Updated golangci-lint config; xsd.sysvrc init script updates

.golangci.yml

@@ -1,327 +1,154 @@
-# This file contains all available configuration options
-# with their default values.
-
-# options for analysis running
-run:
-  # default concurrency is a available CPU number
-  concurrency: 4
-
-  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 1m
-
-  # exit code when at least one issue was found, default is 1
-  issues-exit-code: 1
-
-  # include test files or not, default is true
-  tests: true
-
-  # list of build tags, all linters use it. Default is empty list.
-  build-tags:
-    - mytag
-
-  # which dirs to skip: issues from them won't be reported;
-  # can use regexp here: generated.*, regexp is applied on full path;
-  # default value is empty list, but default dirs are skipped independently
-  # from this option's value (see skip-dirs-use-default).
-  skip-dirs:
-    - src/external_libs
-    - autogenerated_by_my_lib
-
-  # default is true. Enables skipping of directories:
-  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs-use-default: true
-
-  # which files to skip: they will be analyzed, but issues from them
-  # won't be reported. Default value is empty list, but there is
-  # no need to include all autogenerated files, we confidently recognize
-  # autogenerated files. If it's not please let us know.
-  skip-files:
-    - ".*\\.my\\.go$"
-    - lib/bad.go
-
-  # by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules":
-  # If invoked with -mod=readonly, the go command is disallowed from the implicit
-  # automatic updating of go.mod described above. Instead, it fails when any changes
-  # to go.mod are needed. This setting is most useful to check that go.mod does
-  # not need updates, such as in a continuous integration and testing system.
-  # If invoked with -mod=vendor, the go command assumes that the vendor
-  # directory holds the correct copies of dependencies and ignores
-  # the dependency descriptions in go.mod.
-  #! modules-download-mode: readonly|release|vendor
-
-
-# output configuration options
-output:
-  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: colored-line-number
-
-  # print lines of code with issue, default is true
-  print-issued-lines: true
-
-  # print linter name in the end of issue text, default is true
-  print-linter-name: true
-
-  # make issues output unique by line, default is true
-  uniq-by-line: true
-
-
-# all available settings of specific linters
 linters-settings:
-  dogsled:
+  depguard:
-    # checks assignments with too many blank identifiers; default is 2
+    list-type: blacklist
-    max-blank-identifiers: 2
+    packages:
+      # logging is allowed only by logutils.Log, logrus
+      # is allowed to use only in logutils package
+      - github.com/sirupsen/logrus
+    packages-with-error-message:
+      - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
   dupl:
-    # tokens count to trigger issue, 150 by default
     threshold: 100
-  errcheck:
-    # report about not checking of errors in type assetions: `a := b.(MyStruct)`;
-    # default is false: such cases aren't reported by default.
-    check-type-assertions: false
-
-    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
-    # default is false: such cases aren't reported by default.
-    check-blank: false
-
-    # [deprecated] comma-separated list of pairs of the form pkg:regex
-    # the regex is used to ignore names within pkg. (default "fmt:.*").
-    # see https://github.com/kisielk/errcheck#the-deprecated-method for details
-    ignore: fmt:.*,io/ioutil:^Read.*
-
-    # path to a file containing a list of functions to exclude from checking
-    # see https://github.com/kisielk/errcheck#excluding-functions for details
-    #!exclude: /path/to/file.txt
   funlen:
-    lines: 60
+    lines: 125
-    statements: 40
+    statements: 50
-  gocognit:
+  gci:
-    # minimal code complexity to report, 30 by default (but we recommend 10-20)
+    local-prefixes: github.com/golangci/golangci-lint
-    min-complexity: 10
   goconst:
-    # minimal length of string constant, 3 by default
+    min-len: 2
-    min-len: 3
+    min-occurrences: 2
-    # minimal occurrences count to trigger, 3 by default
-    min-occurrences: 3
   gocritic:
-    # Which checks should be enabled; can't be combined with 'disabled-checks';
-    # See https://go-critic.github.io/overview#checks-overview
-    # To check which checks are enabled run `GL_DEBUG=gocritic golangci-lint run`
-    # By default list of stable checks is used.
-    enabled-checks:
-      #!- rangeValCopy
-
-    # Which checks should be disabled; can't be combined with 'enabled-checks'; default is empty
-    disabled-checks:
-      - regexpMust
-
-    # Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint run` to see all tags and checks.
-    # Empty list by default. See https://github.com/go-critic/go-critic#usage -> section "Tags".
     enabled-tags:
+      - diagnostic
+      - experimental
+      - opinionated
       - performance
-
+      - style
-    settings: # settings passed to gocritic
+    disabled-checks:
-      captLocal: # must be valid enabled check name
+      - commentFormatting
-        paramsOnly: true
+      - dupImport # https://github.com/go-critic/go-critic/issues/845
-      rangeValCopy:
+      - ifElseChain
-        sizeThreshold: 32
+      - octalLiteral
+      - whyNoLint
+      - wrapperFunc
   gocyclo:
-    # minimal code complexity to report, 30 by default (but we recommend 10-20)
+    min-complexity: 15
-    min-complexity: 10
-  godox:
-    # report any comments starting with keywords, this is useful for TODO or FIXME comments that
-    # might be left in the code accidentally and should be resolved before merging
-    keywords: # default keywords are TODO, BUG, and FIXME, these can be overwritten by this setting
-      - NOTE
-      - OPTIMIZE # marks code that should be optimized before merging
-      - HACK # marks hack-arounds that should be removed before merging
-  gofmt:
-    # simplify code: gofmt with `-s` option, true by default
-    simplify: true
   goimports:
-    # put imports beginning with prefix after 3rd-party packages;
+    local-prefixes: github.com/golangci/golangci-lint
-    # it's a comma-separated list of prefixes
+  #golint:
-    local-prefixes: github.com/org/project
+  #  min-confidence: 0
-  golint:
-    # minimal confidence for issues, default is 0.8
-    min-confidence: 0.8
   gomnd:
     settings:
       mnd:
-        # the list of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description.
+        # don't include the "operation" and "assign"
-        checks: argument,case,condition,operation,return,assign
+        checks: argument,case,condition,return
   govet:
-    # report about shadowed variables
     check-shadowing: true
-
-    # settings per analyzer
     settings:
-      printf: # analyzer name, run `go tool vet help` to see all analyzers
+      printf:
-        funcs: # run `go tool vet help printf` to see available settings for `printf` analyzer
+        funcs:
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
-
-    # enable or disable analyzers by name
-    enable:
-      - atomicalign
-    enable-all: false
-    disable:
-      - shadow
-    disable-all: false
-  depguard:
-    list-type: blacklist
-    include-go-root: false
-    packages:
-      - github.com/sirupsen/logrus
-    packages-with-error-message:
-      # specify an error message to output when a blacklisted package is used
-      - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
   lll:
-    # max line length, lines longer will be reported. Default is 120.
+    line-length: 140
-    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
-    line-length: 120
-    # tab width in spaces. Default to 1.
-    tab-width: 1
   maligned:
-    # print struct with more effective memory layout or not, false by default
     suggest-new: true
   misspell:
-    # Correct spellings using locale preferences for US or UK.
+    locale: en_CA
-    # Default is to use a neutral variety of English.
+  nolintlint:
-    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+    allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
-    locale: US
+    allow-unused: false # report any unused nolint directives
-    ignore-words:
+    require-explanation: false # don't require an explanation for nolint directives
-      - someword
+    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
-  nakedret:
-    # make an issue if func has more lines of code than this setting and it has naked returns; default is 30
-    max-func-lines: 30
-  prealloc:
-    # XXX: we don't recommend using this linter before doing performance profiling.
-    # For most programs usage of prealloc will be a premature optimization.
-
-    # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them.
-    # True by default.
-    simple: true
-    range-loops: true # Report preallocation suggestions on range loops, true by default
-    for-loops: false # Report preallocation suggestions on for loops, false by default
-  rowserrcheck:
-    packages:
-      - github.com/jmoiron/sqlx
-  unparam:
-    # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
-    # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
-    # if it's called for subdir of a project it can't find external interfaces. All text editor integrations
-    # with golangci-lint call it on a directory with the changed file.
-    check-exported: false
-  unused:
-    # treat code as a program (not a library) and report unused exported identifiers; default is false.
-    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
-    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
-    # with golangci-lint call it on a directory with the changed file.
-    check-exported: false
-  whitespace:
-    multi-if: false   # Enforces newlines (or comments) after every multi-line if statement
-    multi-func: false # Enforces newlines (or comments) after every multi-line function signature
-  wsl:
-    # If true append is only allowed to be cuddled if appending value is
-    # matching variables, fields or types on line above. Default is true.
-    strict-append: true
-    # Allow calls and assignments to be cuddled as long as the lines have any
-    # matching variables, fields or types. Default is true.
-    allow-assign-and-call: true
-    # Allow multiline assignments to be cuddled. Default is true.
-    allow-multiline-assign: true
-    # Allow declarations (var) to be cuddled.
-    allow-cuddle-declarations: false
-    # Allow trailing comments in ending of blocks
-    allow-trailing-comment: false
-    # Force newlines in end of case at this limit (0 = never).
-    force-case-trailing-whitespace: 0
-
-  # The custom section can be used to define linter plugins to be loaded at runtime. See README doc
-  #  for more info.
-  custom:
-    # Each custom linter should have a unique name.
-    #! example:
-    #!  # The path to the plugin *.so. Can be absolute or local. Required for each custom linter
-    #!  path: /path/to/example.so
-    #!  # The description of the linter. Optional, just for documentation purposes.
-    #!  description: This is an example usage of a plugin linter.
-    #!  # Intended to point to the repo location of the linter. Optional, just for documentation purposes.
-    #!  original-url: github.com/golangci/example-linter
 
 linters:
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
+  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
+  disable-all: true
   enable:
-    - megacheck
+    - bodyclose
+    #- deadcode
+    - depguard
+    - dogsled
+    - dupl
+    - errcheck
+    - exhaustive
+    - funlen
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - gofmt
+    - goimports
+    #- golint
+    - gomnd
+    - goprintffuncname
+    - gosec
+    - gosimple
     - govet
-  disable:
+    - ineffassign
-    - maligned
+    #- interfacer
-    - prealloc
+    - lll
-  disable-all: false
+    - misspell
-  presets:
+    #- nakedret
-    - bugs
+    - noctx
+    - nolintlint
+    - rowserrcheck
+    #- scopelint
+    - staticcheck
+    #- structcheck
+    - stylecheck
+    - typecheck
+    - unconvert
+    - unparam
     - unused
-  fast: false
+    #- varcheck
+    - whitespace
 
+  # don't enable:
+  # - asciicheck
+  # - gochecknoglobals
+  # - gocognit
+  # - godot
+  # - godox
+  # - goerr113
+  # - maligned
+  # - nestif
+  # - prealloc
+  # - testpackage
+  # - wsl
 
 issues:
-  # List of regexps of issue texts to exclude, empty list by default.
-  # But independently from this option we use default exclude patterns,
-  # it can be disabled by `exclude-use-default: false`. To list all
-  # excluded by default patterns execute `golangci-lint run --help`
-  exclude:
-    - abcdef
-
   # Excluding configuration per-path, per-linter, per-text and per-source
   exclude-rules:
-    # Exclude some linters from running on tests files.
     - path: _test\.go
       linters:
-        - gocyclo
+        - gomnd
-        - errcheck
-        - dupl
-        - gosec
 
-    # Exclude known linters from partially hard-vendored code,
+    # https://github.com/go-critic/go-critic/issues/926
-    # which is impossible to exclude via "nolint" comments.
-    - path: internal/hmac/
-      text: "weak cryptographic primitive"
-      linters:
-        - gosec
-
-    # Exclude some staticcheck messages
     - linters:
-        - staticcheck
+        - gocritic
-      text: "SA9003:"
+      text: "unnecessaryDefer:"
 
-    # Exclude lll issues for long lines with go:generate
+    # TODO temporary rule, must be removed
-    - linters:
+    # seems related to v0.34.1, but I was not able to reproduce locally,
-        - lll
+    # I was also not able to reproduce in the CI of a fork,
-      source: "^//go:generate "
+    # only the golangci-lint CI seems to be affected by this invalid analysis.
+    - path: pkg/golinters/scopelint.go
+      text: 'directive `//nolint:interfacer` is unused for linter interfacer'
 
-  # Independently from option `exclude` we use default exclude patterns,
+run:
-  # it can be disabled by this option. To list all
+  skip-dirs:
-  # excluded by default patterns execute `golangci-lint run --help`.
+    - test/testdata_etc
-  # Default value for this option is true.
+    - internal/cache
-  exclude-use-default: false
+    - internal/renameio
+    - internal/robustio
 
-  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+# golangci.com configuration
-  max-issues-per-linter: 0
+# https://github.com/golangci/golangci/wiki/Configuration
-
+service:
-  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly
-  max-same-issues: 0
+  prepare:
-
+    - echo "here I can run custom commands, but no preparation needed for this repo"
-  # Show only new issues: if there are unstaged changes or untracked files,
-  # only those changes are analyzed, else only changes in HEAD~ are analyzed.
-  # It's a super-useful option for integration of golangci-lint into existing
-  # large codebase. It's not practical to fix all existing issues at the moment
-  # of integration: much better don't allow issues in new code.
-  # Default is false.
-  new: false
-
-  # Show only new issues created after git revision `REV`
-  #!new-from-rev: REV
-  #new-from-rev: HEAD^
-
-  # Show only new issues created in git patch with set file path.
-  #!new-from-patch: path/to/patch/file

xs/termsize_unix.go

@@ -1,3 +1,4 @@
+//go:build linux || freebsd
 // +build linux freebsd
 
 package main
@@ -30,7 +31,7 @@ func handleTermResizes(conn *xsnet.Conn) {
 				log.Println(err)
 			}
 			termSzPacket := fmt.Sprintf("%d %d", rows, cols)
-			conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize) // nolint: errcheck,gosec
+			conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize)
 		}
 	}()
 	ch <- syscall.SIGWINCH // Initial resize.

xs/xs.go

@@ -1,5 +1,4 @@
 // xs client
-
 //
 // Copyright (c) 2017-2020 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
@@ -18,7 +17,6 @@ import (
 	"io/ioutil"
 	"log"
 	"math/rand"
-	"net"
 	"os"
 	"os/exec"
 	"os/user"
@@ -32,7 +30,7 @@ import (
 	"time"
 
 	"net/http"
-	_ "net/http/pprof"
+	_ "net/http/pprof" //nolint:gosec
 
 	xs "blitter.com/go/xs"
 	"blitter.com/go/xs/logger"
@@ -241,7 +239,7 @@ func GetSize() (cols, rows int, err error) {
 	return
 }
 
-func buildCmdRemoteToLocal(copyQuiet bool, copyLimitBPS uint, destPath, files string) (captureStderr bool, cmd string, args []string) {
+func buildCmdRemoteToLocal(copyQuiet bool, copyLimitBPS uint, destPath string) (captureStderr bool, cmd string, args []string) {
 	// Detect if we have 'pv'
 	// pipeview http://www.ivarch.com/programs/pv.shtml
 	// and use it for nice client progress display.
@@ -441,10 +439,9 @@ func doCopyMode(conn *xsnet.Conn, remoteDest bool, files string, copyQuiet bool,
 		log.Println("remote filepath:", string(rec.Cmd()), "local files:", files)
 		destPath := files
 
-		_, cmdName, cmdArgs := buildCmdRemoteToLocal(copyQuiet, copyLimitBPS, destPath, strings.TrimSpace(files))
+		_, cmdName, cmdArgs := buildCmdRemoteToLocal(copyQuiet, copyLimitBPS, destPath)
 
-		var c *exec.Cmd
+		c := exec.Command(cmdName, cmdArgs...) // #nosec
-		c = exec.Command(cmdName, cmdArgs...) // #nosec
 		c.Stdin = conn
 		c.Stdout = os.Stdout
 		c.Stderr = os.Stderr
@@ -557,15 +554,15 @@ func doShellMode(isInteractive bool, conn *xsnet.Conn, oldState *xs.State, rec *
 }
 
 func usageShell() {
-	fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])            // nolint: errcheck
+	fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
-	fmt.Fprintf(os.Stderr, "%s [opts] [user]@server\n", os.Args[0]) // nolint: errcheck
+	fmt.Fprintf(os.Stderr, "%s [opts] [user]@server\n", os.Args[0])
 	flag.PrintDefaults()
 }
 
 func usageCp() {
-	fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])                                         // nolint: errcheck
+	fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
-	fmt.Fprintf(os.Stderr, "%s [opts] srcFileOrDir [...] [user]@server[:dstpath]\n", os.Args[0]) // nolint: errcheck
+	fmt.Fprintf(os.Stderr, "%s [opts] srcFileOrDir [...] [user]@server[:dstpath]\n", os.Args[0])
-	fmt.Fprintf(os.Stderr, "%s [opts] [user]@server[:srcFileOrDir] dstPath\n", os.Args[0])       // nolint: errcheck
+	fmt.Fprintf(os.Stderr, "%s [opts] [user]@server[:srcFileOrDir] dstPath\n", os.Args[0])
 	flag.PrintDefaults()
 }
 
@@ -581,18 +578,18 @@ func rejectUserMsg() string {
 //
 // Server responds with [CSOTunAck:rport] or [CSOTunRefused:rport]
 // (handled in xsnet.Read())
-func reqTunnel(hc *xsnet.Conn, lp uint16, p string /*net.Addr*/, rp uint16) {
+func reqTunnel(hc *xsnet.Conn, lp uint16 /*, p string*/ /*net.Addr*/, rp uint16) {
 	// Write request to server so it can attempt to set up its end
 	var bTmp bytes.Buffer
 	if e := binary.Write(&bTmp, binary.BigEndian, lp); e != nil {
-		fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck
+		fmt.Fprintln(os.Stderr, "reqTunnel:", e)
 	}
 	if e := binary.Write(&bTmp, binary.BigEndian, rp); e != nil {
-		fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck
+		fmt.Fprintln(os.Stderr, "reqTunnel:", e)
 	}
-	_ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]")) // nolint: gosec
+	_ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]"))
 	if n, e := hc.WritePacket(bTmp.Bytes(), xsnet.CSOTunSetup); e != nil || n != len(bTmp.Bytes()) {
-		fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck
+		fmt.Fprintln(os.Stderr, "reqTunnel:", e)
 	}
 }
 
@@ -632,7 +629,7 @@ func parseNonSwitchArgs(a []string) (user, host, path string, isDest bool, other
 }
 
 func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) {
-	remAddrs, _ := net.LookupHost(remoteHost) // nolint: gosec
+	/*remAddrs, _ := net.LookupHost(remoteHost)*/
 
 	if tuns == "" {
 		return
@@ -641,8 +638,8 @@ func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) {
 	tunSpecs := strings.Split(tuns, ",")
 	for _, tunItem := range tunSpecs {
 		var lPort, rPort uint16
-		_, _ = fmt.Sscanf(tunItem, "%d:%d", &lPort, &rPort) // nolint: gosec
+		_, _ = fmt.Sscanf(tunItem, "%d:%d", &lPort, &rPort)
-		reqTunnel(conn, lPort, remAddrs[0], rPort)
+		reqTunnel(conn, lPort /*remAddrs[0],*/, rPort)
 	}
 }
 
@@ -677,7 +674,7 @@ func sendSessionParams(conn io.Writer /* *xsnet.Conn*/, rec *xs.Session) (e erro
 }
 
 // TODO: reduce gocyclo
-func main() {
+func main() { //nolint: funlen, gocyclo
 	var (
 		isInteractive bool
 		vopt          bool
@@ -799,7 +796,7 @@ func main() {
 	// Set defaults if user doesn't specify user, path or port
 	var uname string
 	if remoteUser == "" {
-		u, _ := user.Current() // nolint: gosec
+		u, _ := user.Current()
 		uname = localUserName(u)
 	} else {
 		uname = remoteUser
@@ -861,7 +858,7 @@ func main() {
 	// either the shell session or copy operation.
 	_ = shellMode
 
-	Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs") // nolint: errcheck,gosec
+	Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs")
 	xsnet.Init(dbg, "xs", logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
 	if dbg {
 		log.SetOutput(Log)
@@ -873,15 +870,15 @@ func main() {
 
 	if !gopt {
 		// See if we can log in via an auth token
-		u, _ := user.Current() // nolint: gosec
+		u, _ := user.Current()
 		ab, aerr := ioutil.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir))
 		if aerr == nil {
 			for _, line := range strings.Split(string(ab), "\n") {
 				line = line + "\n"
-				idx := strings.Index(string(line), remoteHost+":"+uname)
+				idx := strings.Index(line, remoteHost+":"+uname)
 				if idx >= 0 {
 					line = line[idx:]
-					entries := strings.SplitN(string(line), "\n", -1)
+					entries := strings.SplitN(line, "\n", -1)
 					authCookie = strings.TrimSpace(entries[0])
 					// Security scrub
 					line = ""
@@ -891,7 +888,6 @@ func main() {
 			if authCookie == "" {
 				_, _ = fmt.Fprintln(os.Stderr, "[no authtoken, use -g to request one from server]")
 			}
-
 		} else {
 			log.Printf("[cannot read %s/.xs_id]\n", u.HomeDir)
 		}
@@ -915,7 +911,7 @@ func main() {
 		// We must make the decision about interactivity before Dial()
 		// as it affects chaffing behaviour. 20180805
 		if gopt {
-			fmt.Fprintln(os.Stderr, "[requesting authtoken from server]") // nolint: errcheck
+			fmt.Fprintln(os.Stderr, "[requesting authtoken from server]")
 			op = []byte{'A'}
 			chaffFreqMin = 2
 			chaffFreqMax = 10
@@ -969,7 +965,7 @@ func main() {
 	// TODO: send flag to server side indicating this
 	//  affects shell command used
 	var oldState *xs.State
-	defer conn.Close() // nolint: errcheck
+	defer conn.Close()
 
 	//=== From this point on, conn is a secure encrypted channel
 
@@ -1023,13 +1019,13 @@ func main() {
 	if sendErr != nil {
 		restoreTermState(oldState)
 		rec.SetStatus(254)
-		fmt.Fprintln(os.Stderr, "Error: server rejected secure proposal params or login timed out") // nolint: errcheck
+		fmt.Fprintln(os.Stderr, "Error: server rejected secure proposal params or login timed out")
 		exitWithStatus(int(rec.Status()))
 		//log.Fatal(sendErr)
 	}
 
 	//Security scrub
-	authCookie = "" // nolint: ineffassign
+	authCookie = "" //nolint: ineffassign
 	runtime.GC()
 
 	//=== Login Auth
@@ -1039,11 +1035,11 @@ func main() {
 	_, err = conn.Read(authReply)
 	if err != nil {
 		//=== Exit if auth reply not received
-		fmt.Fprintln(os.Stderr, "Error reading auth reply") // nolint: errcheck
+		fmt.Fprintln(os.Stderr, "Error reading auth reply")
 		rec.SetStatus(255)
 	} else if authReply[0] == 0 {
 		//=== .. or if auth failed
-		fmt.Fprintln(os.Stderr, rejectUserMsg()) // nolint: errcheck
+		fmt.Fprintln(os.Stderr, rejectUserMsg())
 		rec.SetStatus(255)
 	} else {
 		//=== Set up chaffing to server
@@ -1065,11 +1061,11 @@ func main() {
 		keepAliveWorker := func() {
 			for {
 				// Add a bit of jitter to keepAlive so it doesn't stand out quite as much
-				time.Sleep(time.Duration(2000-rand.Intn(200)) * time.Millisecond)
+				time.Sleep(time.Duration(2000-rand.Intn(200)) * time.Millisecond) //nolint:gosec
 				// FIXME: keepAlives should probably have small random packet len/data as well
 				// to further obscure them vs. interactive or tunnel data
 				// keepAlives must be  >=2 bytes, due to processing elsewhere
-				conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) // nolint: errcheck,gosec
+				conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) //nolint: errcheck
 			}
 		}
 		go keepAliveWorker()
@@ -1082,13 +1078,13 @@ func main() {
 			doShellMode(isInteractive, &conn, oldState, rec)
 		} else {
 			//=== (.. or file copy)
-			s, _ := doCopyMode(&conn, pathIsDest, fileArgs, copyQuiet, copyLimitBPS, rec) // nolint: errcheck,gosec
+			s, _ := doCopyMode(&conn, pathIsDest, fileArgs, copyQuiet, copyLimitBPS, rec)
 			rec.SetStatus(s)
 		}
 
 		if rec.Status() != 0 {
 			restoreTermState(oldState)
-			fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status()) // nolint: errcheck
+			fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status())
 		}
 	}
 
@@ -1115,7 +1111,7 @@ func localUserName(u *user.User) string {
 }
 
 func restoreTermState(oldState *xs.State) {
-	_ = xs.Restore(os.Stdin.Fd(), oldState) // nolint: errcheck,gosec
+	_ = xs.Restore(os.Stdin.Fd(), oldState)
 }
 
 // exitWithStatus wraps os.Exit() plus does any required pprof housekeeping

xsd.sysvrc

@@ -11,6 +11,10 @@
 
 set -e
 
+echo "SET XSD_OPTS in this script to define allow KEX, cipher and hmac algs"
+#XSD_OPTS="-L -aK KEX_all -aC C_all -aH H_all"
+exit 1
+
 # /etc/init.d/xsd: start and stop the eXperimental "secure" Shell Daemon
 
 test -x /usr/local/sbin/xsd || exit 0