From b99ae9f4ffa072ad6b9966d2ed6d770ec949a770 Mon Sep 17 00:00:00 2001 From: hectorj2f Date: Wed, 25 Sep 2024 10:04:54 +0200 Subject: [PATCH 1/3] chore: bump to use go.1.23 Signed-off-by: hectorj2f --- go.mod | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 90741e86..bb7d0b17 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/sigstore/timestamp-authority -go 1.22.0 - -toolchain go1.22.1 +go 1.23.1 require ( cloud.google.com/go/security v1.17.4 From 58a4ef3b9872b5b9b0723c141090dd8b1637c8f0 Mon Sep 17 00:00:00 2001 From: hectorj2f Date: Wed, 25 Sep 2024 10:13:34 +0200 Subject: [PATCH 2/3] use latest version of golang-lint Signed-off-by: hectorj2f --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 91073305..134ac95c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -95,5 +95,5 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: - version: v1.58 + version: v1.61 args: --timeout=10m --verbose From 74c3758095a0963f037da1e732a1098ff737ae04 Mon Sep 17 00:00:00 2001 From: hectorj2f Date: Wed, 25 Sep 2024 10:26:05 +0200 Subject: [PATCH 3/3] add gosec comment and lints Signed-off-by: hectorj2f --- pkg/signer/tink.go | 4 ++-- pkg/verification/verify.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/signer/tink.go b/pkg/signer/tink.go index 6a602cb8..affb6556 100644 --- a/pkg/signer/tink.go +++ b/pkg/signer/tink.go @@ -158,7 +158,7 @@ func getPrimaryKey(ks *tinkpb.Keyset) *tinkpb.KeyData { // validateEcdsaPrivKey validates the given ECDSAPrivateKey. // https://github.com/google/tink/blob/9753ffddd4d04aa56e0605ff4a0db46f2fb80529/go/signature/ecdsa_signer_key_manager.go#L139 func validateEcdsaPrivKey(key *ecdsapb.EcdsaPrivateKey) error { - if err := keyset.ValidateKeyVersion(key.Version, uint32(ecdsaSignerKeyVersion)); err != nil { + if err := keyset.ValidateKeyVersion(key.Version, uint32(ecdsaSignerKeyVersion)); err != nil { //nolint:gosec return fmt.Errorf("ecdsa_signer_key_manager: invalid key: %w", err) } hash, curve, encoding := getECDSAParamNames(key.PublicKey.Params) @@ -178,7 +178,7 @@ func getECDSAParamNames(params *ecdsapb.EcdsaParams) (string, string, string) { // validateEd25519PrivKey validates the given ED25519PrivateKey. // https://github.com/google/tink/blob/9753ffddd4d04aa56e0605ff4a0db46f2fb80529/go/signature/ed25519_signer_key_manager.go#L132 func validateEd25519PrivKey(key *ed25519pb.Ed25519PrivateKey) error { - if err := keyset.ValidateKeyVersion(key.Version, uint32(ed25519SignerKeyVersion)); err != nil { + if err := keyset.ValidateKeyVersion(key.Version, uint32(ed25519SignerKeyVersion)); err != nil { //nolint:gosec return fmt.Errorf("ed25519_signer_key_manager: invalid key: %w", err) } if len(key.KeyValue) != ed25519.SeedSize { diff --git a/pkg/verification/verify.go b/pkg/verification/verify.go index d47f57f1..82bebdd2 100644 --- a/pkg/verification/verify.go +++ b/pkg/verification/verify.go @@ -250,7 +250,7 @@ func verifyTSRWithChain(ts *timestamp.Timestamp, opts VerifyOpts) error { return fmt.Errorf("error parsing hashed message: %w", err) } - if opts.Roots == nil || len(opts.Roots) == 0 { + if len(opts.Roots) == 0 { return fmt.Errorf("no root certificates provided for verifying the certificate chain") }