Update README.

Verify certificates are signed by a CA.

.circleci/config.yml

@@ -2,22 +2,6 @@
 # See: https://circleci.com/docs/2.0/configuration-reference
 version: 2.1
 
-commands:
-  setup-bazel:
-    description: |
-      Setup the Bazel build system used for building the repo
-    steps:
-      - run:
-          name: Add Bazel Apt repository
-          command: |
-            sudo apt install curl gnupg
-            curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor > bazel.gpg
-            sudo mv bazel.gpg /etc/apt/trusted.gpg.d/
-            echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
-      - run:
-          name: Install Bazel from Apt
-          command: sudo apt update && sudo apt install bazel
-
 # Define a job to be invoked later in a workflow.
 # See: https://circleci.com/docs/2.0/configuration-reference/#jobs
 jobs:
@@ -26,12 +10,11 @@ jobs:
     # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
     # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor
     docker:
-      - image: circleci/golang:1.15.8
+      - image: cimg/go:1.22.2
     # Add steps to the job
     # See: https://circleci.com/docs/2.0/configuration-reference/#steps
     steps:
       - checkout
-      - setup-bazel
       - restore_cache:
           keys:
             - go-mod-v4-{{ checksum "go.sum" }}
@@ -44,10 +27,10 @@ jobs:
             - "/go/pkg/mod"
       - run:
           name: Run tests
-          command: bazel test //...
+          command: go test ./...
       - run:
           name: Run build
-          command: bazel build //...
+          command: go build ./...
       - store_test_results:
           path: /tmp/test-reports
 

BUILD.bazel

@@ -1,22 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-load("@bazel_gazelle//:def.bzl", "gazelle")
-
-# gazelle:prefix git.wntrmute.dev/kyle/goutils
-gazelle(name = "gazelle")
-
-go_library(
-    name = "goutils",
-    srcs = ["doc.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils",
-    visibility = ["//visibility:public"],
-)
-
-gazelle(
-    name = "gazelle-update-repos",
-    args = [
-        "-from_file=go.mod",
-        "-to_macro=deps.bzl%go_dependencies",
-        "-prune",
-    ],
-    command = "update-repos",
-)

LICENSE

@@ -11,3 +11,34 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 
+
+
+=======================================================================
+The backoff package (written during my time at Cloudflare) is released
+under the following license:
+
+Copyright (c) 2016 CloudFlare Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

README.md

@@ -12,6 +12,7 @@ Contents:
 
     ahash/          Provides hashes from string algorithm specifiers.
     assert/         Error handling, assertion-style.
+    backoff/        Implementation of an intelligent backoff strategy.
     cmd/
         atping/     Automated TCP ping, meant for putting in cronjobs.
         certchain/  Display the certificate chain from a
@@ -27,6 +28,7 @@ Contents:
         cruntar/    Untar an archive with hard links, copying instead of
                     linking.
         csrpubdump/ Dump the public key from an X.509 certificate request.
+        data_sync/  Sync the user's homedir to external storage.
         diskimg/    Write a disk image to a device.
         eig/        EEPROM image generator.
         fragment/   Print a fragment of a file.

WORKSPACE

@@ -1,32 +0,0 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
-
-### Go tooling, including Gazelle to generate and maintain BUILD files.
-http_archive(
-    name = "io_bazel_rules_go",
-    sha256 = "6b65cb7917b4d1709f9410ffe00ecf3e160edf674b78c54a894471320862184f",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.39.0/rules_go-v0.39.0.zip",
-        "https://github.com/bazelbuild/rules_go/releases/download/v0.39.0/rules_go-v0.39.0.zip",
-    ],
-)
-
-http_archive(
-    name = "bazel_gazelle",
-    sha256 = "ecba0f04f96b4960a5b250c8e8eeec42281035970aa8852dda73098274d14a1d",
-    urls = [
-        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
-        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
-    ],
-)
-
-load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
-load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
-load("//:deps.bzl", "go_dependencies")
-
-# gazelle:repository_macro deps.bzl%go_dependencies
-go_dependencies()
-go_rules_dependencies()
-go_register_toolchains(version = "1.20.4")
-gazelle_dependencies()
-

ahash/BUILD.bazel

@@ -1,24 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "ahash",
-    srcs = ["ahash.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/ahash",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//assert",
-        "@org_golang_x_crypto//blake2b",
-        "@org_golang_x_crypto//blake2s",
-        "@org_golang_x_crypto//md4",
-        "@org_golang_x_crypto//ripemd160",
-        "@org_golang_x_crypto//sha3",
-    ],
-)
-
-go_test(
-    name = "ahash_test",
-    size = "small",
-    srcs = ["ahash_test.go"],
-    embed = [":ahash"],
-    deps = ["//assert"],
-)

assert/BUILD.bazel

@@ -1,8 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "assert",
-    srcs = ["assert.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/assert",
-    visibility = ["//visibility:public"],
-)

backoff/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2016 CloudFlare Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

backoff/README.md

@@ -0,0 +1,83 @@
+# backoff
+## Go implementation of "Exponential Backoff And Jitter"
+
+This package implements the backoff strategy described in the AWS
+Architecture Blog article
+["Exponential Backoff And Jitter"](http://www.awsarchitectureblog.com/2015/03/backoff.html). Essentially,
+the backoff has an interval `time.Duration`; the *n<sup>th</sup>* call
+to backoff will return an a `time.Duration` that is *2 <sup>n</sup> *
+interval*. If jitter is enabled (which is the default behaviour), the
+duration is a random value between 0 and *2 <sup>n</sup> * interval*.
+The backoff is configured with a maximum duration that will not be
+exceeded; e.g., by default, the longest duration returned is
+`backoff.DefaultMaxDuration`.
+
+## Usage
+
+A `Backoff` is initialised with a call to `New`. Using zero values
+causes it to use `DefaultMaxDuration` and `DefaultInterval` as the
+maximum duration and interval.
+
+```
+package something
+
+import "github.com/cloudflare/backoff"
+
+func retryable() {
+        b := backoff.New(0, 0)
+        for {
+                err := someOperation()
+                if err == nil {
+                    break
+                }
+
+                log.Printf("error in someOperation: %v", err)
+                <-time.After(b.Duration())
+        }
+
+        log.Printf("succeeded after %d tries", b.Tries()+1)
+        b.Reset()
+}
+```
+
+It can also be used to rate limit code that should retry infinitely, but which does not
+use `Backoff` itself.
+
+```
+package something
+
+import (
+    "time"
+
+    "github.com/cloudflare/backoff"
+)
+
+func retryable() {
+        b := backoff.New(0, 0)
+        b.SetDecay(30 * time.Second)
+
+        for {
+                // b will reset if someOperation returns later than
+                // the last call to b.Duration() + 30s.
+                err := someOperation()
+                if err == nil {
+                    break
+                }
+
+                log.Printf("error in someOperation: %v", err)
+                <-time.After(b.Duration())
+        }
+}
+```
+
+## Tunables
+
+* `NewWithoutJitter` creates a Backoff that doesn't use jitter.
+
+The default behaviour is controlled by two variables:
+
+* `DefaultInterval` sets the base interval for backoffs created with
+  the zero `time.Duration` value in the `Interval` field.
+* `DefaultMaxDuration` sets the maximum duration for backoffs created
+  with the zero `time.Duration` value in the `MaxDuration` field.
+

backoff/backoff.go

@@ -0,0 +1,197 @@
+// Package backoff contains an implementation of an intelligent backoff
+// strategy. It is based on the approach in the AWS architecture blog
+// article titled "Exponential Backoff And Jitter", which is found at
+// http://www.awsarchitectureblog.com/2015/03/backoff.html.
+//
+// Essentially, the backoff has an interval `time.Duration`; the nth
+// call to backoff will return a `time.Duration` that is 2^n *
+// interval. If jitter is enabled (which is the default behaviour),
+// the duration is a random value between 0 and 2^n * interval.  The
+// backoff is configured with a maximum duration that will not be
+// exceeded.
+//
+// The `New` function will attempt to use the system's cryptographic
+// random number generator to seed a Go math/rand random number
+// source. If this fails, the package will panic on startup.
+package backoff
+
+import (
+	"crypto/rand"
+	"encoding/binary"
+	"io"
+	"math"
+	mrand "math/rand"
+	"sync"
+	"time"
+)
+
+var prngMu sync.Mutex
+var prng *mrand.Rand
+
+// DefaultInterval is used when a Backoff is initialised with a
+// zero-value Interval.
+var DefaultInterval = 5 * time.Minute
+
+// DefaultMaxDuration is maximum amount of time that the backoff will
+// delay for.
+var DefaultMaxDuration = 6 * time.Hour
+
+// A Backoff contains the information needed to intelligently backoff
+// and retry operations using an exponential backoff algorithm. It should
+// be initialised with a call to `New`.
+//
+// Only use a Backoff from a single goroutine, it is not safe for concurrent
+// access.
+type Backoff struct {
+	// maxDuration is the largest possible duration that can be
+	// returned from a call to Duration.
+	maxDuration time.Duration
+
+	// interval controls the time step for backing off.
+	interval time.Duration
+
+	// noJitter controls whether to use the "Full Jitter"
+	// improvement to attempt to smooth out spikes in a high
+	// contention scenario. If noJitter is set to true, no
+	// jitter will be introduced.
+	noJitter bool
+
+	// decay controls the decay of n. If it is non-zero, n is
+	// reset if more than the last backoff + decay has elapsed since
+	// the last try.
+	decay time.Duration
+
+	n       uint64
+	lastTry time.Time
+}
+
+// New creates a new backoff with the specified max duration and
+// interval. Zero values may be used to use the default values.
+//
+// Panics if either max or interval is negative.
+func New(max time.Duration, interval time.Duration) *Backoff {
+	if max < 0 || interval < 0 {
+		panic("backoff: max or interval is negative")
+	}
+
+	b := &Backoff{
+		maxDuration: max,
+		interval:    interval,
+	}
+	b.setup()
+	return b
+}
+
+// NewWithoutJitter works similarly to New, except that the created
+// Backoff will not use jitter.
+func NewWithoutJitter(max time.Duration, interval time.Duration) *Backoff {
+	b := New(max, interval)
+	b.noJitter = true
+	return b
+}
+
+func init() {
+	var buf [8]byte
+	var n int64
+
+	_, err := io.ReadFull(rand.Reader, buf[:])
+	if err != nil {
+		panic(err.Error())
+	}
+
+	n = int64(binary.LittleEndian.Uint64(buf[:]))
+
+	src := mrand.NewSource(n)
+	prng = mrand.New(src)
+}
+
+func (b *Backoff) setup() {
+	if b.interval == 0 {
+		b.interval = DefaultInterval
+	}
+
+	if b.maxDuration == 0 {
+		b.maxDuration = DefaultMaxDuration
+	}
+}
+
+// Duration returns a time.Duration appropriate for the backoff,
+// incrementing the attempt counter.
+func (b *Backoff) Duration() time.Duration {
+	b.setup()
+
+	b.decayN()
+
+	t := b.duration(b.n)
+
+	if b.n < math.MaxUint64 {
+		b.n++
+	}
+
+	if !b.noJitter {
+		prngMu.Lock()
+		t = time.Duration(prng.Int63n(int64(t)))
+		prngMu.Unlock()
+	}
+
+	return t
+}
+
+// requires b to be locked.
+func (b *Backoff) duration(n uint64) (t time.Duration) {
+	// Saturate pow
+	pow := time.Duration(math.MaxInt64)
+	if n < 63 {
+		pow = 1 << n
+	}
+
+	t = b.interval * pow
+	if t/pow != b.interval || t > b.maxDuration {
+		t = b.maxDuration
+	}
+
+	return
+}
+
+// Reset resets the attempt counter of a backoff.
+//
+// It should be called when the rate-limited action succeeds.
+func (b *Backoff) Reset() {
+	b.lastTry = time.Time{}
+	b.n = 0
+}
+
+// SetDecay sets the duration after which the try counter will be reset.
+// Panics if decay is smaller than 0.
+//
+// The decay only kicks in if at least the last backoff + decay has elapsed
+// since the last try.
+func (b *Backoff) SetDecay(decay time.Duration) {
+	if decay < 0 {
+		panic("backoff: decay < 0")
+	}
+
+	b.decay = decay
+}
+
+// requires b to be locked
+func (b *Backoff) decayN() {
+	if b.decay == 0 {
+		return
+	}
+
+	if b.lastTry.IsZero() {
+		b.lastTry = time.Now()
+		return
+	}
+
+	lastDuration := b.duration(b.n - 1)
+	decayed := time.Since(b.lastTry) > lastDuration+b.decay
+	b.lastTry = time.Now()
+
+	if !decayed {
+		return
+	}
+
+	b.n = 0
+}

backoff/backoff_test.go

@@ -0,0 +1,175 @@
+package backoff
+
+import (
+	"fmt"
+	"math"
+	"testing"
+	"time"
+)
+
+// If given New with 0's and no jitter, ensure that certain invariants are met:
+//
+//   - the default max duration and interval should be used
+//   - noJitter should be true
+//   - the RNG should not be initialised
+//   - the first duration should be equal to the default interval
+func TestDefaults(t *testing.T) {
+	b := NewWithoutJitter(0, 0)
+
+	if b.maxDuration != DefaultMaxDuration {
+		t.Fatalf("expected new backoff to use the default max duration (%s), but have %s", DefaultMaxDuration, b.maxDuration)
+	}
+
+	if b.interval != DefaultInterval {
+		t.Fatalf("exepcted new backoff to use the default interval (%s), but have %s", DefaultInterval, b.interval)
+	}
+
+	if b.noJitter != true {
+		t.Fatal("backoff should have been initialised without jitter")
+	}
+
+	dur := b.Duration()
+	if dur != DefaultInterval {
+		t.Fatalf("expected first duration to be %s, have %s", DefaultInterval, dur)
+	}
+}
+
+// Given a zero-value initialised Backoff, it should be transparently
+// setup.
+func TestSetup(t *testing.T) {
+	b := new(Backoff)
+	dur := b.Duration()
+	if dur < 0 || dur > (5*time.Minute) {
+		t.Fatalf("want duration between 0 and 5 minutes, have %s", dur)
+	}
+}
+
+// Ensure that tries incremenets as expected.
+func TestTries(t *testing.T) {
+	b := NewWithoutJitter(5, 1)
+
+	for i := uint64(0); i < 3; i++ {
+		if b.n != i {
+			t.Fatalf("want tries=%d, have tries=%d", i, b.n)
+		}
+
+		pow := 1 << i
+		expected := time.Duration(pow)
+		dur := b.Duration()
+		if dur != expected {
+			t.Fatalf("want duration=%d, have duration=%d at i=%d", expected, dur, i)
+		}
+	}
+
+	for i := uint(3); i < 5; i++ {
+		dur := b.Duration()
+		if dur != 5 {
+			t.Fatalf("want duration=5, have %d at i=%d", dur, i)
+		}
+	}
+}
+
+// Ensure that a call to Reset will actually reset the Backoff.
+func TestReset(t *testing.T) {
+	const iter = 10
+	b := New(1000, 1)
+	for i := 0; i < iter; i++ {
+		_ = b.Duration()
+	}
+
+	if b.n != iter {
+		t.Fatalf("expected tries=%d, have tries=%d", iter, b.n)
+	}
+
+	b.Reset()
+	if b.n != 0 {
+		t.Fatalf("expected tries=0 after reset, have tries=%d", b.n)
+	}
+}
+
+const decay = 5 * time.Millisecond
+const max = 10 * time.Millisecond
+const interval = time.Millisecond
+
+func TestDecay(t *testing.T) {
+	const iter = 10
+
+	b := NewWithoutJitter(max, 1)
+	b.SetDecay(decay)
+
+	var backoff time.Duration
+	for i := 0; i < iter; i++ {
+		backoff = b.Duration()
+	}
+
+	if b.n != iter {
+		t.Fatalf("expected tries=%d, have tries=%d", iter, b.n)
+	}
+
+	// Don't decay below backoff
+	b.lastTry = time.Now().Add(-backoff + 1)
+	backoff = b.Duration()
+	if b.n != iter+1 {
+		t.Fatalf("expected tries=%d, have tries=%d", iter+1, b.n)
+	}
+
+	// Reset after backoff + decay
+	b.lastTry = time.Now().Add(-backoff - decay)
+	b.Duration()
+	if b.n != 1 {
+		t.Fatalf("expected tries=%d, have tries=%d", 1, b.n)
+	}
+}
+
+// Ensure that decay works even if the retry counter is saturated.
+func TestDecaySaturation(t *testing.T) {
+	b := NewWithoutJitter(1<<2, 1)
+	b.SetDecay(decay)
+
+	var duration time.Duration
+	for i := 0; i <= 2; i++ {
+		duration = b.Duration()
+	}
+
+	if duration != 1<<2 {
+		t.Fatalf("expected duration=%v, have duration=%v", 1<<2, duration)
+	}
+
+	b.lastTry = time.Now().Add(-duration - decay)
+	b.n = math.MaxUint64
+
+	duration = b.Duration()
+	if duration != 1 {
+		t.Errorf("expected duration=%v, have duration=%v", 1, duration)
+	}
+}
+
+func ExampleBackoff_SetDecay() {
+	b := NewWithoutJitter(max, interval)
+	b.SetDecay(decay)
+
+	// try 0
+	fmt.Println(b.Duration())
+
+	// try 1
+	fmt.Println(b.Duration())
+
+	// try 2
+	duration := b.Duration()
+	fmt.Println(duration)
+
+	// try 3, below decay
+	time.Sleep(duration)
+	duration = b.Duration()
+	fmt.Println(duration)
+
+	// try 4, resets
+	time.Sleep(duration + decay)
+	fmt.Println(b.Duration())
+
+	// Output: 1ms
+	// 2ms
+	// 4ms
+	// 8ms
+	// 1ms
+}

certlib/BUILD.bazel

@@ -1,30 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "certlib",
-    srcs = [
-        "certlib.go",
-        "der_helpers.go",
-        "ed25519.go",
-        "helpers.go",
-    ],
-    importpath = "git.wntrmute.dev/kyle/goutils/certlib",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//certlib/certerr",
-        "//certlib/pkcs7",
-        "@com_github_google_certificate_transparency_go//:certificate-transparency-go",
-        "@com_github_google_certificate_transparency_go//tls",
-        "@com_github_google_certificate_transparency_go//x509",
-        "@org_golang_x_crypto//ocsp",
-        "@org_golang_x_crypto//pkcs12",
-    ],
-)
-
-go_test(
-    name = "certlib_test",
-    size = "small",
-    srcs = ["certlib_test.go"],
-    embed = [":certlib"],
-    deps = ["//assert"],
-)

certlib/certerr/BUILD.bazel

@@ -1,8 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "certerr",
-    srcs = ["errors.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/certlib/certerr",
-    visibility = ["//visibility:public"],
-)

certlib/pkcs7/BUILD.bazel

@@ -1,9 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "pkcs7",
-    srcs = ["pkcs7.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/certlib/pkcs7",
-    visibility = ["//visibility:public"],
-    deps = ["//certlib/certerr"],
-)

certlib/revoke/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "revoke",
-    srcs = ["revoke.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/certlib/revoke",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//certlib",
-        "//log",
-        "@org_golang_x_crypto//ocsp",
-    ],
-)
-
-go_test(
-    name = "revoke_test",
-    srcs = ["revoke_test.go"],
-    embed = [":revoke"],
-)

cmd/atping/BUILD.bazel

@@ -1,14 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "atping_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/atping",
-    visibility = ["//visibility:private"],
-)
-
-go_binary(
-    name = "atping",
-    embed = [":atping_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/ca-signed/README.txt

@@ -0,0 +1,40 @@
+ca-signed: verify certificates against a CA
+-------------------------------------------
+
+Description
+  ca-signed verifies whether one or more certificates are signed by a given
+  Certificate Authority (CA). It prints a concise status per input certificate
+  along with the certificate’s expiration date when validation succeeds.
+
+Usage
+  ca-signed CA.pem cert1.pem [cert2.pem ...]
+
+  - CA.pem: A file containing one or more CA certificates in PEM, DER, or PKCS#7/PKCS#12 formats.
+  - certN.pem: A file containing the end-entity (leaf) certificate to verify. If the file contains a chain,
+               the first certificate is treated as the leaf and the remaining ones are used as intermediates.
+
+Output format
+  For each input certificate file, one line is printed:
+    <filename>: OK (expires YYYY-MM-DD)
+    <filename>: INVALID
+
+Special self-test mode
+  ca-signed selftest
+
+  Runs a built-in test suite using embedded certificates. This mode requires no
+  external files or network access. The program exits with code 0 if all tests
+  pass, or a non-zero exit code if any test fails. Example output lines include
+  whether validation succeeds and the leaf’s expiration when applicable.
+
+Examples
+  # Verify a server certificate against a root CA
+  ca-signed isrg-root-x1.pem le-e7.pem
+
+  # Run the embedded self-test suite
+  ca-signed selftest
+
+Notes
+  - The tool attempts to parse certificates in PEM first, then falls back to
+    DER/PKCS#7/PKCS#12 (with an empty password) where applicable.
+  - Expiration is shown for the leaf certificate only.
+  - In selftest mode, test certificates are compiled into the binary using go:embed.

cmd/ca-signed/main.go

@@ -0,0 +1,287 @@
+package main
+
+import (
+	"crypto/x509"
+	"embed"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"git.wntrmute.dev/kyle/goutils/certlib"
+)
+
+// loadCertsFromFile attempts to parse certificates from a file that may be in
+// PEM or DER/PKCS#7 format. Returns the parsed certificates or an error.
+func loadCertsFromFile(path string) ([]*x509.Certificate, error) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	// Try PEM first
+	if certs, err := certlib.ParseCertificatesPEM(data); err == nil {
+		return certs, nil
+	}
+
+	// Try DER/PKCS7/PKCS12 (with no password)
+	if certs, _, err := certlib.ParseCertificatesDER(data, ""); err == nil {
+		return certs, nil
+	} else {
+		return nil, err
+	}
+}
+
+func makePoolFromFile(path string) (*x509.CertPool, error) {
+	// Try PEM via helper (it builds a pool)
+	if pool, err := certlib.LoadPEMCertPool(path); err == nil && pool != nil {
+		return pool, nil
+	}
+
+	// Fallback: read as DER(s), add to a new pool
+	certs, err := loadCertsFromFile(path)
+	if err != nil || len(certs) == 0 {
+		return nil, fmt.Errorf("failed to load CA certificates from %s", path)
+	}
+	pool := x509.NewCertPool()
+	for _, c := range certs {
+		pool.AddCert(c)
+	}
+	return pool, nil
+}
+
+//go:embed testdata/*.pem
+var embeddedTestdata embed.FS
+
+// loadCertsFromBytes attempts to parse certificates from bytes that may be in
+// PEM or DER/PKCS#7 format.
+func loadCertsFromBytes(data []byte) ([]*x509.Certificate, error) {
+	// Try PEM first
+	if certs, err := certlib.ParseCertificatesPEM(data); err == nil {
+		return certs, nil
+	}
+	// Try DER/PKCS7/PKCS12 (with no password)
+	if certs, _, err := certlib.ParseCertificatesDER(data, ""); err == nil {
+		return certs, nil
+	} else {
+		return nil, err
+	}
+}
+
+func makePoolFromBytes(data []byte) (*x509.CertPool, error) {
+    certs, err := loadCertsFromBytes(data)
+    if err != nil || len(certs) == 0 {
+        return nil, fmt.Errorf("failed to load CA certificates from embedded bytes")
+    }
+    pool := x509.NewCertPool()
+    for _, c := range certs {
+        pool.AddCert(c)
+    }
+    return pool, nil
+}
+
+// isSelfSigned returns true if the given certificate is self-signed.
+// It checks that the subject and issuer match and that the certificate's
+// signature verifies against its own public key.
+func isSelfSigned(cert *x509.Certificate) bool {
+    if cert == nil {
+        return false
+    }
+    // Quick check: subject and issuer match
+    if cert.Subject.String() != cert.Issuer.String() {
+        return false
+    }
+    // Cryptographic check: the certificate is signed by itself
+    if err := cert.CheckSignatureFrom(cert); err != nil {
+        return false
+    }
+    return true
+}
+
+func verifyAgainstCA(caPool *x509.CertPool, path string) (ok bool, expiry string) {
+	certs, err := loadCertsFromFile(path)
+	if err != nil || len(certs) == 0 {
+		return false, ""
+	}
+
+	leaf := certs[0]
+	ints := x509.NewCertPool()
+	if len(certs) > 1 {
+		for _, ic := range certs[1:] {
+			ints.AddCert(ic)
+		}
+	}
+
+	opts := x509.VerifyOptions{
+		Roots:         caPool,
+		Intermediates: ints,
+		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+	}
+	if _, err := leaf.Verify(opts); err != nil {
+		return false, ""
+	}
+
+	return true, leaf.NotAfter.Format("2006-01-02")
+}
+
+func verifyAgainstCABytes(caPool *x509.CertPool, certData []byte) (ok bool, expiry string) {
+	certs, err := loadCertsFromBytes(certData)
+	if err != nil || len(certs) == 0 {
+		return false, ""
+	}
+
+	leaf := certs[0]
+	ints := x509.NewCertPool()
+	if len(certs) > 1 {
+		for _, ic := range certs[1:] {
+			ints.AddCert(ic)
+		}
+	}
+
+	opts := x509.VerifyOptions{
+		Roots:         caPool,
+		Intermediates: ints,
+		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+	}
+	if _, err := leaf.Verify(opts); err != nil {
+		return false, ""
+	}
+
+	return true, leaf.NotAfter.Format("2006-01-02")
+}
+
+// selftest runs built-in validation using embedded certificates.
+func selftest() int {
+	type testCase struct {
+		name     string
+		caFile   string
+		certFile string
+		expectOK bool
+	}
+
+ cases := []testCase{
+        {name: "ISRG Root X1 validates LE E7", caFile: "testdata/isrg-root-x1.pem", certFile: "testdata/le-e7.pem", expectOK: true},
+        {name: "ISRG Root X1 does NOT validate Google WR2", caFile: "testdata/isrg-root-x1.pem", certFile: "testdata/goog-wr2.pem", expectOK: false},
+        {name: "GTS R1 validates Google WR2", caFile: "testdata/gts-r1.pem", certFile: "testdata/goog-wr2.pem", expectOK: true},
+        {name: "GTS R1 does NOT validate LE E7", caFile: "testdata/gts-r1.pem", certFile: "testdata/le-e7.pem", expectOK: false},
+    }
+
+    failures := 0
+    for _, tc := range cases {
+		caBytes, err := embeddedTestdata.ReadFile(tc.caFile)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "selftest: failed to read embedded %s: %v\n", tc.caFile, err)
+			failures++
+			continue
+		}
+		certBytes, err := embeddedTestdata.ReadFile(tc.certFile)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "selftest: failed to read embedded %s: %v\n", tc.certFile, err)
+			failures++
+			continue
+		}
+		pool, err := makePoolFromBytes(caBytes)
+		if err != nil || pool == nil {
+			fmt.Fprintf(os.Stderr, "selftest: failed to build CA pool for %s: %v\n", tc.caFile, err)
+			failures++
+			continue
+		}
+		ok, exp := verifyAgainstCABytes(pool, certBytes)
+		if ok != tc.expectOK {
+			fmt.Printf("%s: unexpected result: got %v, want %v\n", tc.name, ok, tc.expectOK)
+			failures++
+		} else {
+			if ok {
+				fmt.Printf("%s: OK (expires %s)\n", tc.name, exp)
+			} else {
+				fmt.Printf("%s: INVALID (as expected)\n", tc.name)
+			}
+		}
+    }
+
+    // Verify that both embedded root CAs are detected as self-signed
+    roots := []string{"testdata/gts-r1.pem", "testdata/isrg-root-x1.pem"}
+    for _, root := range roots {
+        b, err := embeddedTestdata.ReadFile(root)
+        if err != nil {
+            fmt.Fprintf(os.Stderr, "selftest: failed to read embedded %s: %v\n", root, err)
+            failures++
+            continue
+        }
+        certs, err := loadCertsFromBytes(b)
+        if err != nil || len(certs) == 0 {
+            fmt.Fprintf(os.Stderr, "selftest: failed to parse cert(s) from %s: %v\n", root, err)
+            failures++
+            continue
+        }
+        leaf := certs[0]
+        if isSelfSigned(leaf) {
+            fmt.Printf("%s: SELF-SIGNED (as expected)\n", root)
+        } else {
+            fmt.Printf("%s: expected SELF-SIGNED, but was not detected as such\n", root)
+            failures++
+        }
+    }
+
+    if failures == 0 {
+        fmt.Println("selftest: PASS")
+        return 0
+    }
+    fmt.Fprintf(os.Stderr, "selftest: FAIL (%d failure(s))\n", failures)
+    return 1
+}
+
+func main() {
+	// Special selftest mode: single argument "selftest"
+	if len(os.Args) == 2 && os.Args[1] == "selftest" {
+		os.Exit(selftest())
+	}
+
+	if len(os.Args) < 3 {
+		prog := filepath.Base(os.Args[0])
+		fmt.Fprintf(os.Stderr, "Usage:\n  %s ca.pem cert1.pem cert2.pem ...\n  %s selftest\n", prog, prog)
+		os.Exit(2)
+	}
+
+	caPath := os.Args[1]
+	caPool, err := makePoolFromFile(caPath)
+	if err != nil || caPool == nil {
+		fmt.Fprintf(os.Stderr, "failed to load CA certificate(s): %v\n", err)
+		os.Exit(1)
+	}
+
+    for _, certPath := range os.Args[2:] {
+        ok, exp := verifyAgainstCA(caPool, certPath)
+        name := filepath.Base(certPath)
+        // Load the leaf once for self-signed detection and potential expiry fallback
+        var leaf *x509.Certificate
+        if certs, err := loadCertsFromFile(certPath); err == nil && len(certs) > 0 {
+            leaf = certs[0]
+        }
+
+        // If the certificate is self-signed, prefer the SELF-SIGNED label
+        if isSelfSigned(leaf) {
+            fmt.Printf("%s: SELF-SIGNED\n", name)
+            continue
+        }
+
+        if ok {
+            // Display with the requested format
+            // Example: file: OK (expires 2031-01-01)
+            // Ensure deterministic date formatting
+            // Note: no timezone displayed; date only as per example
+            // If exp ended up empty for some reason, recompute safely
+            if exp == "" {
+                if leaf != nil {
+                    exp = leaf.NotAfter.Format("2006-01-02")
+                } else {
+                    // fallback to the current date to avoid empty; though shouldn't happen
+                    exp = time.Now().Format("2006-01-02")
+                }
+            }
+            fmt.Printf("%s: OK (expires %s)\n", name, exp)
+        } else {
+            fmt.Printf("%s: INVALID\n", name)
+        }
+    }
+}

cmd/ca-signed/testdata/goog-wr2.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCzCCAvOgAwIBAgIQf/AFoHxM3tEArZ1mpRB7mDANBgkqhkiG9w0BAQsFADBH
+MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
+QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIw
+MTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNl
+cnZpY2VzMQwwCgYDVQQDEwNXUjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCp/5x/RR5wqFOfytnlDd5GV1d9vI+aWqxG8YSau5HbyfsvAfuSCQAWXqAc
++MGr+XgvSszYhaLYWTwO0xj7sfUkDSbutltkdnwUxy96zqhMt/TZCPzfhyM1IKji
+aeKMTj+xWfpgoh6zySBTGYLKNlNtYE3pAJH8do1cCA8Kwtzxc2vFE24KT3rC8gIc
+LrRjg9ox9i11MLL7q8Ju26nADrn5Z9TDJVd06wW06Y613ijNzHoU5HEDy01hLmFX
+xRmpC5iEGuh5KdmyjS//V2pm4M6rlagplmNwEmceOuHbsCFx13ye/aoXbv4r+zgX
+FNFmp6+atXDMyGOBOozAKql2N87jAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/
+AgEAMB0GA1UdDgQWBBTeGx7teRXUPjckwyG77DQ5bUKyMDAfBgNVHSMEGDAWgBTk
+rysmcRorSCeFL1JmLO/wiRNxPjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAKG
+GGh0dHA6Ly9pLnBraS5nb29nL3IxLmNydDArBgNVHR8EJDAiMCCgHqAchhpodHRw
+Oi8vYy5wa2kuZ29vZy9yL3IxLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATANBgkq
+hkiG9w0BAQsFAAOCAgEARXWL5R87RBOWGqtY8TXJbz3S0DNKhjO6V1FP7sQ02hYS
+TL8Tnw3UVOlIecAwPJQl8hr0ujKUtjNyC4XuCRElNJThb0Lbgpt7fyqaqf9/qdLe
+SiDLs/sDA7j4BwXaWZIvGEaYzq9yviQmsR4ATb0IrZNBRAq7x9UBhb+TV+PfdBJT
+DhEl05vc3ssnbrPCuTNiOcLgNeFbpwkuGcuRKnZc8d/KI4RApW//mkHgte8y0YWu
+ryUJ8GLFbsLIbjL9uNrizkqRSvOFVU6xddZIMy9vhNkSXJ/UcZhjJY1pXAprffJB
+vei7j+Qi151lRehMCofa6WBmiA4fx+FOVsV2/7R6V2nyAiIJJkEd2nSi5SnzxJrl
+Xdaqev3htytmOPvoKWa676ATL/hzfvDaQBEcXd2Ppvy+275W+DKcH0FBbX62xevG
+iza3F4ydzxl6NJ8hk8R+dDXSqv1MbRT1ybB5W0k8878XSOjvmiYTDIfyc9acxVJr
+Y/cykHipa+te1pOhv7wYPYtZ9orGBV5SGOJm4NrB3K1aJar0RfzxC3ikr7Dyc6Qw
+qDTBU39CluVIQeuQRgwG3MuSxl7zRERDRilGoKb8uY45JzmxWuKxrfwT/478JuHU
+/oTxUFqOl2stKnn7QGTq8z29W+GgBLCXSBxC9epaHM0myFH/FJlniXJfHeytWt0=
+-----END CERTIFICATE-----

cmd/ca-signed/testdata/gts-r1.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo
+27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w
+Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw
+TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl
+qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH
+szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8
+Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk
+MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
+wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p
+aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN
+VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID
+AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb
+C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe
+QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy
+h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4
+7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J
+ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef
+MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/
+Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT
+6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ
+0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm
+2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb
+bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c
+-----END CERTIFICATE-----

cmd/ca-signed/testdata/isrg-root-x1.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----

cmd/ca-signed/testdata/le-e7.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAKp18eYrjwoiCWbTi7/UuqEwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARB6AST
+CFh/vjcwDMCgQer+VtqEkz7JANurZxLP+U9TCeioL6sp5Z8VRvRbYk4P1INBmbef
+QHJFHCxcSjKmwtvGBWpl/9ra8HW0QDsUaJW2qOJqceJ0ZVFT3hbUHifBM/2jgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSuSJ7chx1EoG/aouVgdAR4
+wpwAgDAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAjx66fDdLk5ywFn3CzA1w1qfylHUD
+aEf0QZpXcJseddJGSfbUUOvbNR9N/QQ16K1lXl4VFyhmGXDT5Kdfcr0RvIIVrNxF
+h4lqHtRRCP6RBRstqbZ2zURgqakn/Xip0iaQL0IdfHBZr396FgknniRYFckKORPG
+yM3QKnd66gtMst8I5nkRQlAg/Jb+Gc3egIvuGKWboE1G89NTsN9LTDD3PLj0dUMr
+OIuqVjLB8pEC6yk9enrlrqjXQgkLEYhXzq7dLafv5Vkig6Gl0nuuqjqfp0Q1bi1o
+yVNAlXe6aUXw92CcghC9bNsKEO1+M52YY5+ofIXlS/SEQbvVYYBLZ5yeiglV6t3S
+M6H+vTG0aP9YHzLn/KVOHzGQfXDP7qM5tkf+7diZe7o2fw6O7IvN6fsQXEQQj8TJ
+UXJxv2/uJhcuy/tSDgXwHM8Uk34WNbRT7zGTGkQRX0gsbjAea/jYAoWv0ZvQRwpq
+Pe79D/i7Cep8qWnA+7AE/3B3S/3dEEYmc0lpe1366A/6GEgk3ktr9PEoQrLChs6I
+tu3wnNLB2euC8IKGLQFpGtOO/2/hiAKjyajaBP25w1jF0Wl8Bbqne3uZ2q1GyPFJ
+YRmT7/OXpmOH/FVLtwS+8ng1cAmpCujPwteJZNcDG0sF2n/sc0+SQf49fdyUK0ty
++VUwFj9tmWxyR/M=
+-----END CERTIFICATE-----

cmd/certchain/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "certchain_lib",
-    srcs = ["certchain.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/certchain",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "certchain",
-    embed = [":certchain_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/certdump/BUILD.bazel

@@ -1,22 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "certdump_lib",
-    srcs = [
-        "certdump.go",
-        "util.go",
-    ],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/certdump",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//certlib",
-        "//lib",
-        "@com_github_kr_text//:text",
-    ],
-)
-
-go_binary(
-    name = "certdump",
-    embed = [":certdump_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/certdump/certdump.go

@@ -110,6 +110,14 @@ func showBasicConstraints(cert *x509.Certificate) {
 
 	if cert.IsCA {
 		fmt.Printf(", is a CA certificate")
+		if !cert.BasicConstraintsValid {
+			fmt.Printf(" (basic constraint failure)")
+		}
+	} else {
+		fmt.Printf("is not a CA certificate")
+		if cert.KeyUsage&x509.KeyUsageKeyEncipherment != 0 {
+			fmt.Printf(" (key encipherment usage enabled!)")
+		}
 	}
 
 	if (cert.MaxPathLen == 0 && cert.MaxPathLenZero) || (cert.MaxPathLen > 0) {

cmd/certexpiry/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "certexpiry_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/certexpiry",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//certlib",
-        "//die",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "certexpiry",
-    embed = [":certexpiry_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/certverify/BUILD.bazel

@@ -1,20 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "certverify_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/certverify",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//certlib",
-        "//certlib/revoke",
-        "//die",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "certverify",
-    embed = [":certverify_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/clustersh/BUILD.bazel

@@ -1,20 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "clustersh_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/clustersh",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//lib",
-        "@com_github_pkg_sftp//:sftp",
-        "@org_golang_x_crypto//ssh",
-        "@org_golang_x_crypto//ssh/agent",
-    ],
-)
-
-go_binary(
-    name = "clustersh",
-    embed = [":clustersh_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/cruntar/BUILD.bazel

@@ -1,18 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "cruntar_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/cruntar",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//die",
-        "//fileutil",
-    ],
-)
-
-go_binary(
-    name = "cruntar",
-    embed = [":cruntar_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/csrpubdump/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "csrpubdump_lib",
-    srcs = ["pubdump.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/csrpubdump",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "csrpubdump",
-    embed = [":csrpubdump_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/data_sync/README

@@ -0,0 +1,32 @@
+data_sync
+
+This is a tool I wrote primarily to sync my home directory to a backup
+drive plugged into my laptop. This system is provisioned by Ansible,
+and the goal is to be able to just copy my home directory back in the
+event of a failure without having lost a great deal of work or to wait
+for ansible to finish installing the right backup software. Specifically,
+I use a Framework laptop with the 1TB storage module, encrypted with
+LUKS, and run this twice daily (timed to correspond with my commute,
+though that's not really necessary). It started off as a shell script,
+then I decided to just write it as a program.
+
+Usage: data_sync [-d path] [-l level] [-m path] [-nqsv]
+                                  [-t path]
+        -d path         path to sync source directory
+                        (default "~")
+        -l level        log level to output (default "INFO"). Valid log
+                        levels are DEBUG, INFO, NOTICE, WARNING, ERR,
+                        CRIT, ALERT, EMERG. The default is INFO.
+        -m path         path to sync mount directory
+                        (default "/media/$USER/$(hostname -s)_data")
+        -n              dry-run mode: only check paths and print files to
+                        exclude
+        -q              suppress console output
+        -s              suppress syslog output
+        -t path         path to sync target directory
+                        (default "/media/$USER/$(hostname -s)_data/$USER")
+        -v              verbose rsync output
+
+data_sync rsyncs the tree at the sync source directory (-d) to the sync target
+directory (-t); it checks the mount directory (-m) exists; the sync target
+target directory must exist on the mount directory.

cmd/data_sync/main.go

@@ -0,0 +1,230 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"io"
+	"io/fs"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"git.wntrmute.dev/kyle/goutils/config"
+	"git.wntrmute.dev/kyle/goutils/fileutil"
+	"git.wntrmute.dev/kyle/goutils/log"
+)
+
+func mustHostname() string {
+	hostname, err := os.Hostname()
+	log.FatalError(err, "couldn't retrieve hostname")
+
+	if hostname == "" {
+		log.Fatal("no hostname returned")
+	}
+	return strings.Split(hostname, ".")[0]
+}
+
+var (
+	defaultDataDir   = mustHostname() + "_data"
+	defaultProgName  = defaultDataDir + "_sync"
+	defaultMountDir  = filepath.Join("/media", os.Getenv("USER"), defaultDataDir)
+	defaultSyncDir   = os.Getenv("HOME")
+	defaultTargetDir = filepath.Join(defaultMountDir, os.Getenv("USER"))
+)
+
+func usage(w io.Writer) {
+	prog := filepath.Base(os.Args[0])
+	fmt.Fprintf(w, `Usage: %s [-d path] [-l level] [-m path] [-nqsv]
+				  [-t path]
+	-d path		path to sync source directory
+			(default "%s")
+	-l level	log level to output (default "INFO"). Valid log
+			levels are DEBUG, INFO, NOTICE, WARNING, ERR,
+			CRIT, ALERT, EMERG. The default is INFO.
+	-m path		path to sync mount directory
+			(default "%s")
+	-n		dry-run mode: only check paths and print files to
+			exclude
+	-q		suppress console output
+	-s		suppress syslog output
+	-t path		path to sync target directory
+			(default "%s")
+	-v		verbose rsync output
+
+%s rsyncs the tree at the sync source directory (-d) to the sync target
+directory (-t); it checks the mount directory (-m) exists; the sync target
+target directory must exist on the mount directory.
+
+`, prog, defaultSyncDir, defaultMountDir, defaultTargetDir, prog)
+}
+
+func checkPaths(mount, target string, dryRun bool) error {
+	if !fileutil.DirectoryDoesExist(mount) {
+		return fmt.Errorf("sync dir %s isn't mounted", mount)
+	}
+
+	if !strings.HasPrefix(target, mount) {
+		return fmt.Errorf("target dir %s must exist in %s", target, mount)
+	}
+
+	if !fileutil.DirectoryDoesExist(target) {
+		if dryRun {
+			log.Infof("would mkdir %s", target)
+		} else {
+			log.Infof("mkdir %s", target)
+			if err := os.Mkdir(target, 0755); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func buildExcludes(syncDir string) ([]string, error) {
+	var excluded []string
+
+	walker := func(path string, info fs.FileInfo, err error) error {
+		if err != nil {
+			excluded = append(excluded, strings.TrimPrefix(path, syncDir))
+			if info != nil && info.IsDir() {
+				return filepath.SkipDir
+			}
+
+			return nil
+		}
+
+		if info.Mode().IsRegular() {
+			if err = fileutil.Access(path, fileutil.AccessRead); err != nil {
+				excluded = append(excluded, strings.TrimPrefix(path, syncDir))
+			}
+		}
+
+		if info.IsDir() {
+			if err = fileutil.Access(path, fileutil.AccessExec); err != nil {
+				excluded = append(excluded, strings.TrimPrefix(path, syncDir))
+			}
+		}
+
+		return nil
+	}
+
+	err := filepath.Walk(syncDir, walker)
+	return excluded, err
+}
+
+func writeExcludes(excluded []string) (string, error) {
+	if len(excluded) == 0 {
+		return "", nil
+	}
+
+	excludeFile, err := os.CreateTemp("", defaultProgName)
+	if err != nil {
+		return "", err
+	}
+
+	for _, name := range excluded {
+		fmt.Fprintln(excludeFile, name)
+	}
+
+	defer excludeFile.Close()
+	return excludeFile.Name(), nil
+}
+
+func rsync(syncDir, target, excludeFile string, verboseRsync bool) error {
+	var args []string
+
+	if excludeFile != "" {
+		args = append(args, "--exclude-from")
+		args = append(args, excludeFile)
+	}
+
+	if verboseRsync {
+		args = append(args, "--progress")
+		args = append(args, "-v")
+	}
+
+	args = append(args, []string{"-au", syncDir + "/", target + "/"}...)
+
+	path, err := exec.LookPath("rsync")
+	if err != nil {
+		return err
+	}
+
+	cmd := exec.Command(path, args...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
+func init() {
+	flag.Usage = func() { usage(os.Stderr) }
+}
+
+func main() {
+
+	var logLevel, mountDir, syncDir, target string
+	var dryRun, quietMode, noSyslog, verboseRsync bool
+
+	flag.StringVar(&syncDir, "d", config.GetDefault("sync_dir", defaultSyncDir),
+		"`path to sync source directory`")
+	flag.StringVar(&logLevel, "l", config.GetDefault("log_level", "INFO"),
+		"log level to output")
+	flag.StringVar(&mountDir, "m", config.GetDefault("mount_dir", defaultMountDir),
+		"`path` to sync mount directory")
+	flag.BoolVar(&dryRun, "n", false, "dry-run mode: only check paths and print files to exclude")
+	flag.BoolVar(&quietMode, "q", quietMode, "suppress console output")
+	flag.BoolVar(&noSyslog, "s", noSyslog, "suppress syslog output")
+	flag.StringVar(&target, "t", config.GetDefault("sync_target", defaultTargetDir),
+		"`path` to sync target directory")
+	flag.BoolVar(&verboseRsync, "v", false, "verbose rsync output")
+	flag.Parse()
+
+	if quietMode && noSyslog {
+		fmt.Fprintln(os.Stderr, "both console and syslog output are suppressed")
+		fmt.Fprintln(os.Stderr, "errors will NOT be reported")
+	}
+
+	logOpts := &log.Options{
+		Level:        logLevel,
+		Tag:          defaultProgName,
+		Facility:     "user",
+		WriteSyslog:  !noSyslog,
+		WriteConsole: !quietMode,
+	}
+	err := log.Setup(logOpts)
+	log.FatalError(err, "failed to set up logging")
+
+	log.Infof("checking paths: mount=%s, target=%s", mountDir, target)
+	err = checkPaths(mountDir, target, dryRun)
+	log.FatalError(err, "target dir isn't ready")
+
+	log.Infof("checking for files to exclude from %s", syncDir)
+	excluded, err := buildExcludes(syncDir)
+	log.FatalError(err, "couldn't build excludes")
+
+	if dryRun {
+		fmt.Println("excluded files:")
+		for _, path := range excluded {
+			fmt.Printf("\t%s\n", path)
+		}
+		return
+	}
+
+	excludeFile, err := writeExcludes(excluded)
+	log.FatalError(err, "couldn't write exclude file")
+	log.Infof("excluding %d files via %s", len(excluded), excludeFile)
+
+	if excludeFile != "" {
+		defer func() {
+			log.Infof("removing exclude file %s", excludeFile)
+			if err := os.Remove(excludeFile); err != nil {
+				log.Warningf("failed to remove temp file %s", excludeFile)
+			}
+		}()
+	}
+
+	err = rsync(syncDir, target, excludeFile, verboseRsync)
+	log.FatalError(err, "couldn't sync data")
+}

cmd/diskimg/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "diskimg_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/diskimg",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//ahash",
-        "//dbg",
-        "//die",
-    ],
-)
-
-go_binary(
-    name = "diskimg",
-    embed = [":diskimg_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/dumpbytes/main.go

@@ -0,0 +1,71 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"git.wntrmute.dev/kyle/goutils/die"
+	"io"
+	"os"
+)
+
+func usage(w io.Writer, exc int) {
+	fmt.Fprintln(w, `usage: dumpbytes <file>`)
+	os.Exit(exc)
+}
+
+func printBytes(buf []byte) {
+	fmt.Printf("\t")
+	for i := 0; i < len(buf); i++ {
+		fmt.Printf("0x%02x, ", buf[i])
+	}
+	fmt.Println()
+}
+
+func dumpFile(path string, indentLevel int) error {
+	indent := ""
+	for i := 0; i < indentLevel; i++ {
+		indent += "\t"
+	}
+
+	file, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+
+	defer file.Close()
+
+	fmt.Printf("%svar buffer = []byte{\n", indent)
+	for {
+		buf := make([]byte, 8)
+		n, err := file.Read(buf)
+		if err == io.EOF {
+			if n > 0 {
+				fmt.Printf("%s", indent)
+				printBytes(buf[:n])
+			}
+			break
+		}
+
+		if err != nil {
+			return err
+		}
+
+		fmt.Printf("%s", indent)
+		printBytes(buf[:n])
+	}
+
+	fmt.Printf("%s}\n", indent)
+	return nil
+}
+
+func main() {
+	indent := 0
+	flag.Usage = func() { usage(os.Stderr, 0) }
+	flag.IntVar(&indent, "n", 0, "indent level")
+	flag.Parse()
+
+	for _, file := range flag.Args() {
+		err := dumpFile(file, indent)
+		die.If(err)
+	}
+}

cmd/eig/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "eig_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/eig",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "eig",
-    embed = [":eig_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/fragment/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "fragment_lib",
-    srcs = ["fragment.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/fragment",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "fragment",
-    embed = [":fragment_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/host/README

@@ -0,0 +1,5 @@
+host
+
+This is a utility to display CNAME records and IPs for a hostname. It
+was born of my frustration in trying to figure out how to get the host(1)
+tool installed on Fedora.

cmd/host/main.go

@@ -0,0 +1,41 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net"
+)
+
+func lookupHost(host string) error {
+	cname, err := net.LookupCNAME(host)
+	if err != nil {
+		return err
+	}
+
+	if cname != host {
+		fmt.Printf("%s is a CNAME for %s\n", host, cname)
+		host = cname
+	}
+
+	addrs, err := net.LookupHost(host)
+	if err != nil {
+		return err
+	}
+
+	for _, addr := range addrs {
+		fmt.Printf("\t%s\n", addr)
+	}
+
+	return nil
+}
+
+func main() {
+	flag.Parse()
+
+	for _, arg := range flag.Args() {
+		if err := lookupHost(arg); err != nil {
+			log.Printf("%s: %s", arg, err)
+		}
+	}
+}

cmd/jlp/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "jlp_lib",
-    srcs = ["jlp.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/jlp",
-    visibility = ["//visibility:private"],
-    deps = ["//lib"],
-)
-
-go_binary(
-    name = "jlp",
-    embed = [":jlp_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/kgz/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "kgz_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/kgz",
-    visibility = ["//visibility:private"],
-    deps = ["@com_github_pkg_errors//:errors"],
-)
-
-go_binary(
-    name = "kgz",
-    embed = [":kgz_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/minmax/README

@@ -0,0 +1,3 @@
+minmax
+
+A quick tool to calculate minmax codes if needed for uLisp.

cmd/minmax/minmax.go

@@ -0,0 +1,53 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"strconv"
+)
+
+var kinds = map[string]int{
+	"sym": 0,
+	"tf":  1,
+	"fn":  2,
+	"sp":  3,
+}
+
+func dieIf(err error) {
+	if err == nil {
+		return
+	}
+	fmt.Fprintf(os.Stderr, "[!] %s\n", err)
+	os.Exit(1)
+}
+
+func usage() {
+	fmt.Fprintf(os.Stderr, "usage: minmax type min max\n")
+	fmt.Fprintf(os.Stderr, "    type is one of fn, sp, sym, tf\n")
+	os.Exit(1)
+}
+
+func main() {
+	flag.Parse()
+
+	if flag.NArg() != 3 {
+		usage()
+	}
+
+	kind, ok := kinds[flag.Arg(0)]
+	if !ok {
+		usage()
+	}
+
+	min, err := strconv.Atoi(flag.Arg(1))
+	dieIf(err)
+
+	max, err := strconv.Atoi(flag.Arg(2))
+	dieIf(err)
+
+	code := kind << 6
+	code += (min << 3)
+	code += max
+	fmt.Printf("%0o\n", code)
+}

cmd/parts/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "parts_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/parts",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "parts",
-    embed = [":parts_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/pem2bin/BUILD.bazel

@@ -1,14 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "pem2bin_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/pem2bin",
-    visibility = ["//visibility:private"],
-)
-
-go_binary(
-    name = "pem2bin",
-    embed = [":pem2bin_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/pembody/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "pembody_lib",
-    srcs = ["pembody.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/pembody",
-    visibility = ["//visibility:private"],
-    deps = ["//lib"],
-)
-
-go_binary(
-    name = "pembody",
-    embed = [":pembody_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/pemit/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "pemit_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/pemit",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//assert",
-        "//die",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "pemit",
-    embed = [":pemit_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/readchain/BUILD.bazel

@@ -1,14 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "readchain_lib",
-    srcs = ["chain.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/readchain",
-    visibility = ["//visibility:private"],
-)
-
-go_binary(
-    name = "readchain",
-    embed = [":readchain_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/renfnv/BUILD.bazel

@@ -1,18 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "renfnv_lib",
-    srcs = ["renfnv.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/renfnv",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//fileutil",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "renfnv",
-    embed = [":renfnv_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/rhash/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "rhash_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/rhash",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//ahash",
-        "//die",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "rhash",
-    embed = [":rhash_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/rolldie/main.go

@@ -0,0 +1,48 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"math/rand"
+	"os"
+	"regexp"
+	"strconv"
+
+	"git.wntrmute.dev/kyle/goutils/die"
+)
+
+var dieRollFormat = regexp.MustCompile(`^(\d+)[dD](\d+)$`)
+
+func rollDie(count, sides int) []int {
+	sum := 0
+	var rolls []int
+
+	for i := 0; i < count; i++ {
+		roll := rand.Intn(sides) + 1
+		sum += roll
+		rolls = append(rolls, roll)
+	}
+
+	rolls = append(rolls, sum)
+	return rolls
+}
+
+func main() {
+	flag.Parse()
+
+	for _, arg := range flag.Args() {
+		if !dieRollFormat.MatchString(arg) {
+			fmt.Fprintf(os.Stderr, "invalid die format %s: should be XdY\n", arg)
+			os.Exit(1)
+		}
+
+		dieRoll := dieRollFormat.FindAllStringSubmatch(arg, -1)
+		count, err := strconv.Atoi(dieRoll[0][1])
+		die.If(err)
+
+		sides, err := strconv.Atoi(dieRoll[0][2])
+		die.If(err)
+
+		fmt.Println(rollDie(count, sides))
+	}
+}

cmd/showimp/BUILD.bazel

@@ -1,18 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "showimp_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/showimp",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//dbg",
-        "//die",
-    ],
-)
-
-go_binary(
-    name = "showimp",
-    embed = [":showimp_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/ski/BUILD.bazel

@@ -1,18 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "ski_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/ski",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//die",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "ski",
-    embed = [":ski_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/sprox/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "sprox_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/sprox",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "sprox",
-    embed = [":sprox_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/stealchain-server/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "stealchain-server_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/stealchain-server",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "stealchain-server",
-    embed = [":stealchain-server_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/stealchain/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "stealchain_lib",
-    srcs = ["thief.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/stealchain",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "stealchain",
-    embed = [":stealchain_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/subjhash/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "subjhash_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/subjhash",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//certlib",
-        "//die",
-        "//lib",
-    ],
-)
-
-go_binary(
-    name = "subjhash",
-    embed = [":subjhash_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/tlskeypair/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "tlskeypair_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/tlskeypair",
-    visibility = ["//visibility:private"],
-    deps = ["//die"],
-)
-
-go_binary(
-    name = "tlskeypair",
-    embed = [":tlskeypair_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/utc/BUILD.bazel

@@ -1,14 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "utc_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/utc",
-    visibility = ["//visibility:private"],
-)
-
-go_binary(
-    name = "utc",
-    embed = [":utc_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/yamll/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "yamll_lib",
-    srcs = ["main.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/cmd/yamll",
-    visibility = ["//visibility:private"],
-    deps = ["@in_gopkg_yaml_v2//:yaml_v2"],
-)
-
-go_binary(
-    name = "yamll",
-    embed = [":yamll_lib"],
-    visibility = ["//visibility:public"],
-)

cmd/zsearch/main.go

@@ -0,0 +1,136 @@
+// zsearch is a utility for searching zlib-compressed files for a
+// search string. It was really designed for use with the Git object
+// store, i.e. to aid in the recovery of files after Git does what Git
+// do.
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"compress/zlib"
+	"flag"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"regexp"
+)
+
+const defaultDirectory = ".git/objects"
+
+func errorf(format string, a ...interface{}) {
+	fmt.Fprintf(os.Stderr, format, a...)
+	if format[len(format)-1] != '\n' {
+		fmt.Fprintf(os.Stderr, "\n")
+	}
+}
+
+func isDir(path string) bool {
+	fi, err := os.Stat(path)
+	if err != nil {
+		return false
+	}
+
+	return fi.IsDir()
+}
+
+func loadFile(path string) ([]byte, error) {
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	buf := new(bytes.Buffer)
+	zread, err := zlib.NewReader(file)
+	if err != nil {
+		return nil, err
+	}
+	defer zread.Close()
+
+	_, err = io.Copy(buf, zread)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func showFile(path string) {
+	fileData, err := loadFile(path)
+	if err != nil {
+		errorf("%v", err)
+		return
+	}
+
+	fmt.Printf("%s\n", fileData)
+}
+
+func searchFile(path string, search *regexp.Regexp) error {
+	file, err := os.Open(path)
+	if err != nil {
+		errorf("%v", err)
+		return err
+	}
+	defer file.Close()
+
+	zread, err := zlib.NewReader(file)
+	if err != nil {
+		errorf("%v", err)
+		return err
+	}
+	defer zread.Close()
+
+	zbuf := bufio.NewReader(zread)
+	if search.MatchReader(zbuf) {
+		fileData, err := loadFile(path)
+		if err != nil {
+			errorf("%v", err)
+			return err
+		}
+		fmt.Printf("%s:\n%s\n", path, fileData)
+	}
+	return nil
+}
+
+func buildWalker(searchExpr *regexp.Regexp) filepath.WalkFunc {
+	return func(path string, info os.FileInfo, err error) error {
+		if info.Mode().IsRegular() {
+			return searchFile(path, searchExpr)
+		}
+		return nil
+	}
+}
+
+func main() {
+	flSearch := flag.String("s", "", "search string (should be an RE2 regular expression)")
+	flag.Parse()
+
+	if *flSearch == "" {
+		for _, path := range flag.Args() {
+			showFile(path)
+		}
+	} else {
+		search, err := regexp.Compile(*flSearch)
+		if err != nil {
+			errorf("Bad regexp: %v", err)
+			return
+		}
+
+		pathList := flag.Args()
+		if len(pathList) == 0 {
+			pathList = []string{defaultDirectory}
+		}
+
+		for _, path := range pathList {
+			if isDir(path) {
+				err := filepath.Walk(path, buildWalker(search))
+				if err != nil {
+					errorf("%v", err)
+					return
+				}
+			} else {
+				searchFile(path, search)
+			}
+		}
+	}
+}

config/BUILD.bazel

@@ -1,24 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "config",
-    srcs = [
-        "config.go",
-        "path.go",
-        "path_linux.go",
-    ],
-    importpath = "git.wntrmute.dev/kyle/goutils/config",
-    visibility = ["//visibility:public"],
-    deps = ["//config/iniconf"],
-)
-
-go_test(
-    name = "config_test",
-    size = "small",
-    srcs = [
-        "config_test.go",
-        "path_test.go",
-    ],
-    data = glob(["testdata/**"]),
-    embed = [":config"],
-)

config/iniconf/BUILD.bazel

@@ -1,16 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "iniconf",
-    srcs = ["iniconf.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/config/iniconf",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "iniconf_test",
-    size = "small",
-    srcs = ["iniconf_test.go"],
-    data = glob(["testdata/**"]),
-    embed = [":iniconf"],
-)

dbg/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "dbg",
-    srcs = ["dbg.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/dbg",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "dbg_test",
-    size = "small",
-    srcs = ["dbg_test.go"],
-    embed = [":dbg"],
-    deps = [
-        "//testio",
-        "@com_github_stretchr_testify//require",
-    ],
-)

dbg/dbg_test.go

@@ -1,12 +1,13 @@
 package dbg
 
 import (
+	"fmt"
 	"io/ioutil"
 	"os"
 	"testing"
 
+	"git.wntrmute.dev/kyle/goutils/assert"
 	"git.wntrmute.dev/kyle/goutils/testio"
-	"github.com/stretchr/testify/require"
 )
 
 func TestNew(t *testing.T) {
@@ -17,16 +18,16 @@ func TestNew(t *testing.T) {
 	dbg.Print("hello")
 	dbg.Println("hello")
 	dbg.Printf("hello %s", "world")
-	require.Equal(t, 0, buf.Len())
+	assert.BoolT(t, buf.Len() == 0)
 
 	dbg.Enabled = true
 	dbg.Print("hello")              // +5
 	dbg.Println("hello")            // +6
 	dbg.Printf("hello %s", "world") // +11
-	require.Equal(t, 22, buf.Len())
+	assert.BoolT(t, buf.Len() == 22, fmt.Sprintf("buffer should be length 22 but is length %d", buf.Len()))
 
 	err := dbg.Close()
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 }
 
 func TestTo(t *testing.T) {
@@ -36,39 +37,38 @@ func TestTo(t *testing.T) {
 	dbg.Print("hello")
 	dbg.Println("hello")
 	dbg.Printf("hello %s", "world")
-	require.Equal(t, 0, buf.Len())
+	assert.BoolT(t, buf.Len() == 0, "debug output should be suppressed")
 
 	dbg.Enabled = true
 	dbg.Print("hello")              // +5
 	dbg.Println("hello")            // +6
 	dbg.Printf("hello %s", "world") // +11
-
-	require.Equal(t, 22, buf.Len())
+	assert.BoolT(t, buf.Len() == 22, "didn't get the expected debug output")
 
 	err := dbg.Close()
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 }
 
 func TestToFile(t *testing.T) {
 	testFile, err := ioutil.TempFile("", "dbg")
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 	err = testFile.Close()
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 
 	testFileName := testFile.Name()
 	defer os.Remove(testFileName)
 
 	dbg, err := ToFile(testFileName)
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 
 	dbg.Print("hello")
 	dbg.Println("hello")
 	dbg.Printf("hello %s", "world")
 
 	stat, err := os.Stat(testFileName)
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 
-	require.EqualValues(t, 0, stat.Size())
+	assert.BoolT(t, stat.Size() == 0, "no debug output should have been sent to the log file")
 
 	dbg.Enabled = true
 	dbg.Print("hello")              // +5
@@ -76,12 +76,12 @@ func TestToFile(t *testing.T) {
 	dbg.Printf("hello %s", "world") // +11
 
 	stat, err = os.Stat(testFileName)
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 
-	require.EqualValues(t, 22, stat.Size())
+	assert.BoolT(t, stat.Size() == 22, fmt.Sprintf("have %d bytes in the log file, expected 22", stat.Size()))
 
 	err = dbg.Close()
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 }
 
 func TestWriting(t *testing.T) {
@@ -90,31 +90,31 @@ func TestWriting(t *testing.T) {
 	dbg := To(buf)
 
 	n, err := dbg.Write(data)
-	require.NoError(t, err)
-	require.EqualValues(t, 0, n)
+	assert.NoErrorT(t, err)
+	assert.BoolT(t, n == 0, "expected nothing to be written to the buffer")
 
 	dbg.Enabled = true
 	n, err = dbg.Write(data)
-	require.NoError(t, err)
-	require.EqualValues(t, 12, n)
+	assert.NoErrorT(t, err)
+	assert.BoolT(t, n == 12, fmt.Sprintf("wrote %d bytes in the buffer, expected to write 12", n))
 
 	err = dbg.Close()
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 }
 
 func TestToFileError(t *testing.T) {
 	testFile, err := ioutil.TempFile("", "dbg")
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 	err = testFile.Chmod(0400)
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 	err = testFile.Close()
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 
 	testFileName := testFile.Name()
 
 	_, err = ToFile(testFileName)
-	require.Error(t, err)
+	assert.ErrorT(t, err)
 
 	err = os.Remove(testFileName)
-	require.NoError(t, err)
+	assert.NoErrorT(t, err)
 }

deps.bzl

@@ -1,352 +0,0 @@
-load("@bazel_gazelle//:deps.bzl", "go_repository")
-
-def go_dependencies():
-    go_repository(
-        name = "com_github_akavel_rsrc",
-        importpath = "github.com/akavel/rsrc",
-        sum = "h1:zjWn7ukO9Kc5Q62DOJCcxGpXC18RawVtYAGdz2aLlfw=",
-        version = "v0.8.0",
-    )
-    go_repository(
-        name = "com_github_certifi_gocertifi",
-        importpath = "github.com/certifi/gocertifi",
-        sum = "h1:6/yVvBsKeAw05IUj4AzvrxaCnDjN4nUqKjW9+w5wixg=",
-        version = "v0.0.0-20180118203423-deb3ae2ef261",
-    )
-    go_repository(
-        name = "com_github_cloudflare_backoff",
-        importpath = "github.com/cloudflare/backoff",
-        sum = "h1:8d1CEOF1xldesKds5tRG3tExBsMOgWYownMHNCsev54=",
-        version = "v0.0.0-20161212185259-647f3cdfc87a",
-    )
-    go_repository(
-        name = "com_github_cloudflare_cfssl",
-        importpath = "github.com/cloudflare/cfssl",
-        sum = "h1:vFJDAvQgFSRbCn9zg8KpSrrEZrBAQ4KO5oNK7SXEyb0=",
-        version = "v1.5.0",
-    )
-    go_repository(
-        name = "com_github_cloudflare_go_metrics",
-        importpath = "github.com/cloudflare/go-metrics",
-        sum = "h1:/8sZyuGTAU2+fYv0Sz9lBcipqX0b7i4eUl8pSStk/4g=",
-        version = "v0.0.0-20151117154305-6a9aea36fb41",
-    )
-    go_repository(
-        name = "com_github_cloudflare_redoctober",
-        importpath = "github.com/cloudflare/redoctober",
-        sum = "h1:p0Q1GvgWtVf46XpMMibupKiE7aQxPYUIb+/jLTTK2kM=",
-        version = "v0.0.0-20171127175943-746a508df14c",
-    )
-    go_repository(
-        name = "com_github_creack_pty",
-        importpath = "github.com/creack/pty",
-        sum = "h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=",
-        version = "v1.1.9",
-    )
-    go_repository(
-        name = "com_github_daaku_go_zipexe",
-        importpath = "github.com/daaku/go.zipexe",
-        sum = "h1:VSOgZtH418pH9L16hC/JrgSNJbbAL26pj7lmD1+CGdY=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_davecgh_go_spew",
-        importpath = "github.com/davecgh/go-spew",
-        sum = "h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=",
-        version = "v1.1.1",
-    )
-    go_repository(
-        name = "com_github_geertjohan_go_incremental",
-        importpath = "github.com/GeertJohan/go.incremental",
-        sum = "h1:7AH+pY1XUgQE4Y1HcXYaMqAI0m9yrFqo/jt0CW30vsg=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_geertjohan_go_rice",
-        importpath = "github.com/GeertJohan/go.rice",
-        sum = "h1:KkI6O9uMaQU3VEKaj01ulavtF7o1fWT7+pk/4voiMLQ=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_getsentry_raven_go",
-        importpath = "github.com/getsentry/raven-go",
-        sum = "h1:ELaJ1cjF2nEJeIlHXahGme22yG7TK+3jB6IGCq0Cdrc=",
-        version = "v0.0.0-20180121060056-563b81fc02b7",
-    )
-    go_repository(
-        name = "com_github_go_sql_driver_mysql",
-        importpath = "github.com/go-sql-driver/mysql",
-        sum = "h1:7LxgVwFb2hIQtMm87NdgAVfXjnt4OePseqT1tKx+opk=",
-        version = "v1.4.0",
-    )
-    go_repository(
-        name = "com_github_golang_protobuf",
-        importpath = "github.com/golang/protobuf",
-        sum = "h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=",
-        version = "v1.3.1",
-    )
-    go_repository(
-        name = "com_github_google_certificate_transparency_go",
-        importpath = "github.com/google/certificate-transparency-go",
-        sum = "h1:Yf1aXowfZ2nuboBsg7iYGLmwsOARdV86pfH3g95wXmE=",
-        version = "v1.0.21",
-    )
-    go_repository(
-        name = "com_github_hashicorp_go_syslog",
-        importpath = "github.com/hashicorp/go-syslog",
-        sum = "h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=",
-        version = "v1.0.0",
-    )
-
-    go_repository(
-        name = "com_github_jessevdk_go_flags",
-        importpath = "github.com/jessevdk/go-flags",
-        sum = "h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=",
-        version = "v1.4.0",
-    )
-    go_repository(
-        name = "com_github_jmhodges_clock",
-        importpath = "github.com/jmhodges/clock",
-        sum = "h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4=",
-        version = "v0.0.0-20160418191101-880ee4c33548",
-    )
-    go_repository(
-        name = "com_github_jmoiron_sqlx",
-        importpath = "github.com/jmoiron/sqlx",
-        sum = "h1:41Ip0zITnmWNR/vHV+S4m+VoUivnWY5E4OJfLZjCJMA=",
-        version = "v1.2.0",
-    )
-    go_repository(
-        name = "com_github_kisielk_sqlstruct",
-        importpath = "github.com/kisielk/sqlstruct",
-        sum = "h1:o/c0aWEP/m6n61xlYW2QP4t9424qlJOsxugn5Zds2Rg=",
-        version = "v0.0.0-20150923205031-648daed35d49",
-    )
-    go_repository(
-        name = "com_github_kisom_goutils",
-        importpath = "github.com/kisom/goutils",
-        sum = "h1:z4HEOgAnFq+e1+O4QdVsyDPatJDu5Ei/7w7DRbYjsIA=",
-        version = "v1.1.0",
-    )
-    go_repository(
-        name = "com_github_konsorten_go_windows_terminal_sequences",
-        importpath = "github.com/konsorten/go-windows-terminal-sequences",
-        sum = "h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=",
-        version = "v1.0.1",
-    )
-    go_repository(
-        name = "com_github_kr_fs",
-        importpath = "github.com/kr/fs",
-        sum = "h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=",
-        version = "v0.1.0",
-    )
-    go_repository(
-        name = "com_github_kr_pretty",
-        importpath = "github.com/kr/pretty",
-        sum = "h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=",
-        version = "v0.1.0",
-    )
-    go_repository(
-        name = "com_github_kr_pty",
-        importpath = "github.com/kr/pty",
-        sum = "h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw=",
-        version = "v1.1.1",
-    )
-    go_repository(
-        name = "com_github_kr_text",
-        importpath = "github.com/kr/text",
-        sum = "h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=",
-        version = "v0.2.0",
-    )
-    go_repository(
-        name = "com_github_kylelemons_go_gypsy",
-        importpath = "github.com/kylelemons/go-gypsy",
-        sum = "h1:mkl3tvPHIuPaWsLtmHTybJeoVEW7cbePK73Ir8VtruA=",
-        version = "v0.0.0-20160905020020-08cad365cd28",
-    )
-    go_repository(
-        name = "com_github_lib_pq",
-        importpath = "github.com/lib/pq",
-        sum = "h1:/qkRGz8zljWiDcFvgpwUpwIAPu3r07TDvs3Rws+o/pU=",
-        version = "v1.3.0",
-    )
-    go_repository(
-        name = "com_github_mattn_go_sqlite3",
-        importpath = "github.com/mattn/go-sqlite3",
-        sum = "h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=",
-        version = "v1.10.0",
-    )
-    go_repository(
-        name = "com_github_mreiferson_go_httpclient",
-        importpath = "github.com/mreiferson/go-httpclient",
-        sum = "h1:oKIteTqeSpenyTrOVj5zkiyCaflLa8B+CD0324otT+o=",
-        version = "v0.0.0-20160630210159-31f0106b4474",
-    )
-    go_repository(
-        name = "com_github_nkovacs_streamquote",
-        importpath = "github.com/nkovacs/streamquote",
-        sum = "h1:E2B8qYyeSgv5MXpmzZXRNp8IAQ4vjxIjhpAf5hv/tAg=",
-        version = "v0.0.0-20170412213628-49af9bddb229",
-    )
-    go_repository(
-        name = "com_github_op_go_logging",
-        importpath = "github.com/op/go-logging",
-        sum = "h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=",
-        version = "v0.0.0-20160315200505-970db520ece7",
-    )
-    go_repository(
-        name = "com_github_pkg_errors",
-        importpath = "github.com/pkg/errors",
-        sum = "h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=",
-        version = "v0.9.1",
-    )
-    go_repository(
-        name = "com_github_pkg_sftp",
-        importpath = "github.com/pkg/sftp",
-        sum = "h1:/f3b24xrDhkhddlaobPe2JgBqfdt+gC/NYl0QY9IOuI=",
-        version = "v1.12.0",
-    )
-    go_repository(
-        name = "com_github_pmezard_go_difflib",
-        importpath = "github.com/pmezard/go-difflib",
-        sum = "h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_sirupsen_logrus",
-        importpath = "github.com/sirupsen/logrus",
-        sum = "h1:hI/7Q+DtNZ2kINb6qt/lS+IyXnHQe9e90POfeewL/ME=",
-        version = "v1.3.0",
-    )
-    go_repository(
-        name = "com_github_stretchr_objx",
-        importpath = "github.com/stretchr/objx",
-        sum = "h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=",
-        version = "v0.1.1",
-    )
-    go_repository(
-        name = "com_github_stretchr_testify",
-        importpath = "github.com/stretchr/testify",
-        sum = "h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=",
-        version = "v1.6.1",
-    )
-    go_repository(
-        name = "com_github_valyala_bytebufferpool",
-        importpath = "github.com/valyala/bytebufferpool",
-        sum = "h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=",
-        version = "v1.0.0",
-    )
-    go_repository(
-        name = "com_github_valyala_fasttemplate",
-        importpath = "github.com/valyala/fasttemplate",
-        sum = "h1:tY9CJiPnMXf1ERmG2EyK7gNUd+c6RKGD0IfU8WdUSz8=",
-        version = "v1.0.1",
-    )
-    go_repository(
-        name = "com_github_weppos_publicsuffix_go",
-        importpath = "github.com/weppos/publicsuffix-go",
-        sum = "h1:0Tu1uzLBd1jPn4k6OnMmOPZH/l/9bj9kUOMMkoRs6Gg=",
-        version = "v0.13.0",
-    )
-    go_repository(
-        name = "com_github_ziutek_mymysql",
-        importpath = "github.com/ziutek/mymysql",
-        sum = "h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=",
-        version = "v1.5.4",
-    )
-    go_repository(
-        name = "com_github_zmap_rc2",
-        importpath = "github.com/zmap/rc2",
-        sum = "h1:kKCF7VX/wTmdg2ZjEaqlq99Bjsoiz7vH6sFniF/vI4M=",
-        version = "v0.0.0-20131011165748-24b9757f5521",
-    )
-    go_repository(
-        name = "com_github_zmap_zcertificate",
-        importpath = "github.com/zmap/zcertificate",
-        sum = "h1:17HHAgFKlLcZsDOjBOUrd5hDihb1ggf+1a5dTbkgkIY=",
-        version = "v0.0.0-20180516150559-0e3d58b1bac4",
-    )
-    go_repository(
-        name = "com_github_zmap_zcrypto",
-        importpath = "github.com/zmap/zcrypto",
-        sum = "h1:PIpcdSOg3pMdFJUBg5yR9xxcj5rm/SGAyaWT/wK6Kco=",
-        version = "v0.0.0-20200911161511-43ff0ea04f21",
-    )
-    go_repository(
-        name = "com_github_zmap_zlint_v2",
-        importpath = "github.com/zmap/zlint/v2",
-        sum = "h1:b2kI/ToXX16h2wjV2c6Da65eT6aTMtkLHKetXuM9EtI=",
-        version = "v2.2.1",
-    )
-    go_repository(
-        name = "in_gopkg_check_v1",
-        importpath = "gopkg.in/check.v1",
-        sum = "h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=",
-        version = "v1.0.0-20180628173108-788fd7840127",
-    )
-    go_repository(
-        name = "in_gopkg_yaml_v2",
-        importpath = "gopkg.in/yaml.v2",
-        sum = "h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=",
-        version = "v2.4.0",
-    )
-    go_repository(
-        name = "in_gopkg_yaml_v3",
-        importpath = "gopkg.in/yaml.v3",
-        sum = "h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=",
-        version = "v3.0.0-20200313102051-9f266ea9e77c",
-    )
-    go_repository(
-        name = "org_bitbucket_liamstask_goose",
-        importpath = "bitbucket.org/liamstask/goose",
-        sum = "h1:bkb2NMGo3/Du52wvYj9Whth5KZfMV6d3O0Vbr3nz/UE=",
-        version = "v0.0.0-20150115234039-8488cc47d90c",
-    )
-    go_repository(
-        name = "org_golang_google_appengine",
-        importpath = "google.golang.org/appengine",
-        sum = "h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=",
-        version = "v1.6.6",
-    )
-    go_repository(
-        name = "org_golang_x_crypto",
-        importpath = "golang.org/x/crypto",
-        sum = "h1:Qwe1rC8PSniVfAFPFJeyUkB+zcysC3RgJBAGk7eqBEU=",
-        version = "v0.0.0-20220314234659-1baeb1ce4c0b",
-    )
-    go_repository(
-        name = "org_golang_x_lint",
-        importpath = "golang.org/x/lint",
-        sum = "h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=",
-        version = "v0.0.0-20190930215403-16217165b5de",
-    )
-    go_repository(
-        name = "org_golang_x_net",
-        importpath = "golang.org/x/net",
-        sum = "h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=",
-        version = "v0.0.0-20211112202133-69e39bad7dc2",
-    )
-    go_repository(
-        name = "org_golang_x_sys",
-        importpath = "golang.org/x/sys",
-        sum = "h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=",
-        version = "v0.0.0-20220412211240-33da011f77ad",
-    )
-    go_repository(
-        name = "org_golang_x_term",
-        importpath = "golang.org/x/term",
-        sum = "h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=",
-        version = "v0.0.0-20201126162022-7de9c90e9dd1",
-    )
-    go_repository(
-        name = "org_golang_x_text",
-        importpath = "golang.org/x/text",
-        sum = "h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=",
-        version = "v0.3.6",
-    )
-    go_repository(
-        name = "org_golang_x_tools",
-        importpath = "golang.org/x/tools",
-        sum = "h1:/e+gpKk9r3dJobndpTytxS2gOy6m5uvpg+ISQoEcusQ=",
-        version = "v0.0.0-20190311212946-11955173bddd",
-    )

die/BUILD.bazel

@@ -1,8 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "die",
-    srcs = ["die.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/die",
-    visibility = ["//visibility:public"],
-)

fileutil/BUILD.bazel

@@ -1,54 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "fileutil",
-    srcs = [
-        "fileutil.go",
-        "fileutil_windows.go",
-        "symlinks.go",
-    ],
-    importpath = "git.wntrmute.dev/kyle/goutils/fileutil",
-    visibility = ["//visibility:public"],
-    deps = select({
-        "@io_bazel_rules_go//go/platform:aix": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:android": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:darwin": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:dragonfly": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:freebsd": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:illumos": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:ios": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:js": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:netbsd": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:openbsd": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:plan9": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:solaris": [
-            "@org_golang_x_sys//unix",
-        ],
-        "//conditions:default": [],
-    }),
-)

gazelle.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-set -euxo pipefail
-
-BAZEL="bazel"
-if [ -z "$(command -v ${BAZEL})" ]
-then
-	BAZEL="bazelisk"
-fi
-
-$BAZEL run //:gazelle
-$BAZEL run //:gazelle -- update-repos -from_file=go.mod -to_macro=deps.bzl%go_dependencies
-$BAZEL run //:gazelle
-

go.mod

@@ -7,7 +7,6 @@ require (
 	github.com/kr/text v0.2.0
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/sftp v1.12.0
-	github.com/stretchr/testify v1.6.1
 	golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
 	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
 	gopkg.in/yaml.v2 v2.4.0
@@ -21,7 +20,5 @@ require (
 require (
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kr/pretty v0.1.0 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )

lib/BUILD.bazel

@@ -1,109 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "lib",
-    srcs = [
-        "defs.go",
-        "ftime_bsd.go",
-        "ftime_unix.go",
-        "lib.go",
-    ],
-    importpath = "git.wntrmute.dev/kyle/goutils/lib",
-    visibility = ["//visibility:public"],
-    deps = select({
-        "@io_bazel_rules_go//go/platform:android_386": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:android_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:android_arm": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:android_arm64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:darwin_386": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:darwin_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:freebsd_386": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:freebsd_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:freebsd_arm": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:freebsd_arm64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:ios_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_386": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_arm": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_arm64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_mips": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_mips64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_mips64le": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_mipsle": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_ppc64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_ppc64le": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_riscv64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:linux_s390x": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:netbsd_386": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:netbsd_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:netbsd_arm": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:netbsd_arm64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:openbsd_386": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:openbsd_amd64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:openbsd_arm": [
-            "@org_golang_x_sys//unix",
-        ],
-        "@io_bazel_rules_go//go/platform:openbsd_arm64": [
-            "@org_golang_x_sys//unix",
-        ],
-        "//conditions:default": [],
-    }),
-)

log/BUILD.bazel

@@ -1,23 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "syslog",
-    srcs = ["logger.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/syslog",
-    visibility = ["//visibility:public"],
-    deps = [
-        "@com_github_davecgh_go_spew//spew",
-        "@com_github_hashicorp_go_syslog//:go-syslog",
-    ],
-)
-
-go_library(
-    name = "log",
-    srcs = ["logger.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/log",
-    visibility = ["//visibility:public"],
-    deps = [
-        "@com_github_davecgh_go_spew//spew",
-        "@com_github_hashicorp_go_syslog//:go-syslog",
-    ],
-)

log/logger.go

@@ -12,8 +12,9 @@ import (
 )
 
 type logger struct {
-	l gsyslog.Syslogger
-	p gsyslog.Priority
+	l            gsyslog.Syslogger
+	p            gsyslog.Priority
+	writeConsole bool
 }
 
 func (log *logger) printf(p gsyslog.Priority, format string, args ...interface{}) {
@@ -21,7 +22,7 @@ func (log *logger) printf(p gsyslog.Priority, format string, args ...interface{}
 		format += "\n"
 	}
 
-	if p <= log.p {
+	if p <= log.p && log.writeConsole {
 		fmt.Printf("%s [%s] ", prioritiev[p], timestamp())
 		fmt.Printf(format, args...)
 	}
@@ -32,7 +33,7 @@ func (log *logger) printf(p gsyslog.Priority, format string, args ...interface{}
 }
 
 func (log *logger) print(p gsyslog.Priority, args ...interface{}) {
-	if p <= log.p {
+	if p <= log.p && log.writeConsole {
 		fmt.Printf("%s [%s] ", prioritiev[p], timestamp())
 		fmt.Print(args...)
 	}
@@ -43,7 +44,7 @@ func (log *logger) print(p gsyslog.Priority, args ...interface{}) {
 }
 
 func (log *logger) println(p gsyslog.Priority, args ...interface{}) {
-	if p <= log.p {
+	if p <= log.p && log.writeConsole {
 		fmt.Printf("%s [%s] ", prioritiev[p], timestamp())
 		fmt.Println(args...)
 	}
@@ -98,10 +99,11 @@ func timestamp() string {
 }
 
 type Options struct {
-	Level       string
-	Tag         string
-	Facility    string
-	WriteSyslog bool
+	Level        string
+	Tag          string
+	Facility     string
+	WriteSyslog  bool
+	WriteConsole bool
 }
 
 // DefaultOptions returns a sane set of defaults for syslog, using the program
@@ -113,10 +115,11 @@ func DefaultOptions(tag string, withSyslog bool) *Options {
 	}
 
 	return &Options{
-		Level:       "WARNING",
-		Tag:         tag,
-		Facility:    "daemon",
-		WriteSyslog: withSyslog,
+		Level:        "WARNING",
+		Tag:          tag,
+		Facility:     "daemon",
+		WriteSyslog:  withSyslog,
+		WriteConsole: true,
 	}
 }
 
@@ -129,9 +132,11 @@ func DefaultDebugOptions(tag string, withSyslog bool) *Options {
 	}
 
 	return &Options{
-		Level:       "DEBUG",
-		Facility:    "daemon",
-		WriteSyslog: withSyslog,
+		Level:        "DEBUG",
+		Tag:          tag,
+		Facility:     "daemon",
+		WriteSyslog:  withSyslog,
+		WriteConsole: true,
 	}
 }
 
@@ -142,6 +147,7 @@ func Setup(opts *Options) error {
 	}
 
 	log.p = priority
+	log.writeConsole = opts.WriteConsole
 
 	if opts.WriteSyslog {
 		var err error
@@ -261,6 +267,17 @@ func Fatalf(format string, args ...interface{}) {
 	os.Exit(1)
 }
 
+// FatalError will only execute if err != nil. If it does,
+// it will print the message (append the error) and exit
+// the program.
+func FatalError(err error, message string) {
+	if err == nil {
+		return
+	}
+
+	Fatal(fmt.Sprintf("%s: %s", message, err))
+}
+
 // Spew will pretty print the args if the logger is set to DEBUG priority.
 func Spew(args ...interface{}) {
 	log.spew(args...)

logging/BUILD.bazel

@@ -1,24 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "logging",
-    srcs = [
-        "console_logger.go",
-        "doc.go",
-        "file.go",
-        "levels.go",
-        "log.go",
-    ],
-    importpath = "git.wntrmute.dev/kyle/goutils/logging",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "logging_test",
-    size = "small",
-    srcs = [
-        "example_test.go",
-        "log_test.go",
-    ],
-    embed = [":logging"],
-)

logging/example/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
-
-go_library(
-    name = "example_lib",
-    srcs = ["example.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/logging/example",
-    visibility = ["//visibility:private"],
-    deps = ["//logging"],
-)
-
-go_binary(
-    name = "example",
-    embed = [":example_lib"],
-    visibility = ["//visibility:public"],
-)

mwc/BUILD.bazel

@@ -1,19 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "mwc",
-    srcs = ["mwc.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/mwc",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "mwc_test",
-    size = "small",
-    srcs = ["mwc_test.go"],
-    embed = [":mwc"],
-    deps = [
-        "//assert",
-        "//testio",
-    ],
-)

rand/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "rand",
-    srcs = ["rand.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/rand",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "rand_test",
-    size = "small",
-    srcs = ["rand_test.go"],
-    embed = [":rand"],
-)

sbuf/BUILD.bazel

@@ -1,16 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "sbuf",
-    srcs = ["sbuf.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/sbuf",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "sbuf_test",
-    size = "small",
-    srcs = ["sbuf_test.go"],
-    embed = [":sbuf"],
-    deps = ["@org_golang_x_crypto//nacl/box"],
-)

seekbuf/BUILD.bazel

@@ -1,16 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "seekbuf",
-    srcs = ["seekbuf.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/seekbuf",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "seekbuf_test",
-    size = "small",
-    srcs = ["seekbuf_test.go"],
-    embed = [":seekbuf"],
-    deps = ["//assert"],
-)

seekbuf/seekbuf.go

@@ -55,3 +55,8 @@ func (b *Buffer) Close() error {
 func (b *Buffer) Len() int {
 	return len(b.data[b.pos:])
 }
+
+// Bytes returns the underlying bytes from the current position.
+func (b *Buffer) Bytes() []byte {
+	return b.data[b.pos:]
+}

tee/BUILD.bazel

@@ -1,8 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "tee",
-    srcs = ["tee.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/tee",
-    visibility = ["//visibility:public"],
-)

testio/BUILD.bazel

@@ -1,15 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "testio",
-    srcs = ["testio.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/testio",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "testio_test",
-    size = "small",
-    srcs = ["testio_test.go"],
-    embed = [":testio"],
-)

testutil/BUILD.bazel

@@ -1,8 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "testutil",
-    srcs = ["testutil.go"],
-    importpath = "git.wntrmute.dev/kyle/goutils/testutil",
-    visibility = ["//visibility:public"],
-)