From df5f905e5ca5ccd4892ddbaef1a6a67c8d7824f7 Mon Sep 17 00:00:00 2001
From: Martin Hutchinson <mhutchinson@gmail.com>
Date: Thu, 27 Apr 2023 11:01:24 +0100
Subject: [PATCH 1/4] Enable all linters for ct-go

Fixed lint errors in best local way possible. Some of these cases seem
like they should be propagated further, but that is outside the scope of
this work and requires more context than I can load in now. The result
of these changes is that errors should at least no longer silently be
dropped.
---
 .golangci.yaml                                | 20 ----------------
 client/multilog_test.go                       |  8 +++++--
 fixchain/chainfix/chainfix.go                 |  8 +++++--
 fixchain/logger.go                            |  4 +++-
 internal/witness/cmd/witness/impl/witness.go  |  4 +++-
 .../cmd/witness/internal/http/server.go       | 13 +++++++---
 .../cmd/witness/internal/http/server_test.go  |  8 +++++--
 .../cmd/witness/internal/witness/witness.go   |  7 +++++-
 .../witness/internal/witness/witness_test.go  |  8 +++++--
 preload/preloader/preloader.go                |  4 +++-
 scanner/scanlog/scanlog.go                    |  8 +++++--
 submission/distributor.go                     |  8 +++++--
 submission/proxy_server.go                    |  5 +++-
 submission/races_test.go                      |  4 +++-
 trillian/ctfe/ct_server/main.go               | 24 ++++++++++++++-----
 trillian/integration/copier.go                | 20 +++++++++++-----
 trillian/integration/ct_hammer/main.go        |  4 +++-
 trillian/integration/ct_integration.go        |  2 --
 trillian/integration/hammer.go                |  8 +++++--
 trillian/integration/hammer_test.go           | 21 ++++++++++++----
 trillian/integration/logenv.go                |  4 +++-
 trillian/migrillian/core/controller.go        |  5 ++--
 trillian/migrillian/core/trillian.go          | 10 +++++---
 23 files changed, 138 insertions(+), 69 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index f1a20cbebb..44e3920090 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -15,23 +15,3 @@ linters-settings:
       - github.com/gogo/protobuf/proto
       - encoding/asn1
       - crypto/x509
-
-linters:
-  disable-all: true
-  enable:
-    - depguard
-    - gocyclo
-    - gofmt
-    - goimports
-    - govet
-    - ineffassign
-    - megacheck
-    - misspell
-    - revive
-    - unused
-    # TODO(gbelvin): write license linter and commit to upstream.
-    # ./scripts/check_license.sh is run by ./scripts/presubmit.sh
-
-issues:
-  # Don't turn off any checks by default. We can do this explicitly if needed.
-  exclude-use-default: false
\ No newline at end of file
diff --git a/client/multilog_test.go b/client/multilog_test.go
index c6817d6a1f..c2aac37f92 100644
--- a/client/multilog_test.go
+++ b/client/multilog_test.go
@@ -340,10 +340,14 @@ func TestTemporalAddChain(t *testing.T) {
 		switch r.URL.Path {
 		case "/ct/v1/add-chain":
 			data, _ := sctToJSON(testdata.TestCertProof)
-			w.Write(data)
+			if _, err := w.Write(data); err != nil {
+				t.Error(err)
+			}
 		case "/ct/v1/add-pre-chain":
 			data, _ := sctToJSON(testdata.TestPreCertProof)
-			w.Write(data)
+			if _, err := w.Write(data); err != nil {
+				t.Error(err)
+			}
 		default:
 			t.Fatalf("Incorrect URL path: %s", r.URL.Path)
 		}
diff --git a/fixchain/chainfix/chainfix.go b/fixchain/chainfix/chainfix.go
index 3794869676..f3821fd743 100644
--- a/fixchain/chainfix/chainfix.go
+++ b/fixchain/chainfix/chainfix.go
@@ -76,14 +76,18 @@ func contentStore(baseDir string, subDir string, content []byte) {
 	r := sha256.Sum256(content)
 	h := base64.URLEncoding.EncodeToString(r[:])
 	d := baseDir + "/" + subDir
-	os.MkdirAll(d, 0777)
+	if err := os.MkdirAll(d, 0777); err != nil {
+		log.Fatalf("Can't create directories %q: %v", d, err)
+	}
 	fn := d + "/" + h
 	f, err := os.Create(fn)
 	if err != nil {
 		log.Fatalf("Can't create %q: %s", fn, err)
 	}
 	defer f.Close()
-	f.Write(content)
+	if _, err := f.Write(content); err != nil {
+		log.Fatalf("Can't write to %q: %v", fn, err)
+	}
 }
 
 func logStringErrors(wg *sync.WaitGroup, errors chan *fixchain.FixError, baseDir string) {
diff --git a/fixchain/logger.go b/fixchain/logger.go
index dc77cf86f5..e866d89ce3 100644
--- a/fixchain/logger.go
+++ b/fixchain/logger.go
@@ -163,7 +163,9 @@ func (l *Logger) postChain(p *toPost) {
 		derChain = append(derChain, ct.ASN1Cert{Data: cert.Raw})
 	}
 
-	l.limiter.Wait(l.ctx)
+	if err := l.limiter.Wait(l.ctx); err != nil {
+		log.Println(err)
+	}
 	atomic.AddUint32(&l.posted, 1)
 	_, err := l.client.AddChain(l.ctx, derChain)
 	if err != nil {
diff --git a/internal/witness/cmd/witness/impl/witness.go b/internal/witness/cmd/witness/impl/witness.go
index 3de2336dda..94eeab5eb0 100644
--- a/internal/witness/cmd/witness/impl/witness.go
+++ b/internal/witness/cmd/witness/impl/witness.go
@@ -134,6 +134,8 @@ func Main(ctx context.Context, opts ServerOpts) error {
 	}()
 	<-ctx.Done()
 	klog.Info("Server shutting down")
-	hServer.Shutdown(ctx)
+	if err := hServer.Shutdown(ctx); err != nil {
+		klog.Errorf("Shutdown(): %v", err)
+	}
 	return <-e
 }
diff --git a/internal/witness/cmd/witness/internal/http/server.go b/internal/witness/cmd/witness/internal/http/server.go
index 3deedd789c..75f9d133e3 100644
--- a/internal/witness/cmd/witness/internal/http/server.go
+++ b/internal/witness/cmd/witness/internal/http/server.go
@@ -27,6 +27,7 @@ import (
 	"github.com/gorilla/mux"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"k8s.io/klog/v2"
 )
 
 // Server is the core handler implementation of the witness.
@@ -76,7 +77,9 @@ func (s *Server) update(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	w.Header().Set("Content-Type", "text/plain")
-	w.Write(sth)
+	if _, err := w.Write(sth); err != nil {
+		klog.Errorf("Write(): %v", err)
+	}
 }
 
 // getSTH returns an STH stored for a given log.
@@ -93,7 +96,9 @@ func (s *Server) getSTH(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Header().Set("Content-Type", "text/plain")
-	w.Write(sth)
+	if _, err := w.Write(sth); err != nil {
+		klog.Errorf("Write(): %v", err)
+	}
 }
 
 // getLogs returns a list of all logs the witness is aware of.
@@ -109,7 +114,9 @@ func (s *Server) getLogs(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Header().Set("Content-Type", "text/json")
-	w.Write(logList)
+	if _, err := w.Write(logList); err != nil {
+		klog.Errorf("Write(): %v", err)
+	}
 }
 
 // RegisterHandlers registers HTTP handlers for witness endpoints.
diff --git a/internal/witness/cmd/witness/internal/http/server_test.go b/internal/witness/cmd/witness/internal/http/server_test.go
index f1e4667cd3..7a616e67d3 100644
--- a/internal/witness/cmd/witness/internal/http/server_test.go
+++ b/internal/witness/cmd/witness/internal/http/server_test.go
@@ -122,13 +122,17 @@ func dh(h string, expLen int) []byte {
 	return r
 }
 
-func mustCreateDB(t *testing.T) (*sql.DB, func() error) {
+func mustCreateDB(t *testing.T) (*sql.DB, func()) {
 	t.Helper()
 	db, err := sql.Open("sqlite3", ":memory:")
 	if err != nil {
 		t.Fatalf("failed to open temporary in-memory DB: %v", err)
 	}
-	return db, db.Close
+	return db, func() {
+		if err := db.Close(); err != nil {
+			t.Error(err)
+		}
+	}
 }
 
 func mustCreatePK(pkPem string) crypto.PublicKey {
diff --git a/internal/witness/cmd/witness/internal/witness/witness.go b/internal/witness/cmd/witness/internal/witness/witness.go
index 0bba3bba24..ce8a78f1ca 100644
--- a/internal/witness/cmd/witness/internal/witness/witness.go
+++ b/internal/witness/cmd/witness/internal/witness/witness.go
@@ -36,6 +36,7 @@ import (
 	"github.com/transparency-dev/merkle/rfc6962"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"k8s.io/klog/v2"
 )
 
 // Opts is the options passed to a witness.
@@ -174,7 +175,11 @@ func (w *Witness) Update(ctx context.Context, logID string, nextRaw []byte, pf [
 	if err != nil {
 		return nil, fmt.Errorf("couldn't create db tx: %v", err)
 	}
-	defer tx.Rollback()
+	defer func() {
+		if err := tx.Rollback(); err != nil {
+			klog.Errorf("Rollback(): %v", err)
+		}
+	}()
 
 	// Get the latest STH (if one exists).
 	prevRaw, err := w.getLatestSTH(tx.QueryRow, logID)
diff --git a/internal/witness/cmd/witness/internal/witness/witness_test.go b/internal/witness/cmd/witness/internal/witness/witness_test.go
index 31b121ae1f..a894c5f9af 100644
--- a/internal/witness/cmd/witness/internal/witness/witness_test.go
+++ b/internal/witness/cmd/witness/internal/witness/witness_test.go
@@ -125,13 +125,17 @@ func dh(h string, expLen int) []byte {
 	return r
 }
 
-func mustCreateDB(t *testing.T) (*sql.DB, func() error) {
+func mustCreateDB(t *testing.T) (*sql.DB, func()) {
 	t.Helper()
 	db, err := sql.Open("sqlite3", ":memory:")
 	if err != nil {
 		t.Fatalf("failed to open temporary in-memory DB: %v", err)
 	}
-	return db, db.Close
+	return db, func() {
+		if err := db.Close(); err != nil {
+			t.Error(err)
+		}
+	}
 }
 
 func TestGetLogs(t *testing.T) {
diff --git a/preload/preloader/preloader.go b/preload/preloader/preloader.go
index b50f1746c2..7059c188d0 100644
--- a/preload/preloader/preloader.go
+++ b/preload/preloader/preloader.go
@@ -241,7 +241,9 @@ func main() {
 		}
 		precerts <- entry
 	}
-	s.Scan(ctx, addChainFunc, addPreChainFunc)
+	if err := s.Scan(ctx, addChainFunc, addPreChainFunc); err != nil {
+		klog.Errorf("Scan(): %v", err)
+	}
 
 	close(certs)
 	close(precerts)
diff --git a/scanner/scanlog/scanlog.go b/scanner/scanlog/scanlog.go
index 2c5de8d5cd..bc66bad7be 100644
--- a/scanner/scanlog/scanlog.go
+++ b/scanner/scanlog/scanlog.go
@@ -220,8 +220,12 @@ func main() {
 
 	ctx := context.Background()
 	if *printChains {
-		s.Scan(ctx, logFullChain, logFullChain)
+		if err := s.Scan(ctx, logFullChain, logFullChain); err != nil {
+			log.Fatal(err)
+		}
 	} else {
-		s.Scan(ctx, logCertInfo, logPrecertInfo)
+		if err := s.Scan(ctx, logCertInfo, logPrecertInfo); err != nil {
+			log.Fatal(err)
+		}
 	}
 }
diff --git a/submission/distributor.go b/submission/distributor.go
index 81cdd69f48..03906eb8d9 100644
--- a/submission/distributor.go
+++ b/submission/distributor.go
@@ -307,7 +307,9 @@ func (d *Distributor) addSomeChain(ctx context.Context, rawChain [][]byte, loadP
 			if err != nil {
 				return
 			}
-			GetSCTs(ctx, d, chain, asPreChain, pendingGroup)
+			if _, err := GetSCTs(ctx, d, chain, asPreChain, pendingGroup); err != nil {
+				klog.Errorf("GetSCTs(): %v", err)
+			}
 		}()
 	}
 	return GetSCTs(ctx, d, chain, asPreChain, groups)
@@ -369,7 +371,9 @@ func NewDistributor(ll *loglist3.LogList, plc ctpolicy.CTPolicy, lcBuilder LogCl
 	if err := d.buildLogClients(lcBuilder, d.usableLl); err != nil {
 		return nil, err
 	}
-	d.buildLogClients(lcBuilder, d.pendingQualifiedLl)
+	if err := d.buildLogClients(lcBuilder, d.pendingQualifiedLl); err != nil {
+		return nil, err
+	}
 
 	if mf == nil {
 		mf = monitoring.InertMetricFactory{}
diff --git a/submission/proxy_server.go b/submission/proxy_server.go
index fc9012dedc..65e4ffd24b 100644
--- a/submission/proxy_server.go
+++ b/submission/proxy_server.go
@@ -145,5 +145,8 @@ func (s *ProxyServer) HandleInfo(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	t.Execute(w, data)
+	if err := t.Execute(w, data); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
 }
diff --git a/submission/races_test.go b/submission/races_test.go
index 5b0d327c75..a90ab67457 100644
--- a/submission/races_test.go
+++ b/submission/races_test.go
@@ -29,7 +29,9 @@ import (
 
 func testdataSCT() *ct.SignedCertificateTimestamp {
 	var sct ct.SignedCertificateTimestamp
-	tls.Unmarshal(testdata.TestPreCertProof, &sct)
+	if _, err := tls.Unmarshal(testdata.TestPreCertProof, &sct); err != nil {
+		panic(err)
+	}
 	return &sct
 }
 
diff --git a/trillian/ctfe/ct_server/main.go b/trillian/ctfe/ct_server/main.go
index 4eee55cc15..33a5f9af95 100644
--- a/trillian/ctfe/ct_server/main.go
+++ b/trillian/ctfe/ct_server/main.go
@@ -148,17 +148,25 @@ func main() {
 
 		etcdHTTPKey := fmt.Sprintf("%s/%s", *etcdHTTPService, *httpEndpoint)
 		klog.Infof("Announcing our presence at %v with %+v", etcdHTTPKey, *httpEndpoint)
-		httpManager.AddEndpoint(ctx, etcdHTTPKey, endpoints.Endpoint{Addr: *httpEndpoint})
+		if err := httpManager.AddEndpoint(ctx, etcdHTTPKey, endpoints.Endpoint{Addr: *httpEndpoint}); err != nil {
+			klog.Exitf("AddEndpoint(): %v", err)
+		}
 
 		etcdMetricsKey := fmt.Sprintf("%s/%s", *etcdMetricsService, metricsAt)
 		klog.Infof("Announcing our presence in %v with %+v", *etcdMetricsService, metricsAt)
-		metricsManager.AddEndpoint(ctx, etcdMetricsKey, endpoints.Endpoint{Addr: metricsAt})
+		if err := metricsManager.AddEndpoint(ctx, etcdMetricsKey, endpoints.Endpoint{Addr: metricsAt}); err != nil {
+			klog.Exitf("AddEndpoint(): %v", err)
+		}
 
 		defer func() {
 			klog.Infof("Removing our presence in %v", etcdHTTPKey)
-			httpManager.DeleteEndpoint(ctx, etcdHTTPKey)
+			if err := httpManager.DeleteEndpoint(ctx, etcdHTTPKey); err != nil {
+				klog.Errorf("DeleteEndpoint(): %v", err)
+			}
 			klog.Infof("Removing our presence in %v", etcdMetricsKey)
-			metricsManager.DeleteEndpoint(ctx, etcdMetricsKey)
+			if err := metricsManager.DeleteEndpoint(ctx, etcdMetricsKey); err != nil {
+				klog.Errorf("DeleteEndpoint(): %v", err)
+			}
 		}()
 	} else if strings.Contains(*rpcBackend, ",") {
 		// This should probably not be used in production. Either use etcd or a gRPC
@@ -249,7 +257,9 @@ func main() {
 	// Export a healthz target.
 	corsMux.HandleFunc("/healthz", func(resp http.ResponseWriter, req *http.Request) {
 		// TODO(al): Wire this up to tell the truth.
-		resp.Write([]byte("ok"))
+		if _, err := resp.Write([]byte("ok")); err != nil {
+			klog.Errorf("resp.Write(): %v", err)
+		}
 	})
 
 	if metricsAt != *httpEndpoint {
@@ -285,7 +295,9 @@ func main() {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Second*60)
 		defer cancel()
 		klog.Info("Shutting down HTTP server...")
-		srv.Shutdown(ctx)
+		if err := srv.Shutdown(ctx); err != nil {
+			klog.Errorf("srv.Shutdown(): %v", err)
+		}
 		klog.Info("HTTP server shutdown")
 	})
 
diff --git a/trillian/integration/copier.go b/trillian/integration/copier.go
index ec4197d6ac..472ed238de 100644
--- a/trillian/integration/copier.go
+++ b/trillian/integration/copier.go
@@ -153,14 +153,22 @@ func NewCopyChainGeneratorFromOpts(ctx context.Context, client *client.LogClient
 		StartIndex:    startIndex,
 	}
 	certFetcher := scanner.NewFetcher(client, &fetchOpts)
-	go certFetcher.Run(ctx, func(batch scanner.EntryBatch) {
-		generator.processBatch(batch, generator.certs, ct.X509LogEntryType)
-	})
+	go func() {
+		if err := certFetcher.Run(ctx, func(batch scanner.EntryBatch) {
+			generator.processBatch(batch, generator.certs, ct.X509LogEntryType)
+		}); err != nil {
+			klog.Errorf("processBatch(): %v", err)
+		}
+	}()
 
 	precertFetcher := scanner.NewFetcher(client, &fetchOpts)
-	go precertFetcher.Run(ctx, func(batch scanner.EntryBatch) {
-		generator.processBatch(batch, generator.precerts, ct.PrecertLogEntryType)
-	})
+	go func() {
+		if err := precertFetcher.Run(ctx, func(batch scanner.EntryBatch) {
+			generator.processBatch(batch, generator.precerts, ct.PrecertLogEntryType)
+		}); err != nil {
+			klog.Errorf("processBatch(): %v", err)
+		}
+	}()
 
 	return generator, nil
 }
diff --git a/trillian/integration/ct_hammer/main.go b/trillian/integration/ct_hammer/main.go
index d8a83de9bb..34e887e3f5 100644
--- a/trillian/integration/ct_hammer/main.go
+++ b/trillian/integration/ct_hammer/main.go
@@ -253,7 +253,9 @@ func main() {
 		mcData, _ := base64.StdEncoding.DecodeString(mc)
 		b := bytes.NewReader(mcData)
 		r, _ := gzip.NewReader(b)
-		io.Copy(os.Stdout, r)
+		if _, err := io.Copy(os.Stdout, r); err != nil {
+			klog.Exitf("Failed to print banner!")
+		}
 		r.Close()
 		fmt.Print("\n\nHammer Time\n\n")
 	}
diff --git a/trillian/integration/ct_integration.go b/trillian/integration/ct_integration.go
index 7f0f935cc1..d8342685c3 100644
--- a/trillian/integration/ct_integration.go
+++ b/trillian/integration/ct_integration.go
@@ -25,7 +25,6 @@ import (
 	"crypto/sha256"
 	"encoding/pem"
 	"fmt"
-	"io"
 	"math/rand"
 	"net"
 	"net/http"
@@ -913,7 +912,6 @@ func (ls *logStats) fromServer(ctx context.Context, servers string) (*logStats,
 			return nil, fmt.Errorf("getting stats failed: %v", err)
 		}
 		defer httpRsp.Body.Close()
-		defer io.ReadAll(httpRsp.Body)
 		if httpRsp.StatusCode != http.StatusOK {
 			return nil, fmt.Errorf("got HTTP Status %q", httpRsp.Status)
 		}
diff --git a/trillian/integration/hammer.go b/trillian/integration/hammer.go
index 14bd1c9001..56601a39eb 100644
--- a/trillian/integration/hammer.go
+++ b/trillian/integration/hammer.go
@@ -976,7 +976,9 @@ func (s *hammerState) String() string {
 }
 
 func (s *hammerState) performOp(ctx context.Context, ep ctfe.EntrypointName) (int, error) {
-	s.cfg.Limiter.Wait(ctx)
+	if err := s.cfg.Limiter.Wait(ctx); err != nil {
+		return http.StatusRequestTimeout, fmt.Errorf("Limiter.Wait(): %v", err)
+	}
 
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -1014,7 +1016,9 @@ func (s *hammerState) performOp(ctx context.Context, ep ctfe.EntrypointName) (in
 }
 
 func (s *hammerState) performInvalidOp(ctx context.Context, ep ctfe.EntrypointName) error {
-	s.cfg.Limiter.Wait(ctx)
+	if err := s.cfg.Limiter.Wait(ctx); err != nil {
+		return fmt.Errorf("Limiter.Wait(): %v", err)
+	}
 	switch ep {
 	case ctfe.AddChainName:
 		return s.addChainInvalid(ctx)
diff --git a/trillian/integration/hammer_test.go b/trillian/integration/hammer_test.go
index b6d86299a2..4ee7bffd73 100644
--- a/trillian/integration/hammer_test.go
+++ b/trillian/integration/hammer_test.go
@@ -31,6 +31,7 @@ import (
 	"github.com/google/certificate-transparency-go/trillian/ctfe/configpb"
 	"github.com/google/certificate-transparency-go/x509"
 	"google.golang.org/protobuf/types/known/timestamppb"
+	"k8s.io/klog/v2"
 
 	ct "github.com/google/certificate-transparency-go"
 )
@@ -213,7 +214,9 @@ func (s *fakeCTServer) addChain(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
-	w.Write(respBytes)
+	if _, err := w.Write(respBytes); err != nil {
+		klog.Errorf("Write(): %v", err)
+	}
 }
 
 func (s *fakeCTServer) close() {
@@ -230,7 +233,9 @@ func (s *fakeCTServer) reset() {
 }
 
 func (s *fakeCTServer) serve() {
-	s.server.Serve(s.lis)
+	if err := s.server.Serve(s.lis); err != http.ErrServerClosed {
+		panic(err)
+	}
 }
 
 func (s *fakeCTServer) getSTH(w http.ResponseWriter, req *http.Request) {
@@ -253,7 +258,9 @@ func (s *fakeCTServer) getSTH(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
-	w.Write(respBytes)
+	if _, err := w.Write(respBytes); err != nil {
+		klog.Errorf("Write(): %v", err)
+	}
 }
 
 func (s *fakeCTServer) getConsistency(w http.ResponseWriter, req *http.Request) {
@@ -267,14 +274,18 @@ func (s *fakeCTServer) getConsistency(w http.ResponseWriter, req *http.Request)
 	}
 
 	w.WriteHeader(http.StatusOK)
-	w.Write(respBytes)
+	if _, err := w.Write(respBytes); err != nil {
+		klog.Errorf("Write(): %v", err)
+	}
 
 	s.getConsistencyCalled = true
 }
 
 func writeErr(w http.ResponseWriter, status int, err error) {
 	w.WriteHeader(status)
-	io.WriteString(w, err.Error())
+	if _, err := io.WriteString(w, err.Error()); err != nil {
+		klog.Errorf("WriteString(): %v", err)
+	}
 }
 
 // newFakeCTServer creates and starts a fakeCTServer.
diff --git a/trillian/integration/logenv.go b/trillian/integration/logenv.go
index 50504a641f..b5d57fea50 100644
--- a/trillian/integration/logenv.go
+++ b/trillian/integration/logenv.go
@@ -98,7 +98,9 @@ func NewCTLogEnv(ctx context.Context, cfgs []*configpb.LogConfig, numSequencers
 			}
 		}
 		http.Handle("/metrics", promhttp.Handler())
-		server.Serve(listener)
+		if err := server.Serve(listener); err != http.ErrServerClosed {
+			klog.Fatalf("server.Serve(): %v", err)
+		}
 	}(logEnv, &server, listener, cfgs)
 	return &CTLogEnv{
 		logEnv:       logEnv,
diff --git a/trillian/migrillian/core/controller.go b/trillian/migrillian/core/controller.go
index c1dd6f3ced..483e3aa882 100644
--- a/trillian/migrillian/core/controller.go
+++ b/trillian/migrillian/core/controller.go
@@ -214,8 +214,9 @@ func (c *Controller) runWithRestarts(ctx context.Context) error {
 	}
 	for err != nil && ctx.Err() == nil {
 		klog.Errorf("%s: Controller.Run: %v", c.label, err)
-		sleepRandom(ctx, 0, c.opts.StartDelay)
-		err = c.Run(ctx)
+		if slerr := sleepRandom(ctx, 0, c.opts.StartDelay); slerr == nil {
+			err = c.Run(ctx)
+		}
 	}
 	return ctx.Err()
 }
diff --git a/trillian/migrillian/core/trillian.go b/trillian/migrillian/core/trillian.go
index 2bda319571..f9be6f875b 100644
--- a/trillian/migrillian/core/trillian.go
+++ b/trillian/migrillian/core/trillian.go
@@ -115,7 +115,7 @@ func (c *PreorderedLogClient) addSequencedLeaves(ctx context.Context, b *scanner
 	}
 
 	var err error
-	bo.Retry(ctx, func() error {
+	boerr := bo.Retry(ctx, func() error {
 		var rsp *trillian.AddSequencedLeavesResponse
 		rsp, err = c.cli.AddSequencedLeaves(ctx, &req)
 		switch status.Code(err) {
@@ -133,8 +133,12 @@ func (c *PreorderedLogClient) addSequencedLeaves(ctx context.Context, b *scanner
 			return nil // Stop backing off, and return err as is below.
 		}
 	})
-
-	return err
+	if err != nil {
+		// Return the more specific error if available
+		return err
+	}
+	// Return the timeout, or nil on success
+	return boerr
 }
 
 func (c *PreorderedLogClient) buildLogLeaf(index int64, entry *ct.LeafEntry) (*trillian.LogLeaf, error) {

From 44d8a179829655b28666b03071525f0dae5c8275 Mon Sep 17 00:00:00 2001
From: Martin Hutchinson <mhutchinson@gmail.com>
Date: Thu, 27 Apr 2023 13:09:04 +0100
Subject: [PATCH 2/4] Make cyclo complexity ceiling consistent with other repos

---
 .golangci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 44e3920090..2d85bfeb81 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -7,7 +7,7 @@ run:
 
 linters-settings:
   gocyclo:
-    min-complexity: 40
+    min-complexity: 25
   depguard:
     list-type: blacklist
     packages:

From d4c4fd5fa1425a658ee97bcd115f916c4624bf57 Mon Sep 17 00:00:00 2001
From: Martin Hutchinson <mhutchinson@gmail.com>
Date: Thu, 27 Apr 2023 14:40:44 +0100
Subject: [PATCH 3/4] encapsulation

---
 trillian/integration/copier.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/trillian/integration/copier.go b/trillian/integration/copier.go
index 472ed238de..4e9c82526c 100644
--- a/trillian/integration/copier.go
+++ b/trillian/integration/copier.go
@@ -152,17 +152,16 @@ func NewCopyChainGeneratorFromOpts(ctx context.Context, client *client.LogClient
 		Continuous:    true,
 		StartIndex:    startIndex,
 	}
-	certFetcher := scanner.NewFetcher(client, &fetchOpts)
 	go func() {
+		certFetcher := scanner.NewFetcher(client, &fetchOpts)
 		if err := certFetcher.Run(ctx, func(batch scanner.EntryBatch) {
 			generator.processBatch(batch, generator.certs, ct.X509LogEntryType)
 		}); err != nil {
 			klog.Errorf("processBatch(): %v", err)
 		}
 	}()
-
-	precertFetcher := scanner.NewFetcher(client, &fetchOpts)
 	go func() {
+		precertFetcher := scanner.NewFetcher(client, &fetchOpts)
 		if err := precertFetcher.Run(ctx, func(batch scanner.EntryBatch) {
 			generator.processBatch(batch, generator.precerts, ct.PrecertLogEntryType)
 		}); err != nil {

From 4787e020229e51c58177a707978fd2301cbc26f8 Mon Sep 17 00:00:00 2001
From: Martin Hutchinson <mhutchinson@gmail.com>
Date: Thu, 27 Apr 2023 14:48:34 +0100
Subject: [PATCH 4/4] Explicitly enable all checks and then disable those from
 EXC0001

---
 .golangci.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.golangci.yaml b/.golangci.yaml
index 2d85bfeb81..6cd9695e17 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -15,3 +15,8 @@ linters-settings:
       - github.com/gogo/protobuf/proto
       - encoding/asn1
       - crypto/x509
+
+issues:
+  exclude-use-default: false
+  exclude:
+    - "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked"