chore: upgrade to golangci-lint v2, address findings

.github/workflows/ci.yaml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: golangci/golangci-lint-action@v3
+      - uses: golangci/golangci-lint-action@v9
         with:
           version: latest
   test:

.golangci.yml

@@ -1,3 +1,5 @@
+version: "2"
+
 linters:
   enable:
     - gocritic

cmd/sshi/root.go

@@ -51,7 +51,7 @@ func ignoreFlagsAfter(cmds ...string) {
 	}
 
 	// Inject -- after the subcommand to signal Cobra not to try to parse flags
-	var args []string
+	var args []string //nolint:prealloc // insignificant
 	args = append(args, os.Args[:cmdIndex+1]...)
 	args = append(args, "--")
 	args = append(args, os.Args[cmdIndex+1:]...)

internal/auth/backend/authfile/auth_test.go

@@ -13,16 +13,16 @@ import (
 	"github.com/aakso/ssh-inscribe/internal/logging"
 )
 
-var tmpfiles []string
 var testAuth auth.Authenticator
 
-func makeFile(data string, suffix string) string {
-	file, err := os.CreateTemp("", "test")
+func makeFile(tempDir string, data string, suffix string) string {
+	file, err := os.CreateTemp(tempDir, "test")
 	if err != nil {
 		panic(err)
 	}
-	defer file.Close()
-	tmpfiles = append(tmpfiles, file.Name())
+	defer func() {
+		_ = file.Close()
+	}()
 	_, err = file.WriteString(data)
 	if err != nil {
 		panic(err)
@@ -41,11 +41,7 @@ func makeFile(data string, suffix string) string {
 
 func TestMain(m *testing.M) {
 	logging.SetLevel(logrus.DebugLevel)
-	r := m.Run()
-	for _, file := range tmpfiles {
-		os.Remove(file)
-	}
-	os.Exit(r)
+	os.Exit(m.Run())
 }
 
 func TestAuthFileParse(t *testing.T) {
@@ -64,7 +60,7 @@ users:
   principals:
   - p1
 `
-	loc := makeFile(data, "yaml")
+	loc := makeFile(t.TempDir(), data, "yaml")
 	auth, err := New(&Config{
 		Path:  loc,
 		Realm: "test",

internal/auth/cert.go

@@ -10,11 +10,11 @@ import (
 
 func MakeCertificates(key ssh.PublicKey, actx *AuthContext, validBefore time.Time, maxPrincipalsPerCert int) []*ssh.Certificate {
 	var kid strings.Builder
-	kid.WriteString(fmt.Sprintf("subject=%q", actx.GetSubjectName()))
+	fmt.Fprintf(&kid, "subject=%q", actx.GetSubjectName())
 	if aid, ok := actx.GetAuthMeta()[MetaAuditID]; ok {
-		kid.WriteString(fmt.Sprintf(" audit_id=%q", aid))
+		fmt.Fprintf(&kid, " audit_id=%q", aid)
 	}
-	kid.WriteString(fmt.Sprintf(" via=%q", strings.Join(actx.GetAuthenticators(), ",")))
+	fmt.Fprintf(&kid, " via=%q", strings.Join(actx.GetAuthenticators(), ","))
 
 	remainingPrincipals := actx.GetPrincipals()
 	if maxPrincipalsPerCert == 0 {

internal/keysigner/keysigner.go

@@ -361,7 +361,9 @@ func (ks *KeySignerService) KillAgent() bool {
 	}
 	// Ensure socket file is removed, for some reason the cleanup_exit is not called
 	// Need to look into that
-	os.Remove(ks.authSocketLoc)
+	if err := os.Remove(ks.authSocketLoc); err != nil && !errors.Is(err, os.ErrNotExist) {
+		ks.log.WithError(err).Warn("cannot remove auth socket")
+	}
 	ks.log.WithField("agentpid", ks.startedAgentProcess.Pid).Info("killed ssh-agent")
 
 	ks.startedAgentProcess = nil

internal/ui/client.go

@@ -494,6 +494,12 @@ func (c *Client) storeInFile() error {
 	log := Log.WithField("action", "storeInFile")
 	// If we have been requested to generate a keypair, save it
 	if c.Config.GenerateKeypair {
+		closeFile := func(f *os.File) {
+			if err := f.Close(); err != nil {
+				log.WithError(err).Warn("failed to close file")
+			}
+		}
+
 		privFile := c.Config.IdentityFile
 		if abs, _ := filepath.Abs(privFile); abs != "" {
 			privFile = abs
@@ -504,7 +510,7 @@ func (c *Client) storeInFile() error {
 		if err != nil {
 			return errors.Wrap(err, "could not save to file")
 		}
-		defer fhPriv.Close()
+		defer closeFile(fhPriv)
 		opts := &sshkeys.MarshalOptions{}
 		switch c.userPrivateKey.(type) {
 		case *ed25519.PrivateKey:
@@ -532,7 +538,7 @@ func (c *Client) storeInFile() error {
 		if err != nil {
 			return errors.Wrap(err, "could not save to file")
 		}
-		defer fhPub.Close()
+		defer closeFile(fhPub)
 		signer, err := ssh.NewSignerFromKey(c.userPrivateKey)
 		if err != nil {
 			return errors.Wrap(err, "unexpected error")
@@ -1192,7 +1198,9 @@ func (c *Client) urlFor(s string) string {
 
 func (c *Client) Close() {
 	if c.agentClient != nil {
-		c.agentConn.Close()
+		if err := c.agentConn.Close(); err != nil {
+			Log.WithError(err).Error("failed to close agent connection")
+		}
 	}
 }