Fix calls to die.With.

disable linting until cleanups are finished
fileutil: linter fixes.
2025-11-15 16:10:14 -08:00 · 2025-11-15 16:00:58 -08:00 · 2025-11-15 15:58:51 -08:00 · 2025-11-15 15:55:17 -08:00 · 2025-11-15 15:53:57 -08:00 · 2025-11-15 15:48:18 -08:00
30 changed files with 822 additions and 434 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -5,6 +5,30 @@ version: 2.1
 # Define a job to be invoked later in a workflow.
 # See: https://circleci.com/docs/2.0/configuration-reference/#jobs
 jobs:
+  lint:
+    working_directory: ~/repo
+    docker:
+      - image: cimg/go:1.22.2
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - go-mod-v4-{{ checksum "go.sum" }}
+      - run:
+          name: Install Dependencies
+          command: go mod download
+      - save_cache:
+          key: go-mod-v4-{{ checksum "go.sum" }}
+          paths:
+            - "/go/pkg/mod"
+      - run:
+          name: Install golangci-lint
+          command: |
+            curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+      - run:
+          name: Run golangci-lint
+          command: golangci-lint run --timeout=5m
+
  testbuild:
    working_directory: ~/repo
    # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
@@ -27,16 +51,17 @@ jobs:
            - "/go/pkg/mod"
      - run:
          name: Run tests
-          command: go test ./...
+          command: go test -race ./...
      - run:
          name: Run build
          command: go build ./...
      - store_test_results:
          path: /tmp/test-reports
-
 # Invoke jobs via workflows
 # See: https://circleci.com/docs/2.0/configuration-reference/#workflows
+# Linting is disabled while cleanups are ongoing.
 workflows:
  testbuild:
    jobs:
      - testbuild
+#      - lint
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1 @@
-bazel-bin
-bazel-goutils
-bazel-out
-bazel-testlogs
+.idea
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,87 +1,473 @@
-run:
-  timeout: 5m
-  tests: true
-  build-tags: []
-  modules-download-mode: readonly
+# This file is licensed under the terms of the MIT license https://opensource.org/license/mit
+# Copyright (c) 2021-2025 Marat Reymers
+
+## Golden config for golangci-lint v2.6.2
+#
+# This is the best config for golangci-lint based on my experience and opinion.
+# It is very strict, but not extremely strict.
+# Feel free to adapt it to suit your needs.
+# If this config helps you, please consider keeping a link to this file (see the next comment).
+
+# Based on https://gist.github.com/maratori/47a4d00457a92aa426dbd48a18776322
+
+version: "2"
+
+issues:
+  # Maximum count of issues with the same text.
+  # Set to 0 to disable.
+  # Default: 3
+  max-same-issues: 50
+
+formatters:
+  enable:
+    - goimports # checks if the code and import statements are formatted according to the 'goimports' command
+    - golines # checks if code is formatted, and fixes long lines
+
+    ## you may want to enable
+    #- gci # checks if code and import statements are formatted, with additional rules
+    #- gofmt # checks if the code is formatted according to 'gofmt' command
+    #- gofumpt # enforces a stricter format than 'gofmt', while being backwards compatible
+    #- swaggo # formats swaggo comments
+
+  # All settings can be found here https://github.com/golangci/golangci-lint/blob/HEAD/.golangci.reference.yml
+  settings:
+    goimports:
+      # A list of prefixes, which, if set, checks import paths
+      # with the given prefixes are grouped after 3rd-party packages.
+      # Default: []
+      local-prefixes:
+        - github.com/my/project
+
+    golines:
+      # Target maximum line length.
+      # Default: 100
+      max-len: 120

 linters:
  enable:
-    - errcheck
-    - gosimple
-    - govet
-    - ineffassign
-    - staticcheck
-    - unused
-    - gofmt
-    - goimports
-    - misspell
-    - unparam
-    - unconvert
-    - goconst
-    - gocyclo
-    - gosec
-    - prealloc
-    - copyloopvar
-    - revive
-    - typecheck
+    - asasalint # checks for pass []any as any in variadic func(...any)
+    - asciicheck # checks that your code does not contain non-ASCII identifiers
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - canonicalheader # checks whether net/http.Header uses canonical header
+    - copyloopvar # detects places where loop variables are copied (Go 1.22+)
+    - cyclop # checks function and package cyclomatic complexity
+    - depguard # checks if package imports are in a list of acceptable packages
+    - dupl # tool for code clone detection
+    - durationcheck # checks for two durations multiplied together
+    - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
+    - exhaustive # checks exhaustiveness of enum switch statements
+    - exptostd # detects functions from golang.org/x/exp/ that can be replaced by std functions
+    - fatcontext # detects nested contexts in loops
+    - forbidigo # forbids identifiers
+    - funcorder # checks the order of functions, methods, and constructors
+    - funlen # tool for detection of long functions
+    - gocheckcompilerdirectives # validates go compiler directive comments (//go:)
+    - gochecksumtype # checks exhaustiveness on Go "sum types"
+    - gocognit # computes and checks the cognitive complexity of functions
+    - goconst # finds repeated strings that could be replaced by a constant
+    - gocritic # provides diagnostics that check for bugs, performance and style issues
+    - gocyclo # computes and checks the cyclomatic complexity of functions
+    - godoclint # checks Golang's documentation practice
+    - godot # checks if comments end in a period
+    - gomoddirectives # manages the use of 'replace', 'retract', and 'excludes' directives in go.mod
+    - goprintffuncname # checks that printf-like functions are named with f at the end
+    - gosec # inspects source code for security problems
+    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - iface # checks the incorrect use of interfaces, helping developers avoid interface pollution
+    - ineffassign # detects when assignments to existing variables are not used
+    - intrange # finds places where for loops could make use of an integer range
+    - iotamixing # checks if iotas are being used in const blocks with other non-iota declarations
+    - loggercheck # checks key value pairs for common logger libraries (kitlog,klog,logr,zap)
+    - makezero # finds slice declarations with non-zero initial length
+    - mirror # reports wrong mirror patterns of bytes/strings usage
+    - mnd # detects magic numbers
+    - modernize # suggests simplifications to Go code, using modern language and library features
+    - musttag # enforces field tags in (un)marshaled structs
+    - nakedret # finds naked returns in functions greater than a specified function length
+    - nestif # reports deeply nested if statements
+    - nilerr # finds the code that returns nil even if it checks that the error is not nil
+    - nilnesserr # reports that it checks for err != nil, but it returns a different nil value error (powered by nilness and nilerr)
+    - nilnil # checks that there is no simultaneous return of nil error and an invalid value
+    - noctx # finds sending http request without context.Context
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - nonamedreturns # reports all named returns
+    - nosprintfhostport # checks for misuse of Sprintf to construct a host with port in a URL
+    - perfsprint # checks that fmt.Sprintf can be replaced with a faster alternative
+    - predeclared # finds code that shadows one of Go's predeclared identifiers
+    - promlinter # checks Prometheus metrics naming via promlint
+    - protogetter # reports direct reads from proto message fields when getters should be used
+    - reassign # checks that package variables are not reassigned
+    - recvcheck # checks for receiver type consistency
+    - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - rowserrcheck # checks whether Err of rows is checked successfully
+    - sloglint # ensure consistent code style when using log/slog
+    - spancheck # checks for mistakes with OpenTelemetry/Census spans
+    - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
+    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
+    - testableexamples # checks if examples are testable (have an expected output)
+    - testifylint # checks usage of github.com/stretchr/testify
+    - testpackage # makes you use a separate _test package
+    - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - unconvert # removes unnecessary type conversions
+    - unparam # reports unused function parameters
+    - unqueryvet # detects SELECT * in SQL queries and SQL builders, encouraging explicit column selection
+    - unused # checks for unused constants, variables, functions and types
+    - usestdlibvars # detects the possibility to use variables/constants from the Go standard library
+    - usetesting # reports uses of functions with replacement inside the testing package
+    - wastedassign # finds wasted assignment statements
+    - whitespace # detects leading and trailing whitespace

-linters-settings:
-  gocyclo:
-    min-complexity: 15
+    ## you may want to enable
+    #- arangolint # opinionated best practices for arangodb client
+    #- decorder # checks declaration order and count of types, constants, variables and functions
+    #- exhaustruct # [highly recommend to enable] checks if all structure fields are initialized
+    #- ginkgolinter # [if you use ginkgo/gomega] enforces standards of using ginkgo and gomega
+    #- godox # detects usage of FIXME, TODO and other keywords inside comments
+    #- goheader # checks is file header matches to pattern
+    #- inamedparam # [great idea, but too strict, need to ignore a lot of cases by default] reports interfaces with unnamed method parameters
+    #- interfacebloat # checks the number of methods inside an interface
+    #- ireturn # accept interfaces, return concrete types
+    #- noinlineerr # disallows inline error handling `if err := ...; err != nil {`
+    #- prealloc # [premature optimization, but can be used in some cases] finds slice declarations that could potentially be preallocated
+    #- tagalign # checks that struct tags are well aligned
+    #- varnamelen # [great idea, but too many false positives] checks that the length of a variable's name matches its scope
+    #- wrapcheck # checks that errors returned from external packages are wrapped
+    #- zerologlint # detects the wrong usage of zerolog that a user forgets to dispatch zerolog.Event

-  goconst:
-    min-len: 3
-    min-occurrences: 3
+    ## disabled
+    #- containedctx # detects struct contained context.Context field
+    #- contextcheck # [too many false positives] checks the function whether use a non-inherited context
+    #- dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    #- dupword # [useless without config] checks for duplicate words in the source code
+    #- err113 # [too strict] checks the errors handling expressions
+    #- errchkjson # [don't see profit + I'm against of omitting errors like in the first example https://github.com/breml/errchkjson] checks types passed to the json encoding functions. Reports unsupported types and optionally reports occasions, where the check for the returned error can be omitted
+    #- forcetypeassert # [replaced by errcheck] finds forced type assertions
+    #- gomodguard # [use more powerful depguard] allow and block lists linter for direct Go module dependencies
+    #- gosmopolitan # reports certain i18n/l10n anti-patterns in your Go codebase
+    #- grouper # analyzes expression groups
+    #- importas # enforces consistent import aliases
+    #- lll # [replaced by golines] reports long lines
+    #- maintidx # measures the maintainability index of each function
+    #- misspell # [useless] finds commonly misspelled English words in comments
+    #- nlreturn # [too strict and mostly code is not more readable] checks for a new line before return and branch statements to increase code clarity
+    #- paralleltest # [too many false positives] detects missing usage of t.Parallel() method in your Go test
+    #- tagliatelle # checks the struct tags
+    #- thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
+    #- wsl # [too strict and mostly code is not more readable] whitespace linter forces you to use empty lines
+    #- wsl_v5 # [too strict and mostly code is not more readable] add or remove empty lines

-  misspell:
-    locale: US
+  # All settings can be found here https://github.com/golangci/golangci-lint/blob/HEAD/.golangci.reference.yml
+  settings:
+    cyclop:
+      # The maximal code complexity to report.
+      # Default: 10
+      max-complexity: 30
+      # The maximal average package complexity.
+      # If it's higher than 0.0 (float) the check is enabled.
+      # Default: 0.0
+      package-average: 10.0

-  revive:
+    depguard:
+      # Rules to apply.
+      #
+      # Variables:
+      # - File Variables
+      #   Use an exclamation mark `!` to negate a variable.
+      #   Example: `!$test` matches any file that is not a go test file.
+      #
+      #   `$all` - matches all go files
+      #   `$test` - matches all go test files
+      #
+      # - Package Variables
+      #
+      #   `$gostd` - matches all of go's standard library (Pulled from `GOROOT`)
+      #
+      # Default (applies if no custom rules are defined): Only allow $gostd in all files.
      rules:
-      - name: exported
-        disabled: false
-      - name: error-return
-      - name: error-naming
-      - name: if-return
-      - name: var-naming
-      - name: package-comments
-        disabled: true
-      - name: indent-error-flow
-      - name: context-as-argument
+        "deprecated":
+          # List of file globs that will match this list of settings to compare against.
+          # By default, if a path is relative, it is relative to the directory where the golangci-lint command is executed.
+          # The placeholder '${base-path}' is substituted with a path relative to the mode defined with `run.relative-path-mode`.
+          # The placeholder '${config-path}' is substituted with a path relative to the configuration file.
+          # Default: $all
+          files:
+            - "$all"
+          # List of packages that are not allowed.
+          # Entries can be a variable (starting with $), a string prefix, or an exact match (if ending with $).
+          # Default: []
+          deny:
+            - pkg: github.com/golang/protobuf
+              desc: Use google.golang.org/protobuf instead, see https://developers.google.com/protocol-buffers/docs/reference/go/faq#modules
+            - pkg: github.com/satori/go.uuid
+              desc: Use github.com/google/uuid instead, satori's package is not maintained
+            - pkg: github.com/gofrs/uuid$
+              desc: Use github.com/gofrs/uuid/v5 or later, it was not a go module before v5
+        "non-test files":
+          files:
+            - "!$test"
+          deny:
+            - pkg: math/rand$
+              desc: Use math/rand/v2 instead, see https://go.dev/blog/randv2
+        "non-main files":
+          files:
+            - "!**/main.go"
+          deny:
+            - pkg: log$
+              desc: Use log/slog instead, see https://go.dev/blog/slog

-  gosec:
-    excludes:
-      - G304  # File path from variable (common in file utilities)
-      - G404  # Use of weak random (acceptable for non-crypto use)
+    embeddedstructfieldcheck:
+      # Checks that sync.Mutex and sync.RWMutex are not used as embedded fields.
+      # Default: false
+      forbid-mutex: true

-issues:
-  exclude-rules:
-    # Exclude some linters from running on tests files
-    - path: _test\.go
-      linters:
-        - gocyclo
-        - errcheck
-        - gosec
+    errcheck:
+      # Report about not checking of errors in type assertions: `a := b.(MyStruct)`.
+      # Such cases aren't reported by default.
+      # Default: false
+      check-type-assertions: true

-    # Exclude embedded content from checks
-    - path: ".*\\.txt$"
-      linters:
+    exhaustive:
+      # Program elements to check for exhaustiveness.
+      # Default: [ switch ]
+      check:
+        - switch
+        - map
+
+    exhaustruct:
+      # List of regular expressions to match type names that should be excluded from processing.
+      # Anonymous structs can be matched by '<anonymous>' alias.
+      # Has precedence over `include`.
+      # Each regular expression must match the full type name, including package path.
+      # For example, to match type `net/http.Cookie` regular expression should be `.*/http\.Cookie`,
+      # but not `http\.Cookie`.
+      # Default: []
+      exclude:
+        # std libs
+        - ^net/http.Client$
+        - ^net/http.Cookie$
+        - ^net/http.Request$
+        - ^net/http.Response$
+        - ^net/http.Server$
+        - ^net/http.Transport$
+        - ^net/url.URL$
+        - ^os/exec.Cmd$
+        - ^reflect.StructField$
+        # public libs
+        - ^github.com/Shopify/sarama.Config$
+        - ^github.com/Shopify/sarama.ProducerMessage$
+        - ^github.com/mitchellh/mapstructure.DecoderConfig$
+        - ^github.com/prometheus/client_golang/.+Opts$
+        - ^github.com/spf13/cobra.Command$
+        - ^github.com/spf13/cobra.CompletionOptions$
+        - ^github.com/stretchr/testify/mock.Mock$
+        - ^github.com/testcontainers/testcontainers-go.+Request$
+        - ^github.com/testcontainers/testcontainers-go.FromDockerfile$
+        - ^golang.org/x/tools/go/analysis.Analyzer$
+        - ^google.golang.org/protobuf/.+Options$
+        - ^gopkg.in/yaml.v3.Node$
+      # Allows empty structures in return statements.
+      # Default: false
+      allow-empty-returns: true
+
+    funcorder:
+      # Checks if the exported methods of a structure are placed before the non-exported ones.
+      # Default: true
+      struct-method: false
+
+    funlen:
+      # Checks the number of lines in a function.
+      # If lower than 0, disable the check.
+      # Default: 60
+      lines: 100
+      # Checks the number of statements in a function.
+      # If lower than 0, disable the check.
+      # Default: 40
+      statements: 50
+
+    gochecksumtype:
+      # Presence of `default` case in switch statements satisfies exhaustiveness, if all members are not listed.
+      # Default: true
+      default-signifies-exhaustive: false
+
+    gocognit:
+      # Minimal code complexity to report.
+      # Default: 30 (but we recommend 10-20)
+      min-complexity: 20
+
+    gocritic:
+      # Settings passed to gocritic.
+      # The settings key is the name of a supported gocritic checker.
+      # The list of supported checkers can be found at https://go-critic.com/overview.
+      settings:
+        captLocal:
+          # Whether to restrict checker to params only.
+          # Default: true
+          paramsOnly: false
+        underef:
+          # Whether to skip (*x).method() calls where x is a pointer receiver.
+          # Default: true
+          skipRecvDeref: false
+
+    godoclint:
+      # List of rules to enable in addition to the default set.
+      # Default: empty
+      enable:
+        # Assert no unused link in godocs.
+        # https://github.com/godoc-lint/godoc-lint?tab=readme-ov-file#no-unused-link
+        - no-unused-link
+
+    govet:
+      # Enable all analyzers.
+      # Default: false
+      enable-all: true
+      # Disable analyzers by name.
+      # Run `GL_DEBUG=govet golangci-lint run --enable=govet` to see default, all available analyzers, and enabled analyzers.
+      # Default: []
+      disable:
+        - fieldalignment # too strict
+      # Settings per analyzer.
+      settings:
+        shadow:
+          # Whether to be strict about shadowing; can be noisy.
+          # Default: false
+          strict: true
+
+    inamedparam:
+      # Skips check for interface methods with only a single parameter.
+      # Default: false
+      skip-single-param: true
+
+    mnd:
+      # List of function patterns to exclude from analysis.
+      # Values always ignored: `time.Date`,
+      # `strconv.FormatInt`, `strconv.FormatUint`, `strconv.FormatFloat`,
+      # `strconv.ParseInt`, `strconv.ParseUint`, `strconv.ParseFloat`.
+      # Default: []
+      ignored-functions:
+        - args.Error
+        - flag.Arg
+        - flag.Duration.*
+        - flag.Float.*
+        - flag.Int.*
+        - flag.Uint.*
+        - os.Chmod
+        - os.Mkdir.*
+        - os.OpenFile
+        - os.WriteFile
+        - prometheus.ExponentialBuckets.*
+        - prometheus.LinearBuckets
+
+    nakedret:
+      # Make an issue if func has more lines of code than this setting, and it has naked returns.
+      # Default: 30
+      max-func-lines: 0
+
+    nolintlint:
+      # Exclude the following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [ funlen, gocognit, golines ]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+
+    perfsprint:
+      # Optimizes into strings concatenation.
+      # Default: true
+      strconcat: false
+
+    reassign:
+      # Patterns for global variable names that are checked for reassignment.
+      # See https://github.com/curioswitch/go-reassign#usage
+      # Default: ["EOF", "Err.*"]
+      patterns:
+        - ".*"
+
+    rowserrcheck:
+      # database/sql is always checked.
+      # Default: []
+      packages:
+        - github.com/jmoiron/sqlx
+
+    sloglint:
+      # Enforce not using global loggers.
+      # Values:
+      # - "": disabled
+      # - "all": report all global loggers
+      # - "default": report only the default slog logger
+      # https://github.com/go-simpler/sloglint?tab=readme-ov-file#no-global
+      # Default: ""
+      no-global: all
+      # Enforce using methods that accept a context.
+      # Values:
+      # - "": disabled
+      # - "all": report all contextless calls
+      # - "scope": report only if a context exists in the scope of the outermost function
+      # https://github.com/go-simpler/sloglint?tab=readme-ov-file#context-only
+      # Default: ""
+      context: scope
+
+    staticcheck:
+      # SAxxxx checks in https://staticcheck.dev/docs/configuration/options/#checks
+      # Example (to disable some checks): [ "all", "-SA1000", "-SA1001"]
+      # Default: ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022"]
+      checks:
        - all
+        # Incorrect or missing package comment.
+        # https://staticcheck.dev/docs/checks/#ST1000
+        - -ST1000
+        # Use consistent method receiver names.
+        # https://staticcheck.dev/docs/checks/#ST1016
+        - -ST1016
+        # Omit embedded fields from selector expression.
+        # https://staticcheck.dev/docs/checks/#QF1008
+        - -QF1008

-    # Ignore deprecation warnings in legacy code if needed
-    - linters:
-        - staticcheck
-      text: "SA1019"
+    usetesting:
+      # Enable/disable `os.TempDir()` detections.
+      # Default: false
+      os-temp-dir: true

-  # Maximum issues count per one linter
-  max-issues-per-linter: 0
-  
-  # Maximum count of issues with the same text
-  max-same-issues: 0
-
-output:
-  formats:
-    - format: colored-line-number
-      path: stdout
-  print-issued-lines: true
-  print-linter-name: true
+  exclusions:
+    # Log a warning if an exclusion rule is unused.
+    # Default: false
+    warn-unused: true
+    # Predefined exclusion rules.
+    # Default: []
+    presets:
+      - std-error-handling
+      - common-false-positives
+    rules:
+      - path: 'ahash/ahash.go'
+        linters: [ staticcheck, gosec ]
+      - path: 'backoff/backoff_test.go'
+        linters: [ testpackage ]
+      - path: 'dbg/dbg_test.go'
+        linters: [ testpackage ]
+      - source: 'TODO'
+        linters: [ godot ]
+      - text: 'should have a package comment'
+        linters: [ revive ]
+      - text: 'exported \S+ \S+ should have comment( \(or a comment on this block\))? or be unexported'
+        linters: [ revive ]
+      - text: 'package comment should be of the form ".+"'
+        source: '// ?(nolint|TODO)'
+        linters: [ revive ]
+      - text: 'comment on exported \S+ \S+ should be of the form ".+"'
+        source: '// ?(nolint|TODO)'
+        linters: [ revive, staticcheck ]
+      - path: '_test\.go'
+        linters:
+          - bodyclose
+          - dupl
+          - errcheck
+          - funlen
+          - goconst
+          - gosec
+          - noctx
+          - wrapcheck
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,26 +0,0 @@
-arch:
-   - amd64
-   - ppc64le
-sudo: false
-language: go
-go:
-  - tip
-  - 1.9
-jobs:
- exclude:
-  - go: 1.9
-    arch: amd64
-  - go: 1.9
-    arch: ppc64le
-script: 
-  - go get golang.org/x/lint/golint
-  - go get golang.org/x/tools/cmd/cover
-  - go get github.com/kisom/goutils/... 
-  - go test -cover github.com/kisom/goutils/... 
-  - golint github.com/kisom/goutils/... 
-notifications:
-  email:
-    recipients:
-      - coder@kyleisom.net
-    on_success: change
-    on_failure: change
--- a/ahash/ahash.go
+++ b/ahash/ahash.go
@@ -4,8 +4,8 @@
 package ahash

 import (
-	"crypto/md5"
-	"crypto/sha1"
+	"crypto/md5"  // #nosec G505
+	"crypto/sha1" // #nosec G501
 	"crypto/sha256"
 	"crypto/sha512"
 	"errors"
@@ -17,34 +17,15 @@ import (
 	"io"
 	"sort"

-	"git.wntrmute.dev/kyle/goutils/assert"
 	"golang.org/x/crypto/blake2b"
 	"golang.org/x/crypto/blake2s"
-	"golang.org/x/crypto/md4"
-	"golang.org/x/crypto/ripemd160"
+	"golang.org/x/crypto/md4"       // #nosec G506
+	"golang.org/x/crypto/ripemd160" // #nosec G507
 	"golang.org/x/crypto/sha3"
+
+	"git.wntrmute.dev/kyle/goutils/assert"
 )

-func sha224Slicer(bs []byte) []byte {
-	sum := sha256.Sum224(bs)
-	return sum[:]
-}
-
-func sha256Slicer(bs []byte) []byte {
-	sum := sha256.Sum256(bs)
-	return sum[:]
-}
-
-func sha384Slicer(bs []byte) []byte {
-	sum := sha512.Sum384(bs)
-	return sum[:]
-}
-
-func sha512Slicer(bs []byte) []byte {
-	sum := sha512.Sum512(bs)
-	return sum[:]
-}
-
 // Hash represents a generic hash function that may or may not be secure. It
 // satisfies the hash.Hash interface.
 type Hash struct {
@@ -247,17 +228,17 @@ func init() {
 // HashList returns a sorted list of all the hash algorithms supported by the
 // package.
 func HashList() []string {
-	return hashList[:]
+	return hashList
 }

 // SecureHashList returns a sorted list of all the secure (cryptographic) hash
 // algorithms supported by the package.
 func SecureHashList() []string {
-	return secureHashList[:]
+	return secureHashList
 }

 // InsecureHashList returns a sorted list of all the insecure hash algorithms
 // supported by the package.
 func InsecureHashList() []string {
-	return insecureHashList[:]
+	return insecureHashList
 }
--- a/ahash/ahash_test.go
+++ b/ahash/ahash_test.go
@@ -1,16 +1,18 @@
-package ahash
+package ahash_test

 import (
 	"bytes"
+	"encoding/hex"
 	"fmt"
 	"testing"

+	"git.wntrmute.dev/kyle/goutils/ahash"
 	"git.wntrmute.dev/kyle/goutils/assert"
 )

 func TestSecureHash(t *testing.T) {
 	algo := "sha256"
-	h, err := New(algo)
+	h, err := ahash.New(algo)
 	assert.NoErrorT(t, err)
 	assert.BoolT(t, h.IsSecure(), algo+" should be a secure hash")
 	assert.BoolT(t, h.HashAlgo() == algo, "hash returned the wrong HashAlgo")
@@ -19,28 +21,28 @@ func TestSecureHash(t *testing.T) {

 	var data []byte
 	var expected = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
-	sum, err := Sum(algo, data)
+	sum, err := ahash.Sum(algo, data)
 	assert.NoErrorT(t, err)
-	assert.BoolT(t, fmt.Sprintf("%x", sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))
+	assert.BoolT(t, hex.EncodeToString(sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))

 	data = []byte("hello, world")
 	buf := bytes.NewBuffer(data)
 	expected = "09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b"
-	sum, err = SumReader(algo, buf)
+	sum, err = ahash.SumReader(algo, buf)
 	assert.NoErrorT(t, err)
-	assert.BoolT(t, fmt.Sprintf("%x", sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))
+	assert.BoolT(t, hex.EncodeToString(sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))

 	data = []byte("hello world")
 	_, err = h.Write(data)
 	assert.NoErrorT(t, err)
 	unExpected := "09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b"
 	sum = h.Sum(nil)
-	assert.BoolT(t, fmt.Sprintf("%x", sum) != unExpected, fmt.Sprintf("hash shouldn't have returned %x", unExpected))
+	assert.BoolT(t, hex.EncodeToString(sum) != unExpected, fmt.Sprintf("hash shouldn't have returned %x", unExpected))
 }

 func TestInsecureHash(t *testing.T) {
 	algo := "md5"
-	h, err := New(algo)
+	h, err := ahash.New(algo)
 	assert.NoErrorT(t, err)
 	assert.BoolT(t, !h.IsSecure(), algo+" shouldn't be a secure hash")
 	assert.BoolT(t, h.HashAlgo() == algo, "hash returned the wrong HashAlgo")
@@ -49,28 +51,28 @@ func TestInsecureHash(t *testing.T) {

 	var data []byte
 	var expected = "d41d8cd98f00b204e9800998ecf8427e"
-	sum, err := Sum(algo, data)
+	sum, err := ahash.Sum(algo, data)
 	assert.NoErrorT(t, err)
-	assert.BoolT(t, fmt.Sprintf("%x", sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))
+	assert.BoolT(t, hex.EncodeToString(sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))

 	data = []byte("hello, world")
 	buf := bytes.NewBuffer(data)
 	expected = "e4d7f1b4ed2e42d15898f4b27b019da4"
-	sum, err = SumReader(algo, buf)
+	sum, err = ahash.SumReader(algo, buf)
 	assert.NoErrorT(t, err)
-	assert.BoolT(t, fmt.Sprintf("%x", sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))
+	assert.BoolT(t, hex.EncodeToString(sum) == expected, fmt.Sprintf("expected hash %s but have %x", expected, sum))

 	data = []byte("hello world")
 	_, err = h.Write(data)
 	assert.NoErrorT(t, err)
 	unExpected := "e4d7f1b4ed2e42d15898f4b27b019da4"
 	sum = h.Sum(nil)
-	assert.BoolT(t, fmt.Sprintf("%x", sum) != unExpected, fmt.Sprintf("hash shouldn't have returned %x", unExpected))
+	assert.BoolT(t, hex.EncodeToString(sum) != unExpected, fmt.Sprintf("hash shouldn't have returned %x", unExpected))
 }

 func TestHash32(t *testing.T) {
 	algo := "crc32-ieee"
-	h, err := New(algo)
+	h, err := ahash.New(algo)
 	assert.NoErrorT(t, err)
 	assert.BoolT(t, !h.IsSecure(), algo+" shouldn't be a secure hash")
 	assert.BoolT(t, h.HashAlgo() == algo, "hash returned the wrong HashAlgo")
@@ -102,7 +104,7 @@ func TestHash32(t *testing.T) {

 func TestHash64(t *testing.T) {
 	algo := "crc64"
-	h, err := New(algo)
+	h, err := ahash.New(algo)
 	assert.NoErrorT(t, err)
 	assert.BoolT(t, !h.IsSecure(), algo+" shouldn't be a secure hash")
 	assert.BoolT(t, h.HashAlgo() == algo, "hash returned the wrong HashAlgo")
@@ -133,9 +135,9 @@ func TestHash64(t *testing.T) {
 }

 func TestListLengthSanity(t *testing.T) {
-	all := HashList()
-	secure := SecureHashList()
-	insecure := InsecureHashList()
+	all := ahash.HashList()
+	secure := ahash.SecureHashList()
+	insecure := ahash.InsecureHashList()

 	assert.BoolT(t, len(all) == len(secure)+len(insecure))
 }
@@ -146,11 +148,11 @@ func TestSumLimitedReader(t *testing.T) {
 	extendedData := bytes.NewBufferString("hello, world! this is an extended message")
 	expected := "09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b"

-	hash, err := SumReader("sha256", data)
+	hash, err := ahash.SumReader("sha256", data)
 	assert.NoErrorT(t, err)
-	assert.BoolT(t, fmt.Sprintf("%x", hash) == expected, fmt.Sprintf("have hash %x, want %s", hash, expected))
+	assert.BoolT(t, hex.EncodeToString(hash) == expected, fmt.Sprintf("have hash %x, want %s", hash, expected))

-	extendedHash, err := SumLimitedReader("sha256", extendedData, int64(dataLen))
+	extendedHash, err := ahash.SumLimitedReader("sha256", extendedData, int64(dataLen))
 	assert.NoErrorT(t, err)

 	assert.BoolT(t, bytes.Equal(hash, extendedHash), fmt.Sprintf("have hash %x, want %x", extendedHash, hash))
--- a/assert/assert.go
+++ b/assert/assert.go
@@ -9,6 +9,7 @@
 package assert

 import (
+	"errors"
 	"fmt"
 	"os"
 	"runtime"
@@ -16,11 +17,13 @@ import (
 	"testing"
 )

+const callerSkip = 2
+
 // NoDebug can be set to true to cause all asserts to be ignored.
 var NoDebug bool

 func die(what string, a ...string) {
-	_, file, line, ok := runtime.Caller(2)
+	_, file, line, ok := runtime.Caller(callerSkip)
 	if !ok {
 		panic(what)
 	}
@@ -31,7 +34,8 @@ func die(what string, a ...string) {
 			s = ": " + s
 		}
 		panic(what + s)
-	} else {
+	}
+
 	fmt.Fprintf(os.Stderr, "%s", what)
 	if len(a) > 0 {
 		s := strings.Join(a, ", ")
@@ -43,17 +47,18 @@ func die(what string, a ...string) {
 	fmt.Fprintf(os.Stderr, "\t%s line %d\n", file, line)

 	os.Exit(1)
-	}
 }

 // Bool asserts that cond is false.
 //
 // For example, this would replace
+//
 //	if x < 0 {
 //	        log.Fatal("x is subzero")
 //	}
 //
 // The same assertion would be
+//
 //	assert.Bool(x, "x is subzero")
 func Bool(cond bool, s ...string) {
 	if NoDebug {
@@ -68,6 +73,7 @@ func Bool(cond bool, s ...string) {
 // Error asserts that err is not nil, e.g. that an error has occurred.
 //
 // For example,
+//
 //	if err == nil {
 //	        log.Fatal("call to <something> should have failed")
 //	}
@@ -100,7 +106,7 @@ func NoError(err error, s ...string) {

 // ErrorEq asserts that the actual error is the expected error.
 func ErrorEq(expected, actual error) {
-	if NoDebug || (expected == actual) {
+	if NoDebug || (errors.Is(expected, actual)) {
 		return
 	}

@@ -155,7 +161,7 @@ func NoErrorT(t *testing.T, err error) {
 // ErrorEqT compares a pair of errors, calling Fatal on it if they
 // don't match.
 func ErrorEqT(t *testing.T, expected, actual error) {
-	if NoDebug || (expected == actual) {
+	if NoDebug || (errors.Is(expected, actual)) {
 		return
 	}

--- a/backoff/backoff.go
+++ b/backoff/backoff.go
@@ -10,29 +10,21 @@
 // backoff is configured with a maximum duration that will not be
 // exceeded.
 //
-// The `New` function will attempt to use the system's cryptographic
-// random number generator to seed a Go math/rand random number
-// source. If this fails, the package will panic on startup.
+// This package uses math/rand/v2 for jitter, which is automatically
+// seeded from a cryptographically secure source.
 package backoff

 import (
-	"crypto/rand"
-	"encoding/binary"
-	"io"
 	"math"
-	mrand "math/rand"
-	"sync"
+	"math/rand/v2"
 	"time"
 )

-var prngMu sync.Mutex
-var prng *mrand.Rand
-
 // DefaultInterval is used when a Backoff is initialised with a
 // zero-value Interval.
 var DefaultInterval = 5 * time.Minute

-// DefaultMaxDuration is maximum amount of time that the backoff will
+// DefaultMaxDuration is the maximum amount of time that the backoff will
 // delay for.
 var DefaultMaxDuration = 6 * time.Hour

@@ -50,10 +42,9 @@ type Backoff struct {
 	// interval controls the time step for backing off.
 	interval time.Duration

-	// noJitter controls whether to use the "Full Jitter"
-	// improvement to attempt to smooth out spikes in a high
-	// contention scenario. If noJitter is set to true, no
-	// jitter will be introduced.
+	// noJitter controls whether to use the "Full Jitter" improvement to attempt
+	// to smooth out spikes in a high-contention scenario. If noJitter is set to
+	// true, no jitter will be introduced.
 	noJitter bool

 	// decay controls the decay of n. If it is non-zero, n is
@@ -65,17 +56,17 @@ type Backoff struct {
 	lastTry time.Time
 }

-// New creates a new backoff with the specified max duration and
+// New creates a new backoff with the specified maxDuration duration and
 // interval. Zero values may be used to use the default values.
 //
-// Panics if either max or interval is negative.
-func New(max time.Duration, interval time.Duration) *Backoff {
-	if max < 0 || interval < 0 {
-		panic("backoff: max or interval is negative")
+// Panics if either dMax or interval is negative.
+func New(dMax time.Duration, interval time.Duration) *Backoff {
+	if dMax < 0 || interval < 0 {
+		panic("backoff: dMax or interval is negative")
 	}

 	b := &Backoff{
-		maxDuration: max,
+		maxDuration: dMax,
 		interval:    interval,
 	}
 	b.setup()
@@ -84,27 +75,12 @@ func New(max time.Duration, interval time.Duration) *Backoff {

 // NewWithoutJitter works similarly to New, except that the created
 // Backoff will not use jitter.
-func NewWithoutJitter(max time.Duration, interval time.Duration) *Backoff {
-	b := New(max, interval)
+func NewWithoutJitter(dMax time.Duration, interval time.Duration) *Backoff {
+	b := New(dMax, interval)
 	b.noJitter = true
 	return b
 }

-func init() {
-	var buf [8]byte
-	var n int64
-
-	_, err := io.ReadFull(rand.Reader, buf[:])
-	if err != nil {
-		panic(err.Error())
-	}
-
-	n = int64(binary.LittleEndian.Uint64(buf[:]))
-
-	src := mrand.NewSource(n)
-	prng = mrand.New(src)
-}
-
 func (b *Backoff) setup() {
 	if b.interval == 0 {
 		b.interval = DefaultInterval
@@ -122,35 +98,44 @@ func (b *Backoff) Duration() time.Duration {

 	b.decayN()

-	t := b.duration(b.n)
+	d := b.duration(b.n)

 	if b.n < math.MaxUint64 {
 		b.n++
 	}

 	if !b.noJitter {
-		prngMu.Lock()
-		t = time.Duration(prng.Int63n(int64(t)))
-		prngMu.Unlock()
+		d = time.Duration(rand.Int64N(int64(d))) // #nosec G404
 	}

-	return t
+	return d
 }

+const maxN uint64 = 63
+
 // requires b to be locked.
-func (b *Backoff) duration(n uint64) (t time.Duration) {
-	// Saturate pow
-	pow := time.Duration(math.MaxInt64)
-	if n < 63 {
-		pow = 1 << n
+func (b *Backoff) duration(n uint64) time.Duration {
+	// Use left shift on the underlying integer representation to avoid
+	// multiplying time.Duration by time.Duration (which is semantically
+	// incorrect and flagged by linters).
+	if n >= maxN {
+		// Saturate when n would overflow a 64-bit shift or exceed maxDuration.
+		return b.maxDuration
 	}

-	t = b.interval * pow
-	if t/pow != b.interval || t > b.maxDuration {
-		t = b.maxDuration
+	// Calculate 2^n * interval using a shift. Detect overflow by checking
+	// for sign change or monotonicity loss and clamp to maxDuration.
+	shifted := b.interval << n
+	if shifted < 0 || shifted < b.interval {
+		// Overflow occurred during the shift; clamp to maxDuration.
+		return b.maxDuration
 	}

-	return
+	if shifted > b.maxDuration {
+		return b.maxDuration
+	}
+
+	return shifted
 }

 // Reset resets the attempt counter of a backoff.
@@ -174,7 +159,7 @@ func (b *Backoff) SetDecay(decay time.Duration) {
 	b.decay = decay
 }

-// requires b to be locked
+// requires b to be locked.
 func (b *Backoff) decayN() {
 	if b.decay == 0 {
 		return
@@ -186,7 +171,9 @@ func (b *Backoff) decayN() {
 	}

 	lastDuration := b.duration(b.n - 1)
-	decayed := time.Since(b.lastTry) > lastDuration+b.decay
+	// Reset when the elapsed time is at least the previous backoff plus decay.
+	// Using ">=" avoids boundary flakiness in tests and real usage.
+	decayed := time.Since(b.lastTry) >= lastDuration+b.decay
 	b.lastTry = time.Now()

 	if !decayed {
--- a/backoff/backoff_test.go
+++ b/backoff/backoff_test.go
@@ -9,7 +9,7 @@ import (

 // If given New with 0's and no jitter, ensure that certain invariants are met:
 //
-//   - the default max duration and interval should be used
+//   - the default maxDuration duration and interval should be used
 //   - noJitter should be true
 //   - the RNG should not be initialised
 //   - the first duration should be equal to the default interval
@@ -17,7 +17,11 @@ func TestDefaults(t *testing.T) {
 	b := NewWithoutJitter(0, 0)

 	if b.maxDuration != DefaultMaxDuration {
-		t.Fatalf("expected new backoff to use the default max duration (%s), but have %s", DefaultMaxDuration, b.maxDuration)
+		t.Fatalf(
+			"expected new backoff to use the default maxDuration duration (%s), but have %s",
+			DefaultMaxDuration,
+			b.maxDuration,
+		)
 	}

 	if b.interval != DefaultInterval {
@@ -44,11 +48,11 @@ func TestSetup(t *testing.T) {
 	}
 }

-// Ensure that tries incremenets as expected.
+// Ensure that tries increments as expected.
 func TestTries(t *testing.T) {
 	b := NewWithoutJitter(5, 1)

-	for i := uint64(0); i < 3; i++ {
+	for i := range uint64(3) {
 		if b.n != i {
 			t.Fatalf("want tries=%d, have tries=%d", i, b.n)
 		}
@@ -73,7 +77,7 @@ func TestTries(t *testing.T) {
 func TestReset(t *testing.T) {
 	const iter = 10
 	b := New(1000, 1)
-	for i := 0; i < iter; i++ {
+	for range iter {
 		_ = b.Duration()
 	}

@@ -88,17 +92,17 @@ func TestReset(t *testing.T) {
 }

 const decay = 5 * time.Millisecond
-const max = 10 * time.Millisecond
+const maxDuration = 10 * time.Millisecond
 const interval = time.Millisecond

 func TestDecay(t *testing.T) {
 	const iter = 10

-	b := NewWithoutJitter(max, 1)
+	b := NewWithoutJitter(maxDuration, 1)
 	b.SetDecay(decay)

 	var backoff time.Duration
-	for i := 0; i < iter; i++ {
+	for range iter {
 		backoff = b.Duration()
 	}

@@ -127,7 +131,7 @@ func TestDecaySaturation(t *testing.T) {
 	b.SetDecay(decay)

 	var duration time.Duration
-	for i := 0; i <= 2; i++ {
+	for range 3 {
 		duration = b.Duration()
 	}

@@ -145,7 +149,7 @@ func TestDecaySaturation(t *testing.T) {
 }

 func ExampleBackoff_SetDecay() {
-	b := NewWithoutJitter(max, interval)
+	b := NewWithoutJitter(maxDuration, interval)
 	b.SetDecay(decay)

 	// try 0
--- a/certlib/pkcs7/pkcs7.go
+++ b/certlib/pkcs7/pkcs7.go
@@ -158,59 +158,87 @@ type EncryptedContentInfo struct {
 	EncryptedContent           []byte `asn1:"tag:0,optional"`
 }

+func unmarshalInit(raw []byte) (init initPKCS7, err error) {
+	_, err = asn1.Unmarshal(raw, &init)
+	if err != nil {
+		return initPKCS7{}, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+	}
+	return init, nil
+}
+
+func populateData(msg *PKCS7, content asn1.RawValue) error {
+	msg.ContentInfo = "Data"
+	_, err := asn1.Unmarshal(content.Bytes, &msg.Content.Data)
+	if err != nil {
+		return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+	}
+	return nil
+}
+
+func populateSignedData(msg *PKCS7, contentBytes []byte) error {
+	msg.ContentInfo = "SignedData"
+	var sd signedData
+	if _, err := asn1.Unmarshal(contentBytes, &sd); err != nil {
+		return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+	}
+	if len(sd.Certificates.Bytes) != 0 {
+		certs, err := x509.ParseCertificates(sd.Certificates.Bytes)
+		if err != nil {
+			return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+		}
+		msg.Content.SignedData.Certificates = certs
+	}
+	if len(sd.Crls.Bytes) != 0 {
+		crl, err := x509.ParseRevocationList(sd.Crls.Bytes)
+		if err != nil {
+			return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+		}
+		msg.Content.SignedData.Crl = crl
+	}
+	msg.Content.SignedData.Version = sd.Version
+	msg.Content.SignedData.Raw = contentBytes
+	return nil
+}
+
+func populateEncryptedData(msg *PKCS7, contentBytes []byte) error {
+	msg.ContentInfo = "EncryptedData"
+	var ed EncryptedData
+	if _, err := asn1.Unmarshal(contentBytes, &ed); err != nil {
+		return certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+	}
+	if ed.Version != 0 {
+		return certerr.ParsingError(certerr.ErrorSourceCertificate, errors.New("only PKCS #7 encryptedData version 0 is supported"))
+	}
+	msg.Content.EncryptedData = ed
+	return nil
+}
+
 // ParsePKCS7 attempts to parse the DER encoded bytes of a
 // PKCS7 structure.
 func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {

-	var pkcs7 initPKCS7
-	_, err = asn1.Unmarshal(raw, &pkcs7)
+	pkcs7, err := unmarshalInit(raw)
 	if err != nil {
-		return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
+		return nil, err
 	}

 	msg = new(PKCS7)
 	msg.Raw = pkcs7.Raw
 	msg.ContentInfo = pkcs7.ContentType.String()
-	switch {
-	case msg.ContentInfo == ObjIDData:
-		msg.ContentInfo = "Data"
-		_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &msg.Content.Data)
-		if err != nil {
-			return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
-		}
-	case msg.ContentInfo == ObjIDSignedData:
-		msg.ContentInfo = "SignedData"
-		var signedData signedData
-		_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &signedData)
-		if err != nil {
-			return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
-		}
-		if len(signedData.Certificates.Bytes) != 0 {
-			msg.Content.SignedData.Certificates, err = x509.ParseCertificates(signedData.Certificates.Bytes)
-			if err != nil {
-				return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
-			}
-		}
-		if len(signedData.Crls.Bytes) != 0 {
-			msg.Content.SignedData.Crl, err = x509.ParseRevocationList(signedData.Crls.Bytes)
-			if err != nil {
-				return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
-			}
-		}
-		msg.Content.SignedData.Version = signedData.Version
-		msg.Content.SignedData.Raw = pkcs7.Content.Bytes
-	case msg.ContentInfo == ObjIDEncryptedData:
-		msg.ContentInfo = "EncryptedData"
-		var encryptedData EncryptedData
-		_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &encryptedData)
-		if err != nil {
-			return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, err)
-		}
-		if encryptedData.Version != 0 {
-			return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, errors.New("only PKCS #7 encryptedData version 0 is supported"))
-		}
-		msg.Content.EncryptedData = encryptedData

+	switch msg.ContentInfo {
+	case ObjIDData:
+		if err := populateData(msg, pkcs7.Content); err != nil {
+			return nil, err
+		}
+	case ObjIDSignedData:
+		if err := populateSignedData(msg, pkcs7.Content.Bytes); err != nil {
+			return nil, err
+		}
+	case ObjIDEncryptedData:
+		if err := populateEncryptedData(msg, pkcs7.Content.Bytes); err != nil {
+			return nil, err
+		}
 	default:
 		return nil, certerr.ParsingError(certerr.ErrorSourceCertificate, errors.New("only PKCS# 7 content of type data, signed data or encrypted data can be parsed"))
 	}
--- a/certlib/revoke/revoke.go
+++ b/certlib/revoke/revoke.go
@@ -222,11 +222,11 @@ func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error
    if !time.Now().Before(cert.NotAfter) {
        msg := fmt.Sprintf("Certificate expired %s\n", cert.NotAfter)
        log.Info(msg)
-		return true, true, fmt.Errorf(msg)
+        return true, true, errors.New(msg)
    } else if !time.Now().After(cert.NotBefore) {
        msg := fmt.Sprintf("Certificate isn't valid until %s\n", cert.NotBefore)
        log.Info(msg)
-		return true, true, fmt.Errorf(msg)
+        return true, true, errors.New(msg)
    }
    return revCheck(cert)
 }
--- a/cmd/cert-bundler/prompt.txt
+++ b/cmd/cert-bundler/prompt.txt
@@ -1,3 +1,6 @@
+This project is an exploration into the utility of Jetbrains' Junie
+to write smaller but tedious programs.
+
 Task: build a certificate bundling tool in cmd/cert-bundler. It
 creates archives of certificates chains.

--- a/cmd/cert-revcheck/main.go
+++ b/cmd/cert-revcheck/main.go
@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"flag"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -109,7 +110,7 @@ func checkSite(hostport string) (string, error) {

 	state := conn.ConnectionState()
 	if len(state.PeerCertificates) == 0 {
-		return "UNKNOWN", fmt.Errorf("no peer certificates presented")
+		return "UNKNOWN", errors.New("no peer certificates presented")
 	}
 	return evaluateCert(state.PeerCertificates[0])
 }
--- a/cmd/kgz/main.go
+++ b/cmd/kgz/main.go
@@ -39,10 +39,6 @@ func compress(path, target string, level int) error {
 		return errors.Wrap(err, "compressing file")
 	}

-	if err != nil {
-		return errors.Wrap(err, "stat(2)ing destination file")
-	}
-
 	return nil
 }

--- a/config/config.go
+++ b/config/config.go
@@ -11,7 +11,7 @@ package config
 import (
 	"bufio"
 	"fmt"
-	"log"
+	"maps"
 	"os"
 	"sort"
 	"strings"
@@ -33,14 +33,15 @@ func SetEnvPrefix(pfx string) {
 	prefix = pfx
 }

+const keyValueSplitLength = 2
+
 func addLine(line string) {
 	if strings.HasPrefix(line, "#") || line == "" {
 		return
 	}

-	lineParts := strings.SplitN(line, "=", 2)
-	if len(lineParts) != 2 {
-		log.Print("skipping line: ", line)
+	lineParts := strings.SplitN(line, "=", keyValueSplitLength)
+	if len(lineParts) != keyValueSplitLength {
 		return // silently ignore empty keys
 	}

@@ -49,7 +50,7 @@ func addLine(line string) {
 	vars[lineParts[0]] = lineParts[1]
 }

-// LoadFile scans the file at path for key=value pairs and adds them
+// LoadFile scans the file at 'path' for key=value pairs and adds them
 // to the configuration.
 func LoadFile(path string) error {
 	file, err := os.Open(path)
@@ -67,18 +68,16 @@ func LoadFile(path string) error {
 	return scanner.Err()
 }

-// LoadFileFor scans the ini file at path, loading the default section
-// and overriding any keys found under section. If strict is true, the
-// named section must exist (i.e. to catch typos in the section name).
+// LoadFileFor scans the ini file at 'path', loading the default section
+// and overriding any keys found under 'section'. If strict is true, the
+// named section must exist (i.e., to catch typos in the section name).
 func LoadFileFor(path, section string, strict bool) error {
 	cmap, err := iniconf.ParseFile(path)
 	if err != nil {
 		return err
 	}

-	for key, value := range cmap[iniconf.DefaultSection] {
-		vars[key] = value
-	}
+	maps.Copy(vars, cmap[iniconf.DefaultSection])

 	smap, ok := cmap[section]
 	if !ok {
@@ -88,9 +87,7 @@ func LoadFileFor(path, section string, strict bool) error {
 		return nil
 	}

-	for key, value := range smap {
-		vars[key] = value
-	}
+	maps.Copy(vars, smap)

 	return nil
 }
@@ -107,7 +104,7 @@ func Get(key string) string {

 // GetDefault retrieves a value from either a configuration file or
 // the environment. Note that value from a file will override
-// environment variables. If a value isn't found (e.g. Get returns an
+// environment variables. If a value isn't found (e.g., Get returns an
 // empty string), the default value will be used.
 func GetDefault(key, def string) string {
 	if v := Get(key); v != "" {
@@ -117,8 +114,7 @@ func GetDefault(key, def string) string {
 }

 // Require retrieves a value from either a configuration file or the
-// environment. If the key isn't present, it will call log.Fatal, printing
-// the missing key.
+// environment. If the key isn't present, it will panic.
 func Require(key string) string {
 	if v, ok := vars[key]; ok {
 		return v
@@ -131,7 +127,7 @@ func Require(key string) string {
 			envMessage = " (note: looked for the key " + prefix + key
 			envMessage += " in the local env)"
 		}
-		log.Fatalf("missing required configuration value %s%s", key, envMessage)
+		panic(fmt.Sprintf("missing required configuration value %s%s", key, envMessage))
 	}

 	return v
@@ -139,7 +135,8 @@ func Require(key string) string {

 // ListKeys returns a slice of the currently known keys.
 func ListKeys() []string {
-	keyList := []string{}
+	var keyList []string
+
 	for k := range vars {
 		keyList = append(keyList, k)
 	}
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -1,27 +1,26 @@
-package config
+package config_test

 import (
 	"os"
 	"testing"
+
+	"git.wntrmute.dev/kyle/goutils/config"
 )

 const (
 	testFilePath = "testdata/test.env"

-	// Keys
+	// Key constants.
 	kOrder   = "ORDER"
 	kSpecies = "SPECIES"
 	kName    = "COMMON_NAME"

-	// Env
 	eOrder   = "corvus"
 	eSpecies = "corvus corax"
 	eName    = "northern raven"

-	// File
 	fOrder   = "stringiformes"
 	fSpecies = "strix aluco"
-	// Name isn't set in the file to test fall through.
 )

 func init() {
@@ -31,8 +30,8 @@ func init() {
 }

 func TestLoadEnvOnly(t *testing.T) {
-	order := Get(kOrder)
-	species := Get(kSpecies)
+	order := config.Get(kOrder)
+	species := config.Get(kSpecies)
 	if order != eOrder {
 		t.Errorf("want %s, have %s", eOrder, order)
 	}
@@ -43,14 +42,14 @@ func TestLoadEnvOnly(t *testing.T) {
 }

 func TestLoadFile(t *testing.T) {
-	err := LoadFile(testFilePath)
+	err := config.LoadFile(testFilePath)
 	if err != nil {
 		t.Fatal(err)
 	}

-	order := Get(kOrder)
-	species := Get(kSpecies)
-	name := Get(kName)
+	order := config.Get(kOrder)
+	species := config.Get(kSpecies)
+	name := config.Get(kName)

 	if order != fOrder {
 		t.Errorf("want %s, have %s", fOrder, order)
--- a/config/iniconf/iniconf.go
+++ b/config/iniconf/iniconf.go
@@ -2,6 +2,7 @@ package iniconf

 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -23,30 +24,31 @@ var (
 var DefaultSection = "default"

 // ParseFile attempts to load the named config file.
-func ParseFile(fileName string) (cfg ConfigMap, err error) {
-	var file *os.File
-	file, err = os.Open(fileName)
+func ParseFile(fileName string) (ConfigMap, error) {
+	file, err := os.Open(fileName)
 	if err != nil {
-		return
+		return nil, err
 	}
 	defer file.Close()
+
 	return ParseReader(file)
 }

 // ParseReader reads a configuration from an io.Reader.
-func ParseReader(r io.Reader) (cfg ConfigMap, err error) {
-	cfg = ConfigMap{}
+func ParseReader(r io.Reader) (ConfigMap, error) {
+	cfg := ConfigMap{}
 	buf := bufio.NewReader(r)

 	var (
 		line           string
 		longLine       bool
 		currentSection string
+		err            error
 	)

 	for {
 		line, longLine, err = readConfigLine(buf, line, longLine)
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			err = nil
 			break
 		} else if err != nil {
@@ -62,11 +64,12 @@ func ParseReader(r io.Reader) (cfg ConfigMap, err error) {
 			break
 		}
 	}
-	return
+
+	return cfg, err
 }

 // readConfigLine reads and assembles a complete configuration line, handling long lines.
-func readConfigLine(buf *bufio.Reader, currentLine string, longLine bool) (line string, stillLong bool, err error) {
+func readConfigLine(buf *bufio.Reader, currentLine string, longLine bool) (string, bool, error) {
 	lineBytes, isPrefix, err := buf.ReadLine()
 	if err != nil {
 		return "", false, err
@@ -94,14 +97,14 @@ func processConfigLine(cfg ConfigMap, line string, currentSection string) (strin
 		return handleConfigLine(cfg, line, currentSection)
 	}

-	return currentSection, fmt.Errorf("invalid config file")
+	return currentSection, errors.New("invalid config file")
 }

 // handleSectionLine processes a section header line.
 func handleSectionLine(cfg ConfigMap, line string) (string, error) {
 	section := configSection.ReplaceAllString(line, "$1")
 	if section == "" {
-		return "", fmt.Errorf("invalid structure in file")
+		return "", errors.New("invalid structure in file")
 	}
 	if !cfg.SectionInConfig(section) {
 		cfg[section] = make(map[string]string, 0)
@@ -139,41 +142,39 @@ func (c ConfigMap) SectionInConfig(section string) bool {
 }

 // ListSections returns the list of sections in the config map.
-func (c ConfigMap) ListSections() (sections []string) {
+func (c ConfigMap) ListSections() []string {
+	sections := make([]string, 0, len(c))
 	for section := range c {
 		sections = append(sections, section)
 	}
-	return
+	return sections
 }

 // WriteFile writes out the configuration to a file.
-func (c ConfigMap) WriteFile(filename string) (err error) {
+func (c ConfigMap) WriteFile(filename string) error {
 	file, err := os.Create(filename)
 	if err != nil {
-		return
+		return err
 	}
 	defer file.Close()

 	for _, section := range c.ListSections() {
 		sName := fmt.Sprintf("[ %s ]\n", section)
-		_, err = file.Write([]byte(sName))
-		if err != nil {
-			return
+		if _, err = file.WriteString(sName); err != nil {
+			return err
 		}

 		for k, v := range c[section] {
 			line := fmt.Sprintf("%s = %s\n", k, v)
-			_, err = file.Write([]byte(line))
-			if err != nil {
-				return
+			if _, err = file.WriteString(line); err != nil {
+				return err
 			}
 		}
-		_, err = file.Write([]byte{0x0a})
-		if err != nil {
-			return
+		if _, err = file.Write([]byte{0x0a}); err != nil {
+			return err
 		}
 	}
-	return
+	return nil
 }

 // AddSection creates a new section in the config map.
@@ -197,27 +198,26 @@ func (c ConfigMap) AddKeyVal(section, key, val string) {
 }

 // GetValue retrieves the value from a key map.
-func (c ConfigMap) GetValue(section, key string) (val string, present bool) {
+func (c ConfigMap) GetValue(section, key string) (string, bool) {
 	if c == nil {
-		return
+		return "", false
 	}

 	if section == "" {
 		section = DefaultSection
 	}

-	_, ok := c[section]
-	if !ok {
-		return
+	if _, ok := c[section]; !ok {
+		return "", false
 	}

-	val, present = c[section][key]
-	return
+	val, present := c[section][key]
+	return val, present
 }

 // GetValueDefault retrieves the value from a key map if present,
 // otherwise the default value.
-func (c ConfigMap) GetValueDefault(section, key, value string) (val string) {
+func (c ConfigMap) GetValueDefault(section, key, value string) string {
 	kval, ok := c.GetValue(section, key)
 	if !ok {
 		return value
@@ -226,7 +226,7 @@ func (c ConfigMap) GetValueDefault(section, key, value string) (val string) {
 }

 // SectionKeys returns the sections in the config map.
-func (c ConfigMap) SectionKeys(section string) (keys []string, present bool) {
+func (c ConfigMap) SectionKeys(section string) ([]string, bool) {
 	if c == nil {
 		return nil, false
 	}
@@ -235,13 +235,12 @@ func (c ConfigMap) SectionKeys(section string) (keys []string, present bool) {
 		section = DefaultSection
 	}

-	cm := c
-	s, ok := cm[section]
+	s, ok := c[section]
 	if !ok {
 		return nil, false
 	}

-	keys = make([]string, 0, len(s))
+	keys := make([]string, 0, len(s))
 	for key := range s {
 		keys = append(keys, key)
 	}
--- a/config/iniconf/iniconf_test.go
+++ b/config/iniconf/iniconf_test.go
@@ -1,18 +1,19 @@
-package iniconf
+package iniconf_test

 import (
 	"errors"
-	"fmt"
 	"os"
 	"sort"
 	"testing"
+
+	"git.wntrmute.dev/kyle/goutils/config/iniconf"
 )

 // FailWithError is a utility for dumping errors and failing the test.
 func FailWithError(t *testing.T, err error) {
-	fmt.Println("failed")
+	t.Log("failed")
 	if err != nil {
-		fmt.Println("[!] ", err.Error())
+		t.Log("[!] ", err.Error())
 	}
 	t.FailNow()
 }
@@ -49,47 +50,50 @@ func stringSlicesEqual(slice1, slice2 []string) bool {

 func TestGoodConfig(t *testing.T) {
 	testFile := "testdata/test.conf"
-	fmt.Printf("[+] validating known-good config... ")
-	cmap, err := ParseFile(testFile)
+	t.Logf("[+] validating known-good config... ")
+	cmap, err := iniconf.ParseFile(testFile)
 	if err != nil {
 		FailWithError(t, err)
 	} else if len(cmap) != 2 {
 		FailWithError(t, err)
 	}
-	fmt.Println("ok")
+	t.Log("ok")
 }

 func TestGoodConfig2(t *testing.T) {
 	testFile := "testdata/test2.conf"
-	fmt.Printf("[+] validating second known-good config... ")
-	cmap, err := ParseFile(testFile)
-	if err != nil {
+	t.Logf("[+] validating second known-good config... ")
+	cmap, err := iniconf.ParseFile(testFile)
+	switch {
+	case err != nil:
 		FailWithError(t, err)
-	} else if len(cmap) != 1 {
+	case len(cmap) != 1:
 		FailWithError(t, err)
-	} else if len(cmap["default"]) != 3 {
+	case len(cmap["default"]) != 3:
 		FailWithError(t, err)
+	default:
+		// nothing to do here
 	}
-	fmt.Println("ok")
+	t.Log("ok")
 }

 func TestBadConfig(t *testing.T) {
 	testFile := "testdata/bad.conf"
-	fmt.Printf("[+] ensure invalid config file fails... ")
-	_, err := ParseFile(testFile)
+	t.Logf("[+] ensure invalid config file fails... ")
+	_, err := iniconf.ParseFile(testFile)
 	if err == nil {
-		err = fmt.Errorf("invalid config file should fail")
+		err = errors.New("invalid config file should fail")
 		FailWithError(t, err)
 	}
-	fmt.Println("ok")
+	t.Log("ok")
 }

 func TestWriteConfigFile(t *testing.T) {
-	fmt.Printf("[+] ensure config file is written properly... ")
+	t.Logf("[+] ensure config file is written properly... ")
 	const testFile = "testdata/test.conf"
 	const testOut = "testdata/test.out"

-	cmap, err := ParseFile(testFile)
+	cmap, err := iniconf.ParseFile(testFile)
 	if err != nil {
 		FailWithError(t, err)
 	}
@@ -100,7 +104,7 @@ func TestWriteConfigFile(t *testing.T) {
 		FailWithError(t, err)
 	}

-	cmap2, err := ParseFile(testOut)
+	cmap2, err := iniconf.ParseFile(testOut)
 	if err != nil {
 		FailWithError(t, err)
 	}
@@ -110,25 +114,25 @@ func TestWriteConfigFile(t *testing.T) {
 	sort.Strings(sectionList1)
 	sort.Strings(sectionList2)
 	if !stringSlicesEqual(sectionList1, sectionList2) {
-		err = fmt.Errorf("section lists don't match")
+		err = errors.New("section lists don't match")
 		FailWithError(t, err)
 	}

 	for _, section := range sectionList1 {
 		for _, k := range cmap[section] {
 			if cmap[section][k] != cmap2[section][k] {
-				err = fmt.Errorf("config key doesn't match")
+				err = errors.New("config key doesn't match")
 				FailWithError(t, err)
 			}
 		}
 	}
-	fmt.Println("ok")
+	t.Log("ok")
 }

 func TestQuotedValue(t *testing.T) {
 	testFile := "testdata/test.conf"
-	fmt.Printf("[+] validating quoted value... ")
-	cmap, _ := ParseFile(testFile)
+	t.Logf("[+] validating quoted value... ")
+	cmap, _ := iniconf.ParseFile(testFile)
 	val := cmap["sectionName"]["key4"]
 	if val != " space at beginning and end " {
 		FailWithError(t, errors.New("Wrong value in double quotes ["+val+"]"))
@@ -138,5 +142,5 @@ func TestQuotedValue(t *testing.T) {
 	if val != " is quoted with single quotes " {
 		FailWithError(t, errors.New("Wrong value in single quotes ["+val+"]"))
 	}
-	fmt.Println("ok")
+	t.Log("ok")
 }
--- a/config/path.go
+++ b/config/path.go
@@ -1,5 +1,4 @@
 //go:build !linux
-// +build !linux

 package config

--- a/config/path_test.go
+++ b/config/path_test.go
@@ -1,7 +1,11 @@
-package config
+package config_test

-import "testing"
+import (
+	"testing"
+
+	"git.wntrmute.dev/kyle/goutils/config"
+)

 func TestDefaultPath(t *testing.T) {
-	t.Log(DefaultConfigPath("demoapp", "app.conf"))
+	t.Log(config.DefaultConfigPath("demoapp", "app.conf"))
 }
--- a/dbg/dbg.go
+++ b/dbg/dbg.go
@@ -47,7 +47,7 @@ func ToFile(path string) (*DebugPrinter, error) {
 	}, nil
 }

-// To sets up a new DebugPrint to an io.WriteCloser.
+// To will set up a new DebugPrint to an io.WriteCloser.
 func To(w io.WriteCloser) *DebugPrinter {
 	return &DebugPrinter{
 		out: w,
@@ -55,21 +55,21 @@ func To(w io.WriteCloser) *DebugPrinter {
 }

 // Print calls fmt.Print if Enabled is true.
-func (dbg *DebugPrinter) Print(v ...interface{}) {
+func (dbg *DebugPrinter) Print(v ...any) {
 	if dbg.Enabled {
 		fmt.Fprint(dbg.out, v...)
 	}
 }

 // Println calls fmt.Println if Enabled is true.
-func (dbg *DebugPrinter) Println(v ...interface{}) {
+func (dbg *DebugPrinter) Println(v ...any) {
 	if dbg.Enabled {
 		fmt.Fprintln(dbg.out, v...)
 	}
 }

 // Printf calls fmt.Printf if Enabled is true.
-func (dbg *DebugPrinter) Printf(format string, v ...interface{}) {
+func (dbg *DebugPrinter) Printf(format string, v ...any) {
 	if dbg.Enabled {
 		fmt.Fprintf(dbg.out, format, v...)
 	}
--- a/dbg/dbg_test.go
+++ b/dbg/dbg_test.go
@@ -2,7 +2,6 @@ package dbg

 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"testing"

@@ -50,7 +49,7 @@ func TestTo(t *testing.T) {
 }

 func TestToFile(t *testing.T) {
-	testFile, err := ioutil.TempFile("", "dbg")
+	testFile, err := os.CreateTemp(t.TempDir(), "dbg")
 	assert.NoErrorT(t, err)
 	err = testFile.Close()
 	assert.NoErrorT(t, err)
@@ -103,7 +102,7 @@ func TestWriting(t *testing.T) {
 }

 func TestToFileError(t *testing.T) {
-	testFile, err := ioutil.TempFile("", "dbg")
+	testFile, err := os.CreateTemp(t.TempDir(), "dbg")
 	assert.NoErrorT(t, err)
 	err = testFile.Chmod(0400)
 	assert.NoErrorT(t, err)
--- a/die/README.md
+++ b/die/README.md
@@ -1,12 +0,0 @@
-Simple fatal utilities for Go programs.
-
-```
-	result, err := doSomething()
-	die.If(err)
-
-	ok := processResult(result)
-	if !ok {
-		die.With("failed to process result %s", result.Name)
-	}
-```
-
--- a/die/die.go
+++ b/die/die.go
@@ -1,4 +1,5 @@
-// Package die contains utilities for fatal error handling.
+// Package die contains utilities for fatal error handling. It
+// presents simple fatal utilities for Go programs.
 package die

 import (
@@ -15,14 +16,14 @@ func If(err error) {
 }

 // With prints the message to stderr, appending a newline, and exits.
-func With(fstr string, args ...interface{}) {
+func With(fstr string, args ...any) {
 	out := fmt.Sprintf("[!] %s\n", fstr)
 	fmt.Fprintf(os.Stderr, out, args...)
 	os.Exit(1)
 }

 // When prints the error to stderr and exits if cond is true.
-func When(cond bool, fstr string, args ...interface{}) {
+func When(cond bool, fstr string, args ...any) {
 	if cond {
 		With(fstr, args...)
 	}
--- a/fileutil/fileutil.go
+++ b/fileutil/fileutil.go
@@ -1,10 +1,10 @@
 //go:build !windows
-// +build !windows

 // Package fileutil contains common file functions.
 package fileutil

 import (
+	"math"
 	"os"

 	"golang.org/x/sys/unix"
@@ -46,5 +46,9 @@ const (
 // Access returns a boolean indicating whether the mode being checked
 // for is valid.
 func Access(path string, mode int) error {
-	return unix.Access(path, uint32(mode))
+	// Validate the conversion to avoid potential integer overflow (gosec G115).
+	if mode < 0 || uint64(mode) > uint64(math.MaxUint32) {
+		return unix.EINVAL
+	}
+	return unix.Access(path, uint32(mode)) // #nosec G115 - handled above.
 }
--- a/fileutil/fileutil_windows.go
+++ b/fileutil/fileutil_windows.go
@@ -1,5 +1,4 @@
 //go:build windows
-// +build windows

 // Package fileutil contains common file functions.
 package fileutil
--- a/go.mod
+++ b/go.mod
@@ -1,14 +1,14 @@
 module git.wntrmute.dev/kyle/goutils

-go 1.22
+go 1.24.0

 require (
 	github.com/hashicorp/go-syslog v1.0.0
 	github.com/kr/text v0.2.0
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/sftp v1.12.0
-	golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
+	golang.org/x/crypto v0.44.0
+	golang.org/x/sys v0.38.0
 	gopkg.in/yaml.v2 v2.4.0
 )

--- a/go.sum
+++ b/go.sum
@@ -27,12 +27,17 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b h1:Qwe1rC8PSniVfAFPFJeyUkB+zcysC3RgJBAGk7eqBEU=
 golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU=
+golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
--- a/lib/lib.go
+++ b/lib/lib.go
@@ -11,7 +11,7 @@ import (
 var progname = filepath.Base(os.Args[0])

 // ProgName returns what lib thinks the program name is, namely the
-// basename of of argv0.
+// basename of argv0.
 //
 // It is similar to the Linux __progname function.
 func ProgName() string {
--- a/logging/example_test.go
+++ b/logging/example_test.go
@@ -23,7 +23,7 @@ func Example() {
 		map[string]string{"when": time.Now().String()})
 }

-func ExampleNewFromFile() {
+func ExampleNewSplitFile() {
 	flog, err := logging.NewSplitFile("example.log", "example.err", true)
 	if err != nil {
 		log.Fatal("filelog", "failed to open logger",
Author	SHA1	Message	Date
Kyle Isom	3d9625b40b	Fix calls to die.With.	2025-11-15 16:10:14 -08:00
Kyle Isom	547a0d8f32	disable linting until cleanups are finished	2025-11-15 16:00:58 -08:00
Kyle Isom	876a0a2c2b	fileutil: linter fixes.	2025-11-15 15:58:51 -08:00
Kyle Isom	a37d28e3d7	die: linter feedback fixes.	2025-11-15 15:55:17 -08:00
Kyle Isom	ddf26e00af	dbg: linter feedback updates.	2025-11-15 15:53:57 -08:00
Kyle Isom	e4db163efe	Cleaning up.	2025-11-15 15:48:18 -08:00
Kyle Isom	571443c282	config: apply linting feedback.	2025-11-15 15:47:29 -08:00
Kyle Isom	aba5e519a4	First round of linter cleanups.	2025-11-15 15:11:07 -08:00
Kyle Isom	5fcba0e814	Trying a different config.	2025-11-15 13:34:18 -08:00
Kyle Isom	928c643d8d	Fix linter config.	2025-11-15 13:16:30 -08:00
Kyle Isom	fd9f9f6d66	Fix linting.	2025-11-15 13:08:38 -08:00
Kyle Isom	a5b7727c8f	Add linting stage.	2025-11-15 13:05:00 -08:00
Kyle Isom	3135c18d95	ignore goland directory	2025-11-15 01:53:40 -08:00