b8401b 100644 --- a/trustmanager/keyfilestore_test.go +++ b/trustmanager/keyfilestore_test.go @@ -3,15 +3,15 @@ package trustmanager import ( "bytes" "crypto/rand" + "errors" "io/ioutil" "os" "path/filepath" "strings" "testing" - "errors" ) -var passphraseRetriever = func (keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) { +var passphraseRetriever = func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) { if numAttempts > 5 { giveup := true return "", giveup, errors.New("passPhraseRetriever failed after too many requests") @@ -46,7 +46,7 @@ func TestAddKey(t *testing.T) { } // Call the AddKey function - err = store.AddKey(testName, "root", privKey) + err = store.AddKey(testName, "root", privKey) if err != nil { t.Fatalf("failed to add file to store: %v", err) } @@ -96,8 +96,7 @@ EMl3eFOJXjIch/wIesRSN+2dGOsl7neercjMh1i9RvpCwHDx/E0= testAlias := "root" perms := os.FileMode(0755) - emptyPassphraseRetriever := func (string, string, bool, int) (string, bool, error) { return "", false, nil} - + emptyPassphraseRetriever := func(string, string, bool, int) (string, bool, error) { return "", false, nil } // Temporary directory where test files will be created tempBaseDir, err := ioutil.TempDir("", "notary-test-") @@ -226,11 +225,10 @@ func TestGetDecryptedWithTamperedCipherText(t *testing.T) { func TestGetDecryptedWithInvalidPassphrase(t *testing.T) { - // Make a passphraseRetriever that always returns a different passphrase in order to test // decryption failure a := "a" - var invalidPassphraseRetriever = func (keyId string, alias string, createNew bool, numAttempts int) (string, bool, error) { + var invalidPassphraseRetriever = func(keyId string, alias string, createNew bool, numAttempts int) (string, bool, error) { if numAttempts > 5 { giveup := true return "", giveup, nil