From c59da7ac29f041954c0864bc7bbb2c66ee18eba5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 3 Nov 2023 14:31:26 +0100
Subject: [PATCH] reformat with gofumpt

---
 pkgs/sops-import-keys-hook/hook_test.go |  1 -
 pkgs/sops-install-secrets/darwin.go     |  4 +-
 pkgs/sops-install-secrets/linux.go      | 18 ++++----
 pkgs/sops-install-secrets/main.go       | 55 ++++++++++++-------------
 pkgs/sops-install-secrets/main_test.go  |  9 ++--
 pkgs/sops-pgp-hook/hook_test.go         |  1 -
 6 files changed, 42 insertions(+), 46 deletions(-)

diff --git a/pkgs/sops-import-keys-hook/hook_test.go b/pkgs/sops-import-keys-hook/hook_test.go
index 90c2f0c..fbfc7bf 100644
--- a/pkgs/sops-import-keys-hook/hook_test.go
+++ b/pkgs/sops-import-keys-hook/hook_test.go
@@ -71,5 +71,4 @@ func TestShellHook(t *testing.T) {
 	if !strings.Contains(stderr, expectedStderr) {
 		t.Fatalf("'%v' not in '%v'", expectedStderr, stdout)
 	}
-
 }
diff --git a/pkgs/sops-install-secrets/darwin.go b/pkgs/sops-install-secrets/darwin.go
index 523b2e8..7023eb7 100644
--- a/pkgs/sops-install-secrets/darwin.go
+++ b/pkgs/sops-install-secrets/darwin.go
@@ -54,7 +54,7 @@ func SecureSymlinkChown(symlinkToCheck string, expectedTarget string, owner, gro
 // newfs_hfs $mydev
 // mount -t hfs $mydev /tmp/mymount
 func MountSecretFs(mountpoint string, keysGid int, _useTmpfs bool, userMode bool) error {
-	if err := os.MkdirAll(mountpoint, 0751); err != nil {
+	if err := os.MkdirAll(mountpoint, 0o751); err != nil {
 		return fmt.Errorf("Cannot create directory '%s': %w", mountpoint, err)
 	}
 	if _, err := os.Stat(mountpoint + "/sops-nix-secretfs"); !errors.Is(err, os.ErrNotExist) {
@@ -90,7 +90,7 @@ func MountSecretFs(mountpoint string, keysGid int, _useTmpfs bool, userMode bool
 	// There is no documented way to check for memfs mountpoint. Thus we place a file.
 	_, err = os.Create(mountpoint + "/sops-nix-secretfs")
 
-  // This would be the way to check on unix.
+	// This would be the way to check on unix.
 	//buf := unix.Statfs_t{}
 	//if err := unix.Statfs(mountpoint, &buf); err != nil {
 	//	return fmt.Errorf("Cannot get statfs for directory '%s': %w", mountpoint, err)
diff --git a/pkgs/sops-install-secrets/linux.go b/pkgs/sops-install-secrets/linux.go
index 523f1bc..6f50a7a 100644
--- a/pkgs/sops-install-secrets/linux.go
+++ b/pkgs/sops-install-secrets/linux.go
@@ -4,18 +4,18 @@
 package main
 
 import (
-  "fmt"
-  "os"
+	"fmt"
+	"os"
 
 	"golang.org/x/sys/unix"
 )
 
 func RuntimeDir() (string, error) {
-  rundir, ok := os.LookupEnv("XDG_RUNTIME_DIR")
-  if !ok {
-  	return "", fmt.Errorf("$XDG_RUNTIME_DIR is not set!")
-  }
-  return rundir, nil
+	rundir, ok := os.LookupEnv("XDG_RUNTIME_DIR")
+	if !ok {
+		return "", fmt.Errorf("$XDG_RUNTIME_DIR is not set!")
+	}
+	return rundir, nil
 }
 
 func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int) error {
@@ -51,11 +51,11 @@ func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int)
 }
 
 func MountSecretFs(mountpoint string, keysGid int, useTmpfs bool, userMode bool) error {
-	if err := os.MkdirAll(mountpoint, 0751); err != nil {
+	if err := os.MkdirAll(mountpoint, 0o751); err != nil {
 		return fmt.Errorf("Cannot create directory '%s': %w", mountpoint, err)
 	}
 
-  // We can't create a ramfs as user
+	// We can't create a ramfs as user
 	if userMode {
 		return nil
 	}
diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
index d02c32c..34756de 100644
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@@ -18,9 +18,9 @@ import (
 	"github.com/Mic92/sops-nix/pkgs/sops-install-secrets/sshkeys"
 	agessh "github.com/Mic92/ssh-to-age"
 
+	"github.com/joho/godotenv"
 	"github.com/mozilla-services/yaml"
 	"go.mozilla.org/sops/v3/decrypt"
-	"github.com/joho/godotenv"
 )
 
 type secret struct {
@@ -79,10 +79,10 @@ const (
 func IsValidFormat(format string) bool {
 	switch format {
 	case string(Yaml),
-		 string(Json),
-		 string(Binary),
-		 string(Dotenv),
-		 string(Ini):
+		string(Json),
+		string(Binary),
+		string(Dotenv),
+		string(Ini):
 		return true
 	default:
 		return false
@@ -94,7 +94,7 @@ func (f *FormatType) UnmarshalJSON(b []byte) error {
 	if err := json.Unmarshal(b, &s); err != nil {
 		return err
 	}
-	var t = FormatType(s)
+	t := FormatType(s)
 	switch t {
 	case "":
 		*f = Yaml
@@ -304,8 +304,10 @@ func decryptSecrets(secrets []secret) error {
 	return nil
 }
 
-const RAMFS_MAGIC int32 = -2054924042
-const TMPFS_MAGIC int32 = 16914836
+const (
+	RAMFS_MAGIC int32 = -2054924042
+	TMPFS_MAGIC int32 = 16914836
+)
 
 func prepareSecretsDir(secretMountpoint string, linkName string, keysGid int, userMode bool) (*string, error) {
 	var generation uint64
@@ -328,7 +330,7 @@ func prepareSecretsDir(secretMountpoint string, linkName string, keysGid int, us
 			return nil, fmt.Errorf("Cannot remove existing %s: %w", dir, err)
 		}
 	}
-	if err := os.Mkdir(dir, os.FileMode(0751)); err != nil {
+	if err := os.Mkdir(dir, os.FileMode(0o751)); err != nil {
 		return nil, fmt.Errorf("mkdir(): %w", err)
 	}
 	if !userMode {
@@ -347,7 +349,7 @@ func writeSecrets(secretDir string, secrets []secret, keysGid int, userMode bool
 		pathSoFar := secretDir
 		for _, dir := range dirs {
 			pathSoFar = filepath.Join(pathSoFar, dir)
-			if err := os.MkdirAll(pathSoFar, 0751); err != nil {
+			if err := os.MkdirAll(pathSoFar, 0o751); err != nil {
 				return fmt.Errorf("Cannot create directory '%s' for %s: %w", pathSoFar, fp, err)
 			}
 			if !userMode {
@@ -382,15 +384,15 @@ func lookupGroup(groupname string) (int, error) {
 }
 
 func lookupKeysGroup() (int, error) {
-  gid, err1 := lookupGroup("keys")
-  if err1 == nil {
-    return gid, nil
-  }
-  gid, err2 := lookupGroup("nogroup")
-  if err2 == nil {
-    return gid, nil
-  }
-  return 0, fmt.Errorf("Can't find group 'keys' nor 'nogroup' (%w).", err2)
+	gid, err1 := lookupGroup("keys")
+	if err1 == nil {
+		return gid, nil
+	}
+	gid, err2 := lookupGroup("nogroup")
+	if err2 == nil {
+		return gid, nil
+	}
+	return 0, fmt.Errorf("Can't find group 'keys' nor 'nogroup' (%w).", err2)
 }
 
 func (app *appContext) loadSopsFile(s *secret) (*secretFile, error) {
@@ -435,7 +437,6 @@ func (app *appContext) loadSopsFile(s *secret) (*secretFile, error) {
 		keys:        keys,
 		firstSecret: s,
 	}, nil
-
 }
 
 func (app *appContext) validateSopsFile(s *secret, file *secretFile) error {
@@ -444,7 +445,7 @@ func (app *appContext) validateSopsFile(s *secret, file *secretFile) error {
 			s.Name, s.SopsFile, s.Format,
 			file.firstSecret.Format, file.firstSecret.Name)
 	}
-	if app.checkMode != Manifest && (!(s.Format == Binary || s.Format == Dotenv || s.Format == Ini )) {
+	if app.checkMode != Manifest && (!(s.Format == Binary || s.Format == Dotenv || s.Format == Ini)) {
 		_, err := recurseSecretKey(file.keys, s.Key)
 		if err != nil {
 			return fmt.Errorf("secret %s in %s is not valid: %w", s.Name, s.SopsFile, err)
@@ -605,7 +606,7 @@ func pruneGenerations(secretsMountPoint, secretsDir string, keepGenerations int)
 func importSSHKeys(logcfg loggingConfig, keyPaths []string, gpgHome string) error {
 	secringPath := filepath.Join(gpgHome, "secring.gpg")
 
-	secring, err := os.OpenFile(secringPath, os.O_WRONLY|os.O_CREATE, 0600)
+	secring, err := os.OpenFile(secringPath, os.O_WRONLY|os.O_CREATE, 0o600)
 	if err != nil {
 		return fmt.Errorf("Cannot create %s: %w", secringPath, err)
 	}
@@ -661,7 +662,6 @@ func importAgeSSHKeys(logcfg loggingConfig, keyPaths []string, ageFile os.File)
 // Inspired by https://github.com/facebookarchive/symwalk
 func symlinkWalk(filename string, linkDirname string, walkFn filepath.WalkFunc) error {
 	symWalkFunc := func(path string, info os.FileInfo, err error) error {
-
 		if fname, err := filepath.Rel(filename, path); err == nil {
 			path = filepath.Join(linkDirname, fname)
 		} else {
@@ -735,7 +735,7 @@ func handleModifications(isDry bool, logcfg loggingConfig, symlinkPath string, s
 
 	writeLines := func(list []string, file string) error {
 		if len(list) != 0 {
-			f, err := os.OpenFile(file, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
+			f, err := os.OpenFile(file, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0o600)
 			if err != nil {
 				return err
 			}
@@ -893,9 +893,9 @@ func installSecrets(args []string) error {
 	}
 
 	if manifest.UserMode {
-    rundir, err := RuntimeDir()
+		rundir, err := RuntimeDir()
 		if opts.checkMode == Off && err != nil {
-      return fmt.Errorf("Error: %v", err)
+			return fmt.Errorf("Error: %v", err)
 		}
 		manifest.SecretsMountPoint = replaceRuntimeDir(manifest.SecretsMountPoint, rundir)
 		manifest.SymlinkPath = replaceRuntimeDir(manifest.SymlinkPath, rundir)
@@ -953,7 +953,7 @@ func installSecrets(args []string) error {
 		keyfile := filepath.Join(manifest.SecretsMountPoint, "age-keys.txt")
 		os.Setenv("SOPS_AGE_KEY_FILE", keyfile)
 		// Create the keyfile
-		ageFile, err := os.OpenFile(keyfile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+		ageFile, err := os.OpenFile(keyfile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 		if err != nil {
 			return fmt.Errorf("Cannot create '%s': %w", keyfile, err)
 		}
@@ -1013,7 +1013,6 @@ func installSecrets(args []string) error {
 	}
 
 	return nil
-
 }
 
 func main() {
diff --git a/pkgs/sops-install-secrets/main_test.go b/pkgs/sops-install-secrets/main_test.go
index 51be915..7c4ef92 100644
--- a/pkgs/sops-install-secrets/main_test.go
+++ b/pkgs/sops-install-secrets/main_test.go
@@ -38,7 +38,7 @@ func equals(tb testing.TB, exp, act interface{}) {
 
 func writeManifest(t *testing.T, dir string, m *manifest) string {
 	filename := path.Join(dir, "manifest.json")
-	f, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0755)
+	f, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0o755)
 	ok(t, err)
 	encoder := json.NewEncoder(f)
 	ok(t, encoder.Encode(m))
@@ -82,7 +82,7 @@ func testGPG(t *testing.T) {
 	gpgHome := path.Join(testdir.path, "gpg-home")
 	gpgEnv := append(os.Environ(), fmt.Sprintf("GNUPGHOME=%s", gpgHome))
 
-	ok(t, os.Mkdir(gpgHome, os.FileMode(0700)))
+	ok(t, os.Mkdir(gpgHome, os.FileMode(0o700)))
 	cmd := exec.Command("gpg", "--import", path.Join(assets, "key.asc"))
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
@@ -144,7 +144,6 @@ func testGPG(t *testing.T) {
 	iniSecret.SopsFile = path.Join(assets, "secrets.ini")
 	iniSecret.Path = path.Join(testdir.secretsPath, "test5")
 
-
 	manifest := manifest{
 		Secrets:           []secret{yamlSecret, jsonSecret, binarySecret, dotenvSecret, iniSecret},
 		SecretsMountPoint: testdir.secretsPath,
@@ -169,7 +168,7 @@ func testGPG(t *testing.T) {
 	ok(t, err)
 
 	equals(t, true, yamlStat.Mode().IsRegular())
-	equals(t, 0400, int(yamlStat.Mode().Perm()))
+	equals(t, 0o400, int(yamlStat.Mode().Perm()))
 	stat, success := yamlStat.Sys().(*syscall.Stat_t)
 	equals(t, true, success)
 	content, err := os.ReadFile(yamlSecret.Path)
@@ -187,7 +186,7 @@ func testGPG(t *testing.T) {
 	jsonStat, err := os.Stat(jsonSecret.Path)
 	ok(t, err)
 	equals(t, true, jsonStat.Mode().IsRegular())
-	equals(t, 0700, int(jsonStat.Mode().Perm()))
+	equals(t, 0o700, int(jsonStat.Mode().Perm()))
 	if stat, ok := jsonStat.Sys().(*syscall.Stat_t); ok {
 		equals(t, 0, int(stat.Uid))
 		equals(t, 0, int(stat.Gid))
diff --git a/pkgs/sops-pgp-hook/hook_test.go b/pkgs/sops-pgp-hook/hook_test.go
index 10ad7f4..acf6b1d 100644
--- a/pkgs/sops-pgp-hook/hook_test.go
+++ b/pkgs/sops-pgp-hook/hook_test.go
@@ -65,5 +65,4 @@ func TestShellHook(t *testing.T) {
 	if !strings.Contains(stderr, expectedStderr) {
 		t.Fatalf("'%v' not in '%v'", expectedStderr, stdout)
 	}
-
 }