Update CI build matrix

.github/workflows/lint.yaml

@@ -9,16 +9,16 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.24'
           cache: false
       - name: Install PAM
         run: |
           sudo apt-get update
           sudo apt-get install -y libpam-dev
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v8
         with:
-          version: v1.54
+          version: v2.1.6

.github/workflows/test.yaml

@@ -4,12 +4,12 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.20.x, 1.21.x]
+        go-version: [1.23.x, 1.24.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ matrix.go-version }}
     - name: Update system

.golangci.yaml

@@ -1,19 +1,13 @@
-# This is for linting. To run it, please use:
-# golangci-lint run ${MODULE}/... [--fix]
-
+version: "2"
 linters:
-  # linters to run in addition to default ones
   enable:
     - dupl
     - durationcheck
     - errname
     - errorlint
-    - exportloopref
     - forbidigo
     - forcetypeassert
-    - gci
     - godot
-    - gofmt
     - gosec
     - misspell
     - nakedret
@@ -24,38 +18,44 @@ linters:
     - unconvert
     - unparam
     - whitespace
-
-run:
-  timeout: 5m
-
-# Get all linter issues, even if duplicated
+  settings:
+    forbidigo:
+      forbid:
+        - pattern: ioutil\.
+        - pattern: ^print.*$
+    nakedret:
+      max-func-lines: 1
+    nolintlint:
+      require-explanation: true
+      require-specific: true
+  exclusions:
+    generated: lax
+    rules:
+      - path: (.+)\.go$
+        text: Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv|w\.Stop). is not checked
+      - path: (.+)\.go$
+        text: (G104|G307)
+      - path: (.+)\.go$
+        text: Potential file inclusion via variable
+      - path: (.+)\.go$
+        text: unused-parameter
+      - path: (.+)\.go$
+        text: if-return
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
 issues:
-  exclude-use-default: false
   max-issues-per-linter: 0
   max-same-issues: 0
-  fix: false # we don’t want this in CI
-  exclude:
-    # EXC0001 errcheck: most errors are in defer calls, which are safe to ignore and idiomatic Go (would be good to only ignore defer ones though)
-    - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv|w\.Stop). is not checked'
-    # EXC0008 gosec: duplicated of errcheck
-    - (G104|G307)
-    # EXC0010 gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
-    - Potential file inclusion via variable
-    # We want named parameters even if unused, as they help better document the function
-    - unused-parameter
-    # Sometimes it is more readable it do a `if err:=a(); err != nil` tha simpy `return a()`
-    - if-return
-
-nolintlint:
-  require-explanation: true
-  require-specific: true
-
-linters-settings:
-  # Forbid the usage of deprecated ioutil and debug prints
-  forbidigo:
-    forbid:
-      - ioutil\.
-      - ^print.*$
-  # Never have naked return ever
-  nakedret:
-    max-func-lines: 1
+  fix: false
+formatters:
+  enable:
+    - gci
+    - gofmt
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

errors.go

@@ -5,10 +5,10 @@ package pam
 */
 import "C"
 
-// Error is the Type for PAM Return types
+// Error represents a PAM error.
 type Error int
 
-// Pam Return types
+// Various errors returned by PAM.
 const (
 	// OpenErr indicates a dlopen() failure when dynamically loading a
 	// service module.

errors_bsd.go

@@ -7,7 +7,7 @@ package pam
 */
 import "C"
 
-// Pam Return types
+// Various errors returned by PAM.
 const (
 	// ErrBadItem indicates a bad item passed to pam_*_item().
 	ErrBadItem Error = C.PAM_BAD_ITEM

errors_linux.go

@@ -7,7 +7,7 @@ package pam
 */
 import "C"
 
-// Pam Return types
+// Various errors returned by PAM.
 const (
 	// ErrBadItem indicates a bad item passed to pam_*_item().
 	ErrBadItem Error = C.PAM_BAD_ITEM

transaction.go

@@ -21,6 +21,7 @@ package pam
 void init_pam_conv(struct pam_conv *conv, uintptr_t);
 
 typedef int (*pam_start_confdir_fn)(const char *service_name, const char *user, const struct pam_conv *pam_conversation, const char *confdir, pam_handle_t **pamh);
+
 int pam_start_confdir_wrapper(pam_start_confdir_fn fn, const char *service_name, const char *user, const struct pam_conv *pam_conversation, const char *confdir, pam_handle_t **pamh);
 */
 import "C"
@@ -54,8 +55,8 @@ const (
 	// TextInfo indicates the conversation handler should display some
 	// text.
 	TextInfo Style = C.PAM_TEXT_INFO
-	// BinaryPrompt indicates the conversation handler that should implement
-	// the private binary protocol
+	// BinaryPrompt indicates the conversation handler that should
+	// implement the private binary protocol.
 	BinaryPrompt Style = C.PAM_BINARY_PROMPT
 )
 
@@ -68,9 +69,9 @@ type ConversationHandler interface {
 	RespondPAM(Style, string) (string, error)
 }
 
-// BinaryPointer exposes the type used for the data in a binary conversation
-// it represents a pointer to data that is produced by the module and that
-// must be parsed depending on the protocol in use
+// BinaryPointer exposes the type used for the data in a binary conversation.
+// It represents a pointer to data that is produced by the module and must be
+// parsed depending on the protocol in use.
 type BinaryPointer unsafe.Pointer
 
 // BinaryConversationHandler is an interface for objects that can be used as
@@ -150,7 +151,8 @@ func (t *Transaction) End() error {
 		C.int(t.lastStatus.Load())))
 }
 
-// Allows to call pam functions managing return status
+// handlePamStatus stores the last error returned by PAM and converts it to a
+// Go error.
 func (t *Transaction) handlePamStatus(cStatus C.int) error {
 	t.lastStatus.Store(int32(cStatus))
 	if status := Error(cStatus); status != success {
@@ -311,43 +313,43 @@ const (
 
 // Authenticate is used to authenticate the user.
 //
-// Valid flags: Silent, DisallowNullAuthtok
+// Valid flags: Silent, DisallowNullAuthtok.
 func (t *Transaction) Authenticate(f Flags) error {
 	return t.handlePamStatus(C.pam_authenticate(t.handle, C.int(f)))
 }
 
 // SetCred is used to establish, maintain and delete the credentials of a
 // user.
 //
-// Valid flags: EstablishCred, DeleteCred, ReinitializeCred, RefreshCred
+// Valid flags: EstablishCred, DeleteCred, ReinitializeCred, RefreshCred.
 func (t *Transaction) SetCred(f Flags) error {
 	return t.handlePamStatus(C.pam_setcred(t.handle, C.int(f)))
 }
 
 // AcctMgmt is used to determine if the user's account is valid.
 //
-// Valid flags: Silent, DisallowNullAuthtok
+// Valid flags: Silent, DisallowNullAuthtok.
 func (t *Transaction) AcctMgmt(f Flags) error {
 	return t.handlePamStatus(C.pam_acct_mgmt(t.handle, C.int(f)))
 }
 
 // ChangeAuthTok is used to change the authentication token.
 //
-// Valid flags: Silent, ChangeExpiredAuthtok
+// Valid flags: Silent, ChangeExpiredAuthtok.
 func (t *Transaction) ChangeAuthTok(f Flags) error {
 	return t.handlePamStatus(C.pam_chauthtok(t.handle, C.int(f)))
 }
 
 // OpenSession sets up a user session for an authenticated user.
 //
-// Valid flags: Slient
+// Valid flags: Silent.
 func (t *Transaction) OpenSession(f Flags) error {
 	return t.handlePamStatus(C.pam_open_session(t.handle, C.int(f)))
 }
 
 // CloseSession closes a previously opened session.
 //
-// Valid flags: Silent
+// Valid flags: Silent.
 func (t *Transaction) CloseSession(f Flags) error {
 	return t.handlePamStatus(C.pam_close_session(t.handle, C.int(f)))
 }
@@ -401,15 +403,15 @@ func (t *Transaction) GetEnvList() (map[string]string, error) {
 var once sync.Once
 var pamStartConfdirPtr C.pam_start_confdir_fn
 
-// CheckPamHasStartConfdir return if pam on system supports pam_system_confdir
+// CheckPamHasStartConfdir reports whether PAM supports pam_system_confdir.
 func CheckPamHasStartConfdir() bool {
 	once.Do(func() {
 		pamStartConfdirPtr = C.pam_start_confdir_fn(C.dlsym(C.RTLD_NEXT, C.CString("pam_start_confdir")))
 	})
 	return pamStartConfdirPtr != nil
 }
 
-// CheckPamHasBinaryProtocol return if pam on system supports PAM_BINARY_PROMPT
+// CheckPamHasBinaryProtocol reports whether PAM supports PAM_BINARY_PROMPT.
 func CheckPamHasBinaryProtocol() bool {
 	return C.BINARY_PROMPT_IS_SUPPORTED != 0
 }

transaction_linux.go

@@ -11,10 +11,10 @@ import "C"
 const (
 	// FailDelay is the app supplied function to override failure delays.
 	FailDelay Item = C.PAM_FAIL_DELAY
-	// Xdisplay is the X display name
+	// Xdisplay is the X display name.
 	Xdisplay Item = C.PAM_XDISPLAY
 	// Xauthdata is the X server authentication data.
 	Xauthdata Item = C.PAM_XAUTHDATA
-	// AuthtokType is the type for pam_get_authtok
+	// AuthtokType is the type for pam_get_authtok.
 	AuthtokType Item = C.PAM_AUTHTOK_TYPE
 )