Upgraded linter to 1.40.1 (#1072)

* tools: upgraded linter to 1.40.1

* lint: fixed nolintlint vionlations

* lint: disabled tagliatele linter

* lint: fixed remaining warnings

.golangci.yml

@@ -50,6 +50,10 @@ linters:
   enable-all: true
   disable:
     - maligned
+    - tagliatelle
+    - golint
+    - interfacer
+    - scopelint
     - prealloc
     - gochecknoglobals
     - gochecknoinits
@@ -78,6 +82,7 @@ issues:
       - nestif
       - wrapcheck
       - nolintlint
+      - forcetypeassert
     - text: "Magic number: 1e"
       linters:
       - gomnd

Makefile

@@ -59,6 +59,10 @@ lint: $(linter)
 lint-and-log: $(linter)
 	$(linter) --deadline $(LINTER_DEADLINE) run $(linter_flags) | tee .linterr.txt
 
+lint-all: $(linter)
+	GOOS=windows $(linter) --deadline $(LINTER_DEADLINE) run $(linter_flags)
+	GOOS=linux $(linter) --deadline $(LINTER_DEADLINE) run $(linter_flags)
+	GOOS=darwin $(linter) --deadline $(LINTER_DEADLINE) run $(linter_flags)
 
 vet:
 	go vet -all .

cli/app.go

@@ -314,6 +314,7 @@ func assertDirectRepository(act func(ctx context.Context, rep repo.DirectReposit
 
 func (c *App) directRepositoryWriteAction(act func(ctx context.Context, rep repo.DirectRepositoryWriter) error) func(ctx *kingpin.ParseContext) error {
 	return c.maybeRepositoryAction(assertDirectRepository(func(ctx context.Context, rep repo.DirectRepository) error {
+		// nolint:wrapcheck
 		return repo.DirectWriteSession(ctx, rep, repo.WriteSessionOptions{
 			Purpose:  "directRepositoryWriteAction",
 			OnUpload: c.progress.UploadedBytes,
@@ -344,6 +345,7 @@ func (c *App) repositoryReaderAction(act func(ctx context.Context, rep repo.Repo
 
 func (c *App) repositoryWriterAction(act func(ctx context.Context, rep repo.RepositoryWriter) error) func(ctx *kingpin.ParseContext) error {
 	return c.maybeRepositoryAction(func(ctx context.Context, rep repo.Repository) error {
+		// nolint:wrapcheck
 		return repo.WriteSession(ctx, rep, repo.WriteSessionOptions{
 			Purpose:  "repositoryWriterAction",
 			OnUpload: c.progress.UploadedBytes,
@@ -430,6 +432,7 @@ func (c *App) maybeRunMaintenance(ctx context.Context, rep repo.Repository) erro
 		Purpose:  "maybeRunMaintenance",
 		OnUpload: c.progress.UploadedBytes,
 	}, func(w repo.DirectRepositoryWriter) error {
+		// nolint:wrapcheck
 		return snapshotmaintenance.Run(ctx, w, maintenance.ModeAuto, false, maintenance.SafetyFull)
 	})
 

cli/auto_upgrade.go

@@ -27,6 +27,7 @@ func maybeAutoUpgradeRepository(ctx context.Context, r repo.Repository) error {
 
 	log(ctx).Debugf("Setting default maintenance parameters...")
 
+	// nolint:wrapcheck
 	return repo.DirectWriteSession(ctx, dr, repo.WriteSessionOptions{
 		Purpose: "setDefaultMaintenanceParameters",
 	}, func(w repo.DirectRepositoryWriter) error {

cli/command_acl_add.go

@@ -47,5 +47,5 @@ func (c *commandACLAdd) run(ctx context.Context, rep repo.RepositoryWriter) erro
 		Access: al,
 	}
 
-	return acl.AddACL(ctx, rep, e)
+	return errors.Wrap(acl.AddACL(ctx, rep, e), "error adding ACL entry")
 }

cli/command_benchmark_compression.go

@@ -126,7 +126,7 @@ type benchResult struct {
 
 func hashOf(b []byte) uint64 {
 	h := fnv.New64a()
-	h.Write(b) //nolint:errcheck
+	h.Write(b)
 
 	return h.Sum64()
 }

cli/command_blob_list.go

@@ -32,6 +32,7 @@ func (c *commandBlobList) run(ctx context.Context, rep repo.DirectRepository) er
 	jl.begin(&c.jo)
 	defer jl.end()
 
+	// nolint:wrapcheck
 	return rep.BlobReader().ListBlobs(ctx, blob.ID(c.blobListPrefix), func(b blob.Metadata) error {
 		if c.blobListMaxSize != 0 && b.Length > c.blobListMaxSize {
 			return nil
@@ -46,6 +47,7 @@ func (c *commandBlobList) run(ctx context.Context, rep repo.DirectRepository) er
 		} else {
 			c.out.printStdout("%-70v %10v %v\n", b.BlobID, b.Length, formatTimestamp(b.Timestamp))
 		}
+
 		return nil
 	})
 }

cli/command_cache_clear.go

@@ -52,6 +52,7 @@ func clearCacheDirectory(ctx context.Context, d string) error {
 	log(ctx).Infof("Clearing cache directory: %v.", d)
 
 	err := retry.WithExponentialBackoffNoValue(ctx, "delete cache", func() error {
+		// nolint:wrapcheck
 		return os.RemoveAll(d)
 	}, retry.Always)
 	if err != nil {

cli/command_cache_set.go

@@ -68,5 +68,6 @@ func (c *commandCacheSetParams) run(ctx context.Context, rep repo.RepositoryWrit
 		return errors.Errorf("no changes")
 	}
 
+	// nolint:wrapcheck
 	return repo.SetCachingOptions(ctx, c.svc.repositoryConfigFileName(), opts)
 }

cli/command_cache_sync.go

@@ -14,5 +14,6 @@ func (c *commandCacheSync) setup(svc appServices, parent commandParent) {
 }
 
 func (c *commandCacheSync) run(ctx context.Context, rep repo.DirectRepositoryWriter) error {
+	// nolint:wrapcheck
 	return rep.ContentManager().SyncMetadataCache(ctx)
 }

cli/command_content_rewrite.go

@@ -41,6 +41,7 @@ func (c *commandContentRewrite) setup(svc appServices, parent commandParent) {
 func (c *commandContentRewrite) runContentRewriteCommand(ctx context.Context, rep repo.DirectRepositoryWriter) error {
 	c.svc.advancedCommand(ctx)
 
+	// nolint:wrapcheck
 	return maintenance.RewriteContents(ctx, rep, &maintenance.RewriteContentsOptions{
 		ContentIDRange: c.contentRange.contentIDRange(),
 		ContentIDs:     toContentIDs(c.contentRewriteIDs),

cli/command_diff.go

@@ -63,7 +63,7 @@ func (c *commandDiff) run(ctx context.Context, rep repo.Repository) error {
 	}
 
 	if isDir1 {
-		return d.Compare(ctx, ent1, ent2)
+		return errors.Wrap(d.Compare(ctx, ent1, ent2), "error comparing directories")
 	}
 
 	return errors.New("comparing files not implemented yet")

cli/command_index_optimize.go

@@ -41,5 +41,6 @@ func (c *commandIndexOptimize) runOptimizeCommand(ctx context.Context, rep repo.
 		opt.DropDeletedBefore = rep.Time().Add(-age)
 	}
 
+	// nolint:wrapcheck
 	return rep.ContentManager().CompactIndexes(ctx, opt)
 }

cli/command_maintenance_run.go

@@ -29,5 +29,6 @@ func (c *commandMaintenanceRun) run(ctx context.Context, rep repo.DirectReposito
 		mode = maintenance.ModeFull
 	}
 
+	// nolint:wrapcheck
 	return snapshotmaintenance.Run(ctx, rep, mode, c.maintenanceRunForce, c.safety)
 }

cli/command_mount.go

@@ -65,9 +65,11 @@ func (c *commandMount) run(ctx context.Context, rep repo.Repository) error {
 	}
 
 	if c.mountTraceFS {
+		// nolint:forcetypeassert
 		entry = loggingfs.Wrap(entry, log(ctx).Debugf).(fs.Directory)
 	}
 
+	// nolint:forcetypeassert
 	entry = cachefs.Wrap(entry, c.newFSCache()).(fs.Directory)
 
 	ctrl, mountErr := mount.Directory(ctx, entry, c.mountPoint,

cli/command_policy_edit.go

@@ -90,6 +90,7 @@ func (c *commandPolicyEdit) run(ctx context.Context, rep repo.RepositoryWriter)
 			updated = &policy.Policy{}
 			d := json.NewDecoder(bytes.NewBufferString(edited))
 			d.DisallowUnknownFields()
+			// nolint:wrapcheck
 			return d.Decode(updated)
 		}); err != nil {
 			return errors.Wrap(err, "unable to launch editor")

cli/command_repository_connect.go

@@ -37,6 +37,7 @@ func (c *commandRepositoryConnect) setup(svc advancedAppServices, parent command
 				return errors.Wrap(err, "can't connect to storage")
 			}
 
+			// nolint:wrapcheck
 			return svc.runConnectCommandWithStorage(ctx, &c.co, st)
 		})
 	}

cli/command_repository_connect_from_config.go

@@ -46,6 +46,7 @@ func (c *storageFromConfigFlags) connectToStorageFromConfigFile(ctx context.Cont
 		return nil, errors.Wrap(err, "unable to open config")
 	}
 
+	// nolint:wrapcheck
 	return blob.NewStorage(ctx, *cfg.Storage)
 }
 
@@ -59,5 +60,6 @@ func (c *storageFromConfigFlags) connectToStorageFromConfigToken(ctx context.Con
 		c.sps.setPasswordFromToken(pass)
 	}
 
+	// nolint:wrapcheck
 	return blob.NewStorage(ctx, ci)
 }

cli/command_repository_create.go

@@ -77,7 +77,6 @@ func (c *commandRepositoryCreate) ensureEmpty(ctx context.Context, s blob.Storag
 	hasDataError := errors.Errorf("has data")
 
 	err := s.ListBlobs(ctx, "", func(cb blob.Metadata) error {
-		// nolint:wrapcheck
 		return hasDataError
 	})
 
@@ -128,6 +127,7 @@ func (c *commandRepositoryCreate) populateRepository(ctx context.Context, passwo
 	}
 	defer rep.Close(ctx) //nolint:errcheck
 
+	// nolint:wrapcheck
 	return repo.WriteSession(ctx, rep, repo.WriteSessionOptions{
 		Purpose: "populateRepository",
 	}, func(w repo.RepositoryWriter) error {

cli/command_repository_repair.go

@@ -88,7 +88,6 @@ func (c *commandRepositoryRepair) recoverFormatBlob(ctx context.Context, st blob
 
 				log(ctx).Infof("recovered replica block from %v", bi.BlobID)
 
-				// nolint:wrapcheck
 				return errSuccess
 			}
 

cli/command_repository_set_client.go

@@ -83,5 +83,6 @@ func (c *commandRepositorySetClient) run(ctx context.Context, rep repo.Repositor
 		return errors.Errorf("no changes")
 	}
 
+	// nolint:wrapcheck
 	return repo.SetClientOptions(ctx, c.svc.repositoryConfigFileName(), opt)
 }

cli/command_repository_status.go

@@ -94,7 +94,7 @@ func (c *commandRepositoryStatus) run(ctx context.Context, rep repo.Repository)
 func scanCacheDir(dirname string) (fileCount int, totalFileLength int64, err error) {
 	entries, err := ioutil.ReadDir(dirname)
 	if err != nil {
-		return 0, 0, nil
+		return 0, 0, errors.Wrap(err, "unable to read cache directory")
 	}
 
 	for _, e := range entries {

cli/command_repository_sync.go

@@ -344,7 +344,7 @@ func (c *commandRepositorySyncTo) ensureRepositoriesHaveSameFormatBlob(ctx conte
 				return errors.Errorf("destination repository does not have a format blob")
 			}
 
-			return dst.PutBlob(ctx, repo.FormatBlobID, gather.FromSlice(srcData))
+			return errors.Wrap(dst.PutBlob(ctx, repo.FormatBlobID, gather.FromSlice(srcData)), "error saving format blob")
 		}
 
 		return errors.Wrap(err, "error reading destination repository format blob")

cli/command_repository_upgrade.go

@@ -14,5 +14,6 @@ func (c *commandRepositoryUpgrade) setup(svc appServices, parent commandParent)
 }
 
 func (c *commandRepositoryUpgrade) run(ctx context.Context, rep repo.DirectRepositoryWriter) error {
+	// nolint:wrapcheck
 	return rep.Upgrade(ctx)
 }

cli/command_server_cancel.go

@@ -18,5 +18,6 @@ func (c *commandServerCancel) setup(svc appServices, parent commandParent) {
 }
 
 func (c *commandServerCancel) runServerCancelUpload(ctx context.Context, cli *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return cli.Post(ctx, "sources/cancel", &serverapi.Empty{}, &serverapi.Empty{})
 }

cli/command_server_flush.go

@@ -18,5 +18,6 @@ func (c *commandServerFlush) setup(svc appServices, parent commandParent) {
 }
 
 func (c *commandServerFlush) run(ctx context.Context, cli *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return cli.Post(ctx, "flush", &serverapi.Empty{}, &serverapi.Empty{})
 }

cli/command_server_pause.go

@@ -18,5 +18,6 @@ func (c *commandServerPause) setup(svc appServices, parent commandParent) {
 }
 
 func runServerPause(ctx context.Context, cli *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return cli.Post(ctx, "sources/pause", &serverapi.Empty{}, &serverapi.Empty{})
 }

cli/command_server_refresh.go

@@ -18,5 +18,6 @@ func (c *commandServerRefresh) setup(svc appServices, parent commandParent) {
 }
 
 func (c *commandServerRefresh) run(ctx context.Context, cli *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return cli.Post(ctx, "refresh", &serverapi.Empty{}, &serverapi.Empty{})
 }

cli/command_server_resume.go

@@ -18,5 +18,6 @@ func (c *commandServerResume) setup(svc appServices, parent commandParent) {
 }
 
 func (c *commandServerResume) run(ctx context.Context, cli *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return cli.Post(ctx, "sources/resume", &serverapi.Empty{}, &serverapi.Empty{})
 }

cli/command_server_start.go

@@ -186,7 +186,7 @@ func (c *commandServerStart) run(ctx context.Context, rep repo.Repository) error
 		return err
 	}
 
-	return srv.SetRepository(ctx, nil)
+	return errors.Wrap(srv.SetRepository(ctx, nil), "error setting active repository")
 }
 
 func initPrometheus(mux *http.ServeMux) error {

cli/command_server_tls.go

@@ -24,11 +24,13 @@
 const oneDay = 24 * time.Hour
 
 func (c *commandServerStart) generateServerCertificate(ctx context.Context) (*x509.Certificate, *rsa.PrivateKey, error) {
-	return tlsutil.GenerateServerCertificate(
+	cert, key, err := tlsutil.GenerateServerCertificate(
 		ctx,
 		c.serverStartTLSGenerateRSAKeySize,
 		time.Duration(c.serverStartTLSGenerateCertValidDays)*oneDay,
 		c.serverStartTLSGenerateCertNames)
+
+	return cert, key, errors.Wrap(err, "error generating server certificate")
 }
 
 func (c *commandServerStart) startServerWithOptionalTLS(ctx context.Context, httpServer *http.Server) error {
@@ -90,7 +92,7 @@ func (c *commandServerStart) startServerWithOptionalTLSAndListener(ctx context.C
 		fmt.Fprintf(c.out.stderr(), "SERVER ADDRESS: https://%v\n", httpServer.Addr)
 		c.showServerUIPrompt(ctx)
 
-		return httpServer.ServeTLS(listener, c.serverStartTLSCertFile, c.serverStartTLSKeyFile)
+		return errors.Wrap(httpServer.ServeTLS(listener, c.serverStartTLSCertFile, c.serverStartTLSKeyFile), "error starting TLS server")
 
 	case c.serverStartTLSGenerateCert:
 		// PEM files not provided, generate in-memory TLS cert/key but don't persit.
@@ -126,7 +128,7 @@ func (c *commandServerStart) startServerWithOptionalTLSAndListener(ctx context.C
 		fmt.Fprintf(c.out.stderr(), "SERVER ADDRESS: https://%v\n", httpServer.Addr)
 		c.showServerUIPrompt(ctx)
 
-		return httpServer.ServeTLS(listener, "", "")
+		return errors.Wrap(httpServer.ServeTLS(listener, "", ""), "error starting TLS server")
 
 	default:
 		if !c.serverStartInsecure {
@@ -136,7 +138,7 @@ func (c *commandServerStart) startServerWithOptionalTLSAndListener(ctx context.C
 		fmt.Fprintf(c.out.stderr(), "SERVER ADDRESS: http://%v\n", httpServer.Addr)
 		c.showServerUIPrompt(ctx)
 
-		return httpServer.Serve(listener)
+		return errors.Wrap(httpServer.Serve(listener), "error starting server")
 	}
 }
 

cli/command_snapshot_create.go

@@ -212,6 +212,7 @@ func parseTimestamp(timestamp string) (time.Time, error) {
 		return time.Time{}, nil
 	}
 
+	// nolint:wrapcheck
 	return time.Parse(timeFormat, timestamp)
 }
 

cli/command_snapshot_delete.go

@@ -54,7 +54,7 @@ func (c *commandSnapshotDelete) deleteSnapshot(ctx context.Context, rep repo.Rep
 
 	log(ctx).Infof("Deleting %v...", desc)
 
-	return rep.DeleteManifest(ctx, m.ID)
+	return errors.Wrap(rep.DeleteManifest(ctx, m.ID), "error deleting manifest")
 }
 
 func (c *commandSnapshotDelete) deleteSnapshotsByRootObjectID(ctx context.Context, rep repo.RepositoryWriter, rootID object.ID) error {

cli/command_snapshot_expire.go

@@ -28,6 +28,7 @@ func (c *commandSnapshotExpire) setup(svc appServices, parent commandParent) {
 
 func (c *commandSnapshotExpire) getSnapshotSourcesToExpire(ctx context.Context, rep repo.Repository) ([]snapshot.SourceInfo, error) {
 	if c.snapshotExpireAll {
+		// nolint:wrapcheck
 		return snapshot.ListSources(ctx, rep)
 	}
 

cli/command_snapshot_migrate.go

@@ -195,7 +195,7 @@ func (c *commandSnapshotMigrate) migrateSinglePolicy(ctx context.Context, source
 
 	log(ctx).Infof("migrating policy for %v", si)
 
-	return policy.SetPolicy(ctx, destRepo, si, pol)
+	return errors.Wrap(policy.SetPolicy(ctx, destRepo, si, pol), "error setting policy")
 }
 
 func (c *commandSnapshotMigrate) findPreviousSnapshotManifestWithStartTime(ctx context.Context, rep repo.Repository, sourceInfo snapshot.SourceInfo, startTime time.Time) (*snapshot.Manifest, error) {
@@ -314,6 +314,7 @@ func (c *commandSnapshotMigrate) getSourcesToMigrate(ctx context.Context, rep re
 	}
 
 	if c.migrateAll {
+		// nolint:wrapcheck
 		return snapshot.ListSources(ctx, rep)
 	}
 

cli/command_snapshot_verify.go

@@ -303,5 +303,6 @@ func (c *commandSnapshotVerify) loadSourceManifests(ctx context.Context, rep rep
 		}
 	}
 
+	// nolint:wrapcheck
 	return snapshot.LoadSnapshots(ctx, rep, manifestIDs)
 }

cli/config.go

@@ -87,6 +87,7 @@ func resolveSymlink(path string) (string, error) {
 		return path, nil
 	}
 
+	// nolint:wrapcheck
 	return filepath.EvalSymlinks(path)
 }
 

cli/storage_azure.go

@@ -23,5 +23,6 @@ func (c *storageAzureFlags) setup(_ storageProviderServices, cmd *kingpin.CmdCla
 }
 
 func (c *storageAzureFlags) connect(ctx context.Context, isNew bool) (blob.Storage, error) {
+	// nolint:wrapcheck
 	return azure.New(ctx, &c.azOptions)
 }

cli/storage_b2.go

@@ -23,5 +23,6 @@ func (c *storageB2Flags) setup(_ storageProviderServices, cmd *kingpin.CmdClause
 }
 
 func (c *storageB2Flags) connect(ctx context.Context, isNew bool) (blob.Storage, error) {
+	// nolint:wrapcheck
 	return b2.New(ctx, &c.b2options)
 }

cli/storage_filesystem.go

@@ -70,6 +70,7 @@ func (c *storageFilesystemFlags) connect(ctx context.Context, isNew bool) (blob.
 		}
 	}
 
+	// nolint:wrapcheck
 	return filesystem.New(ctx, &fso)
 }
 

cli/storage_gcs.go

@@ -39,5 +39,6 @@ func (c *storageGCSFlags) connect(ctx context.Context, isNew bool) (blob.Storage
 		c.options.ServiceAccountCredentialsFile = ""
 	}
 
+	// nolint:wrapcheck
 	return gcs.New(ctx, &c.options)
 }

cli/storage_rclone.go

@@ -40,5 +40,6 @@ func (c *storageRcloneFlags) connect(ctx context.Context, isNew bool) (blob.Stor
 		c.opt.EmbeddedConfig = string(cfg)
 	}
 
+	// nolint:wrapcheck
 	return rclone.New(ctx, &c.opt)
 }

cli/storage_s3.go

@@ -28,5 +28,6 @@ func (c *storageS3Flags) setup(_ storageProviderServices, cmd *kingpin.CmdClause
 }
 
 func (c *storageS3Flags) connect(ctx context.Context, isNew bool) (blob.Storage, error) {
+	// nolint:wrapcheck
 	return s3.New(ctx, &c.s3options)
 }

cli/storage_sftp.go

@@ -71,5 +71,6 @@ func (c *storageSFTPFlags) connect(ctx context.Context, isNew bool) (blob.Storag
 		sftpo.DirectoryShards = []int{}
 	}
 
+	// nolint:wrapcheck
 	return sftp.New(ctx, &sftpo)
 }

cli/storage_webdav.go

@@ -38,5 +38,6 @@ func (c *storageWebDAVFlags) connect(ctx context.Context, isNew bool) (blob.Stor
 		wo.DirectoryShards = []int{}
 	}
 
+	// nolint:wrapcheck
 	return webdav.New(ctx, &wo)
 }

cli/update_check.go

@@ -61,7 +61,7 @@ func (c *App) writeUpdateState(us *updateState) error {
 		return errors.Wrap(err, "unable to marshal JSON")
 	}
 
-	return atomicfile.Write(c.updateStateFilename(), &buf)
+	return errors.Wrap(atomicfile.Write(c.updateStateFilename(), &buf), "error writing update state")
 }
 
 func (c *App) removeUpdateState() {

fs/cachefs/cache.go

@@ -89,6 +89,7 @@ func (c *Cache) Readdir(ctx context.Context, d fs.Directory) (fs.Entries, error)
 		return c.getEntries(ctx, cacheID, dirCacheExpiration, d.Readdir)
 	}
 
+	// nolint:wrapcheck
 	return d.Readdir(ctx)
 }
 

fs/entry.go

@@ -88,7 +88,6 @@ func ReadDirAndFindChild(ctx context.Context, d Directory, name string) (Entry,
 
 	e := children.FindByName(name)
 	if e == nil {
-		// nolint:wrapcheck
 		return nil, ErrEntryNotFound
 	}
 

fs/localfs/local_fs.go

@@ -242,6 +242,7 @@ func (fsf *filesystemFile) Open(ctx context.Context) (fs.Reader, error) {
 }
 
 func (fsl *filesystemSymlink) Readlink(ctx context.Context) (string, error) {
+	// nolint:wrapcheck
 	return os.Readlink(fsl.fullPath())
 }
 

fs/virtualfs/virtualfs.go

@@ -69,6 +69,7 @@ type staticDirectory struct {
 
 // Child gets the named child of a directory.
 func (sd *staticDirectory) Child(ctx context.Context, name string) (fs.Entry, error) {
+	// nolint:wrapcheck
 	return fs.ReadDirAndFindChild(ctx, sd, name)
 }
 

internal/acl/access_level.go

@@ -43,6 +43,7 @@ func (a AccessLevel) MarshalJSON() ([]byte, error) {
 		return nil, errors.Errorf("Invalid access level: %v", a)
 	}
 
+	// nolint:wrapcheck
 	return json.Marshal(j)
 }
 

internal/apiclient/apiclient.go

@@ -183,6 +183,7 @@ type basicAuthTransport struct {
 func (t basicAuthTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	req.SetBasicAuth(t.username, t.password)
 
+	// nolint:wrapcheck
 	return t.base.RoundTrip(req)
 }
 

internal/atomicfile/atomicfile.go

@@ -50,5 +50,6 @@ func MaybePrefixLongFilenameOnWindows(fname string) string {
 
 // Write is a wrapper around atomic.WriteFile that handles long file names on Windows.
 func Write(filename string, r io.Reader) error {
+	// nolint:wrapcheck
 	return atomic.WriteFile(MaybePrefixLongFilenameOnWindows(filename), r)
 }

internal/auth/authn.go

@@ -80,7 +80,7 @@ func (a htpasswdAuthenticator) IsValid(ctx context.Context, rep repo.Repository,
 }
 
 func (a htpasswdAuthenticator) Refresh(ctx context.Context) error {
-	return a.f.Reload(nil)
+	return errors.Wrap(a.f.Reload(nil), "error reloading password file")
 }
 
 // AuthenticateHtpasswdFile returns an authenticator that accepts users in the provided htpasswd file.

internal/cache/persistent_lru_cache.go

@@ -197,7 +197,7 @@ func (c *PersistentCache) sweepDirectory(ctx context.Context) (err error) {
 		totalRetainedSize += it.Length
 
 		if totalRetainedSize > c.maxSizeBytes {
-			oldest := heap.Pop(&h).(blob.Metadata)
+			oldest := heap.Pop(&h).(blob.Metadata) //nolint:forcetypeassert
 			if delerr := c.cacheStorage.DeleteBlob(ctx, oldest.BlobID); delerr != nil {
 				log(ctx).Errorf("unable to remove %v: %v", oldest.BlobID, delerr)
 			} else {
@@ -237,7 +237,6 @@ func NewPersistentCache(ctx context.Context, description string, cacheStorage St
 
 	// verify that cache storage is functional by listing from it
 	if err := c.cacheStorage.ListBlobs(ctx, "", func(it blob.Metadata) error {
-		// nolint:wrapcheck
 		return errGood
 	}); err != nil && !errors.Is(err, errGood) {
 		return nil, errors.Wrapf(err, "unable to open %v", c.description)

internal/cache/storage_protection.go

@@ -47,6 +47,7 @@ func (p checksumProtection) Protect(id string, b []byte) []byte {
 }
 
 func (p checksumProtection) Verify(id string, b []byte) ([]byte, error) {
+	// nolint:wrapcheck
 	return hmac.VerifyAndStrip(b, p.Secret)
 }
 
@@ -82,7 +83,12 @@ func (authenticatedEncryptionProtection) SupportsPartial() bool {
 }
 
 func (p authenticatedEncryptionProtection) Verify(id string, b []byte) ([]byte, error) {
-	return p.e.Decrypt(nil, b, p.deriveIV(id))
+	v, err := p.e.Decrypt(nil, b, p.deriveIV(id))
+	if err != nil {
+		return nil, errors.Wrap(err, "unable to decrypt cache content")
+	}
+
+	return v, nil
 }
 
 type authenticatedEncryptionProtectionKey []byte

internal/diff/diff.go

@@ -36,6 +36,7 @@ func (c *Comparer) Compare(ctx context.Context, e1, e2 fs.Entry) error {
 
 // Close removes all temporary files used by the comparer.
 func (c *Comparer) Close() error {
+	// nolint:wrapcheck
 	return os.RemoveAll(c.tmpDir)
 }
 

internal/hmac/hmac.go

@@ -11,7 +11,7 @@
 // Append computes HMAC-SHA256 checksum for a given block of bytes and appends it.
 func Append(data, secret []byte) []byte {
 	h := hmac.New(sha256.New, secret)
-	h.Write(data) // nolint:errcheck
+	h.Write(data)
 
 	return h.Sum(data)
 }
@@ -27,7 +27,7 @@ func VerifyAndStrip(b, secret []byte) ([]byte, error) {
 	signature := b[p:]
 
 	h := hmac.New(sha256.New, secret)
-	h.Write(data) // nolint:errcheck
+	h.Write(data)
 
 	var sigBuf [32]byte
 	validSignature := h.Sum(sigBuf[:0])

internal/iocopy/copy.go

@@ -18,9 +18,11 @@
 
 // Copy is equivalent to io.Copy().
 func Copy(dst io.Writer, src io.Reader) (int64, error) {
+	// nolint:forcetypeassert
 	bufPtr := bufferPool.Get().(*[]byte)
 
 	defer bufferPool.Put(bufPtr)
 
+	// nolint:wrapcheck
 	return io.CopyBuffer(dst, src, *bufPtr)
 }

internal/logfile/logfile.go

@@ -315,5 +315,6 @@ func (w *onDemandBackend) Log(level logging.Level, depth int, rec *logging.Recor
 		return errors.New("no backend")
 	}
 
+	// nolint:wrapcheck
 	return w.backend.Log(level, depth+1, rec)
 }

internal/mockfs/mockfs.go

@@ -208,6 +208,7 @@ func (imd *Directory) Subdir(name ...string) *Directory {
 			panic(fmt.Sprintf("'%s' is not a directory in '%s'", n, i.Name()))
 		}
 
+		// nolint:forcetypeassert
 		i = i2.(*Directory)
 	}
 
@@ -239,6 +240,7 @@ func (imd *Directory) OnReaddir(cb func()) {
 
 // Child gets the named child of a directory.
 func (imd *Directory) Child(ctx context.Context, name string) (fs.Entry, error) {
+	// nolint:wrapcheck
 	return fs.ReadDirAndFindChild(ctx, imd, name)
 }
 

internal/mount/mount_net_use.go

@@ -106,6 +106,7 @@ func (c netuseController) Unmount(ctx context.Context) error {
 		return errors.Wrap(err, "unable to delete drive with 'net use'")
 	}
 
+	// nolint:wrapcheck
 	return c.inner.Unmount(ctx)
 }
 

internal/mount/mount_webdav.go

@@ -74,7 +74,7 @@ type webdavController struct {
 }
 
 func (c webdavController) Unmount(ctx context.Context) error {
-	return c.s.Shutdown(ctx)
+	return errors.Wrap(c.s.Shutdown(ctx), "error shutting down webdav server")
 }
 
 func (c webdavController) MountPath() string {

internal/parallelwork/parallel_work_queue.go

@@ -67,6 +67,7 @@ func (v *Queue) Process(ctx context.Context, workers int) error {
 				select {
 				case <-ctx.Done():
 					// context canceled - some other worker returned an error.
+					// nolint:wrapcheck
 					return ctx.Err()
 
 				default:
@@ -86,6 +87,7 @@ func (v *Queue) Process(ctx context.Context, workers int) error {
 		})
 	}
 
+	// nolint:wrapcheck
 	return eg.Wait()
 }
 

internal/passwordpersist/passwordpersist_file.go

@@ -38,6 +38,7 @@ func (filePasswordStorage) PersistPassword(ctx context.Context, configFile, pass
 	fn := passwordFileName(configFile)
 	log(ctx).Debugf("Saving password to file %v.", fn)
 
+	// nolint:wrapcheck
 	return ioutil.WriteFile(fn, []byte(base64.StdEncoding.EncodeToString([]byte(password))), 0o600)
 }
 

internal/server/api_estimate.go

@@ -93,6 +93,7 @@ func (s *Server) handleEstimate(ctx context.Context, r *http.Request, body []byt
 			return errors.Wrap(err, "unable to get policy tree")
 		}
 
+		// nolint:wrapcheck
 		return snapshotfs.Estimate(estimatectx, rep, dir, policyTree, estimateTaskProgress{ctrl})
 	})
 

internal/server/api_mount.go

@@ -38,11 +38,11 @@ func (s *Server) handleMountCreate(ctx context.Context, r *http.Request, body []
 		}
 
 		if actual, loaded := s.mounts.LoadOrStore(oid, c); loaded {
-			c.Unmount(ctx) // nolint:errcheck
-			c = actual.(mount.Controller)
+			c.Unmount(ctx)                // nolint:errcheck
+			c = actual.(mount.Controller) // nolint:forcetypeassert
 		}
 	} else {
-		c = v.(mount.Controller)
+		c = v.(mount.Controller) // nolint:forcetypeassert
 	}
 
 	log(ctx).Debugf("mount for %v => %v", oid, c.MountPath())
@@ -61,7 +61,7 @@ func (s *Server) handleMountGet(ctx context.Context, r *http.Request, body []byt
 		return nil, notFoundError("mount point not found")
 	}
 
-	c := v.(mount.Controller)
+	c := v.(mount.Controller) // nolint:forcetypeassert
 
 	return &serverapi.MountedSnapshot{
 		Path: c.MountPath(),
@@ -77,7 +77,7 @@ func (s *Server) handleMountDelete(ctx context.Context, r *http.Request, body []
 		return nil, notFoundError("mount point not found")
 	}
 
-	c := v.(mount.Controller)
+	c := v.(mount.Controller) // nolint:forcetypeassert
 
 	if err := c.Unmount(ctx); err != nil {
 		return nil, internalServerError(err)
@@ -94,8 +94,8 @@ func (s *Server) handleMountList(ctx context.Context, r *http.Request, body []by
 	}
 
 	s.mounts.Range(func(key, val interface{}) bool {
-		oid := key.(object.ID)
-		c := val.(mount.Controller)
+		oid := key.(object.ID)      // nolint:forcetypeassert
+		c := val.(mount.Controller) // nolint:forcetypeassert
 
 		res.Items = append(res.Items, &serverapi.MountedSnapshot{
 			Path: c.MountPath(),
@@ -109,7 +109,7 @@ func (s *Server) handleMountList(ctx context.Context, r *http.Request, body []by
 
 func (s *Server) unmountAll(ctx context.Context) {
 	s.mounts.Range(func(key, val interface{}) bool {
-		c := val.(mount.Controller)
+		c := val.(mount.Controller) // nolint:forcetypeassert
 
 		log(ctx).Debugf("unmounting %v from %v", key, c.MountPath())
 

internal/server/api_sources.go

@@ -90,6 +90,7 @@ func (s *Server) handleSourcesCreate(ctx context.Context, r *http.Request, body
 		if err = repo.WriteSession(ctx, s.rep, repo.WriteSessionOptions{
 			Purpose: "handleSourcesCreate",
 		}, func(w repo.RepositoryWriter) error {
+			// nolint:wrapcheck
 			return policy.SetPolicy(ctx, w, sourceInfo, &req.InitialPolicy)
 		}); err != nil {
 			return nil, internalServerError(errors.Wrap(err, "unable to set initial policy"))

internal/server/grpc_session.go

@@ -99,6 +99,7 @@ func (s *Server) Session(srv grpcapi.KopiaRepository_SessionServer) error {
 		return err
 	}
 
+	// nolint:wrapcheck
 	return repo.DirectWriteSession(ctx, dr, opt, func(dw repo.DirectRepositoryWriter) error {
 		// channel to which workers will be sending errors, only holds 1 slot and sends are non-blocking.
 		lastErr := make(chan error, 1)

internal/server/server.go

@@ -194,6 +194,7 @@ func (s *Server) isAuthCookieValid(username, cookieValue string) bool {
 }
 
 func (s *Server) generateShortTermAuthCookie(username string, now time.Time) (string, error) {
+	// nolint:wrapcheck
 	return jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.StandardClaims{
 		Subject:   username,
 		NotBefore: now.Add(-time.Minute).Unix(),
@@ -510,9 +511,11 @@ func periodicMaintenanceOnce(ctx context.Context, rep repo.Repository) error {
 		return errors.Errorf("not a direct repository")
 	}
 
+	// nolint:wrapcheck
 	return repo.DirectWriteSession(ctx, dr, repo.WriteSessionOptions{
 		Purpose: "periodicMaintenanceOnce",
 	}, func(w repo.DirectRepositoryWriter) error {
+		// nolint:wrapcheck
 		return snapshotmaintenance.Run(ctx, w, maintenance.ModeAuto, false, maintenance.SafetyFull)
 	})
 }

internal/server/source_manager.go

@@ -229,6 +229,7 @@ func (s *sourceManager) snapshot(ctx context.Context) error {
 	s.server.beginUpload(ctx, s.src)
 	defer s.server.endUpload(ctx, s.src)
 
+	// nolint:wrapcheck
 	return s.server.taskmgr.Run(ctx,
 		"Snapshot",
 		fmt.Sprintf("%v at %v", s.src, clock.Now().Format(time.RFC3339)),
@@ -258,6 +259,7 @@ func (s *sourceManager) snapshotInternal(ctx context.Context, ctrl uitask.Contro
 
 	onUpload := func(int64) {}
 
+	// nolint:wrapcheck
 	return repo.WriteSession(ctx, s.server.rep, repo.WriteSessionOptions{
 		Purpose: "Source Manager Uploader",
 		OnUpload: func(numBytes int64) {

internal/serverapi/client_wrappers.go

@@ -43,21 +43,25 @@ func CancelUpload(ctx context.Context, c *apiclient.KopiaAPIClient, match *snaps
 
 // CreateRepository invokes the 'repo/create' API.
 func CreateRepository(ctx context.Context, c *apiclient.KopiaAPIClient, req *CreateRepositoryRequest) error {
+	// nolint:wrapcheck
 	return c.Post(ctx, "repo/create", req, &StatusResponse{})
 }
 
 // ConnectToRepository invokes the 'repo/connect' API.
 func ConnectToRepository(ctx context.Context, c *apiclient.KopiaAPIClient, req *ConnectRepositoryRequest) error {
+	// nolint:wrapcheck
 	return c.Post(ctx, "repo/connect", req, &StatusResponse{})
 }
 
 // DisconnectFromRepository invokes the 'repo/disconnect' API.
 func DisconnectFromRepository(ctx context.Context, c *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return c.Post(ctx, "repo/disconnect", &Empty{}, &Empty{})
 }
 
 // Shutdown invokes the 'repo/shutdown' API.
 func Shutdown(ctx context.Context, c *apiclient.KopiaAPIClient) error {
+	// nolint:wrapcheck
 	return c.Post(ctx, "shutdown", &Empty{}, &Empty{})
 }
 

internal/webdavmount/webdavmount.go

@@ -60,6 +60,7 @@ func (f *webdavFile) Read(b []byte) (int, error) {
 		return 0, err
 	}
 
+	// nolint:wrapcheck
 	return r.Read(b)
 }
 
@@ -69,6 +70,7 @@ func (f *webdavFile) Seek(offset int64, whence int) (int64, error) {
 		return 0, err
 	}
 
+	// nolint:wrapcheck
 	return r.Seek(offset, whence)
 }
 
@@ -83,6 +85,7 @@ func (f *webdavFile) Close() error {
 	f.mu.Unlock()
 
 	if r != nil {
+		// nolint:wrapcheck
 		return r.Close()
 	}
 

repo/api_server_repository.go

@@ -58,6 +58,7 @@ func (r *apiServerRepository) ClientOptions() ClientOptions {
 }
 
 func (r *apiServerRepository) OpenObject(ctx context.Context, id object.ID) (object.Reader, error) {
+	// nolint:wrapcheck
 	return object.Open(ctx, r, id)
 }
 
@@ -66,6 +67,7 @@ func (r *apiServerRepository) NewObjectWriter(ctx context.Context, opt object.Wr
 }
 
 func (r *apiServerRepository) VerifyObject(ctx context.Context, id object.ID) ([]content.ID, error) {
+	// nolint:wrapcheck
 	return object.VerifyObject(ctx, r, id)
 }
 
@@ -76,6 +78,7 @@ func (r *apiServerRepository) GetManifest(ctx context.Context, id manifest.ID, d
 		return nil, errors.Wrap(err, "GetManifest")
 	}
 
+	// nolint:wrapcheck
 	return mm.Metadata, json.Unmarshal(mm.Payload, data)
 }
 
@@ -162,6 +165,7 @@ func (r *apiServerRepository) ContentInfo(ctx context.Context, contentID content
 }
 
 func (r *apiServerRepository) GetContent(ctx context.Context, contentID content.ID) ([]byte, error) {
+	// nolint:wrapcheck
 	return r.contentCache.GetOrLoad(ctx, string(contentID), func() ([]byte, error) {
 		var result []byte
 

repo/blob/azure/azure_storage.go

@@ -55,6 +55,7 @@ func (az *azStorage) GetBlob(ctx context.Context, b blob.ID, offset, length int6
 			return nil, errors.Wrap(err, "AddReader")
 		}
 
+		// nolint:wrapcheck
 		return ioutil.ReadAll(throttled)
 	}
 
@@ -63,6 +64,7 @@ func (az *azStorage) GetBlob(ctx context.Context, b blob.ID, offset, length int6
 		return nil, translateError(err)
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthExactly(fetched, length)
 }
 
@@ -197,7 +199,7 @@ func (az *azStorage) DisplayName() string {
 }
 
 func (az *azStorage) Close(ctx context.Context) error {
-	return az.bucket.Close()
+	return errors.Wrap(az.bucket.Close(), "error closing bucket")
 }
 
 func toBandwidth(bytesPerSecond int) iothrottler.Bandwidth {

repo/blob/b2/b2_storage.go

@@ -74,6 +74,7 @@ func (s *b2Storage) GetBlob(ctx context.Context, id blob.ID, offset, length int6
 		return nil, translateError(err)
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthExactly(fetched, length)
 }
 

repo/blob/config.go

@@ -40,6 +40,7 @@ func (c *ConnectionInfo) UnmarshalJSON(b []byte) error {
 
 // MarshalJSON returns JSON-encoded storage configuration.
 func (c ConnectionInfo) MarshalJSON() ([]byte, error) {
+	// nolint:wrapcheck
 	return json.Marshal(struct {
 		Type string      `json:"type"`
 		Data interface{} `json:"config"`

repo/blob/filesystem/filesystem_storage.go

@@ -84,6 +84,7 @@ func (fs *fsImpl) GetBlobFromPath(ctx context.Context, dirPath, path string, off
 		defer f.Close() //nolint:errcheck,gosec
 
 		if length < 0 {
+			// nolint:wrapcheck
 			return ioutil.ReadAll(f)
 		}
 
@@ -104,7 +105,6 @@ func (fs *fsImpl) GetBlobFromPath(ctx context.Context, dirPath, path string, off
 					// this sometimes fails on macOS for unknown reasons, likely a bug in the filesystem
 					// retry deals with this transient state.
 					// see see https://github.com/kopia/kopia/issues/299
-					// nolint:wrapcheck
 					return nil, errRetriableInvalidLength
 				}
 			}
@@ -123,6 +123,7 @@ func (fs *fsImpl) GetBlobFromPath(ctx context.Context, dirPath, path string, off
 		return nil, err
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthExactly(val.([]byte), length)
 }
 
@@ -144,6 +145,7 @@ func (fs *fsImpl) GetMetadataFromPath(ctx context.Context, dirPath, path string)
 }
 
 func (fs *fsImpl) PutBlobInPath(ctx context.Context, dirPath, path string, data blob.Bytes) error {
+	// nolint:wrapcheck
 	return retry.WithExponentialBackoffNoValue(ctx, "PutBlobInPath:"+path, func() error {
 		randSuffix := make([]byte, 8)
 		if _, err := rand.Read(randSuffix); err != nil {
@@ -194,6 +196,7 @@ func (fs *fsImpl) createTempFileAndDir(tempFile string) (*os.File, error) {
 			return nil, errors.Wrap(err, "cannot create directory")
 		}
 
+		// nolint:wrapcheck
 		return os.OpenFile(tempFile, flags, fs.fileMode()) //nolint:gosec
 	}
 
@@ -202,6 +205,7 @@ func (fs *fsImpl) createTempFileAndDir(tempFile string) (*os.File, error) {
 }
 
 func (fs *fsImpl) DeleteBlobInPath(ctx context.Context, dirPath, path string) error {
+	// nolint:wrapcheck
 	return retry.WithExponentialBackoffNoValue(ctx, "DeleteBlobInPath:"+path, func() error {
 		err := os.Remove(path)
 		if err == nil || os.IsNotExist(err) {
@@ -231,6 +235,7 @@ func (fs *fsImpl) ReadDir(ctx context.Context, dirname string) ([]os.FileInfo, e
 func (fs *fsImpl) SetTimeInPath(ctx context.Context, dirPath, filePath string, n time.Time) error {
 	log(ctx).Debugf("updating timestamp on %v to %v", filePath, n)
 
+	// nolint:wrapcheck
 	return os.Chtimes(filePath, n, n)
 }
 
@@ -253,6 +258,7 @@ func (fs *fsStorage) TouchBlob(ctx context.Context, blobID blob.ID, threshold ti
 
 	log(ctx).Debugf("updating timestamp on %v to %v", path, n)
 
+	// nolint:wrapcheck
 	return os.Chtimes(path, n, n)
 }
 

repo/blob/gcs/gcs_storage.go

@@ -53,6 +53,7 @@ func (gcs *gcsStorage) GetBlob(ctx context.Context, b blob.ID, offset, length in
 		}
 		defer reader.Close() //nolint:errcheck
 
+		// nolint:wrapcheck
 		return ioutil.ReadAll(reader)
 	}
 
@@ -61,6 +62,7 @@ func (gcs *gcsStorage) GetBlob(ctx context.Context, b blob.ID, offset, length in
 		return nil, translateError(err)
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthExactly(fetched, length)
 }
 
@@ -174,7 +176,7 @@ func (gcs *gcsStorage) DisplayName() string {
 }
 
 func (gcs *gcsStorage) Close(ctx context.Context) error {
-	return gcs.storageClient.Close()
+	return errors.Wrap(gcs.storageClient.Close(), "error closing GCS storage")
 }
 
 func toBandwidth(bytesPerSecond int) iothrottler.Bandwidth {

repo/blob/readonly/readonly_storage.go

@@ -19,33 +19,34 @@ type readonlyStorage struct {
 }
 
 func (s readonlyStorage) GetBlob(ctx context.Context, id blob.ID, offset, length int64) ([]byte, error) {
+	// nolint:wrapcheck
 	return s.base.GetBlob(ctx, id, offset, length)
 }
 
 func (s readonlyStorage) GetMetadata(ctx context.Context, id blob.ID) (blob.Metadata, error) {
+	// nolint:wrapcheck
 	return s.base.GetMetadata(ctx, id)
 }
 
 func (s readonlyStorage) SetTime(ctx context.Context, id blob.ID, t time.Time) error {
-	// nolint:wrapcheck
 	return ErrReadonly
 }
 
 func (s readonlyStorage) PutBlob(ctx context.Context, id blob.ID, data blob.Bytes) error {
-	// nolint:wrapcheck
 	return ErrReadonly
 }
 
 func (s readonlyStorage) DeleteBlob(ctx context.Context, id blob.ID) error {
-	// nolint:wrapcheck
 	return ErrReadonly
 }
 
 func (s readonlyStorage) ListBlobs(ctx context.Context, prefix blob.ID, callback func(blob.Metadata) error) error {
+	// nolint:wrapcheck
 	return s.base.ListBlobs(ctx, prefix, callback)
 }
 
 func (s readonlyStorage) Close(ctx context.Context) error {
+	// nolint:wrapcheck
 	return s.base.Close(ctx)
 }
 

repo/blob/retrying/retrying_storage.go

@@ -18,6 +18,7 @@ type retryingStorage struct {
 
 func (s retryingStorage) GetBlob(ctx context.Context, id blob.ID, offset, length int64) ([]byte, error) {
 	v, err := retry.WithExponentialBackoff(ctx, fmt.Sprintf("GetBlob(%v,%v,%v)", id, offset, length), func() (interface{}, error) {
+		// nolint:wrapcheck
 		return s.Storage.GetBlob(ctx, id, offset, length)
 	}, isRetriable)
 	if err != nil {
@@ -29,6 +30,7 @@ func (s retryingStorage) GetBlob(ctx context.Context, id blob.ID, offset, length
 
 func (s retryingStorage) GetMetadata(ctx context.Context, id blob.ID) (blob.Metadata, error) {
 	v, err := retry.WithExponentialBackoff(ctx, "GetMetadata("+string(id)+")", func() (interface{}, error) {
+		// nolint:wrapcheck
 		return s.Storage.GetMetadata(ctx, id)
 	}, isRetriable)
 	if err != nil {
@@ -40,6 +42,7 @@ func (s retryingStorage) GetMetadata(ctx context.Context, id blob.ID) (blob.Meta
 
 func (s retryingStorage) SetTime(ctx context.Context, id blob.ID, t time.Time) error {
 	_, err := retry.WithExponentialBackoff(ctx, "GetMetadata("+string(id)+")", func() (interface{}, error) {
+		// nolint:wrapcheck
 		return true, s.Storage.SetTime(ctx, id, t)
 	}, isRetriable)
 
@@ -48,6 +51,7 @@ func (s retryingStorage) SetTime(ctx context.Context, id blob.ID, t time.Time) e
 
 func (s retryingStorage) PutBlob(ctx context.Context, id blob.ID, data blob.Bytes) error {
 	_, err := retry.WithExponentialBackoff(ctx, "PutBlob("+string(id)+")", func() (interface{}, error) {
+		// nolint:wrapcheck
 		return true, s.Storage.PutBlob(ctx, id, data)
 	}, isRetriable)
 
@@ -56,6 +60,7 @@ func (s retryingStorage) PutBlob(ctx context.Context, id blob.ID, data blob.Byte
 
 func (s retryingStorage) DeleteBlob(ctx context.Context, id blob.ID) error {
 	_, err := retry.WithExponentialBackoff(ctx, "DeleteBlob("+string(id)+")", func() (interface{}, error) {
+		// nolint:wrapcheck
 		return true, s.Storage.DeleteBlob(ctx, id)
 	}, isRetriable)
 

repo/blob/s3/s3_storage.go

@@ -75,6 +75,7 @@ func (s *s3Storage) GetBlob(ctx context.Context, b blob.ID, offset, length int64
 		return nil, translateError(err)
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthExactly(fetched, length)
 }
 

repo/blob/sftp/sftp_storage.go

@@ -62,6 +62,7 @@ func (s *sftpImpl) GetBlobFromPath(ctx context.Context, dirPath, fullPath string
 
 	if length < 0 {
 		// read entire blob
+		// nolint:wrapcheck
 		return ioutil.ReadAll(r)
 	}
 
@@ -86,6 +87,7 @@ func (s *sftpImpl) GetBlobFromPath(ctx context.Context, dirPath, fullPath string
 		return nil, errors.Wrap(err, "read error")
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthExactly(b, length)
 }
 
@@ -139,6 +141,7 @@ func (s *sftpImpl) PutBlobInPath(ctx context.Context, dirPath, fullPath string,
 }
 
 func (s *sftpImpl) SetTimeInPath(ctx context.Context, dirPath, fullPath string, n time.Time) error {
+	// nolint:wrapcheck
 	return s.cli.Chtimes(fullPath, n, n)
 }
 
@@ -152,6 +155,7 @@ func (s *sftpImpl) createTempFileAndDir(tempFile string) (*sftp.File, error) {
 			return nil, errors.Wrap(err, "cannot create directory")
 		}
 
+		// nolint:wrapcheck
 		return s.cli.OpenFile(tempFile, flags)
 	}
 
@@ -180,6 +184,7 @@ func (s *sftpImpl) DeleteBlobInPath(ctx context.Context, dirPath, fullPath strin
 }
 
 func (s *sftpImpl) ReadDir(ctx context.Context, dirname string) ([]os.FileInfo, error) {
+	// nolint:wrapcheck
 	return s.cli.ReadDir(dirname)
 }
 
@@ -236,9 +241,11 @@ func getHostKeyCallback(opt *Options) (ssh.HostKeyCallback, error) {
 		// this file is no longer needed after `knownhosts.New` returns, so we can delete it.
 		defer os.Remove(tmpFile) // nolint:errcheck
 
+		// nolint:wrapcheck
 		return knownhosts.New(tmpFile)
 	}
 
+	// nolint:wrapcheck
 	return knownhosts.New(opt.knownHostsFile())
 }
 

repo/blob/sharded/sharded.go

@@ -37,6 +37,8 @@ type Storage struct {
 // GetBlob implements blob.Storage.
 func (s Storage) GetBlob(ctx context.Context, blobID blob.ID, offset, length int64) ([]byte, error) {
 	dirPath, filePath := s.GetShardedPathAndFilePath(blobID)
+
+	// nolint:wrapcheck
 	return s.Impl.GetBlobFromPath(ctx, dirPath, filePath, offset, length)
 }
 
@@ -112,6 +114,7 @@ func (s Storage) GetMetadata(ctx context.Context, blobID blob.ID) (blob.Metadata
 func (s Storage) PutBlob(ctx context.Context, blobID blob.ID, data blob.Bytes) error {
 	dirPath, filePath := s.GetShardedPathAndFilePath(blobID)
 
+	// nolint:wrapcheck
 	return s.Impl.PutBlobInPath(ctx, dirPath, filePath, data)
 }
 
@@ -119,12 +122,15 @@ func (s Storage) PutBlob(ctx context.Context, blobID blob.ID, data blob.Bytes) e
 func (s Storage) SetTime(ctx context.Context, blobID blob.ID, n time.Time) error {
 	dirPath, filePath := s.GetShardedPathAndFilePath(blobID)
 
+	// nolint:wrapcheck
 	return s.Impl.SetTimeInPath(ctx, dirPath, filePath, n)
 }
 
 // DeleteBlob implements blob.Storage.
 func (s Storage) DeleteBlob(ctx context.Context, blobID blob.ID) error {
 	dirPath, filePath := s.GetShardedPathAndFilePath(blobID)
+
+	// nolint:wrapcheck
 	return s.Impl.DeleteBlobInPath(ctx, dirPath, filePath)
 }
 

repo/blob/storage.go

@@ -109,6 +109,7 @@ func ListAllBlobs(ctx context.Context, st Storage, prefix ID) ([]Metadata, error
 // IterateAllPrefixesInParallel invokes the provided callback and returns the first error returned by the callback or nil.
 func IterateAllPrefixesInParallel(ctx context.Context, parallelism int, st Storage, prefixes []ID, callback func(Metadata) error) error {
 	if len(prefixes) == 1 {
+		// nolint:wrapcheck
 		return st.ListBlobs(ctx, prefixes[0], callback)
 	}
 

repo/blob/webdav/webdav_storage.go

@@ -56,6 +56,7 @@ func (d *davStorageImpl) GetBlobFromPath(ctx context.Context, dirPath, path stri
 		return nil, errors.Wrap(blob.ErrInvalidRange, "invalid offset")
 	}
 
+	// nolint:wrapcheck
 	return blob.EnsureLengthAndTruncate(data[offset:], length)
 }
 
@@ -118,12 +119,15 @@ func (d *davStorageImpl) PutBlobInPath(ctx context.Context, dirPath, filePath st
 
 	b := buf.Bytes()
 
+	// nolint:wrapcheck
 	return retry.WithExponentialBackoffNoValue(ctx, "WriteTemporaryFileAndCreateParentDirs", func() error {
 		mkdirAttempted := false
 
 		for {
+			// nolint:wrapcheck
 			err := d.translateError(d.cli.Write(tmpPath, b, defaultFilePerm))
 			if err == nil {
+				// nolint:wrapcheck
 				return d.cli.Rename(tmpPath, filePath, true)
 			}
 
@@ -152,6 +156,7 @@ func (d *davStorageImpl) SetTimeInPath(ctx context.Context, dirPath, filePath st
 
 func (d *davStorageImpl) DeleteBlobInPath(ctx context.Context, dirPath, filePath string) error {
 	return d.translateError(retry.WithExponentialBackoffNoValue(ctx, "DeleteBlobInPath", func() error {
+		// nolint:wrapcheck
 		return d.cli.Remove(filePath)
 	}, isRetriable))
 }

repo/caching.go

@@ -55,8 +55,8 @@ func setupCachingOptionsWithDefaults(ctx context.Context, configPath string, lc
 		}
 
 		h := sha256.New()
-		h.Write(uniqueID)           //nolint:errcheck
-		h.Write([]byte(configPath)) //nolint:errcheck
+		h.Write(uniqueID)
+		h.Write([]byte(configPath))
 		lc.Caching.CacheDirectory = filepath.Join(cacheDir, "kopia", hex.EncodeToString(h.Sum(nil))[0:16])
 	} else {
 		d, err := filepath.Abs(opt.CacheDirectory)

repo/compression/compressor_gzip.go

@@ -41,6 +41,7 @@ func (c *gzipCompressor) Compress(output *bytes.Buffer, input []byte) error {
 		return errors.Wrap(err, "unable to write header")
 	}
 
+	// nolint:forcetypeassert
 	w := c.pool.Get().(*gzip.Writer)
 	defer c.pool.Put(w)
 

repo/compression/compressor_pgzip.go

@@ -41,6 +41,7 @@ func (c *pgzipCompressor) Compress(output *bytes.Buffer, input []byte) error {
 		return errors.Wrap(err, "unable to write header")
 	}
 
+	// nolint:forcetypeassert
 	w := c.pool.Get().(*pgzip.Writer)
 	defer c.pool.Put(w)
 

repo/compression/compressor_s2.go

@@ -45,6 +45,7 @@ func (c *s2Compressor) Compress(output *bytes.Buffer, input []byte) error {
 		return errors.Wrap(err, "unable to write header")
 	}
 
+	// nolint:forcetypeassert
 	w := c.pool.Get().(*s2.Writer)
 	defer c.pool.Put(w)
 

repo/compression/compressor_zstd.go

@@ -42,6 +42,7 @@ func (c *zstdCompressor) Compress(output *bytes.Buffer, input []byte) error {
 		return errors.Wrap(err, "unable to write header")
 	}
 
+	// nolint:forcetypeassert
 	w := c.pool.Get().(*zstd.Encoder)
 	defer c.pool.Put(w)
 

repo/connect.go

@@ -31,7 +31,6 @@ func Connect(ctx context.Context, configFile string, st blob.Storage, password s
 	formatBytes, err := st.GetBlob(ctx, FormatBlobID, 0, -1)
 	if err != nil {
 		if errors.Is(err, blob.ErrBlobNotFound) {
-			// nolint:wrapcheck
 			return ErrRepositoryNotInitialized
 		}
 
@@ -73,7 +72,7 @@ func verifyConnect(ctx context.Context, configFile, password string) error {
 		return err
 	}
 
-	return r.Close(ctx)
+	return errors.Wrap(r.Close(ctx), "error closing repository")
 }
 
 // Disconnect removes the specified configuration file and any local cache directories.
@@ -98,6 +97,7 @@ func Disconnect(ctx context.Context, configFile string) error {
 		log(ctx).Errorf("unable to remove maintenance lock file", maintenanceLock)
 	}
 
+	// nolint:wrapcheck
 	return os.Remove(configFile)
 }
 

repo/content/blob_crypto.go

@@ -22,7 +22,12 @@ func getIndexBlobIV(s blob.ID) ([]byte, error) {
 		return nil, errors.Errorf("blob id too short: %v", s)
 	}
 
-	return hex.DecodeString(string(s[len(s)-(aes.BlockSize*2):])) //nolint:gomnd
+	v, err := hex.DecodeString(string(s[len(s)-(aes.BlockSize*2):])) //nolint:gomnd
+	if err != nil {
+		return nil, errors.Errorf("invalid blob ID: %v", s)
+	}
+
+	return v, nil
 }
 
 func encryptFullBlob(h hashing.HashFunc, enc encryption.Encryptor, data []byte, prefix blob.ID, sessionID SessionID) (blob.ID, []byte, error) {

repo/content/committed_read_manager.go

@@ -242,6 +242,7 @@ func (sm *SharedManager) decryptAndVerify(encrypted, iv []byte) ([]byte, error)
 
 // IndexBlobs returns the list of active index blobs.
 func (sm *SharedManager) IndexBlobs(ctx context.Context, includeInactive bool) ([]IndexBlobInfo, error) {
+	// nolint:wrapcheck
 	return sm.indexBlobManager.listIndexBlobs(ctx, includeInactive)
 }
 
@@ -324,14 +325,14 @@ func (sm *SharedManager) release(ctx context.Context) error {
 	log(ctx).Debugf("closing shared manager")
 
 	if err := sm.committedContents.close(); err != nil {
-		return errors.Wrap(err, "error closed committed content index")
+		return errors.Wrap(err, "error closing committed content index")
 	}
 
 	sm.contentCache.close(ctx)
 	sm.metadataCache.close(ctx)
 	sm.encryptionBufferPool.Close()
 
-	return sm.st.Close(ctx)
+	return errors.Wrap(sm.st.Close(ctx), "error closing storage")
 }
 
 // NewSharedManager returns SharedManager that is used by SessionWriteManagers on top of a repository.

repo/content/content_cache_data.go

@@ -27,7 +27,9 @@ func adjustCacheKey(cacheKey cacheKey) cacheKey {
 func (c *contentCacheForData) getContent(ctx context.Context, cacheKey cacheKey, blobID blob.ID, offset, length int64) ([]byte, error) {
 	cacheKey = adjustCacheKey(cacheKey)
 
+	// nolint:wrapcheck
 	return c.pc.GetOrLoad(ctx, string(cacheKey), func() ([]byte, error) {
+		// nolint:wrapcheck
 		return c.st.GetBlob(ctx, blobID, offset, length)
 	})
 }

repo/content/content_cache_metadata.go

@@ -53,7 +53,7 @@ func (c *contentCacheForMetadata) sync(ctx context.Context) error {
 		return errors.Wrap(err, "error listing blobs")
 	}
 
-	return eg.Wait()
+	return errors.Wrap(eg.Wait(), "error synchronizing metadata cache")
 }
 
 func (c *contentCacheForMetadata) mutexForBlob(blobID blob.ID) *sync.Mutex {

repo/content/content_cache_passthrough.go

@@ -14,5 +14,6 @@ type passthroughContentCache struct {
 func (c passthroughContentCache) close(ctx context.Context) {}
 
 func (c passthroughContentCache) getContent(ctx context.Context, cacheKey cacheKey, blobID blob.ID, offset, length int64) ([]byte, error) {
+	// nolint:wrapcheck
 	return c.st.GetBlob(ctx, blobID, offset, length)
 }

repo/content/content_manager.go

@@ -755,6 +755,7 @@ func (bm *WriteManager) SyncMetadataCache(ctx context.Context) error {
 
 // DecryptBlob returns the contents of an encrypted blob that can be decrypted (n,m,l).
 func (bm *WriteManager) DecryptBlob(ctx context.Context, blobID blob.ID) ([]byte, error) {
+	// nolint:wrapcheck
 	return bm.indexBlobManager.getIndexBlob(ctx, blobID)
 }
 

repo/content/content_manager_lock_free.go

@@ -140,7 +140,7 @@ func (bm *WriteManager) writePackFileNotLocked(ctx context.Context, packFile blo
 	bm.Stats.wroteContent(data.Length())
 	bm.onUpload(int64(data.Length()))
 
-	return bm.st.PutBlob(ctx, packFile, data)
+	return errors.Wrap(bm.st.PutBlob(ctx, packFile, data), "error writing pack file")
 }
 
 func (sm *SharedManager) hashData(output, data []byte) []byte {

repo/content/content_manager_own_writes.go

@@ -64,6 +64,7 @@ func (n *memoryOwnWritesCache) merge(ctx context.Context, prefix blob.ID, source
 	var result []blob.Metadata
 
 	n.entries.Range(func(key, value interface{}) bool {
+		// nolint:forcetypeassert
 		md := value.(blob.Metadata)
 		if !strings.HasPrefix(string(md.BlobID), string(prefix)) {
 			return true
@@ -95,7 +96,7 @@ func (d *persistentOwnWritesCache) add(ctx context.Context, mb blob.Metadata) er
 		return errors.Wrap(err, "unable to marshal JSON")
 	}
 
-	return d.st.PutBlob(ctx, mb.BlobID, gather.FromSlice(j))
+	return errors.Wrap(d.st.PutBlob(ctx, mb.BlobID, gather.FromSlice(j)), "error adding blob to own writes cache")
 }
 
 func (d *persistentOwnWritesCache) merge(ctx context.Context, prefix blob.ID, source []blob.Metadata) ([]blob.Metadata, error) {