CI: enable the gofumpt linter

Turn on the gofumpt linter.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

.golangci.yml

@@ -9,6 +9,7 @@ run:
 linters:
   enable:
     - gofmt
+    - gofumpt
     - revive
     - unconvert
     - unparam

add.go

@@ -176,7 +176,7 @@ func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string,
 		uid = chown.UID
 		gid = chown.GID
 	}
-	var mode int64 = 0600
+	var mode int64 = 0o600
 	if chmod != nil {
 		mode = int64(*chmod)
 	}

bind/mount.go

@@ -48,7 +48,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
 	if err != nil {
 		return nil, fmt.Errorf("checking permissions on %q: %w", bundlePath, err)
 	}
-	if err = os.Chmod(bundlePath, info.Mode()|0111); err != nil {
+	if err = os.Chmod(bundlePath, info.Mode()|0o111); err != nil {
 		return nil, fmt.Errorf("loosening permissions on %q: %w", bundlePath, err)
 	}
 
@@ -115,7 +115,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
 	// other unprivileged users outside of containers, shouldn't be able to
 	// access.
 	mnt := filepath.Join(bundlePath, "mnt")
-	if err = idtools.MkdirAndChown(mnt, 0100, idtools.IDPair{UID: int(rootUID), GID: int(rootGID)}); err != nil {
+	if err = idtools.MkdirAndChown(mnt, 0o100, idtools.IDPair{UID: int(rootUID), GID: int(rootGID)}); err != nil {
 		return unmountAll, fmt.Errorf("creating %q owned by the container's root user: %w", mnt, err)
 	}
 
@@ -128,7 +128,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
 
 	// Create a bind mount for the root filesystem and add it to the list.
 	rootfs := filepath.Join(mnt, "rootfs")
-	if err = os.Mkdir(rootfs, 0000); err != nil {
+	if err = os.Mkdir(rootfs, 0o000); err != nil {
 		return unmountAll, fmt.Errorf("creating directory %q: %w", rootfs, err)
 	}
 	if err = unix.Mount(rootPath, rootfs, "", unix.MS_BIND|unix.MS_REC|unix.MS_PRIVATE, ""); err != nil {
@@ -159,13 +159,13 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
 		if info.IsDir() {
 			// If the source is a directory, make one to use as the
 			// mount target.
-			if err = os.Mkdir(stage, 0000); err != nil {
+			if err = os.Mkdir(stage, 0o000); err != nil {
 				return unmountAll, fmt.Errorf("creating directory %q: %w", stage, err)
 			}
 		} else {
 			// If the source is not a directory, create an empty
 			// file to use as the mount target.
-			file, err := os.OpenFile(stage, os.O_WRONLY|os.O_CREATE, 0000)
+			file, err := os.OpenFile(stage, os.O_WRONLY|os.O_CREATE, 0o000)
 			if err != nil {
 				return unmountAll, fmt.Errorf("creating file %q: %w", stage, err)
 			}

buildah.go

@@ -570,7 +570,7 @@ func (b *Builder) Save() error {
 	if err != nil {
 		return err
 	}
-	if err = ioutils.AtomicWriteFile(filepath.Join(cdir, stateFile), buildstate, 0600); err != nil {
+	if err = ioutils.AtomicWriteFile(filepath.Join(cdir, stateFile), buildstate, 0o600); err != nil {
 		return fmt.Errorf("saving builder state to %q: %w", filepath.Join(cdir, stateFile), err)
 	}
 	return nil

buildah_test.go

@@ -14,12 +14,10 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-var (
-	testSystemContext = imagetypes.SystemContext{
+var testSystemContext = imagetypes.SystemContext{
 	SignaturePolicyPath:      "tests/policy.json",
 	SystemRegistriesConfPath: "tests/registries.conf",
 }
-)
 
 func TestMain(m *testing.M) {
 	var logLevel string

chroot/pty_ptmx.go

@@ -15,7 +15,7 @@ import (
 // this instead of posix_openpt is that it avoids cgo.
 func getPtyDescriptors() (int, int, error) {
 	// Create a pseudo-terminal -- open a copy of the master side.
-	controlFd, err := unix.Open("/dev/ptmx", os.O_RDWR, 0600)
+	controlFd, err := unix.Open("/dev/ptmx", os.O_RDWR, 0o600)
 	if err != nil {
 		return -1, -1, fmt.Errorf("opening PTY master using /dev/ptmx: %v", err)
 	}
@@ -36,7 +36,7 @@ func getPtyDescriptors() (int, int, error) {
 			return -1, -1, fmt.Errorf("getting PTY number: %v", err)
 		}
 		ptyName := fmt.Sprintf("/dev/pts/%d", ptyN)
-		fd, err := unix.Open(ptyName, unix.O_RDWR|unix.O_NOCTTY, 0620)
+		fd, err := unix.Open(ptyName, unix.O_RDWR|unix.O_NOCTTY, 0o620)
 		if err != nil {
 			return -1, -1, fmt.Errorf("opening PTY %q: %v", ptyName, err)
 		}

chroot/run_common.go

@@ -73,7 +73,7 @@ func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reade
 	if err != nil {
 		return err
 	}
-	if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0600); err != nil {
+	if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0o600); err != nil {
 		return fmt.Errorf("storing runtime configuration: %w", err)
 	}
 	logrus.Debugf("config = %v", string(specbytes))
@@ -265,7 +265,7 @@ func runUsingChrootMain() {
 			logrus.Warnf("error %s ownership of container PTY %sto %d/%d: %v", op, from, rootUID, rootGID, err)
 		}
 		// Set permissions on the PTY.
-		if err = ctty.Chmod(0620); err != nil {
+		if err = ctty.Chmod(0o620); err != nil {
 			logrus.Errorf("error setting permissions of container PTY: %v", err)
 			os.Exit(1)
 		}
@@ -525,7 +525,6 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io
 	cmd.ExtraFiles = append([]*os.File{preader}, cmd.ExtraFiles...)
 	if err := setPlatformUnshareOptions(spec, cmd); err != nil {
 		return 1, fmt.Errorf("setting platform unshare options: %w", err)
-
 	}
 	interrupted := make(chan os.Signal, 100)
 	cmd.Hook = func(int) error {

chroot/run_freebsd.go

@@ -190,12 +190,12 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 			// XXX: This was copied from the linux version which supports bind mounting files.
 			// Leaving it here since I plan to add this to FreeBSD's nullfs.
 			if m.Type != "nullfs" || srcinfo.IsDir() {
-				if err = os.MkdirAll(target, 0111); err != nil {
+				if err = os.MkdirAll(target, 0o111); err != nil {
 					return undoBinds, fmt.Errorf("creating mountpoint %q in mount namespace: %w", target, err)
 				}
 				removes = append(removes, target)
 			} else {
-				if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
+				if err = os.MkdirAll(filepath.Dir(target), 0o111); err != nil {
 					return undoBinds, fmt.Errorf("ensuring parent of mountpoint %q (%q) is present in mount namespace: %w", target, filepath.Dir(target), err)
 				}
 				// Don't do this until we can support file mounts in nullfs
@@ -218,7 +218,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 					save := saveDir(spec, target)
 					if err := fileutils.Exists(save); err != nil {
 						if errors.Is(err, fs.ErrNotExist) {
-							err = os.MkdirAll(save, 0111)
+							err = os.MkdirAll(save, 0o111)
 						}
 						if err != nil {
 							return undoBinds, fmt.Errorf("creating file mount save directory %q: %w", save, err)

chroot/run_linux.go

@@ -301,7 +301,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	subDev := filepath.Join(spec.Root.Path, "/dev")
 	if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
 		if errors.Is(err, os.ErrNotExist) {
-			err = os.Mkdir(subDev, 0755)
+			err = os.Mkdir(subDev, 0o755)
 			if err == nil {
 				err = unix.Mount("/dev", subDev, "bind", devFlags, "")
 			}
@@ -325,7 +325,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	subProc := filepath.Join(spec.Root.Path, "/proc")
 	if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
 		if errors.Is(err, os.ErrNotExist) {
-			err = os.Mkdir(subProc, 0755)
+			err = os.Mkdir(subProc, 0o755)
 			if err == nil {
 				err = unix.Mount("/proc", subProc, "bind", procFlags, "")
 			}
@@ -340,7 +340,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	subSys := filepath.Join(spec.Root.Path, "/sys")
 	if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
 		if errors.Is(err, os.ErrNotExist) {
-			err = os.Mkdir(subSys, 0755)
+			err = os.Mkdir(subSys, 0o755)
 			if err == nil {
 				err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
 			}
@@ -432,15 +432,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 			// The target isn't there yet, so create it.  If the source is a directory,
 			// we need a directory, otherwise we need a non-directory (i.e., a file).
 			if srcinfo.IsDir() {
-				if err = os.MkdirAll(target, 0755); err != nil {
+				if err = os.MkdirAll(target, 0o755); err != nil {
 					return undoBinds, fmt.Errorf("creating mountpoint %q in mount namespace: %w", target, err)
 				}
 			} else {
-				if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
+				if err = os.MkdirAll(filepath.Dir(target), 0o755); err != nil {
 					return undoBinds, fmt.Errorf("ensuring parent of mountpoint %q (%q) is present in mount namespace: %w", target, filepath.Dir(target), err)
 				}
 				var file *os.File
-				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
+				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0o755); err != nil {
 					return undoBinds, fmt.Errorf("creating mountpoint %q in mount namespace: %w", target, err)
 				}
 				file.Close()
@@ -593,7 +593,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	// Create an empty directory for to use for masking directories.
 	roEmptyDir := filepath.Join(bundlePath, "empty")
 	if len(spec.Linux.MaskedPaths) > 0 {
-		if err := os.Mkdir(roEmptyDir, 0700); err != nil {
+		if err := os.Mkdir(roEmptyDir, 0o700); err != nil {
 			return undoBinds, fmt.Errorf("creating empty directory %q: %w", roEmptyDir, err)
 		}
 	}

chroot/run_test.go

@@ -49,17 +49,17 @@ func testMinimal(t *testing.T, modify func(g *generate.Generator, rootDir, bundl
 	// t.TempDir returns /tmp/TestName/001.
 	// /tmp/TestName/001 has permission 0777, but /tmp/TestName is 0700
 	tempDir := t.TempDir()
-	if err = os.Chmod(filepath.Dir(tempDir), 0711); err != nil {
+	if err = os.Chmod(filepath.Dir(tempDir), 0o711); err != nil {
 		t.Fatalf("error loosening permissions on %q: %v", tempDir, err)
 	}
 
 	rootDir := filepath.Join(tempDir, "root")
-	if err := os.Mkdir(rootDir, 0711); err != nil {
+	if err := os.Mkdir(rootDir, 0o711); err != nil {
 		t.Fatalf("os.Mkdir(%q): %v", rootDir, err)
 	}
 
 	rootTmpDir := filepath.Join(rootDir, "tmp")
-	if err := os.Mkdir(rootTmpDir, 01777); err != nil {
+	if err := os.Mkdir(rootTmpDir, 0o1777); err != nil {
 		t.Fatalf("os.Mkdir(%q): %v", rootTmpDir, err)
 	}
 
@@ -69,7 +69,7 @@ func testMinimal(t *testing.T, modify func(g *generate.Generator, rootDir, bundl
 		t.Fatalf("open(%q): %v", specPath, err)
 	}
 	defer specBinarySource.Close()
-	specBinary, err := os.OpenFile(filepath.Join(rootDir, reportCommand), os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0711)
+	specBinary, err := os.OpenFile(filepath.Join(rootDir, reportCommand), os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0o711)
 	if err != nil {
 		t.Fatalf("open(%q): %v", filepath.Join(rootDir, reportCommand), err)
 	}
@@ -83,7 +83,7 @@ func testMinimal(t *testing.T, modify func(g *generate.Generator, rootDir, bundl
 	g.SetProcessArgs([]string{"/" + reportCommand})
 
 	bundleDir := filepath.Join(tempDir, "bundle")
-	if err := os.Mkdir(bundleDir, 0700); err != nil {
+	if err := os.Mkdir(bundleDir, 0o700); err != nil {
 		t.Fatalf("os.Mkdir(%q): %v", bundleDir, err)
 	}
 
@@ -223,7 +223,7 @@ func TestProcessCwd(t *testing.T) {
 	}
 	testMinimal(t,
 		func(g *generate.Generator, rootDir, _ string) {
-			if err := os.Mkdir(filepath.Join(rootDir, "/no-such-directory"), 0700); err != nil {
+			if err := os.Mkdir(filepath.Join(rootDir, "/no-such-directory"), 0o700); err != nil {
 				t.Fatalf("mkdir(%q): %v", filepath.Join(rootDir, "/no-such-directory"), err)
 			}
 			g.SetProcessCwd("/no-such-directory")
@@ -431,7 +431,8 @@ func TestMounts(t *testing.T) {
 			name:        "nosuid",
 			destination: "/nosuid",
 			options:     []string{"nosuid"},
-			reject:      []string{"suid"}},
+			reject:      []string{"suid"},
+		},
 		{
 			name:        "nodev,noexec",
 			destination: "/nodev,noexec",

cmd/buildah/build.go

@@ -71,7 +71,7 @@ func init() {
 
 func buildCmd(c *cobra.Command, inputArgs []string, iopts buildahcli.BuildOptions) error {
 	if c.Flag("logfile").Changed {
-		logfile, err := os.OpenFile(iopts.Logfile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
+		logfile, err := os.OpenFile(iopts.Logfile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600)
 		if err != nil {
 			return err
 		}

cmd/buildah/commit.go

@@ -83,7 +83,6 @@ func init() {
 	commitCommand.SetUsageTemplate(UsageTemplate())
 	commitListFlagSet(commitCommand, &opts)
 	rootCmd.AddCommand(commitCommand)
-
 }
 
 func commitListFlagSet(cmd *cobra.Command, opts *commitInputOptions) {

cmd/buildah/common.go

@@ -20,10 +20,8 @@ import (
 	"github.com/spf13/pflag"
 )
 
-var (
 // configuration, including customizations made in containers.conf
-	needToShutdownStore = false
-)
+var needToShutdownStore = false
 
 func getStore(c *cobra.Command) (storage.Store, error) {
 	if err := setXDGRuntimeDir(); err != nil {

cmd/buildah/config.go

@@ -104,7 +104,6 @@ func init() {
 	flags.StringSliceVar(&opts.unsetLabels, "unsetlabel", nil, "remove image configuration label")
 
 	rootCmd.AddCommand(configCommand)
-
 }
 
 func updateCmd(builder *buildah.Builder, cmd string) error {

cmd/buildah/containers.go

@@ -168,11 +168,13 @@ func outputContainers(store storage.Store, opts containerOptions, params *contai
 				continue
 			}
 			if opts.json {
-				JSONContainers = append(JSONContainers, jsonContainer{ID: builder.ContainerID,
+				JSONContainers = append(JSONContainers, jsonContainer{
+					ID:            builder.ContainerID,
 					Builder:       true,
 					ImageID:       builder.FromImageID,
 					ImageName:     image,
-					ContainerName: builder.Container})
+					ContainerName: builder.Container,
+				})
 				continue
 			}
 			output := containerOutputParams{
@@ -208,11 +210,13 @@ func outputContainers(store storage.Store, opts containerOptions, params *contai
 				continue
 			}
 			if opts.json {
-				JSONContainers = append(JSONContainers, jsonContainer{ID: container.ID,
+				JSONContainers = append(JSONContainers, jsonContainer{
+					ID:            container.ID,
 					Builder:       ours,
 					ImageID:       container.ImageID,
 					ImageName:     imageNameForID(container.ImageID),
-					ContainerName: name})
+					ContainerName: name,
+				})
 				continue
 			}
 			output := containerOutputParams{

cmd/buildah/dumpbolt.go

@@ -22,7 +22,7 @@ var (
 )
 
 func dumpBoltCmd(_ *cobra.Command, args []string) error {
-	db, err := bolt.Open(args[0], 0600, &bolt.Options{ReadOnly: true})
+	db, err := bolt.Open(args[0], 0o600, &bolt.Options{ReadOnly: true})
 	if err != nil {
 		return fmt.Errorf("opening database %q: %w", args[0], err)
 	}

cmd/buildah/from.go

@@ -312,7 +312,7 @@ func fromCmd(c *cobra.Command, args []string, iopts fromReply) error {
 
 	if iopts.cidfile != "" {
 		filePath := iopts.cidfile
-		if err := os.WriteFile(filePath, []byte(builder.ContainerID), 0644); err != nil {
+		if err := os.WriteFile(filePath, []byte(builder.ContainerID), 0o644); err != nil {
 			return fmt.Errorf("failed to write container ID file %q: %w", filePath, err)
 		}
 	}

cmd/buildah/main.go

@@ -65,9 +65,7 @@ var (
 )
 
 func init() {
-	var (
-		defaultStoreDriverOptions []string
-	)
+	var defaultStoreDriverOptions []string
 	storageOptions, err := storage.DefaultStoreOptions()
 	if err != nil {
 		logrus.Errorf(err.Error())

cmd/buildah/manifest.go

@@ -1207,7 +1207,7 @@ func manifestPush(systemContext *types.SystemContext, store storage.Store, listI
 	}
 
 	if opts.digestfile != "" {
-		if err = os.WriteFile(opts.digestfile, []byte(digest.String()), 0644); err != nil {
+		if err = os.WriteFile(opts.digestfile, []byte(digest.String()), 0o644); err != nil {
 			return util.GetFailureCause(err, fmt.Errorf("failed to write digest to file %q: %w", opts.digestfile, err))
 		}
 	}

cmd/buildah/push.go

@@ -1,13 +1,12 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"time"
 
-	"errors"
-
 	"github.com/containers/buildah"
 	"github.com/containers/buildah/define"
 	"github.com/containers/buildah/pkg/cli"
@@ -255,7 +254,7 @@ func pushCmd(c *cobra.Command, args []string, iopts pushOptions) error {
 	logrus.Debugf("Successfully pushed %s with digest %s", transports.ImageName(dest), digest.String())
 
 	if iopts.digestfile != "" {
-		if err = os.WriteFile(iopts.digestfile, []byte(digest.String()), 0644); err != nil {
+		if err = os.WriteFile(iopts.digestfile, []byte(digest.String()), 0o644); err != nil {
 			return util.GetFailureCause(err, fmt.Errorf("failed to write digest to file %q: %w", iopts.digestfile, err))
 		}
 	}

cmd/buildah/rm.go

@@ -86,7 +86,6 @@ func rmCmd(c *cobra.Command, args []string, iopts rmResults) error {
 			}
 			fmt.Printf("%s\n", id)
 		}
-
 	}
 	return lastError
 }

cmd/buildah/run.go

@@ -53,7 +53,6 @@ func init() {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.NameSpaceResults = &namespaceResults
 			return runCmd(cmd, args, opts)
-
 		},
 		Example: `buildah run containerID -- ps -auxw
   buildah run --terminal containerID /bin/bash

commit.go

@@ -153,15 +153,13 @@ type LinkedLayer struct {
 	BlobPath string     // corresponding uncompressed blob file (layer as a tar archive), or directory tree to archive
 }
 
-var (
 // storageAllowedPolicyScopes overrides the policy for local storage
 // to ensure that we can read images from it.
-	storageAllowedPolicyScopes = signature.PolicyTransportScopes{
+var storageAllowedPolicyScopes = signature.PolicyTransportScopes{
 	"": []signature.PolicyRequirement{
 		signature.NewPRInsecureAcceptAnything(),
 	},
 }
-)
 
 // checkRegistrySourcesAllows checks the $BUILD_REGISTRY_SOURCES environment
 // variable, if it's set.  The contents are expected to be a JSON-encoded
@@ -458,7 +456,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 			logrus.Debugf("removing %v from assigned names to image %q", nameToRemove, img.ID)
 		}
 		if options.IIDFile != "" {
-			if err = os.WriteFile(options.IIDFile, []byte("sha256:"+img.ID), 0644); err != nil {
+			if err = os.WriteFile(options.IIDFile, []byte("sha256:"+img.ID), 0o644); err != nil {
 				return imgID, nil, "", err
 			}
 		}

copier/copier.go

@@ -32,9 +32,9 @@ const (
 	copierCommand    = "buildah-copier"
 	maxLoopsFollowed = 64
 	// See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06, from archive/tar
-	cISUID = 04000 // Set uid, from archive/tar
-	cISGID = 02000 // Set gid, from archive/tar
-	cISVTX = 01000 // Save text (sticky bit), from archive/tar
+	cISUID = 0o4000 // Set uid, from archive/tar
+	cISGID = 0o2000 // Set gid, from archive/tar
+	cISVTX = 0o1000 // Save text (sticky bit), from archive/tar
 )
 
 func init() {
@@ -196,24 +196,19 @@ type StatForItem struct {
 }
 
 // getResponse encodes a response for a single Get request.
-type getResponse struct {
-}
+type getResponse struct{}
 
 // putResponse encodes a response for a single Put request.
-type putResponse struct {
-}
+type putResponse struct{}
 
 // mkdirResponse encodes a response for a single Mkdir request.
-type mkdirResponse struct {
-}
+type mkdirResponse struct{}
 
 // removeResponse encodes a response for a single Remove request.
-type removeResponse struct {
-}
+type removeResponse struct{}
 
 // EvalOptions controls parts of Eval()'s behavior.
-type EvalOptions struct {
-}
+type EvalOptions struct{}
 
 // Eval evaluates the directory's path, including any intermediate symbolic
 // links.
@@ -1518,7 +1513,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 		dirUID, dirGID = req.PutOptions.ChownDirs.UID, req.PutOptions.ChownDirs.GID
 		defaultDirUID, defaultDirGID = dirUID, dirGID
 	}
-	defaultDirMode := os.FileMode(0755)
+	defaultDirMode := os.FileMode(0o755)
 	if req.PutOptions.ChmodDirs != nil {
 		defaultDirMode = *req.PutOptions.ChmodDirs
 	}
@@ -1559,7 +1554,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 		for _, component := range strings.Split(rel, string(os.PathSeparator)) {
 			subdir = filepath.Join(subdir, component)
 			path := filepath.Join(req.Root, subdir)
-			if err := os.Mkdir(path, 0700); err == nil {
+			if err := os.Mkdir(path, 0o700); err == nil {
 				if err = lchown(path, defaultDirUID, defaultDirGID); err != nil {
 					return fmt.Errorf("copier: put: error setting owner of %q to %d:%d: %w", path, defaultDirUID, defaultDirGID, err)
 				}
@@ -1593,7 +1588,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 		return nil
 	}
 	createFile := func(path string, tr *tar.Reader) (int64, error) {
-		f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0600)
+		f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0o600)
 		if err != nil && errors.Is(err, os.ErrExist) {
 			if req.PutOptions.NoOverwriteDirNonDir {
 				if st, err2 := os.Lstat(path); err2 == nil && st.IsDir() {
@@ -1611,13 +1606,13 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 					return 0, fmt.Errorf("copier: put: error removing item to be overwritten %q: %w", path, err)
 				}
 			}
-			f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0600)
+			f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0o600)
 		}
 		if err != nil && os.IsPermission(err) {
 			if err = makeDirectoryWriteable(filepath.Dir(path)); err != nil {
 				return 0, err
 			}
-			f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0600)
+			f, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC|os.O_EXCL, 0o600)
 		}
 		if err != nil {
 			return 0, fmt.Errorf("copier: put: error opening file %q for writing: %w", path, err)
@@ -1781,14 +1776,14 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 					ignoredItems[nameBeforeRenaming] = struct{}{}
 					goto nextHeader
 				}
-				if err = mknod(path, chrMode(0600), int(mkdev(devMajor, devMinor))); err != nil && errors.Is(err, os.ErrExist) {
+				if err = mknod(path, chrMode(0o600), int(mkdev(devMajor, devMinor))); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
 						}
 					}
 					if err = os.RemoveAll(path); err == nil {
-						err = mknod(path, chrMode(0600), int(mkdev(devMajor, devMinor)))
+						err = mknod(path, chrMode(0o600), int(mkdev(devMajor, devMinor)))
 					}
 				}
 			case tar.TypeBlock:
@@ -1796,26 +1791,26 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 					ignoredItems[nameBeforeRenaming] = struct{}{}
 					goto nextHeader
 				}
-				if err = mknod(path, blkMode(0600), int(mkdev(devMajor, devMinor))); err != nil && errors.Is(err, os.ErrExist) {
+				if err = mknod(path, blkMode(0o600), int(mkdev(devMajor, devMinor))); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
 						}
 					}
 					if err = os.RemoveAll(path); err == nil {
-						err = mknod(path, blkMode(0600), int(mkdev(devMajor, devMinor)))
+						err = mknod(path, blkMode(0o600), int(mkdev(devMajor, devMinor)))
 					}
 				}
 			case tar.TypeDir:
 				// FreeBSD can return EISDIR for "mkdir /":
 				// https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=59739.
-				if err = os.Mkdir(path, 0700); err != nil && (errors.Is(err, os.ErrExist) || errors.Is(err, syscall.EISDIR)) {
+				if err = os.Mkdir(path, 0o700); err != nil && (errors.Is(err, os.ErrExist) || errors.Is(err, syscall.EISDIR)) {
 					if st, stErr := os.Lstat(path); stErr == nil && !st.IsDir() {
 						if req.PutOptions.NoOverwriteNonDirDir {
 							break
 						}
 						if err = os.Remove(path); err == nil {
-							err = os.Mkdir(path, 0700)
+							err = os.Mkdir(path, 0o700)
 						}
 					} else {
 						err = stErr
@@ -1836,14 +1831,14 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 				// the archive more than once for whatever reason
 				directoryModes[path] = mode
 			case tar.TypeFifo:
-				if err = mkfifo(path, 0600); err != nil && errors.Is(err, os.ErrExist) {
+				if err = mkfifo(path, 0o600); err != nil && errors.Is(err, os.ErrExist) {
 					if req.PutOptions.NoOverwriteDirNonDir {
 						if st, err := os.Lstat(path); err == nil && st.IsDir() {
 							break
 						}
 					}
 					if err = os.RemoveAll(path); err == nil {
-						err = mkfifo(path, 0600)
+						err = mkfifo(path, 0o600)
 					}
 				}
 			case tar.TypeXGlobalHeader:
@@ -1930,7 +1925,7 @@ func copierHandlerMkdir(req request, idMappings *idtools.IDMappings) (*response,
 	if req.MkdirOptions.ChownNew != nil {
 		dirUID, dirGID = req.MkdirOptions.ChownNew.UID, req.MkdirOptions.ChownNew.GID
 	}
-	dirMode := os.FileMode(0755)
+	dirMode := os.FileMode(0o755)
 	if req.MkdirOptions.ChmodNew != nil {
 		dirMode = *req.MkdirOptions.ChmodNew
 	}
@@ -1957,7 +1952,7 @@ func copierHandlerMkdir(req request, idMappings *idtools.IDMappings) (*response,
 	for _, component := range strings.Split(rel, string(os.PathSeparator)) {
 		subdir = filepath.Join(subdir, component)
 		path := filepath.Join(req.Root, subdir)
-		if err := os.Mkdir(path, 0700); err == nil {
+		if err := os.Mkdir(path, 0o700); err == nil {
 			if err = chown(path, dirUID, dirGID); err != nil {
 				return errorResponse("copier: mkdir: error setting owner of %q to %d:%d: %v", path, dirUID, dirGID, err)
 			}

copier/copier_linux_test.go

@@ -117,17 +117,17 @@ func TestGetPermissionErrorChroot(t *testing.T) {
 func testGetPermissionError(t *testing.T) {
 	dropCaps := []capability.Cap{capability.CAP_DAC_OVERRIDE, capability.CAP_DAC_READ_SEARCH}
 	tmp := t.TempDir()
-	err := os.Mkdir(filepath.Join(tmp, "unreadable-directory"), 0000)
+	err := os.Mkdir(filepath.Join(tmp, "unreadable-directory"), 0o000)
 	require.NoError(t, err, "error creating an unreadable directory")
-	err = os.Mkdir(filepath.Join(tmp, "readable-directory"), 0755)
+	err = os.Mkdir(filepath.Join(tmp, "readable-directory"), 0o755)
 	require.NoError(t, err, "error creating a readable directory")
-	err = os.Mkdir(filepath.Join(tmp, "readable-directory", "unreadable-subdirectory"), 0000)
+	err = os.Mkdir(filepath.Join(tmp, "readable-directory", "unreadable-subdirectory"), 0o000)
 	require.NoError(t, err, "error creating an unreadable subdirectory")
-	err = os.WriteFile(filepath.Join(tmp, "unreadable-file"), []byte("hi, i'm a file that you can't read"), 0000)
+	err = os.WriteFile(filepath.Join(tmp, "unreadable-file"), []byte("hi, i'm a file that you can't read"), 0o000)
 	require.NoError(t, err, "error creating an unreadable file")
-	err = os.WriteFile(filepath.Join(tmp, "readable-file"), []byte("hi, i'm also a file, and you can read me"), 0644)
+	err = os.WriteFile(filepath.Join(tmp, "readable-file"), []byte("hi, i'm also a file, and you can read me"), 0o644)
 	require.NoError(t, err, "error creating a readable file")
-	err = os.WriteFile(filepath.Join(tmp, "readable-directory", "unreadable-file"), []byte("hi, i'm also a file that you can't read"), 0000)
+	err = os.WriteFile(filepath.Join(tmp, "readable-directory", "unreadable-file"), []byte("hi, i'm also a file that you can't read"), 0o000)
 	require.NoError(t, err, "error creating an unreadable file in a readable directory")
 	for _, ignore := range []bool{false, true} {
 		t.Run(fmt.Sprintf("ignore=%v", ignore), func(t *testing.T) {
@@ -163,7 +163,7 @@ func TestGetNoCrossDevice(t *testing.T) {
 	require.NoError(t, err, "error creating new mount namespace")
 
 	subdir := filepath.Join(tmpdir, "subdir")
-	err = os.Mkdir(subdir, 0755)
+	err = os.Mkdir(subdir, 0o755)
 	require.NoErrorf(t, err, "error creating %q", subdir)
 
 	err = mount.Mount("tmpfs", subdir, "tmpfs", "rw")
@@ -174,7 +174,7 @@ func TestGetNoCrossDevice(t *testing.T) {
 	}()
 
 	skipped := filepath.Join(subdir, "skipped.txt")
-	err = os.WriteFile(skipped, []byte("this file should have been skipped\n"), 0644)
+	err = os.WriteFile(skipped, []byte("this file should have been skipped\n"), 0o644)
 	require.NoErrorf(t, err, "error writing file at %q", skipped)
 
 	var buf bytes.Buffer

copier/copier_test.go

@@ -181,9 +181,9 @@ var (
 	uid = os.Getuid()
 
 	testArchiveSlice = makeArchiveSlice([]tar.Header{
-		{Name: "item-0", Typeflag: tar.TypeReg, Size: 123, Mode: 0600, ModTime: testDate},
-		{Name: "item-1", Typeflag: tar.TypeReg, Size: 456, Mode: 0600, ModTime: testDate},
-		{Name: "item-2", Typeflag: tar.TypeReg, Size: 789, Mode: 0600, ModTime: testDate},
+		{Name: "item-0", Typeflag: tar.TypeReg, Size: 123, Mode: 0o600, ModTime: testDate},
+		{Name: "item-1", Typeflag: tar.TypeReg, Size: 456, Mode: 0o600, ModTime: testDate},
+		{Name: "item-2", Typeflag: tar.TypeReg, Size: 789, Mode: 0o600, ModTime: testDate},
 	})
 
 	testArchives = []struct {
@@ -204,38 +204,38 @@ var (
 			name:     "regular",
 			rootOnly: false,
 			headers: []tar.Header{
-				{Name: "file-0", Typeflag: tar.TypeReg, Size: 123456789, Mode: 0600, ModTime: testDate},
-				{Name: "file-a", Typeflag: tar.TypeReg, Size: 23, Mode: 0600, ModTime: testDate},
-				{Name: "file-b", Typeflag: tar.TypeReg, Size: 23, Mode: 0600, ModTime: testDate},
-				{Name: "file-c", Typeflag: tar.TypeLink, Linkname: "file-a", Mode: 0600, ModTime: testDate},
-				{Name: "file-u", Typeflag: tar.TypeReg, Size: 23, Mode: cISUID | 0755, ModTime: testDate},
-				{Name: "file-g", Typeflag: tar.TypeReg, Size: 23, Mode: cISGID | 0755, ModTime: testDate},
-				{Name: "file-t", Typeflag: tar.TypeReg, Size: 23, Mode: cISVTX | 0755, ModTime: testDate},
-				{Name: "link-0", Typeflag: tar.TypeSymlink, Linkname: "../file-0", Size: 123456789, Mode: 0777, ModTime: testDate},
-				{Name: "link-a", Typeflag: tar.TypeSymlink, Linkname: "file-a", Size: 23, Mode: 0777, ModTime: testDate},
-				{Name: "link-b", Typeflag: tar.TypeSymlink, Linkname: "../file-a", Size: 23, Mode: 0777, ModTime: testDate},
-				{Name: "hlink-0", Typeflag: tar.TypeLink, Linkname: "file-0", Size: 123456789, Mode: 0600, ModTime: testDate},
-				{Name: "hlink-a", Typeflag: tar.TypeLink, Linkname: "/file-a", Size: 23, Mode: 0600, ModTime: testDate},
-				{Name: "hlink-b", Typeflag: tar.TypeLink, Linkname: "../file-b", Size: 23, Mode: 0600, ModTime: testDate},
-				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0700, ModTime: testDate},
-				{Name: "subdir-a/file-n", Typeflag: tar.TypeReg, Size: 108, Mode: 0660, ModTime: testDate},
-				{Name: "subdir-a/file-o", Typeflag: tar.TypeReg, Size: 34, Mode: 0660, ModTime: testDate},
-				{Name: "subdir-a/file-a", Typeflag: tar.TypeSymlink, Linkname: "../file-a", Size: 23, Mode: 0777, ModTime: testDate},
-				{Name: "subdir-a/file-b", Typeflag: tar.TypeSymlink, Linkname: "../../file-b", Size: 23, Mode: 0777, ModTime: testDate},
-				{Name: "subdir-a/file-c", Typeflag: tar.TypeSymlink, Linkname: "/file-c", Size: 23, Mode: 0777, ModTime: testDate},
-				{Name: "subdir-b", Typeflag: tar.TypeDir, Mode: 0700, ModTime: testDate},
-				{Name: "subdir-b/file-n", Typeflag: tar.TypeReg, Size: 216, Mode: 0660, ModTime: testDate},
-				{Name: "subdir-b/file-o", Typeflag: tar.TypeReg, Size: 45, Mode: 0660, ModTime: testDate},
-				{Name: "subdir-c", Typeflag: tar.TypeDir, Mode: 0700, ModTime: testDate},
-				{Name: "subdir-c/file-n", Typeflag: tar.TypeReg, Size: 432, Mode: 0666, ModTime: testDate},
-				{Name: "subdir-c/file-o", Typeflag: tar.TypeReg, Size: 56, Mode: 0666, ModTime: testDate},
-				{Name: "subdir-d", Typeflag: tar.TypeDir, Mode: 0700, ModTime: testDate},
-				{Name: "subdir-d/hlink-0", Typeflag: tar.TypeLink, Linkname: "../file-0", Size: 123456789, Mode: 0600, ModTime: testDate},
-				{Name: "subdir-d/hlink-a", Typeflag: tar.TypeLink, Linkname: "/file-a", Size: 23, Mode: 0600, ModTime: testDate},
-				{Name: "subdir-d/hlink-b", Typeflag: tar.TypeLink, Linkname: "../../file-b", Size: 23, Mode: 0600, ModTime: testDate},
-				{Name: "archive-a", Typeflag: tar.TypeReg, Size: 0, Mode: 0600, ModTime: testDate},
-				{Name: "subdir-e", Typeflag: tar.TypeDir, Mode: 0500, ModTime: testDate},
-				{Name: "subdir-e/file-p", Typeflag: tar.TypeReg, Size: 890, Mode: 0600, ModTime: testDate},
+				{Name: "file-0", Typeflag: tar.TypeReg, Size: 123456789, Mode: 0o600, ModTime: testDate},
+				{Name: "file-a", Typeflag: tar.TypeReg, Size: 23, Mode: 0o600, ModTime: testDate},
+				{Name: "file-b", Typeflag: tar.TypeReg, Size: 23, Mode: 0o600, ModTime: testDate},
+				{Name: "file-c", Typeflag: tar.TypeLink, Linkname: "file-a", Mode: 0o600, ModTime: testDate},
+				{Name: "file-u", Typeflag: tar.TypeReg, Size: 23, Mode: cISUID | 0o755, ModTime: testDate},
+				{Name: "file-g", Typeflag: tar.TypeReg, Size: 23, Mode: cISGID | 0o755, ModTime: testDate},
+				{Name: "file-t", Typeflag: tar.TypeReg, Size: 23, Mode: cISVTX | 0o755, ModTime: testDate},
+				{Name: "link-0", Typeflag: tar.TypeSymlink, Linkname: "../file-0", Size: 123456789, Mode: 0o777, ModTime: testDate},
+				{Name: "link-a", Typeflag: tar.TypeSymlink, Linkname: "file-a", Size: 23, Mode: 0o777, ModTime: testDate},
+				{Name: "link-b", Typeflag: tar.TypeSymlink, Linkname: "../file-a", Size: 23, Mode: 0o777, ModTime: testDate},
+				{Name: "hlink-0", Typeflag: tar.TypeLink, Linkname: "file-0", Size: 123456789, Mode: 0o600, ModTime: testDate},
+				{Name: "hlink-a", Typeflag: tar.TypeLink, Linkname: "/file-a", Size: 23, Mode: 0o600, ModTime: testDate},
+				{Name: "hlink-b", Typeflag: tar.TypeLink, Linkname: "../file-b", Size: 23, Mode: 0o600, ModTime: testDate},
+				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0o700, ModTime: testDate},
+				{Name: "subdir-a/file-n", Typeflag: tar.TypeReg, Size: 108, Mode: 0o660, ModTime: testDate},
+				{Name: "subdir-a/file-o", Typeflag: tar.TypeReg, Size: 34, Mode: 0o660, ModTime: testDate},
+				{Name: "subdir-a/file-a", Typeflag: tar.TypeSymlink, Linkname: "../file-a", Size: 23, Mode: 0o777, ModTime: testDate},
+				{Name: "subdir-a/file-b", Typeflag: tar.TypeSymlink, Linkname: "../../file-b", Size: 23, Mode: 0o777, ModTime: testDate},
+				{Name: "subdir-a/file-c", Typeflag: tar.TypeSymlink, Linkname: "/file-c", Size: 23, Mode: 0o777, ModTime: testDate},
+				{Name: "subdir-b", Typeflag: tar.TypeDir, Mode: 0o700, ModTime: testDate},
+				{Name: "subdir-b/file-n", Typeflag: tar.TypeReg, Size: 216, Mode: 0o660, ModTime: testDate},
+				{Name: "subdir-b/file-o", Typeflag: tar.TypeReg, Size: 45, Mode: 0o660, ModTime: testDate},
+				{Name: "subdir-c", Typeflag: tar.TypeDir, Mode: 0o700, ModTime: testDate},
+				{Name: "subdir-c/file-n", Typeflag: tar.TypeReg, Size: 432, Mode: 0o666, ModTime: testDate},
+				{Name: "subdir-c/file-o", Typeflag: tar.TypeReg, Size: 56, Mode: 0o666, ModTime: testDate},
+				{Name: "subdir-d", Typeflag: tar.TypeDir, Mode: 0o700, ModTime: testDate},
+				{Name: "subdir-d/hlink-0", Typeflag: tar.TypeLink, Linkname: "../file-0", Size: 123456789, Mode: 0o600, ModTime: testDate},
+				{Name: "subdir-d/hlink-a", Typeflag: tar.TypeLink, Linkname: "/file-a", Size: 23, Mode: 0o600, ModTime: testDate},
+				{Name: "subdir-d/hlink-b", Typeflag: tar.TypeLink, Linkname: "../../file-b", Size: 23, Mode: 0o600, ModTime: testDate},
+				{Name: "archive-a", Typeflag: tar.TypeReg, Size: 0, Mode: 0o600, ModTime: testDate},
+				{Name: "subdir-e", Typeflag: tar.TypeDir, Mode: 0o500, ModTime: testDate},
+				{Name: "subdir-e/file-p", Typeflag: tar.TypeReg, Size: 890, Mode: 0o600, ModTime: testDate},
 			},
 			contents: map[string][]byte{
 				"archive-a": testArchiveSlice,
@@ -412,8 +412,8 @@ var (
 			name:     "devices",
 			rootOnly: true,
 			headers: []tar.Header{
-				{Name: "char-dev", Typeflag: tar.TypeChar, Devmajor: 0, Devminor: 0, Mode: 0600, ModTime: testDate},
-				{Name: "blk-dev", Typeflag: tar.TypeBlock, Devmajor: 0, Devminor: 0, Mode: 0600, ModTime: testDate},
+				{Name: "char-dev", Typeflag: tar.TypeChar, Devmajor: 0, Devminor: 0, Mode: 0o600, ModTime: testDate},
+				{Name: "blk-dev", Typeflag: tar.TypeBlock, Devmajor: 0, Devminor: 0, Mode: 0o600, ModTime: testDate},
 			},
 		},
 	}
@@ -534,13 +534,13 @@ func testPut(t *testing.T) {
 		for _, typeFlag := range []byte{tar.TypeReg, tar.TypeLink, tar.TypeSymlink, tar.TypeChar, tar.TypeBlock, tar.TypeFifo} {
 			t.Run(fmt.Sprintf("overwrite (dir)=%v,type=%c", overwrite, typeFlag), func(t *testing.T) {
 				archive := makeArchiveSlice([]tar.Header{
-					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0755, Linkname: "target", ModTime: testDate},
-					{Name: "target", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0755, Linkname: "target", ModTime: testDate},
-					{Name: "target", Typeflag: tar.TypeReg, Size: 123, Mode: 0755, ModTime: testDate},
-					{Name: "test", Typeflag: tar.TypeDir, Size: 0, Mode: 0755, ModTime: testDate},
-					{Name: "test/content", Typeflag: tar.TypeReg, Size: 0, Mode: 0755, ModTime: testDate},
-					{Name: "test", Typeflag: typeFlag, Size: 0, Mode: 0755, Linkname: "target", ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0o755, Linkname: "target", ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0o755, Linkname: "target", ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeReg, Size: 123, Mode: 0o755, ModTime: testDate},
+					{Name: "test", Typeflag: tar.TypeDir, Size: 0, Mode: 0o755, ModTime: testDate},
+					{Name: "test/content", Typeflag: tar.TypeReg, Size: 0, Mode: 0o755, ModTime: testDate},
+					{Name: "test", Typeflag: typeFlag, Size: 0, Mode: 0o755, Linkname: "target", ModTime: testDate},
 				})
 				tmp := t.TempDir()
 				err := Put(tmp, tmp, PutOptions{UIDMap: uidMap, GIDMap: gidMap, NoOverwriteDirNonDir: !overwrite}, bytes.NewReader(archive))
@@ -560,13 +560,13 @@ func testPut(t *testing.T) {
 		for _, typeFlag := range []byte{tar.TypeReg, tar.TypeLink, tar.TypeSymlink, tar.TypeChar, tar.TypeBlock, tar.TypeFifo} {
 			t.Run(fmt.Sprintf("overwrite (non-dir)=%v,type=%c", overwrite, typeFlag), func(t *testing.T) {
 				archive := makeArchiveSlice([]tar.Header{
-					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0755, Linkname: "target", ModTime: testDate},
-					{Name: "target", Typeflag: tar.TypeReg, Mode: 0755, ModTime: testDate},
-					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0755, Linkname: "target", ModTime: testDate},
-					{Name: "target", Typeflag: tar.TypeReg, Size: 123, Mode: 0755, ModTime: testDate},
-					{Name: "test", Typeflag: typeFlag, Size: 0, Mode: 0755, Linkname: "target", ModTime: testDate},
-					{Name: "test", Typeflag: tar.TypeDir, Size: 0, Mode: 0755, ModTime: testDate},
-					{Name: "test/content", Typeflag: tar.TypeReg, Size: 0, Mode: 0755, ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0o755, Linkname: "target", ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeReg, Mode: 0o755, ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeSymlink, Mode: 0o755, Linkname: "target", ModTime: testDate},
+					{Name: "target", Typeflag: tar.TypeReg, Size: 123, Mode: 0o755, ModTime: testDate},
+					{Name: "test", Typeflag: typeFlag, Size: 0, Mode: 0o755, Linkname: "target", ModTime: testDate},
+					{Name: "test", Typeflag: tar.TypeDir, Size: 0, Mode: 0o755, ModTime: testDate},
+					{Name: "test/content", Typeflag: tar.TypeReg, Size: 0, Mode: 0o755, ModTime: testDate},
 				})
 				tmp := t.TempDir()
 				err := Put(tmp, tmp, PutOptions{UIDMap: uidMap, GIDMap: gidMap, NoOverwriteNonDirDir: !overwrite}, bytes.NewReader(archive))
@@ -587,9 +587,9 @@ func testPut(t *testing.T) {
 					t.Skip("can only test !IgnoreDevices with root privileges, skipping")
 				}
 				archive := makeArchiveSlice([]tar.Header{
-					{Name: "test", Typeflag: typeFlag, Size: 0, Mode: 0600, ModTime: testDate, Devmajor: 0, Devminor: 0},
-					{Name: "link", Typeflag: tar.TypeLink, Size: 0, Mode: 0600, ModTime: testDate, Linkname: "test"},
-					{Name: "unrelated", Typeflag: tar.TypeReg, Size: 0, Mode: 0600, ModTime: testDate},
+					{Name: "test", Typeflag: typeFlag, Size: 0, Mode: 0o600, ModTime: testDate, Devmajor: 0, Devminor: 0},
+					{Name: "link", Typeflag: tar.TypeLink, Size: 0, Mode: 0o600, ModTime: testDate, Linkname: "test"},
+					{Name: "unrelated", Typeflag: tar.TypeReg, Size: 0, Mode: 0o600, ModTime: testDate},
 				})
 				tmp := t.TempDir()
 				err := Put(tmp, tmp, PutOptions{UIDMap: uidMap, GIDMap: gidMap, IgnoreDevices: ignoreDevices}, bytes.NewReader(archive))
@@ -889,7 +889,7 @@ func testGetMultiple(t *testing.T) {
 		renames            map[string]string
 		noDerefSymlinks    bool
 	}
-	var getTestArchives = []struct {
+	getTestArchives := []struct {
 		name              string
 		headers           []tar.Header
 		contents          map[string][]byte
@@ -899,32 +899,32 @@ func testGetMultiple(t *testing.T) {
 		{
 			name: "regular",
 			headers: []tar.Header{
-				{Name: "file-0", Typeflag: tar.TypeReg, Size: 123456789, Mode: 0600},
-				{Name: "file-a", Typeflag: tar.TypeReg, Size: 23, Mode: 0600},
-				{Name: "file-b", Typeflag: tar.TypeReg, Size: 23, Mode: 0600},
-				{Name: "link-a", Typeflag: tar.TypeSymlink, Linkname: "file-a", Size: 23, Mode: 0600},
-				{Name: "link-c", Typeflag: tar.TypeSymlink, Linkname: "subdir-c", Mode: 0700, ModTime: testDate},
-				{Name: "archive-a", Typeflag: tar.TypeReg, Size: 0, Mode: 0600},
-				{Name: "non-archive-a", Typeflag: tar.TypeReg, Size: 1199, Mode: 0600},
-				{Name: "hlink-0", Typeflag: tar.TypeLink, Linkname: "file-0", Size: 123456789, Mode: 0600},
-				{Name: "something-a", Typeflag: tar.TypeReg, Size: 34, Mode: 0600},
-				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0700},
-				{Name: "subdir-a/file-n", Typeflag: tar.TypeReg, Size: 108, Mode: 0660},
-				{Name: "subdir-a/file-o", Typeflag: tar.TypeReg, Size: 45, Mode: 0660},
-				{Name: "subdir-a/file-a", Typeflag: tar.TypeSymlink, Linkname: "../file-a", Size: 23, Mode: 0600},
-				{Name: "subdir-a/file-b", Typeflag: tar.TypeSymlink, Linkname: "../../file-b", Size: 23, Mode: 0600},
-				{Name: "subdir-a/file-c", Typeflag: tar.TypeReg, Size: 56, Mode: 0600},
-				{Name: "subdir-b", Typeflag: tar.TypeDir, Mode: 0700},
-				{Name: "subdir-b/file-n", Typeflag: tar.TypeReg, Size: 216, Mode: 0660},
-				{Name: "subdir-b/file-o", Typeflag: tar.TypeReg, Size: 67, Mode: 0660},
-				{Name: "subdir-c", Typeflag: tar.TypeDir, Mode: 0700},
-				{Name: "subdir-c/file-p", Typeflag: tar.TypeReg, Size: 432, Mode: 0666},
-				{Name: "subdir-c/file-q", Typeflag: tar.TypeReg, Size: 78, Mode: 0666},
-				{Name: "subdir-d", Typeflag: tar.TypeDir, Mode: 0700},
-				{Name: "subdir-d/hlink-0", Typeflag: tar.TypeLink, Linkname: "../file-0", Size: 123456789, Mode: 0600},
-				{Name: "subdir-e", Typeflag: tar.TypeDir, Mode: 0700},
-				{Name: "subdir-e/subdir-f", Typeflag: tar.TypeDir, Mode: 0700},
-				{Name: "subdir-e/subdir-f/hlink-b", Typeflag: tar.TypeLink, Linkname: "../../file-b", Size: 23, Mode: 0600},
+				{Name: "file-0", Typeflag: tar.TypeReg, Size: 123456789, Mode: 0o600},
+				{Name: "file-a", Typeflag: tar.TypeReg, Size: 23, Mode: 0o600},
+				{Name: "file-b", Typeflag: tar.TypeReg, Size: 23, Mode: 0o600},
+				{Name: "link-a", Typeflag: tar.TypeSymlink, Linkname: "file-a", Size: 23, Mode: 0o600},
+				{Name: "link-c", Typeflag: tar.TypeSymlink, Linkname: "subdir-c", Mode: 0o700, ModTime: testDate},
+				{Name: "archive-a", Typeflag: tar.TypeReg, Size: 0, Mode: 0o600},
+				{Name: "non-archive-a", Typeflag: tar.TypeReg, Size: 1199, Mode: 0o600},
+				{Name: "hlink-0", Typeflag: tar.TypeLink, Linkname: "file-0", Size: 123456789, Mode: 0o600},
+				{Name: "something-a", Typeflag: tar.TypeReg, Size: 34, Mode: 0o600},
+				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0o700},
+				{Name: "subdir-a/file-n", Typeflag: tar.TypeReg, Size: 108, Mode: 0o660},
+				{Name: "subdir-a/file-o", Typeflag: tar.TypeReg, Size: 45, Mode: 0o660},
+				{Name: "subdir-a/file-a", Typeflag: tar.TypeSymlink, Linkname: "../file-a", Size: 23, Mode: 0o600},
+				{Name: "subdir-a/file-b", Typeflag: tar.TypeSymlink, Linkname: "../../file-b", Size: 23, Mode: 0o600},
+				{Name: "subdir-a/file-c", Typeflag: tar.TypeReg, Size: 56, Mode: 0o600},
+				{Name: "subdir-b", Typeflag: tar.TypeDir, Mode: 0o700},
+				{Name: "subdir-b/file-n", Typeflag: tar.TypeReg, Size: 216, Mode: 0o660},
+				{Name: "subdir-b/file-o", Typeflag: tar.TypeReg, Size: 67, Mode: 0o660},
+				{Name: "subdir-c", Typeflag: tar.TypeDir, Mode: 0o700},
+				{Name: "subdir-c/file-p", Typeflag: tar.TypeReg, Size: 432, Mode: 0o666},
+				{Name: "subdir-c/file-q", Typeflag: tar.TypeReg, Size: 78, Mode: 0o666},
+				{Name: "subdir-d", Typeflag: tar.TypeDir, Mode: 0o700},
+				{Name: "subdir-d/hlink-0", Typeflag: tar.TypeLink, Linkname: "../file-0", Size: 123456789, Mode: 0o600},
+				{Name: "subdir-e", Typeflag: tar.TypeDir, Mode: 0o700},
+				{Name: "subdir-e/subdir-f", Typeflag: tar.TypeDir, Mode: 0o700},
+				{Name: "subdir-e/subdir-f/hlink-b", Typeflag: tar.TypeLink, Linkname: "../../file-b", Size: 23, Mode: 0o600},
 			},
 			contents: map[string][]byte{
 				"archive-a": testArchiveSlice,
@@ -1518,9 +1518,9 @@ func testMkdir(t *testing.T) {
 		{
 			name: "regular",
 			headers: []tar.Header{
-				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/subdir-b", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/subdir-b/subdir-c", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
+				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/subdir-b", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/subdir-b/subdir-c", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
 				{Name: "subdir-a/subdir-b/dangle1", Typeflag: tar.TypeSymlink, Linkname: "dangle1-target", ModTime: testDate},
 				{Name: "subdir-a/subdir-b/dangle2", Typeflag: tar.TypeSymlink, Linkname: "../dangle2-target", ModTime: testDate},
 				{Name: "subdir-a/subdir-b/dangle3", Typeflag: tar.TypeSymlink, Linkname: "../../dangle3-target", ModTime: testDate},
@@ -1713,17 +1713,17 @@ func testRemove(t *testing.T) {
 		{
 			name: "regular",
 			headers: []tar.Header{
-				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/file-a", Typeflag: tar.TypeReg, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/file-b", Typeflag: tar.TypeReg, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/subdir-b", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/subdir-b/subdir-c", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
+				{Name: "subdir-a", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/file-a", Typeflag: tar.TypeReg, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/file-b", Typeflag: tar.TypeReg, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/subdir-b", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/subdir-b/subdir-c", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
 				{Name: "subdir-a/subdir-b/subdir-c/parent", Typeflag: tar.TypeSymlink, Linkname: "..", ModTime: testDate},
 				{Name: "subdir-a/subdir-b/subdir-c/link-b", Typeflag: tar.TypeSymlink, Linkname: "../../file-b", ModTime: testDate},
 				{Name: "subdir-a/subdir-b/subdir-c/root", Typeflag: tar.TypeSymlink, Linkname: "/", ModTime: testDate},
-				{Name: "subdir-a/subdir-d", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/subdir-e", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
-				{Name: "subdir-a/subdir-e/subdir-f", Typeflag: tar.TypeDir, Mode: 0755, ModTime: testDate},
+				{Name: "subdir-a/subdir-d", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/subdir-e", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
+				{Name: "subdir-a/subdir-e/subdir-f", Typeflag: tar.TypeDir, Mode: 0o755, ModTime: testDate},
 			},
 			testCases: []testCase{
 				{

copier/hardlink_unix.go

@@ -24,6 +24,7 @@ func (h *hardlinkChecker) Check(fi os.FileInfo) string {
 	}
 	return ""
 }
+
 func (h *hardlinkChecker) Add(fi os.FileInfo, name string) {
 	if st, ok := fi.Sys().(*syscall.Stat_t); ok && fi.Mode().IsRegular() && st.Nlink > 1 {
 		h.hardlinks.Store(makeHardlinkDeviceAndInode(st), name)

copier/hardlink_windows.go

@@ -6,11 +6,11 @@ import (
 	"os"
 )
 
-type hardlinkChecker struct {
-}
+type hardlinkChecker struct{}
 
 func (h *hardlinkChecker) Check(fi os.FileInfo) string {
 	return ""
 }
+
 func (h *hardlinkChecker) Add(fi os.FileInfo, name string) {
 }

copier/syscall_windows.go

@@ -83,6 +83,6 @@ func sameDevice(a, b os.FileInfo) bool {
 }
 
 const (
-	testModeMask           = int64(0600)
+	testModeMask           = int64(0o600)
 	testIgnoreSymlinkDates = true
 )

define/mount_freebsd.go

@@ -10,7 +10,5 @@ const (
 	TempDir = "/var/tmp"
 )
 
-var (
 // Mount potions for bind
-	BindOptions = []string{}
-)
+var BindOptions = []string{}

define/mount_linux.go

@@ -10,7 +10,5 @@ const (
 	TempDir = "/dev/shm"
 )
 
-var (
 // Mount potions for bind
-	BindOptions = []string{"bind"}
-)
+var BindOptions = []string{"bind"}

define/mount_unsupported.go

@@ -10,7 +10,5 @@ const (
 	TempDir = "/var/tmp"
 )
 
-var (
 // Mount potions for bind
-	BindOptions = []string{""}
-)
+var BindOptions = []string{""}

define/types.go

@@ -324,7 +324,7 @@ func downloadToDirectory(url, dir string) error {
 		}
 		dockerfile := filepath.Join(dir, "Dockerfile")
 		// Assume this is a Dockerfile
-		if err := ioutils.AtomicWriteFile(dockerfile, body, 0600); err != nil {
+		if err := ioutils.AtomicWriteFile(dockerfile, body, 0o600); err != nil {
 			return fmt.Errorf("failed to write %q to %q: %w", url, dockerfile, err)
 		}
 	}
@@ -342,7 +342,7 @@ func stdinToDirectory(dir string) error {
 	if err := chrootarchive.Untar(reader, dir, nil); err != nil {
 		dockerfile := filepath.Join(dir, "Dockerfile")
 		// Assume this is a Dockerfile
-		if err := ioutils.AtomicWriteFile(dockerfile, b, 0600); err != nil {
+		if err := ioutils.AtomicWriteFile(dockerfile, b, 0o600); err != nil {
 			return fmt.Errorf("failed to write bytes to %q: %w", dockerfile, err)
 		}
 	}

define/types_test.go

@@ -1,8 +1,9 @@
 package define
 
 import (
-	"github.com/stretchr/testify/assert"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestParseGitBuildContext(t *testing.T) {

digester_test.go

@@ -133,7 +133,7 @@ func TestCompositeDigester(t *testing.T) {
 						hdr := &tar.Header{
 							Name:     "content",
 							Size:     size,
-							Mode:     0640,
+							Mode:     0o640,
 							ModTime:  time.Now(),
 							Typeflag: tar.TypeReg,
 						}

image.go

@@ -289,7 +289,6 @@ func (i *containerImageRef) extractRootfs(opts ExtractRootfsOptions) (io.ReadClo
 		err := copier.Get(mountPoint, mountPoint, copierOptions, []string{"."}, pipeWriter)
 		errChan <- err
 		pipeWriter.Close()
-
 	}()
 	return ioutils.NewReadCloserWrapper(pipeReader, func() error {
 		if err = pipeReader.Close(); err != nil {
@@ -627,7 +626,7 @@ func (i *containerImageRef) NewImageSource(_ context.Context, _ *types.SystemCon
 		}
 		srcHasher := digest.Canonical.Digester()
 		// Set up to write the possibly-recompressed blob.
-		layerFile, err := os.OpenFile(filepath.Join(path, "layer"), os.O_CREATE|os.O_WRONLY, 0600)
+		layerFile, err := os.OpenFile(filepath.Join(path, "layer"), os.O_CREATE|os.O_WRONLY, 0o600)
 		if err != nil {
 			rc.Close()
 			return nil, fmt.Errorf("opening file for %s: %w", what, err)
@@ -1004,7 +1003,7 @@ func (i *containerImageSource) GetBlob(_ context.Context, blob types.BlobInfo, _
 	} else {
 		for _, blobDir := range []string{i.blobDirectory, i.path} {
 			var layerFile *os.File
-			layerFile, err = os.OpenFile(filepath.Join(blobDir, blob.Digest.String()), os.O_RDONLY, 0600)
+			layerFile, err = os.OpenFile(filepath.Join(blobDir, blob.Digest.String()), os.O_RDONLY, 0o600)
 			if err == nil {
 				st, err := layerFile.Stat()
 				if err != nil {

imagebuildah/executor.go

@@ -220,7 +220,7 @@ func newExecutor(logger *logrus.Logger, logPrefix string, store storage.Store, o
 		if options.RusageLogFile == "" {
 			rusageLogFile = options.Out
 		} else {
-			rusageLogFile, err = os.OpenFile(options.RusageLogFile, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0644)
+			rusageLogFile, err = os.OpenFile(options.RusageLogFile, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0o644)
 			if err != nil {
 				return nil, err
 			}
@@ -1050,7 +1050,7 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image
 	}
 	logrus.Debugf("printing final image id %q", imageID)
 	if b.iidfile != "" {
-		if err = os.WriteFile(b.iidfile, []byte("sha256:"+imageID), 0644); err != nil {
+		if err = os.WriteFile(b.iidfile, []byte("sha256:"+imageID), 0o644); err != nil {
 			return imageID, ref, fmt.Errorf("failed to write image ID to file %q: %w", b.iidfile, err)
 		}
 	} else {

imagebuildah/stage_executor.go

@@ -258,7 +258,7 @@ func (s *StageExecutor) volumeCacheSaveVFS() (mounts []specs.Mount, err error) {
 		if !errors.Is(err, os.ErrNotExist) {
 			return nil, err
 		}
-		createdDirPerms := os.FileMode(0755)
+		createdDirPerms := os.FileMode(0o755)
 		if err := copier.Mkdir(s.mountPoint, archivedPath, copier.MkdirOptions{ChmodNew: &createdDirPerms}); err != nil {
 			return nil, fmt.Errorf("ensuring volume path exists: %w", err)
 		}
@@ -455,7 +455,7 @@ func (s *StageExecutor) performCopy(excludes []string, copies ...imagebuilder.Co
 				if err != nil {
 					return fmt.Errorf("unable to create tmp file for COPY instruction at %q: %w", parse.GetTempDir(), err)
 				}
-				err = tmpFile.Chmod(0644) // 644 is consistent with buildkit
+				err = tmpFile.Chmod(0o644) // 644 is consistent with buildkit
 				if err != nil {
 					tmpFile.Close()
 					return fmt.Errorf("unable to chmod tmp file created for COPY instruction at %q: %w", tmpFile.Name(), err)
@@ -734,7 +734,7 @@ func (s *StageExecutor) createNeededHeredocMountsForRun(files []imagebuilder.Fil
 			f.Close()
 			return nil, err
 		}
-		err = f.Chmod(0755)
+		err = f.Chmod(0o755)
 		if err != nil {
 			f.Close()
 			return nil, err

internal/source/add.go

@@ -130,5 +130,5 @@ func updateIndexWithNewManifestDescriptor(manifest *specV1.Descriptor, sourcePat
 		return err
 	}
 
-	return os.WriteFile(indexPath, rawData, 0644)
+	return os.WriteFile(indexPath, rawData, 0o644)
 }

internal/source/push.go

@@ -74,7 +74,7 @@ func Push(ctx context.Context, sourcePath string, imageInput string, options Pus
 		if err != nil {
 			return fmt.Errorf("computing digest of manifest of source: %w", err)
 		}
-		if err = os.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
+		if err = os.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0o644); err != nil {
 			return fmt.Errorf("failed to write digest to file %q: %w", options.DigestFile, err)
 		}
 	}

internal/tmpdir/tmpdir_test.go

@@ -54,5 +54,4 @@ func TestGetTempDir(t *testing.T) {
 	require.NoError(t, err)
 	tmpdir = GetTempDir()
 	assert.Equal(t, "/mnt", tmpdir)
-
 }

internal/util/util.go

@@ -72,7 +72,7 @@ func ExportFromReader(input io.Reader, opts define.BuildOutputOption) error {
 			noLChown = true
 		}
 
-		err = os.MkdirAll(opts.Path, 0700)
+		err = os.MkdirAll(opts.Path, 0o700)
 		if err != nil {
 			return fmt.Errorf("failed while creating the destination path %q: %w", opts.Path, err)
 		}

internal/volumes/volumes.go

@@ -2,6 +2,7 @@ package volumes
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"path"
@@ -9,8 +10,6 @@ import (
 	"strconv"
 	"strings"
 
-	"errors"
-
 	"github.com/containers/buildah/copier"
 	"github.com/containers/buildah/define"
 	"github.com/containers/buildah/internal"
@@ -373,7 +372,7 @@ func GetCacheMount(args []string, _ storage.Store, _ string, additionalMountPoin
 		// cache parent directory: creates separate cache parent for each user.
 		cacheParent := CacheParent()
 		// create cache on host if not present
-		err = os.MkdirAll(cacheParent, os.FileMode(0755))
+		err = os.MkdirAll(cacheParent, os.FileMode(0o755))
 		if err != nil {
 			return newMount, nil, fmt.Errorf("unable to create build cache directory: %w", err)
 		}
@@ -397,7 +396,7 @@ func GetCacheMount(args []string, _ storage.Store, _ string, additionalMountPoin
 
 		// create a subdirectory inside `cacheParent` just to store lockfiles
 		buildahLockFilesDir = filepath.Join(cacheParent, buildahLockFilesDir)
-		err = os.MkdirAll(buildahLockFilesDir, os.FileMode(0700))
+		err = os.MkdirAll(buildahLockFilesDir, os.FileMode(0o700))
 		if err != nil {
 			return newMount, nil, fmt.Errorf("unable to create build cache lockfiles directory: %w", err)
 		}

manifests/compat.go

@@ -17,10 +17,8 @@ type (
 	PushOptions = manifests.PushOptions
 )
 
-var (
 // ErrListImageUnknown is an alias for github.com/containers/common/libimage/manifests.ErrListImageUnknown
-	ErrListImageUnknown = manifests.ErrListImageUnknown
-)
+var ErrListImageUnknown = manifests.ErrListImageUnknown
 
 // Create wraps github.com/containers/common/libimage/manifests.Create().
 func Create() List {

pkg/chrootuser/user.go

@@ -8,11 +8,9 @@ import (
 	"strings"
 )
 
-var (
 // ErrNoSuchUser indicates that the user provided by the caller does not
 // exist in /etc/passws
-	ErrNoSuchUser = errors.New("user does not exist in /etc/passwd")
-)
+var ErrNoSuchUser = errors.New("user does not exist in /etc/passwd")
 
 // GetUser will return the uid, gid of the user specified in the userspec
 // it will use the /etc/passwd and /etc/group files inside of the rootdir

pkg/chrootuser/user_unix.go

@@ -75,9 +75,7 @@ func openChrootedFile(rootdir, filename string) (*exec.Cmd, io.ReadCloser, error
 	return cmd, stdout, nil
 }
 
-var (
-	lookupUser, lookupGroup sync.Mutex
-)
+var lookupUser, lookupGroup sync.Mutex
 
 type lookupPasswdEntry struct {
 	name string

pkg/cli/common.go

@@ -550,10 +550,8 @@ func LookupEnvVarReferences(specs, environ []string) []string {
 	for _, spec := range specs {
 		if key, _, ok := strings.Cut(spec, "="); ok {
 			result = append(result, spec)
-
 		} else if key == "*" {
 			result = append(result, environ...)
-
 		} else {
 			prefix := key + "="
 			if strings.HasSuffix(key, "*") {

pkg/overlay/overlay.go

@@ -1,6 +1,7 @@
 package overlay
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
@@ -8,8 +9,6 @@ import (
 	"strings"
 	"syscall"
 
-	"errors"
-
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/system"
 	"github.com/containers/storage/pkg/unshare"
@@ -54,7 +53,7 @@ type Options struct {
 // TempDir generates an overlay Temp directory in the container content
 func TempDir(containerDir string, rootUID, rootGID int) (string, error) {
 	contentDir := filepath.Join(containerDir, "overlay")
-	if err := idtools.MkdirAllAs(contentDir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAs(contentDir, 0o700, rootUID, rootGID); err != nil {
 		return "", fmt.Errorf("failed to create the overlay %s directory: %w", contentDir, err)
 	}
 
@@ -69,7 +68,7 @@ func TempDir(containerDir string, rootUID, rootGID int) (string, error) {
 // GenerateStructure generates an overlay directory structure for container content
 func GenerateStructure(containerDir, containerID, name string, rootUID, rootGID int) (string, error) {
 	contentDir := filepath.Join(containerDir, "overlay-containers", containerID, name)
-	if err := idtools.MkdirAllAs(contentDir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAs(contentDir, 0o700, rootUID, rootGID); err != nil {
 		return "", fmt.Errorf("failed to create the overlay %s directory: %w", contentDir, err)
 	}
 
@@ -80,14 +79,14 @@ func GenerateStructure(containerDir, containerID, name string, rootUID, rootGID
 func generateOverlayStructure(containerDir string, rootUID, rootGID int) (string, error) {
 	upperDir := filepath.Join(containerDir, "upper")
 	workDir := filepath.Join(containerDir, "work")
-	if err := idtools.MkdirAllAs(upperDir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAs(upperDir, 0o700, rootUID, rootGID); err != nil {
 		return "", fmt.Errorf("failed to create the overlay %s directory: %w", upperDir, err)
 	}
-	if err := idtools.MkdirAllAs(workDir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAs(workDir, 0o700, rootUID, rootGID); err != nil {
 		return "", fmt.Errorf("failed to create the overlay %s directory: %w", workDir, err)
 	}
 	mergeDir := filepath.Join(containerDir, "merge")
-	if err := idtools.MkdirAllAs(mergeDir, 0700, rootUID, rootGID); err != nil {
+	if err := idtools.MkdirAllAs(mergeDir, 0o700, rootUID, rootGID); err != nil {
 		return "", fmt.Errorf("failed to create the overlay %s directory: %w", mergeDir, err)
 	}
 

pkg/overlay/overlay_linux.go

@@ -27,7 +27,7 @@ func MountWithOptions(contentDir, source, dest string, opts *Options) (mount spe
 	if opts.ReadOnly {
 		// Read-only overlay mounts require two lower layer.
 		lowerTwo := filepath.Join(contentDir, "lower")
-		if err := os.Mkdir(lowerTwo, 0755); err != nil {
+		if err := os.Mkdir(lowerTwo, 0o755); err != nil {
 			return mount, err
 		}
 		overlayOptions = fmt.Sprintf("lowerdir=%s:%s,private", escapeColon(source), lowerTwo)

pkg/parse/parse.go

@@ -328,7 +328,7 @@ func validateExtraHost(val string) error {
 // validateIPAddress validates an Ip address.
 // for dns, ip, and ip6 flags also
 func validateIPAddress(val string) (string, error) {
-	var ip = net.ParseIP(strings.TrimSpace(val))
+	ip := net.ParseIP(strings.TrimSpace(val))
 	if ip != nil {
 		return ip.String(), nil
 	}
@@ -661,15 +661,19 @@ func GetBuildOutput(buildOutput string) (define.BuildOutputOption, error) {
 	if len(buildOutput) == 1 && buildOutput == "-" {
 		// Feature parity with buildkit, output tar to stdout
 		// Read more here: https://docs.docker.com/engine/reference/commandline/build/#custom-build-outputs
-		return define.BuildOutputOption{Path: "",
+		return define.BuildOutputOption{
+			Path:     "",
 			IsDir:    false,
-			IsStdout: true}, nil
+			IsStdout: true,
+		}, nil
 	}
 	if !strings.Contains(buildOutput, ",") {
 		// expect default --output <dirname>
-		return define.BuildOutputOption{Path: buildOutput,
+		return define.BuildOutputOption{
+			Path:     buildOutput,
 			IsDir:    true,
-			IsStdout: false}, nil
+			IsStdout: false,
+		}, nil
 	}
 	isDir := true
 	isStdout := false
@@ -714,9 +718,11 @@ func GetBuildOutput(buildOutput string) (define.BuildOutputOption, error) {
 		if isDir {
 			return define.BuildOutputOption{}, fmt.Errorf("invalid build output option %q, type=local and dest=- is not supported", buildOutput)
 		}
-		return define.BuildOutputOption{Path: "",
+		return define.BuildOutputOption{
+			Path:     "",
 			IsDir:    false,
-			IsStdout: true}, nil
+			IsStdout: true,
+		}, nil
 	}
 
 	return define.BuildOutputOption{Path: path, IsDir: isDir, IsStdout: isStdout}, nil
@@ -1211,7 +1217,7 @@ func Device(device string) (string, string, string, error) {
 // isValidDeviceMode checks if the mode for device is valid or not.
 // isValid mode is a composition of r (read), w (write), and m (mknod).
 func isValidDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]struct{}{
+	legalDeviceMode := map[rune]struct{}{
 		'r': {},
 		'w': {},
 		'm': {},

pkg/sshagent/sshagent.go

@@ -64,7 +64,6 @@ func newAgentServerSocket(socketPath string) (*AgentServer, error) {
 		conn:     &conn,
 		shutdown: make(chan bool, 1),
 	}, nil
-
 }
 
 // Serve starts the SSH agent on the host and returns the path of the socket where the agent is serving

pkg/sshagent/sshagent_test.go

@@ -31,7 +31,6 @@ func testClient(path string) ([]*agent.Key, error) {
 		return nil, err
 	}
 	return keys, nil
-
 }
 
 func TestAgentServer(t *testing.T) {

pkg/util/util_test.go

@@ -28,5 +28,4 @@ func TestDiscoverContainerfile(t *testing.T) {
 	name, err = DiscoverContainerfile("test/test2")
 	assert.Nil(t, err)
 	assert.Equal(t, name, "test/test2/Dockerfile")
-
 }

pkg/util/version_windows.go

@@ -6,5 +6,4 @@ import (
 
 func ReadKernelVersion() (string, error) {
 	return "", errors.New("readKernelVersion not supported on windows")
-
 }

run_common.go

@@ -84,7 +84,8 @@ func (b *Builder) createResolvConf(rdir string, chownOpts *idtools.IDPair) (stri
 
 // addResolvConf copies files from host and sets them up to bind mount into container
 func (b *Builder) addResolvConfEntries(file string, networkNameServer []string,
-	spec *specs.Spec, keepHostServers, ipv6 bool) error {
+	spec *specs.Spec, keepHostServers, ipv6 bool,
+) error {
 	defaultConfig, err := config.Default()
 	if err != nil {
 		return fmt.Errorf("failed to get config: %w", err)
@@ -179,7 +180,7 @@ func (b *Builder) generateHostname(rdir, hostname string, chownOpts *idtools.IDP
 	hostnameBuffer.Write([]byte(fmt.Sprintf("%s\n", hostname)))
 
 	cfile := filepath.Join(rdir, filepath.Base(hostnamePath))
-	if err = ioutils.AtomicWriteFile(cfile, hostnameBuffer.Bytes(), 0644); err != nil {
+	if err = ioutils.AtomicWriteFile(cfile, hostnameBuffer.Bytes(), 0o644); err != nil {
 		return "", fmt.Errorf("writing /etc/hostname into the container: %w", err)
 	}
 
@@ -257,7 +258,7 @@ func runLookupPath(g *generate.Generator, command []string) []string {
 		// check if it's there,
 		if fi, err := os.Lstat(filepath.Join(spec.Root.Path, candidate)); fi != nil && err == nil {
 			// and if it's not a directory, and either a symlink or executable,
-			if !fi.IsDir() && ((fi.Mode()&os.ModeSymlink != 0) || (fi.Mode()&0111 != 0)) {
+			if !fi.IsDir() && ((fi.Mode()&os.ModeSymlink != 0) || (fi.Mode()&0o111 != 0)) {
 				// use that.
 				return append([]string{candidate}, command[1:]...)
 			}
@@ -439,7 +440,8 @@ func waitForSync(pipeR *os.File) error {
 }
 
 func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs []string, spec *specs.Spec, bundlePath, containerName string,
-	containerCreateW io.WriteCloser, containerStartR io.ReadCloser) (wstatus unix.WaitStatus, err error) {
+	containerCreateW io.WriteCloser, containerStartR io.ReadCloser,
+) (wstatus unix.WaitStatus, err error) {
 	if options.Logger == nil {
 		options.Logger = logrus.StandardLogger()
 	}
@@ -465,7 +467,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, moreCreateArgs [
 	if err != nil {
 		return 1, fmt.Errorf("encoding configuration %#v as json: %w", spec, err)
 	}
-	if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0600); err != nil {
+	if err = ioutils.AtomicWriteFile(filepath.Join(bundlePath, "config.json"), specbytes, 0o600); err != nil {
 		return 1, fmt.Errorf("storing runtime configuration: %w", err)
 	}
 
@@ -1137,7 +1139,8 @@ func runUsingRuntimeMain() {
 }
 
 func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options RunOptions, configureNetwork bool, networkString string,
-	moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName, buildContainerName, hostsFile, resolvFile string) (err error) {
+	moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName, buildContainerName, hostsFile, resolvFile string,
+) (err error) {
 	// Lock the caller to a single OS-level thread.
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
@@ -1339,8 +1342,8 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
 	}
 
 	// Get host UID and GID of the container process.
-	var uidMap = []specs.LinuxIDMapping{}
-	var gidMap = []specs.LinuxIDMapping{}
+	uidMap := []specs.LinuxIDMapping{}
+	gidMap := []specs.LinuxIDMapping{}
 	if spec.Linux != nil {
 		uidMap = spec.Linux.UIDMappings
 		gidMap = spec.Linux.GIDMappings
@@ -1380,7 +1383,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
 	}
 
 	// Get the list of explicitly-specified volume mounts.
-	var mountLabel = ""
+	mountLabel := ""
 	if spec.Linux != nil {
 		mountLabel = spec.Linux.MountLabel
 	}
@@ -1441,7 +1444,7 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, builtin
 				return nil, err
 			}
 			logrus.Debugf("setting up built-in volume path at %q for %q", volumePath, volume)
-			if err = os.MkdirAll(volumePath, 0755); err != nil {
+			if err = os.MkdirAll(volumePath, 0o755); err != nil {
 				return nil, err
 			}
 			if err = relabel(volumePath, mountLabel, false); err != nil {
@@ -1680,7 +1683,7 @@ func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secr
 	var id, target string
 	var required bool
 	var uid, gid uint32
-	var mode uint32 = 0400
+	var mode uint32 = 0o400
 	for _, val := range tokens {
 		kv := strings.SplitN(val, "=", 2)
 		switch kv[0] {
@@ -1774,10 +1777,10 @@ func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secr
 
 	// Copy secrets to container working dir (or tmp dir if it's an env), since we need to chmod,
 	// chown and relabel it for the container user and we don't want to mess with the original file
-	if err := os.MkdirAll(filepath.Dir(ctrFileOnHost), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Dir(ctrFileOnHost), 0o755); err != nil {
 		return nil, "", err
 	}
-	if err := os.WriteFile(ctrFileOnHost, data, 0644); err != nil {
+	if err := os.WriteFile(ctrFileOnHost, data, 0o644); err != nil {
 		return nil, "", err
 	}
 

run_freebsd.go

@@ -45,16 +45,14 @@ const (
 	PROC_REAP_RELEASE = 3
 )
 
-var (
 // We dont want to remove destinations with /etc, /dev as
 // rootfs already contains these files and unionfs will create
 // a `whiteout` i.e `.wh` files on removal of overlapping
 // files from these directories.  everything other than these
 // will be cleaned up
-	nonCleanablePrefixes = []string{
+var nonCleanablePrefixes = []string{
 	"/etc", "/dev",
 }
-)
 
 func procctl(idtype int, id int, cmd int, arg *byte) error {
 	_, _, e1 := unix.Syscall6(
@@ -184,7 +182,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 	uid, gid := spec.Process.User.UID, spec.Process.User.GID
 	idPair := &idtools.IDPair{UID: int(uid), GID: int(gid)}
 
-	mode := os.FileMode(0755)
+	mode := os.FileMode(0o755)
 	coptions := copier.MkdirOptions{
 		ChownNew: idPair,
 		ChmodNew: &mode,

run_linux.go

@@ -49,16 +49,14 @@ import (
 	"tags.cncf.io/container-device-interface/pkg/parser"
 )
 
-var (
 // We dont want to remove destinations with /etc, /dev, /sys,
 // /proc as rootfs already contains these files and unionfs
 // will create a `whiteout` i.e `.wh` files on removal of
 // overlapping files from these directories.  everything other
 // than these will be cleaned up
-	nonCleanablePrefixes = []string{
+var nonCleanablePrefixes = []string{
 	"/etc", "/dev", "/sys", "/proc",
 }
-)
 
 func setChildProcess() error {
 	if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
@@ -345,7 +343,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 
 	idPair := &idtools.IDPair{UID: int(uid), GID: int(gid)}
 
-	mode := os.FileMode(0755)
+	mode := os.FileMode(0o755)
 	coptions := copier.MkdirOptions{
 		ChownNew: idPair,
 		ChmodNew: &mode,
@@ -431,7 +429,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 	// Empty file, so no need to recreate if it exists
 	if _, ok := bindFiles["/run/.containerenv"]; !ok {
 		containerenvPath := filepath.Join(path, "/run/.containerenv")
-		if err = os.MkdirAll(filepath.Dir(containerenvPath), 0755); err != nil {
+		if err = os.MkdirAll(filepath.Dir(containerenvPath), 0o755); err != nil {
 			return err
 		}
 
@@ -449,7 +447,7 @@ imageid=%q
 rootless=%d
 `, define.Version, b.Container, b.ContainerID, b.FromImage, b.FromImageID, rootless)
 
-		if err = ioutils.AtomicWriteFile(containerenvPath, []byte(containerenv), 0755); err != nil {
+		if err = ioutils.AtomicWriteFile(containerenvPath, []byte(containerenv), 0o755); err != nil {
 			return err
 		}
 		if err := relabel(containerenvPath, b.MountLabel, false); err != nil {

run_unix.go

@@ -23,6 +23,7 @@ func runUsingRuntimeMain() {}
 func (b *Builder) Run(command []string, options RunOptions) error {
 	return errors.New("function not supported on non-linux systems")
 }
+
 func DefaultNamespaceOptions() (NamespaceOptions, error) {
 	options := NamespaceOptions{
 		{Name: string(specs.CgroupNamespace), Host: false},

run_unsupported.go

@@ -18,6 +18,7 @@ func runUsingRuntimeMain() {}
 func (b *Builder) Run(command []string, options RunOptions) error {
 	return errors.New("function not supported on non-linux systems")
 }
+
 func DefaultNamespaceOptions() (NamespaceOptions, error) {
 	return NamespaceOptions{}, errors.New("function not supported on non-linux systems")
 }

tests/conformance/conformance_test.go

@@ -58,9 +58,9 @@ import (
 
 const (
 	// See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06, from archive/tar
-	cISUID = 04000 // Set uid, from archive/tar
-	cISGID = 02000 // Set gid, from archive/tar
-	cISVTX = 01000 // Save text (sticky bit), from archive/tar
+	cISUID = 0o4000 // Set uid, from archive/tar
+	cISGID = 0o2000 // Set gid, from archive/tar
+	cISVTX = 0o1000 // Save text (sticky bit), from archive/tar
 )
 
 var (
@@ -215,11 +215,11 @@ func testConformanceInternal(t *testing.T, dateStamp string, testIndex int, muta
 	// check if we can test xattrs where we're storing build contexts
 	if contextCanDoXattrs == nil {
 		testDir := filepath.Join(tempdir, "test")
-		if err := os.Mkdir(testDir, 0700); err != nil {
+		if err := os.Mkdir(testDir, 0o700); err != nil {
 			require.NoErrorf(t, err, "error creating test directory to check if xattrs are testable: %v", err)
 		}
 		testFile := filepath.Join(testDir, "testfile")
-		if err := os.WriteFile(testFile, []byte("whatever"), 0600); err != nil {
+		if err := os.WriteFile(testFile, []byte("whatever"), 0o600); err != nil {
 			require.NoErrorf(t, err, "error creating test file to check if xattrs are testable: %v", err)
 		}
 		can := false
@@ -248,7 +248,7 @@ func testConformanceInternal(t *testing.T, dateStamp string, testIndex int, muta
 		if test.contextDir != "" || test.dockerfile != "" {
 			putErr = copier.Put("", contextDir, copier.PutOptions{}, pipeReader)
 		} else {
-			putErr = os.Mkdir(contextDir, 0755)
+			putErr = os.Mkdir(contextDir, 0o755)
 		}
 		pipeReader.Close()
 		wg.Done()
@@ -316,7 +316,7 @@ func testConformanceInternal(t *testing.T, dateStamp string, testIndex int, muta
 			require.NoErrorf(t, err, "error mounting test layer to check if xattrs are testable: %v", err)
 		}
 		testFile := filepath.Join(mountPoint, "testfile")
-		if err := os.WriteFile(testFile, []byte("whatever"), 0600); err != nil {
+		if err := os.WriteFile(testFile, []byte("whatever"), 0o600); err != nil {
 			require.NoErrorf(t, err, "error creating file in test layer to check if xattrs are testable: %v", err)
 		}
 		can := false
@@ -391,7 +391,7 @@ func testConformanceInternalBuild(ctx context.Context, t *testing.T, cwd string,
 	// contents we were passed, which may only be an initial subset of the
 	// original file, or inlined information, in which case the file didn't
 	// necessarily exist
-	err := os.WriteFile(dockerfileName, dockerfileContents, 0644)
+	err := os.WriteFile(dockerfileName, dockerfileContents, 0o644)
 	require.NoErrorf(t, err, "error writing Dockerfile at %q", dockerfileName)
 	err = os.Chtimes(dockerfileName, testDate, testDate)
 	require.NoErrorf(t, err, "error resetting timestamp on Dockerfile at %q", dockerfileName)
@@ -925,17 +925,17 @@ func fsHeaderForEntry(hdr *tar.Header) FSHeader {
 func saveReport(ctx context.Context, t *testing.T, ref types.ImageReference, directory string, dockerfileContents []byte, buildLog []byte, version []string) {
 	imageName := ""
 	// make sure the directory exists
-	err := os.MkdirAll(directory, 0755)
+	err := os.MkdirAll(directory, 0o755)
 	require.NoErrorf(t, err, "error ensuring directory %q exists for storing a report", directory)
 	// save the Dockerfile that was used to generate the image
-	err = os.WriteFile(filepath.Join(directory, "Dockerfile"), dockerfileContents, 0644)
+	err = os.WriteFile(filepath.Join(directory, "Dockerfile"), dockerfileContents, 0o644)
 	require.NoErrorf(t, err, "error saving Dockerfile for image %q", imageName)
 	// save the log generated while building the image
-	err = os.WriteFile(filepath.Join(directory, "build.log"), buildLog, 0644)
+	err = os.WriteFile(filepath.Join(directory, "build.log"), buildLog, 0o644)
 	require.NoErrorf(t, err, "error saving build log for image %q", imageName)
 	// save the version information
 	if len(version) > 0 {
-		err = os.WriteFile(filepath.Join(directory, "version"), []byte(strings.Join(version, "\n")+"\n"), 0644)
+		err = os.WriteFile(filepath.Join(directory, "version"), []byte(strings.Join(version, "\n")+"\n"), 0o644)
 		require.NoErrorf(t, err, "error saving builder version information for image %q", imageName)
 	}
 	// open the image for reading
@@ -964,13 +964,13 @@ func saveReport(ctx context.Context, t *testing.T, ref types.ImageReference, dir
 	encodedConfig, err := json.Marshal(ociConfig)
 	require.NoErrorf(t, err, "error encoding OCI-format configuration from image %q for saving", imageName)
 	// save the manifest in its original form
-	err = os.WriteFile(filepath.Join(directory, "manifest.json"), rawManifest, 0644)
+	err = os.WriteFile(filepath.Join(directory, "manifest.json"), rawManifest, 0o644)
 	require.NoErrorf(t, err, "error saving original manifest from image %q", imageName)
 	// save the config blob in the OCI format
-	err = os.WriteFile(filepath.Join(directory, "oci-config.json"), encodedConfig, 0644)
+	err = os.WriteFile(filepath.Join(directory, "oci-config.json"), encodedConfig, 0o644)
 	require.NoErrorf(t, err, "error saving OCI-format configuration from image %q", imageName)
 	// save the config blob in its original format
-	err = os.WriteFile(filepath.Join(directory, "config.json"), rawConfig, 0644)
+	err = os.WriteFile(filepath.Join(directory, "config.json"), rawConfig, 0o644)
 	require.NoErrorf(t, err, "error saving original configuration from image %q", imageName)
 	// start pulling layer information
 	layerBlobInfos, err := img.LayerInfosForCopy(ctx)
@@ -1014,7 +1014,7 @@ func saveReport(ctx context.Context, t *testing.T, ref types.ImageReference, dir
 	// there's no point in saving them for comparison later
 	encodedFSTree, err := json.Marshal(fstree.Tree)
 	require.NoErrorf(t, err, "error encoding filesystem tree from image %q for saving", imageName)
-	err = os.WriteFile(filepath.Join(directory, "fs.json"), encodedFSTree, 0644)
+	err = os.WriteFile(filepath.Join(directory, "fs.json"), encodedFSTree, 0o644)
 	require.NoErrorf(t, err, "error saving filesystem tree from image %q", imageName)
 }
 
@@ -1385,8 +1385,9 @@ func fsCompareResult(miss, left, diff []string, notDocker string) string {
 	return buffer.String()
 }
 
-type testCaseTweakContextDirFn func(*testing.T, string, string, string) error
-type testCase struct {
+type (
+	testCaseTweakContextDirFn func(*testing.T, string, string, string) error
+	testCase                  struct {
 		name                 string                    // name of the test
 		dockerfileContents   string                    // inlined Dockerfile content to use instead of possible file in the build context
 		dockerfile           string                    // name of the Dockerfile, relative to contextDir, if not Dockerfile
@@ -1412,6 +1413,7 @@ type testCase struct {
 		fsSkip               []string                  // expected filesystem differences, typically timestamps on files or directories we create or modify during the build and don't reset
 		buildArgs            map[string]string         // build args to supply, as if --build-arg was used
 	}
+)
 
 var internalTestCases = []testCase{
 	{
@@ -1728,11 +1730,11 @@ var internalTestCases = []testCase{
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			content := []byte("test content")
 
-			if err := os.Mkdir(filepath.Join(contextDir, "archive"), 0755); err != nil {
+			if err := os.Mkdir(filepath.Join(contextDir, "archive"), 0o755); err != nil {
 				return fmt.Errorf("creating subdirectory of temporary context directory: %w", err)
 			}
 			filename := filepath.Join(contextDir, "archive", "should-be-owned-by-root")
-			if err = os.WriteFile(filename, content, 0640); err != nil {
+			if err = os.WriteFile(filename, content, 0o640); err != nil {
 				return fmt.Errorf("creating file owned by root in temporary context directory: %w", err)
 			}
 			if err = os.Chown(filename, 0, 0); err != nil {
@@ -1742,7 +1744,7 @@ var internalTestCases = []testCase{
 				return fmt.Errorf("setting date on file owned by root file in temporary context directory: %w", err)
 			}
 			filename = filepath.Join(contextDir, "archive", "should-be-owned-by-99")
-			if err = os.WriteFile(filename, content, 0640); err != nil {
+			if err = os.WriteFile(filename, content, 0o640); err != nil {
 				return fmt.Errorf("creating file owned by 99 in temporary context directory: %w", err)
 			}
 			if err = os.Chown(filename, 99, 99); err != nil {
@@ -1753,7 +1755,7 @@ var internalTestCases = []testCase{
 			}
 
 			filename = filepath.Join(contextDir, "archive.tar")
-			f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0644)
+			f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0o644)
 			if err != nil {
 				return fmt.Errorf("creating archive file: %w", err)
 			}
@@ -1765,7 +1767,7 @@ var internalTestCases = []testCase{
 				Typeflag: tar.TypeReg,
 				Size:     int64(len(content)),
 				ModTime:  testDate,
-				Mode:     0640,
+				Mode:     0o640,
 				Uid:      0,
 				Gid:      0,
 			})
@@ -1784,7 +1786,7 @@ var internalTestCases = []testCase{
 				Typeflag: tar.TypeReg,
 				Size:     int64(len(content)),
 				ModTime:  testDate,
-				Mode:     0640,
+				Mode:     0o640,
 				Uid:      99,
 				Gid:      99,
 			})
@@ -1814,11 +1816,11 @@ var internalTestCases = []testCase{
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			content := []byte("test content")
 
-			if err := os.Mkdir(filepath.Join(contextDir, "subdir"), 0755); err != nil {
+			if err := os.Mkdir(filepath.Join(contextDir, "subdir"), 0o755); err != nil {
 				return fmt.Errorf("creating subdirectory of temporary context directory: %w", err)
 			}
 			filename := filepath.Join(contextDir, "subdir", "would-be-owned-by-root")
-			if err = os.WriteFile(filename, content, 0640); err != nil {
+			if err = os.WriteFile(filename, content, 0o640); err != nil {
 				return fmt.Errorf("creating file owned by root in temporary context directory: %w", err)
 			}
 			if err = os.Chown(filename, 0, 0); err != nil {
@@ -1828,7 +1830,7 @@ var internalTestCases = []testCase{
 				return fmt.Errorf("setting date on file owned by root file in temporary context directory: %w", err)
 			}
 			filename = filepath.Join(contextDir, "subdir", "would-be-owned-by-99")
-			if err = os.WriteFile(filename, content, 0640); err != nil {
+			if err = os.WriteFile(filename, content, 0o640); err != nil {
 				return fmt.Errorf("creating file owned by 99 in temporary context directory: %w", err)
 			}
 			if err = os.Chown(filename, 99, 99); err != nil {
@@ -1853,11 +1855,11 @@ var internalTestCases = []testCase{
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			content := []byte("test content")
 
-			if err := os.Mkdir(filepath.Join(contextDir, "subdir"), 0755); err != nil {
+			if err := os.Mkdir(filepath.Join(contextDir, "subdir"), 0o755); err != nil {
 				return fmt.Errorf("creating subdirectory of temporary context directory: %w", err)
 			}
 			filename := filepath.Join(contextDir, "subdir", "would-be-owned-by-root")
-			if err = os.WriteFile(filename, content, 0640); err != nil {
+			if err = os.WriteFile(filename, content, 0o640); err != nil {
 				return fmt.Errorf("creating file owned by root in temporary context directory: %w", err)
 			}
 			if err = os.Chown(filename, 0, 0); err != nil {
@@ -1867,7 +1869,7 @@ var internalTestCases = []testCase{
 				return fmt.Errorf("setting date on file owned by root file in temporary context directory: %w", err)
 			}
 			filename = filepath.Join(contextDir, "subdir", "would-be-owned-by-99")
-			if err = os.WriteFile(filename, content, 0640); err != nil {
+			if err = os.WriteFile(filename, content, 0o640); err != nil {
 				return fmt.Errorf("creating file owned by 99 in temporary context directory: %w", err)
 			}
 			if err = os.Chown(filename, 99, 99); err != nil {
@@ -1914,40 +1916,40 @@ var internalTestCases = []testCase{
 		}, "\n"),
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			filename := filepath.Join(contextDir, "should-be-setuid-file")
-			if err = os.WriteFile(filename, []byte("test content"), 0644); err != nil {
+			if err = os.WriteFile(filename, []byte("test content"), 0o644); err != nil {
 				return fmt.Errorf("creating setuid test file in temporary context directory: %w", err)
 			}
-			if err = syscall.Chmod(filename, syscall.S_ISUID|0755); err != nil {
+			if err = syscall.Chmod(filename, syscall.S_ISUID|0o755); err != nil {
 				return fmt.Errorf("setting setuid bit on test file in temporary context directory: %w", err)
 			}
 			if err = os.Chtimes(filename, testDate, testDate); err != nil {
 				return fmt.Errorf("setting date on setuid test file in temporary context directory: %w", err)
 			}
 			filename = filepath.Join(contextDir, "should-be-setgid-file")
-			if err = os.WriteFile(filename, []byte("test content"), 0644); err != nil {
+			if err = os.WriteFile(filename, []byte("test content"), 0o644); err != nil {
 				return fmt.Errorf("creating setgid test file in temporary context directory: %w", err)
 			}
-			if err = syscall.Chmod(filename, syscall.S_ISGID|0755); err != nil {
+			if err = syscall.Chmod(filename, syscall.S_ISGID|0o755); err != nil {
 				return fmt.Errorf("setting setgid bit on test file in temporary context directory: %w", err)
 			}
 			if err = os.Chtimes(filename, testDate, testDate); err != nil {
 				return fmt.Errorf("setting date on setgid test file in temporary context directory: %w", err)
 			}
 			filename = filepath.Join(contextDir, "should-be-sticky-file")
-			if err = os.WriteFile(filename, []byte("test content"), 0644); err != nil {
+			if err = os.WriteFile(filename, []byte("test content"), 0o644); err != nil {
 				return fmt.Errorf("creating sticky test file in temporary context directory: %w", err)
 			}
-			if err = syscall.Chmod(filename, syscall.S_ISVTX|0755); err != nil {
+			if err = syscall.Chmod(filename, syscall.S_ISVTX|0o755); err != nil {
 				return fmt.Errorf("setting permissions on sticky test file in temporary context directory: %w", err)
 			}
 			if err = os.Chtimes(filename, testDate, testDate); err != nil {
 				return fmt.Errorf("setting date on sticky test file in temporary context directory: %w", err)
 			}
 			filename = filepath.Join(contextDir, "should-not-be-setuid-setgid-sticky-file")
-			if err = os.WriteFile(filename, []byte("test content"), 0644); err != nil {
+			if err = os.WriteFile(filename, []byte("test content"), 0o644); err != nil {
 				return fmt.Errorf("creating non-suid non-sgid non-sticky test file in temporary context directory: %w", err)
 			}
-			if err = syscall.Chmod(filename, 0640); err != nil {
+			if err = syscall.Chmod(filename, 0o640); err != nil {
 				return fmt.Errorf("setting permissions on plain test file in temporary context directory: %w", err)
 			}
 			if err = os.Chtimes(filename, testDate, testDate); err != nil {
@@ -1975,13 +1977,13 @@ var internalTestCases = []testCase{
 			}
 
 			filename := filepath.Join(contextDir, "xattrs-file")
-			if err = os.WriteFile(filename, []byte("test content"), 0644); err != nil {
+			if err = os.WriteFile(filename, []byte("test content"), 0o644); err != nil {
 				return fmt.Errorf("creating test file with xattrs in temporary context directory: %w", err)
 			}
 			if err = copier.Lsetxattrs(filename, map[string]string{"user.a": "test"}); err != nil {
 				return fmt.Errorf("setting xattrs on test file in temporary context directory: %w", err)
 			}
-			if err = syscall.Chmod(filename, 0640); err != nil {
+			if err = syscall.Chmod(filename, 0o640); err != nil {
 				return fmt.Errorf("setting permissions on test file in temporary context directory: %w", err)
 			}
 			if err = os.Chtimes(filename, testDate, testDate); err != nil {
@@ -2001,7 +2003,7 @@ var internalTestCases = []testCase{
 		}, "\n"),
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			filename := filepath.Join(contextDir, "archive.tar")
-			f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0644)
+			f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0o644)
 			if err != nil {
 				return fmt.Errorf("creating new archive file in temporary context directory: %w", err)
 			}
@@ -2014,7 +2016,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeReg,
 				Size:     8,
-				Mode:     cISUID | 0755,
+				Mode:     cISUID | 0o755,
 				ModTime:  testDate,
 			}
 			if err = tw.WriteHeader(&hdr); err != nil {
@@ -2029,7 +2031,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeReg,
 				Size:     8,
-				Mode:     cISGID | 0755,
+				Mode:     cISGID | 0o755,
 				ModTime:  testDate,
 			}
 			if err = tw.WriteHeader(&hdr); err != nil {
@@ -2044,7 +2046,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeReg,
 				Size:     8,
-				Mode:     cISVTX | 0755,
+				Mode:     cISVTX | 0o755,
 				ModTime:  testDate,
 			}
 			if err = tw.WriteHeader(&hdr); err != nil {
@@ -2059,7 +2061,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeDir,
 				Size:     0,
-				Mode:     cISUID | 0755,
+				Mode:     cISUID | 0o755,
 				ModTime:  testDate,
 			}
 			if err = tw.WriteHeader(&hdr); err != nil {
@@ -2071,7 +2073,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeDir,
 				Size:     0,
-				Mode:     cISGID | 0755,
+				Mode:     cISGID | 0o755,
 				ModTime:  testDate,
 			}
 			if err = tw.WriteHeader(&hdr); err != nil {
@@ -2083,7 +2085,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeDir,
 				Size:     0,
-				Mode:     cISVTX | 0755,
+				Mode:     cISVTX | 0o755,
 				ModTime:  testDate,
 			}
 			if err = tw.WriteHeader(&hdr); err != nil {
@@ -2109,7 +2111,7 @@ var internalTestCases = []testCase{
 			}
 
 			filename := filepath.Join(contextDir, "archive.tar")
-			f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0644)
+			f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0o644)
 			if err != nil {
 				return fmt.Errorf("creating new archive file in temporary context directory: %w", err)
 			}
@@ -2122,7 +2124,7 @@ var internalTestCases = []testCase{
 				Gid:      0,
 				Typeflag: tar.TypeReg,
 				Size:     8,
-				Mode:     0640,
+				Mode:     0o640,
 				ModTime:  testDate,
 				Xattrs:   map[string]string{"user.a": "test"},
 			}
@@ -2170,13 +2172,13 @@ var internalTestCases = []testCase{
 			}
 
 			filename := filepath.Join(contextDir, "xattrs-file")
-			if err = os.WriteFile(filename, []byte("test content"), 0644); err != nil {
+			if err = os.WriteFile(filename, []byte("test content"), 0o644); err != nil {
 				return fmt.Errorf("creating test file with xattrs in temporary context directory: %w", err)
 			}
 			if err = copier.Lsetxattrs(filename, map[string]string{"user.a": "test"}); err != nil {
 				return fmt.Errorf("setting xattrs on test file in temporary context directory: %w", err)
 			}
-			if err = syscall.Chmod(filename, 0640); err != nil {
+			if err = syscall.Chmod(filename, 0o640); err != nil {
 				return fmt.Errorf("setting permissions on test file in temporary context directory: %w", err)
 			}
 			if err = os.Chtimes(filename, testDate, testDate); err != nil {
@@ -2337,7 +2339,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/empty",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/*-a", "!**/*-c"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0600); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o600); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2357,7 +2359,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/*-a", "!**/*-c"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0644); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o644); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2377,7 +2379,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/*-a", "!**/*-c"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0600); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o600); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2397,7 +2399,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"!**/*-c"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0640); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o640); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2417,7 +2419,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("!**/*-c\n")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0100); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o100); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2437,7 +2439,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("subdir-c")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0200); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o200); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2457,7 +2459,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("subdir-c")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0400); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o400); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2477,7 +2479,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-c")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0200); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o200); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2497,7 +2499,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-c")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0400); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o400); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2517,7 +2519,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("subdir-*")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0000); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o000); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2537,7 +2539,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("subdir-*")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0660); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o660); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2557,7 +2559,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-*")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0000); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o000); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2577,7 +2579,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-*")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0660); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o660); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2597,7 +2599,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-f")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0666); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o666); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2617,7 +2619,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-f")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0640); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o640); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2637,7 +2639,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-b")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0705); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o705); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2657,7 +2659,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte("**/subdir-b")
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0750); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o750); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2677,7 +2679,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/subdir-e", "!**/subdir-f"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0750); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o750); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2697,7 +2699,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/subdir-e", "!**/subdir-f"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0750); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o750); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2717,7 +2719,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/subdir-f", "!**/subdir-g"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0750); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o750); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -2737,7 +2739,7 @@ var internalTestCases = []testCase{
 		contextDir: "dockerignore/populated",
 		tweakContextDir: func(_ *testing.T, contextDir, _, _ string) (err error) {
 			dockerignore := []byte(strings.Join([]string{"**/subdir-f", "!**/subdir-g"}, "\n"))
-			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0750); err != nil {
+			if err := os.WriteFile(filepath.Join(contextDir, ".dockerignore"), dockerignore, 0o750); err != nil {
 				return fmt.Errorf("writing .dockerignore file: %w", err)
 			}
 			if err = os.Chtimes(filepath.Join(contextDir, ".dockerignore"), testDate, testDate); err != nil {
@@ -3157,14 +3159,16 @@ var internalTestCases = []testCase{
 		dockerfile:        "Dockerfile.heredoc_copy",
 		dockerUseBuildKit: true,
 		contextDir:        "heredoc",
-		fsSkip: []string{"(dir):test:mtime",
+		fsSkip: []string{
+			"(dir):test:mtime",
 			"(dir):test2:mtime",
 			"(dir):test:(dir):humans.txt:mtime",
 			"(dir):test:(dir):robots.txt:mtime",
 			"(dir):test2:(dir):humans.txt:mtime",
 			"(dir):test2:(dir):robots.txt:mtime",
 			"(dir):test2:(dir):image_file:mtime",
-			"(dir):etc:(dir):hostname" /* buildkit does not contains /etc/hostname like buildah */},
+			"(dir):etc:(dir):hostname", /* buildkit does not contains /etc/hostname like buildah */
+		},
 	},
 
 	{

util/util.go

@@ -35,14 +35,12 @@ const (
 	DefaultTransport = "docker://"
 )
 
-var (
 // RegistryDefaultPathPrefix contains a per-registry listing of default prefixes
 // to prepend to image names that only contain a single path component.
-	RegistryDefaultPathPrefix = map[string]string{
+var RegistryDefaultPathPrefix = map[string]string{
 	"index.docker.io": "library",
 	"docker.io":       "library",
 }
-)
 
 // StringInSlice is deprecated, use golang.org/x/exp/slices.Contains
 func StringInSlice(s string, slice []string) bool {