diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6cf835b20..8390d39be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,7 +41,7 @@ jobs: - uses: actions/checkout@v3 - uses: golangci/golangci-lint-action@v3 with: - version: v1.48.0 + version: v1.49.0 skip-cache: true args: --timeout=8m diff --git a/.golangci.yml b/.golangci.yml index aad6acff2..08699988a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,19 +1,18 @@ linters: enable: - - structcheck - - varcheck - - staticcheck - - unconvert + - exportloopref # Checks for pointers to enclosing loop variables - gofmt - goimports - - revive - - ineffassign - - vet - - unused - - misspell - gosec - - exportloopref # Checks for pointers to enclosing loop variables + - ineffassign + - misspell + - nolintlint + - revive + - staticcheck - tenv # Detects using os.Setenv instead of t.Setenv since Go 1.17 + - unconvert + - unused + - vet disable: - errcheck diff --git a/archive/tar_unix.go b/archive/tar_unix.go index ed2b5e696..7029e56e6 100644 --- a/archive/tar_unix.go +++ b/archive/tar_unix.go @@ -58,8 +58,7 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, fi os.FileInfo) err return errors.New("unsupported stat type") } - // Rdev is int32 on darwin/bsd, int64 on linux/solaris - rdev := uint64(s.Rdev) // nolint: unconvert + rdev := uint64(s.Rdev) //nolint:nolintlint,unconvert // rdev is int32 on darwin/bsd, int64 on linux/solaris // Currently go does not fill in the major/minors if s.Mode&syscall.S_IFBLK != 0 || diff --git a/cmd/containerd-stress/main.go b/cmd/containerd-stress/main.go index da0cd0200..044563463 100644 --- a/cmd/containerd-stress/main.go +++ b/cmd/containerd-stress/main.go @@ -235,7 +235,12 @@ func (c config) newClient() (*containerd.Client, error) { func serve(c config) error { go func() { - if err := http.ListenAndServe(c.Metrics, metrics.Handler()); err != nil { + srv := &http.Server{ + Addr: c.Metrics, + Handler: metrics.Handler(), + ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout. + } + if err := srv.ListenAndServe(); err != nil { logrus.WithError(err).Error("listen and serve") } }() diff --git a/contrib/fuzz/content_fuzzer.go b/contrib/fuzz/content_fuzzer.go index c0b67db57..da25650fd 100644 --- a/contrib/fuzz/content_fuzzer.go +++ b/contrib/fuzz/content_fuzzer.go @@ -14,7 +14,7 @@ limitations under the License. */ -// nolint: golint +//nolint:golint package fuzz import ( diff --git a/integration/client/restart_monitor_test.go b/integration/client/restart_monitor_test.go index f80930719..0681f6fc8 100644 --- a/integration/client/restart_monitor_test.go +++ b/integration/client/restart_monitor_test.go @@ -40,8 +40,7 @@ import ( exec "golang.org/x/sys/execabs" ) -// the following nolint is for shutting up gometalinter on non-linux. -// nolint: unused +//nolint:unused // Ignore on non-Linux func newDaemonWithConfig(t *testing.T, configTOML string) (*Client, *daemon, func()) { if testing.Short() { t.Skip() diff --git a/integration/main_test.go b/integration/main_test.go index 1bb097c0e..dc07d6697 100644 --- a/integration/main_test.go +++ b/integration/main_test.go @@ -210,7 +210,7 @@ func PodSandboxConfigWithCleanup(t *testing.T, name, ns string, opts ...PodSandb } // Set Windows HostProcess on the pod. -func WithWindowsHostProcessPod(p *runtime.PodSandboxConfig) { //nolint:unused +func WithWindowsHostProcessPod(p *runtime.PodSandboxConfig) { if p.Windows == nil { p.Windows = &runtime.WindowsPodSandboxConfig{} } @@ -237,7 +237,7 @@ func WithTestAnnotations() ContainerOpts { } // Add container resource limits. -func WithResources(r *runtime.LinuxContainerResources) ContainerOpts { //nolint:unused +func WithResources(r *runtime.LinuxContainerResources) ContainerOpts { return func(c *runtime.ContainerConfig) { if c.Linux == nil { c.Linux = &runtime.LinuxContainerConfig{} @@ -247,7 +247,7 @@ func WithResources(r *runtime.LinuxContainerResources) ContainerOpts { //nolint: } // Adds Windows container resource limits. -func WithWindowsResources(r *runtime.WindowsContainerResources) ContainerOpts { //nolint:unused +func WithWindowsResources(r *runtime.WindowsContainerResources) ContainerOpts { return func(c *runtime.ContainerConfig) { if c.Windows == nil { c.Windows = &runtime.WindowsContainerConfig{} @@ -265,7 +265,7 @@ func WithVolumeMount(hostPath, containerPath string) ContainerOpts { } } -func WithWindowsUsername(username string) ContainerOpts { //nolint:unused +func WithWindowsUsername(username string) ContainerOpts { return func(c *runtime.ContainerConfig) { if c.Windows == nil { c.Windows = &runtime.WindowsContainerConfig{} @@ -277,7 +277,7 @@ func WithWindowsUsername(username string) ContainerOpts { //nolint:unused } } -func WithWindowsHostProcessContainer() ContainerOpts { //nolint:unused +func WithWindowsHostProcessContainer() ContainerOpts { return func(c *runtime.ContainerConfig) { if c.Windows == nil { c.Windows = &runtime.WindowsContainerConfig{} @@ -322,7 +322,7 @@ func WithLogPath(path string) ContainerOpts { } // WithSupplementalGroups adds supplemental groups. -func WithSupplementalGroups(gids []int64) ContainerOpts { //nolint:unused +func WithSupplementalGroups(gids []int64) ContainerOpts { return func(c *runtime.ContainerConfig) { if c.Linux == nil { c.Linux = &runtime.LinuxContainerConfig{} @@ -335,7 +335,7 @@ func WithSupplementalGroups(gids []int64) ContainerOpts { //nolint:unused } // WithDevice adds a device mount. -func WithDevice(containerPath, hostPath, permissions string) ContainerOpts { //nolint:unused +func WithDevice(containerPath, hostPath, permissions string) ContainerOpts { return func(c *runtime.ContainerConfig) { c.Devices = append(c.Devices, &runtime.Device{ ContainerPath: containerPath, HostPath: hostPath, Permissions: permissions, @@ -558,7 +558,7 @@ func CRIConfig() (*criconfig.Config, error) { } // SandboxInfo gets sandbox info. -func SandboxInfo(id string) (*runtime.PodSandboxStatus, *server.SandboxInfo, error) { //nolint:unused +func SandboxInfo(id string) (*runtime.PodSandboxStatus, *server.SandboxInfo, error) { client, err := RawRuntimeClient() if err != nil { return nil, nil, fmt.Errorf("failed to get raw runtime client: %w", err) diff --git a/oci/spec_opts.go b/oci/spec_opts.go index 8adb59180..e13b9a498 100644 --- a/oci/spec_opts.go +++ b/oci/spec_opts.go @@ -76,7 +76,6 @@ func setLinux(s *Spec) { } } -// nolint func setResources(s *Spec) { if s.Linux != nil { if s.Linux.Resources == nil { @@ -85,7 +84,7 @@ func setResources(s *Spec) { } } -// nolint +//nolint:nolintlint,unused // not used on all platforms func setResourcesWindows(s *Spec) { if s.Windows != nil { if s.Windows.Resources == nil { @@ -94,7 +93,7 @@ func setResourcesWindows(s *Spec) { } } -// nolint +//nolint:nolintlint,unused // not used on all platforms func setCPU(s *Spec) { setResources(s) if s.Linux != nil { @@ -104,7 +103,7 @@ func setCPU(s *Spec) { } } -// nolint +//nolint:nolintlint,unused // not used on all platforms func setCPUWindows(s *Spec) { setResourcesWindows(s) if s.Windows != nil { diff --git a/oci/spec_opts_linux_test.go b/oci/spec_opts_linux_test.go index d41e0efca..2f48d52f2 100644 --- a/oci/spec_opts_linux_test.go +++ b/oci/spec_opts_linux_test.go @@ -31,7 +31,7 @@ import ( "golang.org/x/sys/unix" ) -// nolint:gosec +//nolint:gosec func TestWithUserID(t *testing.T) { t.Parallel() @@ -86,7 +86,7 @@ guest:x:405:100:guest:/dev/null:/sbin/nologin } } -// nolint:gosec +//nolint:gosec func TestWithUsername(t *testing.T) { t.Parallel() @@ -148,7 +148,7 @@ guest:x:405:100:guest:/dev/null:/sbin/nologin } -// nolint:gosec +//nolint:gosec func TestWithAdditionalGIDs(t *testing.T) { t.Parallel() expectedPasswd := `root:x:0:0:root:/root:/bin/ash diff --git a/oci/spec_opts_nonlinux.go b/oci/spec_opts_nonlinux.go index 2f3ce80a4..30aedd6cd 100644 --- a/oci/spec_opts_nonlinux.go +++ b/oci/spec_opts_nonlinux.go @@ -28,19 +28,16 @@ import ( // WithAllCurrentCapabilities propagates the effective capabilities of the caller process to the container process. // The capability set may differ from WithAllKnownCapabilities when running in a container. -// nolint: deadcode, unused var WithAllCurrentCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error { return WithCapabilities(nil)(ctx, client, c, s) } // WithAllKnownCapabilities sets all the known linux capabilities for the container process -// nolint: deadcode, unused var WithAllKnownCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error { return WithCapabilities(nil)(ctx, client, c, s) } // WithBlockIO sets the container's blkio parameters -// nolint: deadcode, unused func WithBlockIO(blockio interface{}) SpecOpts { return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error { return errors.New("blkio not supported") @@ -48,7 +45,6 @@ func WithBlockIO(blockio interface{}) SpecOpts { } // WithCPUShares sets the container's cpu shares -// nolint: deadcode, unused func WithCPUShares(shares uint64) SpecOpts { return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error { return nil diff --git a/oci/utils_unix.go b/oci/utils_unix.go index db75b0bad..306f09814 100644 --- a/oci/utils_unix.go +++ b/oci/utils_unix.go @@ -127,7 +127,7 @@ func getDevices(path, containerPath string) ([]specs.LinuxDevice, error) { // TODO consider adding these consts to the OCI runtime-spec. const ( - wildcardDevice = "a" //nolint // currently unused, but should be included when upstreaming to OCI runtime-spec. + wildcardDevice = "a" //nolint:nolintlint,unused,varcheck // currently unused, but should be included when upstreaming to OCI runtime-spec. blockDevice = "b" charDevice = "c" // or "u" fifoDevice = "p" @@ -148,7 +148,7 @@ func DeviceFromPath(path string) (*specs.LinuxDevice, error) { } var ( - devNumber = uint64(stat.Rdev) //nolint: unconvert // the type is 32bit on mips. + devNumber = uint64(stat.Rdev) //nolint:nolintlint,unconvert // the type is 32bit on mips. major = unix.Major(devNumber) minor = unix.Minor(devNumber) ) diff --git a/pkg/cri/opts/container.go b/pkg/cri/opts/container.go index 85fd2fdfe..5ea1b8739 100644 --- a/pkg/cri/opts/container.go +++ b/pkg/cri/opts/container.go @@ -83,7 +83,7 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts { // if it fails but not RM snapshot data. // refer to https://github.com/containerd/containerd/pull/1868 // https://github.com/containerd/containerd/pull/1785 - defer os.Remove(root) // nolint: errcheck + defer os.Remove(root) unmounter := func(mountPath string) { if uerr := mount.Unmount(mountPath, 0); uerr != nil { diff --git a/pkg/cri/sbserver/container_stats.go b/pkg/cri/sbserver/container_stats.go index a41e4da4f..cf870c77c 100644 --- a/pkg/cri/sbserver/container_stats.go +++ b/pkg/cri/sbserver/container_stats.go @@ -41,7 +41,7 @@ func (c *criService) ContainerStats(ctx context.Context, in *runtime.ContainerSt } cs, err := c.containerMetrics(cntr.Metadata, resp.Metrics[0]) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (stats unimplemented) + if err != nil { return nil, fmt.Errorf("failed to decode container metrics: %w", err) } return &runtime.ContainerStatsResponse{Stats: cs}, nil diff --git a/pkg/cri/sbserver/container_stats_list.go b/pkg/cri/sbserver/container_stats_list.go index aae5f849a..ec482340f 100644 --- a/pkg/cri/sbserver/container_stats_list.go +++ b/pkg/cri/sbserver/container_stats_list.go @@ -58,7 +58,7 @@ func (c *criService) toCRIContainerStats( containerStats := new(runtime.ListContainerStatsResponse) for _, cntr := range containers { cs, err := c.containerMetrics(cntr.Metadata, statsMap[cntr.ID]) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (metrics unimplemented) + if err != nil { return nil, fmt.Errorf("failed to decode container metrics for %q: %w", cntr.ID, err) } containerStats.Stats = append(containerStats.Stats, cs) diff --git a/pkg/cri/sbserver/image_pull.go b/pkg/cri/sbserver/image_pull.go index 148ba3487..b3579b421 100644 --- a/pkg/cri/sbserver/image_pull.go +++ b/pkg/cri/sbserver/image_pull.go @@ -318,7 +318,7 @@ func (c *criService) getTLSConfig(registryTLSConfig criconfig.TLSConfig) (*tls.C if len(cert.Certificate) != 0 { tlsConfig.Certificates = []tls.Certificate{cert} } - tlsConfig.BuildNameToCertificate() // nolint:staticcheck + tlsConfig.BuildNameToCertificate() //nolint:staticcheck // TODO(thaJeztah): verify if we should ignore the deprecation; see https://github.com/containerd/containerd/pull/7349/files#r990644833 } if registryTLSConfig.CAFile != "" { diff --git a/pkg/cri/sbserver/sandbox_stats.go b/pkg/cri/sbserver/sandbox_stats.go index 3e805e09f..bf59846d1 100644 --- a/pkg/cri/sbserver/sandbox_stats.go +++ b/pkg/cri/sbserver/sandbox_stats.go @@ -34,12 +34,12 @@ func (c *criService) PodSandboxStats( } metrics, err := metricsForSandbox(sandbox) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed getting metrics for sandbox %s: %w", r.GetPodSandboxId(), err) } podSandboxStats, err := c.podSandboxStats(ctx, sandbox, metrics) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed to decode pod sandbox metrics %s: %w", r.GetPodSandboxId(), err) } diff --git a/pkg/cri/sbserver/sandbox_stats_list.go b/pkg/cri/sbserver/sandbox_stats_list.go index 69d4336a3..3cff21b65 100644 --- a/pkg/cri/sbserver/sandbox_stats_list.go +++ b/pkg/cri/sbserver/sandbox_stats_list.go @@ -34,12 +34,12 @@ func (c *criService) ListPodSandboxStats( podSandboxStats := new(runtime.ListPodSandboxStatsResponse) for _, sandbox := range sandboxes { metrics, err := metricsForSandbox(sandbox) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed to obtain metrics for sandbox %q: %w", sandbox.ID, err) } sandboxStats, err := c.podSandboxStats(ctx, sandbox, metrics) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed to decode sandbox container metrics for sandbox %q: %w", sandbox.ID, err) } podSandboxStats.Stats = append(podSandboxStats.Stats, sandboxStats) diff --git a/pkg/cri/sbserver/service.go b/pkg/cri/sbserver/service.go index 02198f586..9479d4e9f 100644 --- a/pkg/cri/sbserver/service.go +++ b/pkg/cri/sbserver/service.go @@ -117,7 +117,7 @@ type criService struct { baseOCISpecs map[string]*oci.Spec // allCaps is the list of the capabilities. // When nil, parsed from CapEff of /proc/self/status. - allCaps []string // nolint + allCaps []string //nolint:nolintlint,unused // Ignore on non-Linux // unpackDuplicationSuppressor is used to make sure that there is only // one in-flight fetch request or unpack handler for a given descriptor's // or chain ID. diff --git a/pkg/cri/server/container_stats.go b/pkg/cri/server/container_stats.go index db62c342b..0ca66eef3 100644 --- a/pkg/cri/server/container_stats.go +++ b/pkg/cri/server/container_stats.go @@ -41,7 +41,7 @@ func (c *criService) ContainerStats(ctx context.Context, in *runtime.ContainerSt } cs, err := c.containerMetrics(cntr.Metadata, resp.Metrics[0]) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (stats unimplemented) + if err != nil { return nil, fmt.Errorf("failed to decode container metrics: %w", err) } return &runtime.ContainerStatsResponse{Stats: cs}, nil diff --git a/pkg/cri/server/container_stats_list.go b/pkg/cri/server/container_stats_list.go index 9459b64b1..cb61eecb3 100644 --- a/pkg/cri/server/container_stats_list.go +++ b/pkg/cri/server/container_stats_list.go @@ -61,7 +61,7 @@ func (c *criService) toCRIContainerStats( containerStats := new(runtime.ListContainerStatsResponse) for _, cntr := range containers { cs, err := c.containerMetrics(cntr.Metadata, statsMap[cntr.ID]) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (metrics unimplemented) + if err != nil { return nil, fmt.Errorf("failed to decode container metrics for %q: %w", cntr.ID, err) } diff --git a/pkg/cri/server/image_pull.go b/pkg/cri/server/image_pull.go index e6af29e8a..fcda1ef33 100644 --- a/pkg/cri/server/image_pull.go +++ b/pkg/cri/server/image_pull.go @@ -318,7 +318,7 @@ func (c *criService) getTLSConfig(registryTLSConfig criconfig.TLSConfig) (*tls.C if len(cert.Certificate) != 0 { tlsConfig.Certificates = []tls.Certificate{cert} } - tlsConfig.BuildNameToCertificate() // nolint:staticcheck + tlsConfig.BuildNameToCertificate() //nolint:staticcheck // TODO(thaJeztah): verify if we should ignore the deprecation; see https://github.com/containerd/containerd/pull/7349/files#r990644833 } if registryTLSConfig.CAFile != "" { diff --git a/pkg/cri/server/sandbox_stats.go b/pkg/cri/server/sandbox_stats.go index b74dd0ff5..feb19120c 100644 --- a/pkg/cri/server/sandbox_stats.go +++ b/pkg/cri/server/sandbox_stats.go @@ -34,12 +34,12 @@ func (c *criService) PodSandboxStats( } metrics, err := metricsForSandbox(sandbox) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed getting metrics for sandbox %s: %w", r.GetPodSandboxId(), err) } podSandboxStats, err := c.podSandboxStats(ctx, sandbox, metrics) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed to decode pod sandbox metrics %s: %w", r.GetPodSandboxId(), err) } diff --git a/pkg/cri/server/sandbox_stats_list.go b/pkg/cri/server/sandbox_stats_list.go index 1cd4f2db8..c989bbfa9 100644 --- a/pkg/cri/server/sandbox_stats_list.go +++ b/pkg/cri/server/sandbox_stats_list.go @@ -34,12 +34,12 @@ func (c *criService) ListPodSandboxStats( podSandboxStats := new(runtime.ListPodSandboxStatsResponse) for _, sandbox := range sandboxes { metrics, err := metricsForSandbox(sandbox) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed to obtain metrics for sandbox %q: %w", sandbox.ID, err) } sandboxStats, err := c.podSandboxStats(ctx, sandbox, metrics) - if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return nil (unimplemented metrics) + if err != nil { return nil, fmt.Errorf("failed to decode sandbox container metrics for sandbox %q: %w", sandbox.ID, err) } podSandboxStats.Stats = append(podSandboxStats.Stats, sandboxStats) diff --git a/pkg/cri/server/service.go b/pkg/cri/server/service.go index 2e2cca42b..04ec294d3 100644 --- a/pkg/cri/server/service.go +++ b/pkg/cri/server/service.go @@ -113,7 +113,7 @@ type criService struct { baseOCISpecs map[string]*oci.Spec // allCaps is the list of the capabilities. // When nil, parsed from CapEff of /proc/self/status. - allCaps []string // nolint + allCaps []string //nolint:nolintlint,unused // Ignore on non-Linux // unpackDuplicationSuppressor is used to make sure that there is only // one in-flight fetch request or unpack handler for a given descriptor's // or chain ID. diff --git a/pkg/cri/store/container/container.go b/pkg/cri/store/container/container.go index a5e35396b..524b58291 100644 --- a/pkg/cri/store/container/container.go +++ b/pkg/cri/store/container/container.go @@ -208,6 +208,6 @@ func (s *Store) Delete(id string) { c.IO.Close() } s.labels.Release(c.ProcessLabel) - s.idIndex.Delete(id) // nolint: errcheck + s.idIndex.Delete(id) delete(s.containers, id) } diff --git a/pkg/cri/store/container/metadata.go b/pkg/cri/store/container/metadata.go index f21914a20..698e495ae 100644 --- a/pkg/cri/store/container/metadata.go +++ b/pkg/cri/store/container/metadata.go @@ -28,10 +28,9 @@ import ( // 2) Metadata is checkpointed as containerd container label. // metadataVersion is current version of container metadata. -const metadataVersion = "v1" // nolint +const metadataVersion = "v1" // versionedMetadata is the internal versioned container metadata. -// nolint type versionedMetadata struct { // Version indicates the version of the versioned container metadata. Version string diff --git a/pkg/cri/store/container/status.go b/pkg/cri/store/container/status.go index 1cf9a204e..b50dc5c54 100644 --- a/pkg/cri/store/container/status.go +++ b/pkg/cri/store/container/status.go @@ -61,10 +61,9 @@ import ( // DELETED // statusVersion is current version of container status. -const statusVersion = "v1" // nolint +const statusVersion = "v1" // versionedStatus is the internal used versioned container status. -// nolint type versionedStatus struct { // Version indicates the version of the versioned container status. Version string diff --git a/pkg/cri/store/image/image.go b/pkg/cri/store/image/image.go index 592384f35..d5f3d12b5 100644 --- a/pkg/cri/store/image/image.go +++ b/pkg/cri/store/image/image.go @@ -246,6 +246,6 @@ func (s *store) delete(id, ref string) { return } // Remove the image if it is not referenced any more. - s.digestSet.Remove(digest) // nolint: errcheck + s.digestSet.Remove(digest) delete(s.images, digest.String()) } diff --git a/pkg/cri/store/sandbox/metadata.go b/pkg/cri/store/sandbox/metadata.go index 80e39c68c..20fe2f1d1 100644 --- a/pkg/cri/store/sandbox/metadata.go +++ b/pkg/cri/store/sandbox/metadata.go @@ -29,10 +29,9 @@ import ( // 2) Metadata is checkpointed as containerd container label. // metadataVersion is current version of sandbox metadata. -const metadataVersion = "v1" // nolint +const metadataVersion = "v1" // versionedMetadata is the internal versioned sandbox metadata. -// nolint type versionedMetadata struct { // Version indicates the version of the versioned sandbox metadata. Version string diff --git a/pkg/cri/store/sandbox/sandbox.go b/pkg/cri/store/sandbox/sandbox.go index 1cf208e4c..35e4603a2 100644 --- a/pkg/cri/store/sandbox/sandbox.go +++ b/pkg/cri/store/sandbox/sandbox.go @@ -160,6 +160,6 @@ func (s *Store) Delete(id string) { return } s.labels.Release(s.sandboxes[id].ProcessLabel) - s.idIndex.Delete(id) // nolint: errcheck + s.idIndex.Delete(id) delete(s.sandboxes, id) } diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go index 09b5c9791..03f68a568 100644 --- a/pkg/netns/netns_linux.go +++ b/pkg/netns/netns_linux.go @@ -77,7 +77,7 @@ func newNS(baseDir string) (nsPath string, err error) { defer func() { // Ensure the mount point is cleaned up on errors if err != nil { - os.RemoveAll(nsPath) // nolint: errcheck + os.RemoveAll(nsPath) } }() @@ -107,7 +107,7 @@ func newNS(baseDir string) (nsPath string, err error) { } // Put this thread back to the orig ns, since it might get reused (pre go1.10) - defer origNS.Set() // nolint: errcheck + defer origNS.Set() // bind mount the netns from the current thread (from /proc) onto the // mount point. This causes the namespace to persist, even when there @@ -214,6 +214,6 @@ func (n *NetNS) Do(f func(cnins.NetNS) error) error { if err != nil { return fmt.Errorf("get netns fd: %w", err) } - defer ns.Close() // nolint: errcheck + defer ns.Close() return ns.Do(f) } diff --git a/pkg/progress/escape.go b/pkg/progress/escape.go index d9ce5b088..394686f46 100644 --- a/pkg/progress/escape.go +++ b/pkg/progress/escape.go @@ -19,6 +19,6 @@ package progress const ( escape = "\x1b" reset = escape + "[0m" - red = escape + "[31m" // nolint: deadcode, varcheck, unused + red = escape + "[31m" //nolint:nolintlint,unused,varcheck green = escape + "[32m" ) diff --git a/pkg/runtimeoptions/v1/doc.go b/pkg/runtimeoptions/v1/doc.go index 62525652f..9617e7404 100644 --- a/pkg/runtimeoptions/v1/doc.go +++ b/pkg/runtimeoptions/v1/doc.go @@ -14,4 +14,4 @@ limitations under the License. */ -package runtimeoptions_v1 //nolint +package runtimeoptions_v1 //nolint:revive // Ignore var-naming: don't use an underscore in package name (revive) diff --git a/script/setup/install-dev-tools b/script/setup/install-dev-tools index 078974571..c1afbe662 100755 --- a/script/setup/install-dev-tools +++ b/script/setup/install-dev-tools @@ -24,7 +24,7 @@ set -eu -o pipefail go install github.com/containerd/protobuild@v0.2.0 go install github.com/containerd/protobuild/cmd/go-fix-acronym@v0.2.0 go install github.com/cpuguy83/go-md2man/v2@v2.0.1 -go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.48.0 +go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2 go install github.com/containerd/ttrpc/cmd/protoc-gen-go-ttrpc@944ef4a40df3446714a823207972b7d9858ffac5 diff --git a/services/server/server.go b/services/server/server.go index d607e39d4..74c36df0a 100644 --- a/services/server/server.go +++ b/services/server/server.go @@ -317,7 +317,11 @@ func (s *Server) ServeTTRPC(l net.Listener) error { func (s *Server) ServeMetrics(l net.Listener) error { m := http.NewServeMux() m.Handle("/v1/metrics", metrics.Handler()) - return trapClosedConnErr(http.Serve(l, m)) + srv := &http.Server{ + Handler: m, + ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout. + } + return trapClosedConnErr(srv.Serve(l)) } // ServeTCP allows services to serve over tcp @@ -337,7 +341,11 @@ func (s *Server) ServeDebug(l net.Listener) error { m.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile)) m.Handle("/debug/pprof/symbol", http.HandlerFunc(pprof.Symbol)) m.Handle("/debug/pprof/trace", http.HandlerFunc(pprof.Trace)) - return trapClosedConnErr(http.Serve(l, m)) + srv := &http.Server{ + Handler: m, + ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout. + } + return trapClosedConnErr(srv.Serve(l)) } // Stop the containerd server canceling any open connections