13 files changed, 67 insertions, 62 deletions
diff --git a/internal/ctlsocksrv/sanitize.go b/internal/ctlsocksrv/sanitize.go
index 4333872..2272943 100644
--- a/internal/ctlsocksrv/sanitize.go
+++ b/internal/ctlsocksrv/sanitize.go
@@ -6,10 +6,11 @@ import (
 )
 
 // SanitizePath adapts filepath.Clean for FUSE paths.
-// 1) Leading slash(es) are dropped
-// 2) It returns "" instead of "."
-// 3) If the cleaned path points above CWD (start with ".."), an empty string
-//    is returned
+//  1. Leading slash(es) are dropped
+//  2. It returns "" instead of "."
+//  3. If the cleaned path points above CWD (start with ".."), an empty string
+//     is returned
+//
 // See the TestSanitizePath testcases for examples.
 func SanitizePath(path string) string {
 	// (1)
diff --git a/internal/ensurefds012/ensurefds012.go b/internal/ensurefds012/ensurefds012.go
index 54a1ac1..6834b89 100644
--- a/internal/ensurefds012/ensurefds012.go
+++ b/internal/ensurefds012/ensurefds012.go
@@ -5,7 +5,7 @@
 //
 // Use like this:
 //
-//   import _ "github.com/rfjakob/gocryptfs/v2/internal/ensurefds012"
+//	import _ "github.com/rfjakob/gocryptfs/v2/internal/ensurefds012"
 //
 // The import line MUST be in the alphabitcally first source code file of
 // package main!
@@ -13,17 +13,17 @@
 // You can test if it works as expected by inserting a long sleep into main,
 // startings gocryptfs with all fds closed like this,
 //
-//   $ ./gocryptfs 0<&- 1>&- 2>&-
+//	$ ./gocryptfs 0<&- 1>&- 2>&-
 //
 // and then checking the open fds. It should look like this:
 //
-//   $ ls -l /proc/$(pgrep gocryptfs)/fd
-//   total 0
-//   lrwx------. 1 jakob jakob 64 Jan  5 15:54 0 -> /dev/null
-//   lrwx------. 1 jakob jakob 64 Jan  5 15:54 1 -> /dev/null
-//   lrwx------. 1 jakob jakob 64 Jan  5 15:54 2 -> /dev/null
-//   l-wx------. 1 jakob jakob 64 Jan  5 15:54 3 -> /dev/null
-//   lrwx------. 1 jakob jakob 64 Jan  5 15:54 4 -> 'anon_inode:[eventpoll]'
+//	$ ls -l /proc/$(pgrep gocryptfs)/fd
+//	total 0
+//	lrwx------. 1 jakob jakob 64 Jan  5 15:54 0 -> /dev/null
+//	lrwx------. 1 jakob jakob 64 Jan  5 15:54 1 -> /dev/null
+//	lrwx------. 1 jakob jakob 64 Jan  5 15:54 2 -> /dev/null
+//	l-wx------. 1 jakob jakob 64 Jan  5 15:54 3 -> /dev/null
+//	lrwx------. 1 jakob jakob 64 Jan  5 15:54 4 -> 'anon_inode:[eventpoll]'
 //
 // See https://github.com/rfjakob/gocryptfs/issues/320 for details.
 package ensurefds012
diff --git a/internal/fusefrontend/file_allocate_truncate.go b/internal/fusefrontend/file_allocate_truncate.go
index fddcfe8..cae796e 100644
--- a/internal/fusefrontend/file_allocate_truncate.go
+++ b/internal/fusefrontend/file_allocate_truncate.go
@@ -30,8 +30,8 @@ var allocateWarnOnce sync.Once
 //
 // mode=FALLOC_DEFAULT is implemented as a two-step process:
 //
-//   (1) Allocate the space using FALLOC_FL_KEEP_SIZE
-//   (2) Set the file size using ftruncate (via truncateGrowFile)
+//	(1) Allocate the space using FALLOC_FL_KEEP_SIZE
+//	(2) Set the file size using ftruncate (via truncateGrowFile)
 //
 // This allows us to reuse the file grow mechanics from Truncate as they are
 // complicated and hard to get right.
diff --git a/internal/inomap/inomap.go b/internal/inomap/inomap.go
index 070fab4..0f7ade3 100644
--- a/internal/inomap/inomap.go
+++ b/internal/inomap/inomap.go
@@ -3,8 +3,8 @@
 //
 // Format of the returned inode numbers:
 //
-//   [spill bit = 0][15 bit namespace id][48 bit passthru inode number]
-//   [spill bit = 1][63 bit spill inode number                        ]
+//	[spill bit = 0][15 bit namespace id][48 bit passthru inode number]
+//	[spill bit = 1][63 bit spill inode number                        ]
 //
 // Each (Dev, Tag) tuple gets a namespace id assigned. The original inode
 // number is then passed through in the lower 48 bits.
diff --git a/internal/speed/cpuinfo.go b/internal/speed/cpuinfo.go
index 09e7a89..df3177d 100644
--- a/internal/speed/cpuinfo.go
+++ b/internal/speed/cpuinfo.go
@@ -12,17 +12,17 @@ import (
 //
 // Examples: On my desktop PC:
 //
-//   $ grep "model name" /proc/cpuinfo
-//   model name	: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
+//	$ grep "model name" /proc/cpuinfo
+//	model name	: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
 //
 // --> Returns "Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz".
 //
 // On a Raspberry Pi 4:
 //
-//   $ grep "model name" /proc/cpuinfo
-//   (empty)
-//   $ grep Hardware /proc/cpuinfo
-//   Hardware	: BCM2835
+//	$ grep "model name" /proc/cpuinfo
+//	(empty)
+//	$ grep Hardware /proc/cpuinfo
+//	Hardware	: BCM2835
 //
 // --> Returns "BCM2835"
 func cpuModelName() string {
diff --git a/internal/stupidgcm/doc.go b/internal/stupidgcm/doc.go
index 36c189b..dce82ae 100644
--- a/internal/stupidgcm/doc.go
+++ b/internal/stupidgcm/doc.go
@@ -16,13 +16,13 @@
 // However, OpenSSL has optimized assembly for almost all platforms, which Go
 // does not. Example for a 32-bit ARM device (Odroid XU4):
 //
-//   $ gocrypts -speed
-//   gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm
-//   AES-GCM-256-OpenSSL               56.84 MB/s    (selected in auto mode)
-//   AES-GCM-256-Go                    16.61 MB/s
-//   AES-SIV-512-Go                    16.49 MB/s
-//   XChaCha20-Poly1305-Go             39.08 MB/s    (use via -xchacha flag)
-//   XChaCha20-Poly1305-OpenSSL       141.82 MB/s
+//	$ gocrypts -speed
+//	gocryptfs v2.1-68-gedf9d4c.stupidchacha; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-04 go1.16.7 linux/arm
+//	AES-GCM-256-OpenSSL               56.84 MB/s    (selected in auto mode)
+//	AES-GCM-256-Go                    16.61 MB/s
+//	AES-SIV-512-Go                    16.49 MB/s
+//	XChaCha20-Poly1305-Go             39.08 MB/s    (use via -xchacha flag)
+//	XChaCha20-Poly1305-OpenSSL       141.82 MB/s
 //
 // This package is "stupid" in the sense that it only supports a narrow set of
 // key- and iv-lengths, and panics if it does not like what you pass it.
@@ -33,7 +33,7 @@
 // Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
 // decryption.
 //
-// XChaCha20-Poly1305
+// # XChaCha20-Poly1305
 //
 // The XChaCha20-Poly1305 implementation is more complicated than the others,
 // because OpenSSL does not support XChaCha20-Poly1305 directly. Follow
@@ -43,16 +43,16 @@
 // Fortunately, XChaCha20-Poly1305 is just ChaCha20-Poly1305 with some key+iv
 // mixing using HChaCha20 in front:
 //
-//     key (32 bytes), iv (24 bytes)
-//      |
-//      v
-//     HChaCha20 (provided by golang.org/x/crypto/chacha20)
-//      |
-//      v
-//     key2 (32 bytes), iv2 (16 bytes)
-//      |
-//      v
-//     ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305)
+//	key (32 bytes), iv (24 bytes)
+//	 |
+//	 v
+//	HChaCha20 (provided by golang.org/x/crypto/chacha20)
+//	 |
+//	 v
+//	key2 (32 bytes), iv2 (16 bytes)
+//	 |
+//	 v
+//	ChaCha20-Poly1305 (OpenSSL EVP_chacha20_poly1305)
 //
 // As HChaCha20 is very fast, XChaCha20-Poly1305 gets almost the same throughput
 // as ChaCha20-Poly1305 (for 4kiB blocks).
diff --git a/internal/stupidgcm/prefer.go b/internal/stupidgcm/prefer.go
index fe8c613..e3f52d4 100644
--- a/internal/stupidgcm/prefer.go
+++ b/internal/stupidgcm/prefer.go
@@ -11,9 +11,9 @@ import (
 //
 // Go GCM is only faster if the CPU either:
 //
-// 1) Is X86_64 && has AES instructions && Go is v1.6  or higher
-// 2) Is ARM64  && has AES instructions && Go is v1.11 or higher
-//    (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
+//  1. Is X86_64 && has AES instructions && Go is v1.6  or higher
+//  2. Is ARM64  && has AES instructions && Go is v1.11 or higher
+//     (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
 //
 // See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
 // for benchmarks.
diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go
index fc2bfed..bbaca51 100644
--- a/tests/cli/cli_test.go
+++ b/tests/cli/cli_test.go
@@ -462,7 +462,9 @@ func TestPasswdPasswordIncorrect(t *testing.T) {
 
 // Check that we correctly background on mount and close stderr and stdout.
 // Something like
-//   gocryptfs a b | cat
+//
+//	gocryptfs a b | cat
+//
 // must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ).
 func TestMountBackground(t *testing.T) {
 	dir := test_helpers.InitFS(t)
diff --git a/tests/defaults/main_test.go b/tests/defaults/main_test.go
index 7633e8b..d0210e2 100644
--- a/tests/defaults/main_test.go
+++ b/tests/defaults/main_test.go
@@ -204,7 +204,9 @@ func TestWrite0200File(t *testing.T) {
 
 // TestMvWarnings:
 // When xattr support was introduced, mv threw warnings like these:
-//   mv: preserving permissions for ‘b/x’: Operation not permitted
+//
+//	mv: preserving permissions for ‘b/x’: Operation not permitted
+//
 // because we returned EPERM when it tried to set system.posix_acl_access.
 // Now we return EOPNOTSUPP and mv is happy.
 func TestMvWarnings(t *testing.T) {
diff --git a/tests/matrix/concurrency_test.go b/tests/matrix/concurrency_test.go
index 4f060ab..15dbc3e 100644
--- a/tests/matrix/concurrency_test.go
+++ b/tests/matrix/concurrency_test.go
@@ -134,7 +134,7 @@ func TestConcurrentReadCreate(t *testing.T) {
 //
 // So far, it only has triggered warnings like this
 //
-//     go-fuse: warning: Inode.Path: inode i4201033 is orphaned, replacing segment with ".go-fuse.5577006791947779410/deleted"
+//	go-fuse: warning: Inode.Path: inode i4201033 is orphaned, replacing segment with ".go-fuse.5577006791947779410/deleted"
 //
 // but none of the "blocked waiting for FORGET".
 func TestInoReuse(t *testing.T) {
diff --git a/tests/plaintextnames/plaintextnames_test.go b/tests/plaintextnames/plaintextnames_test.go
index f2dc7e7..8892c39 100644
--- a/tests/plaintextnames/plaintextnames_test.go
+++ b/tests/plaintextnames/plaintextnames_test.go
@@ -92,10 +92,10 @@ func TestFiltered(t *testing.T) {
 // Only works on filesystems that recycle inode numbers (ext4 does),
 // and then the test causes a hang with these messages:
 //
-//		go-fuse: blocked for 5 seconds waiting for FORGET on i4329366
-//		go-fuse: blocked for 11 seconds waiting for FORGET on i4329366
-//		go-fuse: blocked for 17 seconds waiting for FORGET on i4329366
-//		[...]
+//	go-fuse: blocked for 5 seconds waiting for FORGET on i4329366
+//	go-fuse: blocked for 11 seconds waiting for FORGET on i4329366
+//	go-fuse: blocked for 17 seconds waiting for FORGET on i4329366
+//	[...]
 //
 // The test runs with -plaintextnames because that makes it easier to manipulate
 // cipherdir directly.
diff --git a/tests/reverse/inomap_test.go b/tests/reverse/inomap_test.go
index d5544c8..a79ddd2 100644
--- a/tests/reverse/inomap_test.go
+++ b/tests/reverse/inomap_test.go
@@ -35,15 +35,15 @@ func findIno(dir string, ino uint64) string {
 
 // TestVirtualFileIno creates a directory tree like this:
 //
-//    TestVirtualFileIno  <---- parent
-//    └── xxxxxxx[...]    <---- child
+//	TestVirtualFileIno  <---- parent
+//	└── xxxxxxx[...]    <---- child
 //
 // Which looks like this encrypted:
 //
-//    OLUKdPMg6l87EiKVlufgwIkQL8MD6JdUgOR3a8nEZ-w                                <---- parent
-//    ├── gocryptfs.diriv                                                        <---- diriv
-//    ├── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50         <---- child
-//    └── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50.name    <---- name
+//	OLUKdPMg6l87EiKVlufgwIkQL8MD6JdUgOR3a8nEZ-w                                <---- parent
+//	├── gocryptfs.diriv                                                        <---- diriv
+//	├── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50         <---- child
+//	└── gocryptfs.longname.e31v1ax4h_F0l4jhlN8kCjaWWMq8rO9VVBZ15IYsV50.name    <---- name
 //
 // It verifies that the inode numbers match what we expect.
 func TestVirtualFileIno(t *testing.T) {
diff --git a/tests/test_helpers/helpers.go b/tests/test_helpers/helpers.go
index daa37d7..0d21548 100644
--- a/tests/test_helpers/helpers.go
+++ b/tests/test_helpers/helpers.go
@@ -67,10 +67,10 @@ func doInit() {
 
 // ResetTmpDir deletes TmpDir, create new dir tree:
 //
-// TmpDir
-// |-- DefaultPlainDir
-// *-- DefaultCipherDir
-//     *-- gocryptfs.diriv
+//	TmpDir
+//	|-- DefaultPlainDir
+//	*-- DefaultCipherDir
+//	    *-- gocryptfs.diriv
 func ResetTmpDir(createDirIV bool) {
 	// Try to unmount and delete everything
 	entries, err := ioutil.ReadDir(TmpDir)
@@ -138,7 +138,7 @@ func isExt4(path string) bool {
 
 // InitFS creates a new empty cipherdir and calls
 //
-//     gocryptfs -q -init -extpass "echo test" -scryptn=10 $extraArgs $cipherdir
+//	gocryptfs -q -init -extpass "echo test" -scryptn=10 $extraArgs $cipherdir
 //
 // It returns cipherdir without a trailing slash.
 //