use multi config + change build git version

.deb.yaml

@@ -1,16 +1,18 @@
-package: deb-builder
-source: deb-builder
-version: '1:0.5.0'
-architecture:
-  - amd64
-  - arm64
-maintainer: The OSSPkg Team <github@osspkg.com>
-homepage: https://deb.osspkg.com/
-description:
-  - Debian package builder
-section: web
-priority: optional
-control:
-  build: devtool build --arch=%arch%
-data:
-  usr/bin/deb-builder: build/deb-builder_%arch%
+ver: "2"
+packages:
+  - package: deb-builder
+    source: deb-builder
+    version: 'git'
+    architecture:
+      - amd64
+      - arm64
+    maintainer: The OSSPkg Team <github@osspkg.com>
+    homepage: https://deb.osspkg.com/
+    description:
+      - Debian package builder
+    section: web
+    priority: optional
+    control:
+      build: goppy build --arch=%arch%
+    data:
+      usr/bin/deb-builder: build/deb-builder_%arch%

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: [ '1.23.6' ]
+        go: [ '1.25' ]
     steps:
       - uses: actions/checkout@v3
 

.golangci.yml

@@ -1,202 +1,64 @@
+version: "2"
 
 run:
-  go: "1.23"
-  concurrency: 4
+  go: "1.25"
   timeout: 5m
   tests: false
   issues-exit-code: 1
   modules-download-mode: readonly
+  allow-parallel-runners: true
 
 issues:
-  exclude-use-default: false
-  max-issues-per-linter: 100
-  max-same-issues: 4
+  max-issues-per-linter: 0
+  max-same-issues: 0
   new: false
-  exclude-files:
-    - ".+_test.go"
-  exclude-dirs:
-    - "vendor$"
+  fix: false
 
 output:
   formats:
-    - format: line-number
-  sort-results: true
+    text:
+      print-linter-name: true
+      print-issued-lines: true
 
-linters-settings:
-  govet:
-    check-shadowing: true
-    enable:
-      - asmdecl
-      - assign
-      - atomic
-      - atomicalign
-      - bools
-      - buildtag
-      - cgocall
-      - composites
-      - copylocks
-      - deepequalerrors
-      - errorsas
-      - findcall
-      - framepointer
-      - httpresponse
-      - ifaceassert
-      - loopclosure
-      - lostcancel
-      - nilfunc
-      - nilness
-      - printf
-      - reflectvaluecompare
-      - shadow
-      - shift
-      - sigchanyzer
-      - sortslice
-      - stdmethods
-      - stringintconv
-      - structtag
-      - testinggoroutine
-      - tests
-      - unmarshal
-      - unreachable
-      - unsafeptr
-      - unusedresult
-      - unusedwrite
-    disable:
-      - fieldalignment
-  gofmt:
-    simplify: true
-  errcheck:
-    check-type-assertions: true
-    check-blank: true
-  gocyclo:
-    min-complexity: 30
-  misspell:
-    locale: US
-  prealloc:
-    simple: true
-    range-loops: true
-    for-loops: true
-  unparam:
-    check-exported: false
-  gci:
-    skip-generated: true
-    custom-order: false
-  gosec:
-    includes:
-      - G101 # Look for hard coded credentials
-      - G102 # Bind to all interfaces
-      - G103 # Audit the use of unsafe block
-      - G104 # Audit errors not checked
-      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
-      - G107 # Url provided to HTTP request as taint input
-      - G108 # Profiling endpoint automatically exposed on /debug/pprof
-      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-      - G110 # Potential DoS vulnerability via decompression bomb
-      - G111 # Potential directory traversal
-      - G112 # Potential slowloris attack
-      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
-      - G114 # Use of net/http serve function that has no support for setting timeouts
-      - G201 # SQL query construction using format string
-      - G202 # SQL query construction using string concatenation
-      - G203 # Use of unescaped data in HTML templates
-      - G204 # Audit use of command execution
-      - G301 # Poor file permissions used when creating a directory
-      - G302 # Poor file permissions used with chmod
-      - G303 # Creating tempfile using a predictable path
-      - G304 # File path provided as taint input
-      - G305 # File traversal when extracting zip/tar archive
-      - G306 # Poor file permissions used when writing to a new file
-      - G307 # Deferring a method which returns an error
-      - G401 # Detect the usage of DES, RC4, MD5 or SHA1
-      - G402 # Look for bad TLS connection settings
-      - G403 # Ensure minimum RSA key length of 2048 bits
-      - G404 # Insecure random number source (rand)
-      - G501 # Import blocklist: crypto/md5
-      - G502 # Import blocklist: crypto/des
-      - G503 # Import blocklist: crypto/rc4
-      - G504 # Import blocklist: net/http/cgi
-      - G505 # Import blocklist: crypto/sha1
-      - G601 # Implicit memory aliasing of items from a range statement
-    excludes:
-      - G101 # Look for hard coded credentials
-      - G102 # Bind to all interfaces
-      - G103 # Audit the use of unsafe block
-      - G104 # Audit errors not checked
-      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
-      - G107 # Url provided to HTTP request as taint input
-      - G108 # Profiling endpoint automatically exposed on /debug/pprof
-      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-      - G110 # Potential DoS vulnerability via decompression bomb
-      - G111 # Potential directory traversal
-      - G112 # Potential slowloris attack
-      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
-      - G114 # Use of net/http serve function that has no support for setting timeouts
-      - G201 # SQL query construction using format string
-      - G202 # SQL query construction using string concatenation
-      - G203 # Use of unescaped data in HTML templates
-      - G204 # Audit use of command execution
-      - G301 # Poor file permissions used when creating a directory
-      - G302 # Poor file permissions used with chmod
-      - G303 # Creating tempfile using a predictable path
-      - G304 # File path provided as taint input
-      - G305 # File traversal when extracting zip/tar archive
-      - G306 # Poor file permissions used when writing to a new file
-      - G307 # Deferring a method which returns an error
-      - G401 # Detect the usage of DES, RC4, MD5 or SHA1
-      - G402 # Look for bad TLS connection settings
-      - G403 # Ensure minimum RSA key length of 2048 bits
-      - G404 # Insecure random number source (rand)
-      - G501 # Import blocklist: crypto/md5
-      - G502 # Import blocklist: crypto/des
-      - G503 # Import blocklist: crypto/rc4
-      - G504 # Import blocklist: net/http/cgi
-      - G505 # Import blocklist: crypto/sha1
-      - G601 # Implicit memory aliasing of items from a range statement
-    exclude-generated: true
-    severity: medium
-    confidence: medium
-    concurrency: 12
-    config:
-      global:
-        nosec: true
-        "#nosec": "#my-custom-nosec"
-        show-ignored: true
-        audit: true
-      G101:
-        pattern: "(?i)passwd|pass|password|pwd|secret|token|pw|apiKey|bearer|cred"
-        ignore_entropy: false
-        entropy_threshold: "80.0"
-        per_char_threshold: "3.0"
-        truncate: "32"
-      G104:
-        fmt:
-          - Fscanf
-      G111:
-        pattern: "http\\.Dir\\(\"\\/\"\\)|http\\.Dir\\('\\/'\\)"
-      G301: "0750"
-      G302: "0600"
-      G306: "0600"
-
-  lll:
-    line-length: 130
-    tab-width: 1
-  staticcheck:
-    go: "1.15"
-    # SAxxxx checks in https://staticcheck.io/docs/configuration/options/#checks
-    # Default: ["*"]
-    checks: [ "*", "-SA1019" ]
+formatters:
+  exclusions:
+    paths:
+      - vendors/
+  enable:
+    - gofmt
+    - goimports
 
 linters:
-  disable-all: true
+  settings:
+    staticcheck:
+      checks:
+        - all
+        - -S1023
+        - -ST1000
+        - -ST1003
+        - -ST1020
+    gosec:
+      excludes:
+        - G104
+        - G115
+        - G204
+        - G301
+        - G302
+        - G304
+        - G306
+        - G401
+        - G501
+        - G505
+  exclusions:
+    paths:
+      - vendors/
+  default: none
   enable:
     - govet
-    - gofmt
     - errcheck
     - misspell
     - gocyclo
     - ineffassign
-    - goimports
-    - nakedret
     - unparam
     - unused
     - prealloc
@@ -207,5 +69,3 @@ linters:
     - errorlint
     - bodyclose
     - gosec
-    - lll
-  fast: false

Makefile

@@ -30,7 +30,7 @@ pre-commit: license setup lint build tests
 ci: install setup lint build tests
 
 deb:
-	deb-builder build
+	deb-builder build --base-dir=./build --tmp-dir=/tmp/deb-build
 
 local: build
 	cp ./build/deb-builder_amd64 $(GOPATH)/bin/deb-builder

go.mod

@@ -1,18 +1,19 @@
 module github.com/osspkg/deb-builder
 
-go 1.23.6
+go 1.25.3
 
 require (
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.11.1
 	go.osspkg.com/archives v1.1.0
 	go.osspkg.com/console v0.3.3
-	go.osspkg.com/ioutils v0.5.1
-	golang.org/x/crypto v0.37.0
+	go.osspkg.com/encrypt v0.5.1
+	go.osspkg.com/ioutils v0.7.3
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	go.osspkg.com/errors v0.3.1 // indirect
+	go.osspkg.com/errors v0.4.0 // indirect
+	golang.org/x/crypto v0.43.0 // indirect
 )

go.sum

@@ -2,18 +2,22 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 go.osspkg.com/archives v1.1.0 h1:oXW46spG1Qh2Tofcokl24hY8Ggsf019jQjLhRcqtPcc=
 go.osspkg.com/archives v1.1.0/go.mod h1:Yj7p+GBlZzAHkFasjLoo7glfPJ14wO8f3a34ChCI3Bg=
+go.osspkg.com/casecheck v0.3.0 h1:x15blEszElbrHrEH5H02JIIhGIg/lGZzIt1kQlD3pwM=
+go.osspkg.com/casecheck v0.3.0/go.mod h1:TRFXDMFJEOtnlp3ET2Hix3osbxwPWhvaiT/HfD3+gBA=
 go.osspkg.com/console v0.3.3 h1:UB/pPoPsgWbyNFix8pEMQHbsXdMv/UK/dgsbRknCH2A=
 go.osspkg.com/console v0.3.3/go.mod h1:IknBCliH6mX/ogHa6wbycnGDFYixCGH3WuNc5W5tQe8=
-go.osspkg.com/errors v0.3.1 h1:F9m/EEd/Ot2jba/TV7tvVRIpWXzIpNLc7vRJKcBD86A=
-go.osspkg.com/errors v0.3.1/go.mod h1:dKXe6Rt07nzY7OyKQNZ8HGBicZ2uQ5TKEoVFnVFOK44=
-go.osspkg.com/ioutils v0.5.1 h1:qzoOECBxChZUxmp6p72XvQRHjDFsVw1kJ2oaFZycNv8=
-go.osspkg.com/ioutils v0.5.1/go.mod h1:XRASOo5GKzVaJMCXXZQ4//ymPWq90iyKm1qTQcBEsyo=
-golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
-golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+go.osspkg.com/encrypt v0.5.1 h1:DaYhos4Si9Mzi1LBW2mkin7TPQGkKvlwI+aq/a8Z6ko=
+go.osspkg.com/encrypt v0.5.1/go.mod h1:mGDe5PTd+i6cntpiOaesAaD7498ypqPbbMPbI89PK4c=
+go.osspkg.com/errors v0.4.0 h1:E17+WyUzTXEHCTxGm8lOMPOOojzHG1lsOuQtTVGoATQ=
+go.osspkg.com/errors v0.4.0/go.mod h1:s75ZovPemYtrCtRPVsbQNq9MgMbmLMK1NEypr+uwjXI=
+go.osspkg.com/ioutils v0.7.3 h1:QF+Ra0bHoU3MGMGH5PGdV2lRLq1rWPdv/OB+v5UTjkI=
+go.osspkg.com/ioutils v0.7.3/go.mod h1:RO/43IM//Wq8RnLvEzivDAuM37mnLW3eWxTCVmkUaY4=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=