Merge pull request #5298 from oasisprotocol/kostko/stable/22.2.x/back…

…port-5297

[BACKPORT/22.2.x] go: Bump go-libp2p to 0.28.1, go-libp2p-pubsub to 0.9.3

.changelog/5228.internal.md

@@ -0,0 +1 @@
+Bump Go to 1.20.2

.changelog/5279.trivial.md

@@ -0,0 +1 @@
+docker/aesmd: Update Intel SGX package signing key

.github/workflows/ci-lint.yml

@@ -43,10 +43,10 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: "12.x"
-      - name: Set up Go 1.18
+      - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.18.x"
+          go-version: "1.20.x"
       - name: Set up Rust
         run: rustup show
       - name: Install dependencies

.github/workflows/ci-reproducibility.yml

@@ -37,10 +37,10 @@ jobs:
           # NOTE: We make a git checkout to a unique directory for each build to
           # catch reproducibility issues with code in different local paths.
           path: build${{ matrix.build_number }}
-      - name: Set up Go 1.18
+      - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.18.x"
+          go-version: "1.20.x"
       - name: Set up Rust
         working-directory: build${{ matrix.build_number }}
         run: rustup show

.github/workflows/release-dev.yml

@@ -33,10 +33,10 @@ jobs:
           # For more info, see:
           # https://github.com/actions/checkout#fetch-all-history-for-all-tags-and-branches
           fetch-depth: 0
-      - name: Set up Go 1.18
+      - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.18.x"
+          go-version: "1.20.x"
       - name: Set up Rust
         run: rustup show
       - name: Install Oasis Node prerequisites

.github/workflows/release.yml

@@ -36,10 +36,10 @@ jobs:
           # https://github.com/actions/checkout#fetch-all-history-for-all-tags-and-branches
           fetch-depth: 0
 
-      - name: Set up Go 1.18
+      - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: "1.18.x"
+          go-version: "1.20.x"
 
       - name: Set up Rust
         run: rustup show

docker/aesmd/Dockerfile

@@ -4,7 +4,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update -qq && apt-get install -qq curl lsb-release gpg
 
-ADD intel-sgx-deb.gpg /etc/apt/trusted.gpg.d
+ADD intel-sgx-deb.asc /etc/apt/trusted.gpg.d
 
 RUN echo "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" > /etc/apt/sources.list.d/intel-sgx.list && \
     apt-get update -qq && apt-get install -qq sgx-aesm-service libsgx-aesm-launch-plugin libsgx-aesm-epid-plugin

docker/aesmd/intel-sgx-deb.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBGQX9NQBCAC5r7FjjZ8p6nTy2GGyKltSGY6qXxAgZiVV4/kf3/mtcBiboGm6hAaBozNBFnch
+Yw2x585L9/cgKzSbaryI02/KF7Hqgqda/szBQDbDXWL0m8kAGrZdMqOZagR3qiguzG07hs8gvKvL
+pF4qSrGCLalAZ6ZirpyPaGAH8OtzjYKJEx+zvg2k0f0fNyn3qfoKGOQCTO56AQ6OeUU7I9eqn4mR
+9ZmiqW7jDzb5cD9YdaLK0bnloBvB5Cgb6jJSco+JvTAMAGFBEIvPYMCaAoc9adDLglBsxB60Knk6
+XzxKY2dulMSkSvObRpmFWesO+BBueYzNpX6ulciCyTuJMYRt8qmVABEBAAG1AClDTj1JbnRlbChS
+KSBTb2Z0d2FyZSBEZXZlbG9wbWVudCBQcm9kdWN0c4kBPgQTAQgAKAUCZBf01AIbAwUJB4YfgAYL
+CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5cfw+hxsbDwDmgf+MjkAdCZAZeGUlxJ5fOqOSGQ4
+xot/eGsHEBTkd0IYNzY0yCcigul6RWAingJQh1e5oIl+5S9OB6l64F4mmcKIDld7B9rmO1yt2brN
+gzt7Hvf3nLnf7oTT7WNleDvgY2tW48PsEZiuRwnlanjjO4o3wLknBHD7lb1u2rI0978EAvDluWu9
+W1W9laRZcsVOgNjtatzcFHjLOt4UYoXOhKlqm0XE6p5NYR1u16DhjHcb8FjpxavOCtq927qgtDvg
+GVkM2m7D6hYXCZFnYaINrhbSxSpcyNbHomGEzYTvk0d8q/bS72LgvErP5amQFMileKE14aeZPgm2
+zao8yeGaVLHhvA==
+=8t8o
+-----END PGP PUBLIC KEY BLOCK-----

docker/oasis-core-dev/Dockerfile

@@ -1,15 +1,15 @@
 FROM ubuntu:20.04
 
 # Package versions.
-ARG GO_VERSION=1.18.3
+ARG GO_VERSION=1.20.2
 ARG GO_NANCY_VERSION=1.0.33
 ARG GO_NANCY_CHECKSUM=a4bf5290d41b095c04f941ed5380674770c79d59735e33b1bd07a5cd5fbb135d
 ARG GO_PROTOC_VERSION=3.6.1
 ARG GO_PROTOC_GEN_GO_VERSION=1.21.0
-ARG GOLANGCILINT_VERSION=1.46.2
+ARG GOLANGCILINT_VERSION=1.51.2
 ARG GOCOVMERGE_VERSION=b5bfa59ec0adc420475f97f89b58045c721d761c
-ARG GOFUMPT_VERSION=v0.3.1
-ARG GOIMPORTS_VERSION=v0.1.11
+ARG GOFUMPT_VERSION=v0.4.0
+ARG GOIMPORTS_VERSION=v0.7.0
 ARG RUST_NIGHTLY_VERSION=2022-08-22
 ARG JEMALLOC_VERSION=5.2.1
 ARG JEMALLOC_CHECKSUM=34330e5ce276099e2e8950d9335db5a875689a4c6a56751ef3b1d8c537f887f6

docs/development-setup/prerequisites.md

@@ -40,30 +40,30 @@ Core:
   ```
   <!-- markdownlint-enable line-length -->
 
-* [Go] (at least version 1.18.3).
+* [Go] (at least version 1.20.2).
 
   If your distribution provides a new-enough version of Go, just use that.
 
   Please note that if you want to compile Oasis Core v22.1.9 or earlier,
-  then go 1.19 is not supported yet; you need to use 1.18.x.
+  then go >=1.19 is not supported yet; you need to use 1.18.x.
 
   Otherwise:
   * install the Go version provided by your distribution,
   * [ensure `$GOPATH/bin` is in your `PATH`](
     https://tip.golang.org/doc/code.html#GOPATH),
   * [install the desired version of Go](
-    https://golang.org/doc/install#extra_versions), e.g. 1.18.3, with:
+    https://golang.org/doc/install#extra_versions), e.g. 1.20.2, with:
 
     ```
-    go install golang.org/dl/go1.18.3@latest
-    go1.18.3 download
+    go install golang.org/dl/go1.20.2@latest
+    go1.20.2 download
     ```
 
   * instruct the build system to use this particular version of Go by setting
     the `OASIS_GO` environment variable in your `~/.bashrc`:
 
     ```
-    export OASIS_GO=go1.18.3
+    export OASIS_GO=go1.20.2
     ```
 
 * [Rust].
@@ -146,8 +146,8 @@ Core:
   Download and install it with:
 
   ```
-  ${OASIS_GO:-go} install mvdan.cc/gofumpt@v0.3.1
-  ${OASIS_GO:-go} install golang.org/x/tools/cmd/goimports@v0.1.11
+  ${OASIS_GO:-go} install mvdan.cc/gofumpt@v0.4.0
+  ${OASIS_GO:-go} install golang.org/x/tools/cmd/goimports@v0.7.0
   ```
 
 * (**OPTIONAL**) [golangci-lint].
@@ -160,7 +160,7 @@ Core:
   ```
   curl -sSfL \
   https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \
-   | sh -s -- -b $(${OASIS_GO:-go} env GOPATH)/bin v1.41.1
+   | sh -s -- -b $(${OASIS_GO:-go} env GOPATH)/bin v1.51.2
   ```
 
 * (**OPTIONAL**) [protoc-gen-go].

go/.golangci.yml

@@ -17,7 +17,6 @@ linters:
   disable-all: true
   enable:
     - bodyclose
-    - deadcode
     - depguard
     - errcheck
     - exportloopref
@@ -36,11 +35,9 @@ linters:
     - revive
     - rowserrcheck
     - staticcheck
-    - structcheck
     - typecheck
     - unconvert
     - unused
-    - varcheck
 
 run:
   skip-dirs:

go/common/accessctl/accessctl_test.go

@@ -2,7 +2,6 @@ package accessctl
 
 import (
 	"crypto/x509"
-	"io/ioutil"
 	"os"
 	"testing"
 
@@ -58,7 +57,7 @@ func TestPolicy(t *testing.T) {
 func TestSubjectFromCertificate(t *testing.T) {
 	require := require.New(t)
 
-	dataDir, err := ioutil.TempDir("", "oasis-storage-grpc-test_")
+	dataDir, err := os.MkdirTemp("", "oasis-storage-grpc-test_")
 	require.NoError(err, "Failed to create a temporary directory")
 	defer os.RemoveAll(dataDir)
 

go/common/copy.go

@@ -3,7 +3,6 @@ package common
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 )
@@ -81,7 +80,7 @@ func CopyDir(src string, dst string) (err error) {
 		return
 	}
 
-	entries, err := ioutil.ReadDir(src)
+	entries, err := os.ReadDir(src)
 	if err != nil {
 		return
 	}
@@ -97,7 +96,7 @@ func CopyDir(src string, dst string) (err error) {
 			}
 		} else {
 			// Skip symlinks.
-			if entry.Mode()&os.ModeSymlink != 0 {
+			if entry.Type()&os.ModeSymlink != 0 {
 				continue
 			}
 

go/common/crypto/signature/signature.go

@@ -13,7 +13,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"sync"
 
@@ -206,13 +205,13 @@ func (k *PublicKey) LoadPEM(fn string, signer Signer) error {
 
 			copy((*k)[:], pubKey[:])
 
-			return ioutil.WriteFile(fn, buf, filePerm)
+			return os.WriteFile(fn, buf, filePerm)
 		}
 		return err
 	}
 	defer f.Close() // nolint: errcheck
 
-	buf, err := ioutil.ReadAll(f)
+	buf, err := io.ReadAll(f)
 	if err != nil {
 		return err
 	}

go/common/crypto/signature/signers/file/file_signer.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -123,7 +122,7 @@ func (fac *Factory) Generate(role signature.SignerRole, rng io.Reader) (signatur
 	if err != nil {
 		return nil, err
 	}
-	if err = ioutil.WriteFile(fn, buf, filePerm); err != nil {
+	if err = os.WriteFile(fn, buf, filePerm); err != nil {
 		return nil, err
 	}
 
@@ -149,7 +148,7 @@ func (fac *Factory) generateStaticEntropy(fn string, signer *Signer, rng io.Read
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(filepath.Join(fac.dataDir, fn), buf, filePerm)
+	return os.WriteFile(filepath.Join(fac.dataDir, fn), buf, filePerm)
 }
 
 // Load will load the private key corresponding to the role, and return a Signer
@@ -187,7 +186,7 @@ func (fac *Factory) loadPEM(fn string) ([]byte, error) {
 		return nil, fmt.Errorf("signature/signer/file: invalid PEM file permissions %o on %s", fi.Mode(), fn)
 	}
 
-	return ioutil.ReadAll(f)
+	return io.ReadAll(f)
 }
 
 func (fac *Factory) doLoad(fn string, role signature.SignerRole) (signature.Signer, error) {

go/common/crypto/signature/signers/file/file_signer_test.go

@@ -2,7 +2,6 @@ package file
 
 import (
 	"crypto/rand"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -18,7 +17,7 @@ func TestFileSigner(t *testing.T) {
 	var zeroSigner Signer
 	var zeroPubKey signature.PublicKey
 
-	tmpDir, err := ioutil.TempDir("", "oasis-signature-test")
+	tmpDir, err := os.MkdirTemp("", "oasis-signature-test")
 	require.NoError(err, "TempDir()")
 	defer os.RemoveAll(tmpDir)
 
@@ -59,7 +58,7 @@ func TestStaticEntropy(t *testing.T) {
 	var zeroSigner Signer
 	var zeroEntropy [StaticEntropySize]byte
 
-	tmpDir, err := ioutil.TempDir("", "oasis-signature-test")
+	tmpDir, err := os.MkdirTemp("", "oasis-signature-test")
 	require.NoError(err, "TempDir()")
 	defer os.RemoveAll(tmpDir)
 

go/common/crypto/tls/cert.go

@@ -9,7 +9,6 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"math/big"
 	"os"
 	"time"
@@ -86,11 +85,11 @@ func Generate(commonName string) (*tls.Certificate, error) {
 
 // Load loads a TLS certificate and private key.
 func Load(certPath, keyPath string) (*tls.Certificate, error) {
-	keyPEM, err := ioutil.ReadFile(keyPath)
+	keyPEM, err := os.ReadFile(keyPath)
 	if err != nil {
 		return nil, err // So os.IsNotExist(err) works.
 	}
-	certPEM, err := ioutil.ReadFile(certPath)
+	certPEM, err := os.ReadFile(certPath)
 	if err != nil {
 		return nil, err // So os.IsNotExist(err) works.
 	}
@@ -99,7 +98,7 @@ func Load(certPath, keyPath string) (*tls.Certificate, error) {
 
 // LoadFromKey loads a private key and regenerates the whole certificate from it.
 func LoadFromKey(keyPath, commonName string) (*tls.Certificate, error) {
-	keyPEM, err := ioutil.ReadFile(keyPath)
+	keyPEM, err := os.ReadFile(keyPath)
 	if err != nil {
 		return nil, err
 	}
@@ -133,7 +132,7 @@ func ImportPEM(certPEM, keyPEM []byte) (*tls.Certificate, error) {
 
 // LoadCertificate loads a TLS certificate.
 func LoadCertificate(certPath string) (*tls.Certificate, error) {
-	certPEM, err := ioutil.ReadFile(certPath)
+	certPEM, err := os.ReadFile(certPath)
 	if err != nil {
 		return nil, err // So os.IsNotExist(err) works.
 	}
@@ -172,11 +171,11 @@ func Save(certPath, keyPath string, cert *tls.Certificate) error {
 		return err
 	}
 
-	if err = ioutil.WriteFile(keyPath, keyPEM, 0o600); err != nil {
+	if err = os.WriteFile(keyPath, keyPEM, 0o600); err != nil {
 		return fmt.Errorf("tls: failed to write private key: %w", err)
 	}
 
-	if err = ioutil.WriteFile(certPath, certPEM, 0o644); err != nil { // nolint: gosec
+	if err = os.WriteFile(certPath, certPEM, 0o644); err != nil { // nolint: gosec
 		return fmt.Errorf("tls: failed to write certificate: %w", err)
 	}
 
@@ -189,7 +188,7 @@ func SaveKey(keyPath string, cert *tls.Certificate) error {
 	if err != nil {
 		return err
 	}
-	if err = ioutil.WriteFile(keyPath, keyPEM, 0o600); err != nil {
+	if err = os.WriteFile(keyPath, keyPEM, 0o600); err != nil {
 		return fmt.Errorf("tls: failed to write private key: %w", err)
 	}
 	return nil