fix: enable linter contextcheck and fix potential problems

.golangcilint.yml

@@ -19,6 +19,7 @@ linters:
     - lll
     - misspell
     - goheader
+    - contextcheck
 linters-settings:
   # ...
   forbidigo:

control/beaconing/originator_test.go

@@ -1,4 +1,5 @@
 // Copyright 2019 Anapaya Systems
+// Copyright 2025 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -94,10 +95,10 @@ func TestOriginatorRun(t *testing.T) {
 
 				sender := mock_beaconing.NewMockSender(mctrl)
 				sender.EXPECT().Send(gomock.Any(), gomock.Any()).Times(1).DoAndReturn(
-					func(_ context.Context, b *seg.PathSegment) error {
+					func(ctx context.Context, b *seg.PathSegment) error {
 						// Check the beacon is valid and verifiable.
 						assert.NoError(t, b.Validate(seg.ValidateBeacon))
-						assert.NoError(t, b.VerifyASEntry(context.Background(),
+						assert.NoError(t, b.VerifyASEntry(ctx,
 							segVerifier{pubKey: pub}, b.MaxIdx()))
 						// Extract the hop field from the current AS entry to compare.
 						hopF := b.ASEntries[b.MaxIdx()].HopEntry.HopField

control/beaconing/propagator_test.go

@@ -95,12 +95,12 @@ func TestPropagatorRunNonCore(t *testing.T) {
 		gomock.Any()).Times(1).DoAndReturn(
 
 		func(_ context.Context, _ addr.IA, egIfID uint16,
-			nextHop *net.UDPAddr) (beaconing.Sender, error) {
-
+			nextHop *net.UDPAddr,
+		) (beaconing.Sender, error) {
 			sender := mock_beaconing.NewMockSender(mctrl)
 			sender.EXPECT().Send(gomock.Any(), gomock.Any()).Times(3).DoAndReturn(
-				func(_ context.Context, b *seg.PathSegment) error {
-					validateSend(t, b, egIfID, nextHop, pub, topo)
+				func(ctx context.Context, b *seg.PathSegment) error {
+					validateSend(ctx, t, b, egIfID, nextHop, pub, topo)
 					return nil
 				},
 			)
@@ -167,12 +167,12 @@ func TestPropagatorRunCore(t *testing.T) {
 	senderFactory.EXPECT().NewSender(gomock.Any(), gomock.Any(), uint16(1121),
 		gomock.Any()).DoAndReturn(
 		func(_ context.Context, _ addr.IA, egIfID uint16,
-			nextHop *net.UDPAddr) (beaconing.Sender, error) {
-
+			nextHop *net.UDPAddr,
+		) (beaconing.Sender, error) {
 			sender := mock_beaconing.NewMockSender(mctrl)
 			sender.EXPECT().Send(gomock.Any(), gomock.Any()).Times(2).DoAndReturn(
-				func(_ context.Context, b *seg.PathSegment) error {
-					validateSend(t, b, egIfID, nextHop, pub, topo)
+				func(ctx context.Context, b *seg.PathSegment) error {
+					validateSend(ctx, t, b, egIfID, nextHop, pub, topo)
 					return nil
 				},
 			)
@@ -183,12 +183,12 @@ func TestPropagatorRunCore(t *testing.T) {
 	senderFactory.EXPECT().NewSender(gomock.Any(), gomock.Any(), uint16(1113),
 		gomock.Any()).DoAndReturn(
 		func(_ context.Context, _ addr.IA, egIfID uint16,
-			nextHop *net.UDPAddr) (beaconing.Sender, error) {
-
+			nextHop *net.UDPAddr,
+		) (beaconing.Sender, error) {
 			sender := mock_beaconing.NewMockSender(mctrl)
 			sender.EXPECT().Send(gomock.Any(), gomock.Any()).Times(1).DoAndReturn(
-				func(_ context.Context, b *seg.PathSegment) error {
-					validateSend(t, b, egIfID, nextHop, pub, topo)
+				func(ctx context.Context, b *seg.PathSegment) error {
+					validateSend(ctx, t, b, egIfID, nextHop, pub, topo)
 					return nil
 				},
 			)
@@ -275,6 +275,7 @@ func TestPropagatorFastRecovery(t *testing.T) {
 }
 
 func validateSend(
+	ctx context.Context,
 	t *testing.T,
 	b *seg.PathSegment,
 	egIfID uint16,
@@ -284,7 +285,7 @@ func validateSend(
 ) {
 	// Check the beacon is valid and verifiable.
 	assert.NoError(t, b.Validate(seg.ValidateBeacon))
-	assert.NoError(t, b.VerifyASEntry(context.Background(),
+	assert.NoError(t, b.VerifyASEntry(ctx,
 		segVerifier{pubKey: pub}, b.MaxIdx()))
 	// Extract the hop field from the current AS entry to compare.
 	hopF := b.ASEntries[b.MaxIdx()].HopEntry.HopField

control/cmd/control/main.go

@@ -224,7 +224,7 @@ func realMain(ctx context.Context) error {
 		MTU:                    topo.MTU(),
 		Topology:               adaptTopology(topo),
 	}
-	quicStack, err := nc.QUICStack()
+	quicStack, err := nc.QUICStack(ctx)
 	if err != nil {
 		return serrors.Wrap("initializing QUIC stack", err)
 	}
@@ -393,10 +393,11 @@ func realMain(ctx context.Context) error {
 			},
 			Registrations: libmetrics.NewPromCounter(metrics.SegmentRegistrationsTotal),
 		})
-
 	}
 
-	signer := cs.NewSigner(topo.IA(), trustDB, globalCfg.General.ConfigDir)
+	ctx, cancel := context.WithTimeout(ctx, time.Second)
+	defer cancel()
+	signer := cs.NewSigner(ctx, topo.IA(), trustDB, globalCfg.General.ConfigDir)
 
 	var chainBuilder renewal.ChainBuilder
 	var caClient *caapi.Client
@@ -837,7 +838,6 @@ func createBeaconStore(
 	policyConfig config.Policies,
 	provider beacon.ChainProvider,
 ) (cs.Store, bool, error) {
-
 	if core {
 		policies, err := cs.LoadCorePolicies(policyConfig)
 		if err != nil {
@@ -967,7 +967,6 @@ func getCAHealth(
 	ctx context.Context,
 	caClient *caapi.Client,
 ) (api.CAHealthStatus, error) {
-
 	logger := log.FromCtx(ctx)
 	rep, err := caClient.GetHealthcheck(ctx)
 	if err != nil {

control/drkey/grpc/drkey_service.go

@@ -1,4 +1,5 @@
 // Copyright 2022 ETH Zurich
+// Copyright 2025 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -41,7 +42,7 @@ type Engine interface {
 	GetSecretValue(ctx context.Context, meta drkey.SecretValueMeta) (drkey.SecretValue, error)
 	GetLevel1Key(ctx context.Context, meta drkey.Level1Meta) (drkey.Level1Key, error)
 
-	DeriveLevel1(meta drkey.Level1Meta) (drkey.Level1Key, error)
+	DeriveLevel1(ctx context.Context, meta drkey.Level1Meta) (drkey.Level1Key, error)
 	DeriveASHost(ctx context.Context, meta drkey.ASHostMeta) (drkey.ASHostKey, error)
 	DeriveHostAS(ctx context.Context, meta drkey.HostASMeta) (drkey.HostASKey, error)
 	DeriveHostHost(ctx context.Context, meta drkey.HostHostMeta) (drkey.HostHostKey, error)
@@ -66,7 +67,6 @@ func (d *Server) DRKeyLevel1(
 	ctx context.Context,
 	req *cppb.DRKeyLevel1Request,
 ) (*cppb.DRKeyLevel1Response, error) {
-
 	peer, ok := peer.FromContext(ctx)
 	if !ok {
 		return nil, serrors.New("cannot retrieve peer information from ctx")
@@ -87,7 +87,7 @@ func (d *Server) DRKeyLevel1(
 			"proto_id", lvl1Meta.ProtoId)
 	}
 
-	lvl1Key, err := d.Engine.DeriveLevel1(lvl1Meta)
+	lvl1Key, err := d.Engine.DeriveLevel1(ctx, lvl1Meta)
 	if err != nil {
 		return nil, serrors.Wrap("deriving level 1 key", err)
 	}
@@ -100,7 +100,6 @@ func (d *Server) DRKeyIntraLevel1(
 	ctx context.Context,
 	req *cppb.DRKeyIntraLevel1Request,
 ) (*cppb.DRKeyIntraLevel1Response, error) {
-
 	peer, ok := peer.FromContext(ctx)
 	if !ok {
 		return nil, serrors.New("cannot retrieve peer information from ctx")
@@ -132,7 +131,6 @@ func (d *Server) DRKeyASHost(
 	ctx context.Context,
 	req *cppb.DRKeyASHostRequest,
 ) (*cppb.DRKeyASHostResponse, error) {
-
 	peer, ok := peer.FromContext(ctx)
 	if !ok {
 		return nil, serrors.New("cannot retrieve peer information from ctx")
@@ -160,7 +158,6 @@ func (d *Server) DRKeyHostAS(
 	ctx context.Context,
 	req *cppb.DRKeyHostASRequest,
 ) (*cppb.DRKeyHostASResponse, error) {
-
 	peer, ok := peer.FromContext(ctx)
 	if !ok {
 		return nil, serrors.New("cannot retrieve peer information from ctx")
@@ -187,7 +184,6 @@ func (d *Server) DRKeyHostHost(
 	ctx context.Context,
 	req *cppb.DRKeyHostHostRequest,
 ) (*cppb.DRKeyHostHostResponse, error) {
-
 	peer, ok := peer.FromContext(ctx)
 	if !ok {
 		return nil, serrors.New("cannot retrieve peer information from ctx")
@@ -215,7 +211,6 @@ func (d *Server) DRKeySecretValue(
 	ctx context.Context,
 	req *cppb.DRKeySecretValueRequest,
 ) (*cppb.DRKeySecretValueResponse, error) {
-
 	peer, ok := peer.FromContext(ctx)
 	if !ok {
 		return nil, serrors.New("cannot retrieve peer information from ctx")
@@ -363,7 +358,8 @@ func hostAddrFromPeer(peerAddr net.Addr) (net.IP, error) {
 }
 
 func getMeta(protoId drkeypb.Protocol, ts *timestamppb.Timestamp, srcIA,
-	dstIA addr.IA) (drkey.Level1Meta, error) {
+	dstIA addr.IA,
+) (drkey.Level1Meta, error) {
 	err := ts.CheckValid()
 	if err != nil {
 		return drkey.Level1Meta{}, serrors.Wrap("invalid valTime from pb req", err)

control/drkey/grpc/fetcher_test.go

@@ -1,4 +1,5 @@
 // Copyright 2022 ETH Zurich
+// Copyright 2025 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -62,7 +63,9 @@ func TestLevel1KeyFetching(t *testing.T) {
 	ctrl := gomock.NewController(t)
 
 	lvl1db := mock_grpc.NewMockEngine(ctrl)
-	lvl1db.EXPECT().DeriveLevel1(gomock.Any()).AnyTimes().Return(drkey.Level1Key{}, nil)
+	lvl1db.EXPECT().DeriveLevel1(gomock.Any(), gomock.Any()).
+		AnyTimes().
+		Return(drkey.Level1Key{}, nil)
 
 	db := mock_trust.NewMockDB(ctrl)
 	db.EXPECT().SignedTRC(gomock.Any(), gomock.Any()).AnyTimes().Return(trc, nil)
@@ -94,7 +97,6 @@ func TestLevel1KeyFetching(t *testing.T) {
 
 	for name, tc := range testCases {
 		t.Run(name, func(t *testing.T) {
-
 			// TODO(matzf): change xtest library to allow specifying the client
 			// credentials for individual calls so that server does not need to be
 			// recreated here.

control/drkey/service_engine.go

@@ -1,4 +1,5 @@
 // Copyright 2022 ETH Zurich
+// Copyright 2025 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -34,7 +35,7 @@ type Fetcher interface {
 // Level1PrefetchListKeeper maintains a list for those level1 keys
 // that are recently/frequently used.
 type Level1PrefetchListKeeper interface {
-	//Update updates the keys in Level1Cache based on the Level1Key metadata.
+	// Update updates the keys in Level1Cache based on the Level1Key metadata.
 	Update(key Level1PrefetchInfo)
 	// GetLevel1InfoArray retrieves an array whose members contains information regarding
 	// level1 keys to prefetch.
@@ -63,7 +64,6 @@ func (s *ServiceEngine) GetSecretValue(
 	ctx context.Context,
 	meta drkey.SecretValueMeta,
 ) (drkey.SecretValue, error) {
-
 	return s.SecretBackend.getSecretValue(ctx, meta)
 }
 
@@ -73,7 +73,6 @@ func (s *ServiceEngine) GetLevel1Key(
 	ctx context.Context,
 	meta drkey.Level1Meta,
 ) (drkey.Level1Key, error) {
-
 	key, err := s.getLevel1Key(ctx, meta)
 	if err == nil && ctx.Value(fromPrefetcher{}) == nil && meta.SrcIA != s.LocalIA {
 		keyInfo := Level1PrefetchInfo{
@@ -91,8 +90,10 @@ func (s *ServiceEngine) GetLevel1PrefetchInfo() []Level1PrefetchInfo {
 }
 
 // DeriveLevel1 returns a Level1 key based on the presented information.
-func (s *ServiceEngine) DeriveLevel1(meta drkey.Level1Meta) (drkey.Level1Key, error) {
-	sv, err := s.GetSecretValue(context.Background(), drkey.SecretValueMeta{
+func (s *ServiceEngine) DeriveLevel1(
+	ctx context.Context, meta drkey.Level1Meta,
+) (drkey.Level1Key, error) {
+	sv, err := s.GetSecretValue(ctx, drkey.SecretValueMeta{
 		ProtoId:  meta.ProtoId,
 		Validity: meta.Validity,
 	})
@@ -111,7 +112,6 @@ func (s *ServiceEngine) DeriveASHost(
 	ctx context.Context,
 	meta drkey.ASHostMeta,
 ) (drkey.ASHostKey, error) {
-
 	var key drkey.Key
 	var err error
 
@@ -146,7 +146,6 @@ func (s *ServiceEngine) DeriveHostAS(
 	ctx context.Context,
 	meta drkey.HostASMeta,
 ) (drkey.HostASKey, error) {
-
 	var key drkey.Key
 	var err error
 
@@ -182,7 +181,6 @@ func (s *ServiceEngine) DeriveHostHost(
 	ctx context.Context,
 	meta drkey.HostHostMeta,
 ) (drkey.HostHostKey, error) {
-
 	hostASMeta := drkey.HostASMeta{
 		ProtoId:  meta.ProtoId,
 		Validity: meta.Validity,
@@ -238,9 +236,8 @@ func (s *ServiceEngine) getLevel1Key(
 	ctx context.Context,
 	meta drkey.Level1Meta,
 ) (drkey.Level1Key, error) {
-
 	if meta.SrcIA == s.LocalIA {
-		return s.DeriveLevel1(meta)
+		return s.DeriveLevel1(ctx, meta)
 	}
 
 	if meta.DstIA != s.LocalIA {
@@ -278,7 +275,6 @@ func (s *ServiceEngine) obtainLevel1Key(
 	srcIA addr.IA,
 	dstIA addr.IA,
 ) (drkey.Level1Key, error) {
-
 	if !proto.IsPredefined() {
 		proto = drkey.Generic
 	}
@@ -289,7 +285,6 @@ func (s *ServiceEngine) obtainLevel1Key(
 		ProtoId:  proto,
 	}
 	return s.GetLevel1Key(ctx, level1Meta)
-
 }
 
 type fromPrefetcher struct{}

control/drkey/service_engine_test.go

@@ -1,4 +1,5 @@
 // Copyright 2022 ETH Zurich
+// Copyright 2025 SCION Association
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -89,7 +90,7 @@ func TestDeriveLevel1Key(t *testing.T) {
 		Validity: time.Now(),
 	}
 
-	key, err := store.DeriveLevel1(meta)
+	key, err := store.DeriveLevel1(context.Background(), meta)
 	assert.NoError(t, err)
 	assert.Equal(t, meta.DstIA, key.DstIA)
 	assert.Equal(t, meta.ProtoId, key.ProtoId)
@@ -135,7 +136,7 @@ func TestDeriveHostAS(t *testing.T) {
 		PrefetchKeeper: cache,
 	}
 
-	var tests = []drkey.Protocol{
+	tests := []drkey.Protocol{
 		drkey.SCMP,
 		drkey.Protocol(7),
 	}
@@ -231,7 +232,7 @@ func TestGetLevel1Key(t *testing.T) {
 	})
 	assert.NoError(t, err)
 	assert.Equal(t, secondLevel1Key, rcvKey3)
-	//Simulate a call coming from the prefetcher, it must not update cache
+	// Simulate a call coming from the prefetcher, it must not update cache
 	pref_ctx := context.WithValue(context.Background(), cs_drkey.FromPrefetcher(), true)
 	rcvKey4, err := store.GetLevel1Key(pref_ctx, drkey.Level1Meta{
 		ProtoId:  firstLevel1Key.ProtoId,
@@ -258,7 +259,6 @@ func TestGetLevel1Key(t *testing.T) {
 	}
 	_, err = store.GetLevel1Key(context.Background(), locallvl1Meta)
 	assert.NoError(t, err)
-
 }
 
 func newLevel1Database(t *testing.T) *level1_sql.Backend {