various: adds missing apostrophes to comments

Updates #cleanup

Change-Id: I7bf29cc153c3c04e087f9bdb146c3437bed0129a
Signed-off-by: Alex Chan <alexc@tailscale.com>

cmd/sniproxy/sniproxy_test.go

@@ -152,7 +152,7 @@ func TestSNIProxyWithNetmapConfig(t *testing.T) {
 		configCapKey: []tailcfg.RawMessage{tailcfg.RawMessage(b)},
 	})
 
-	// Lets spin up a second node (to represent the client).
+	// Let's spin up a second node (to represent the client).
 	client, _, _ := startNode(t, ctx, controlURL, "client")
 
 	// Make sure that the sni node has received its config.
@@ -176,7 +176,7 @@ func TestSNIProxyWithNetmapConfig(t *testing.T) {
 		t.Error("sni node never received its configuration from the coordination server!")
 	}
 
-	// Lets make the client open a connection to the sniproxy node, and
+	// Let's make the client open a connection to the sniproxy node, and
 	// make sure it results in a connection to our test listener.
 	w, err := client.Dial(ctx, "tcp", fmt.Sprintf("%s:%d", ip, ln.Addr().(*net.TCPAddr).Port))
 	if err != nil {
@@ -208,10 +208,10 @@ func TestSNIProxyWithFlagConfig(t *testing.T) {
 	sni, _, ip := startNode(t, ctx, controlURL, "snitest")
 	go run(ctx, sni, 0, sni.Hostname, false, 0, "", fmt.Sprintf("tcp/%d/localhost", ln.Addr().(*net.TCPAddr).Port))
 
-	// Lets spin up a second node (to represent the client).
+	// Let's spin up a second node (to represent the client).
 	client, _, _ := startNode(t, ctx, controlURL, "client")
 
-	// Lets make the client open a connection to the sniproxy node, and
+	// Let's make the client open a connection to the sniproxy node, and
 	// make sure it results in a connection to our test listener.
 	w, err := client.Dial(ctx, "tcp", fmt.Sprintf("%s:%d", ip, ln.Addr().(*net.TCPAddr).Port))
 	if err != nil {

ipn/ipnlocal/network-lock_test.go

@@ -528,7 +528,7 @@ func TestTKASync(t *testing.T) {
 				},
 			}
 
-			// Finally, lets trigger a sync.
+			// Finally, let's trigger a sync.
 			err = b.tkaSyncIfNeeded(&netmap.NetworkMap{
 				TKAEnabled: true,
 				TKAHead:    controlAuthority.Head(),

tka/aum.go

@@ -226,7 +226,7 @@ func (a *AUM) Serialize() tkatype.MarshaledAUM {
 	// Further, experience with other attempts (JWS/JWT,SAML,X509 etc) has
 	// taught us that even subtle behaviors such as how you handle invalid
 	// or unrecognized fields + any invariants in subsequent re-serialization
-	// can easily lead to security-relevant logic bugs. Its certainly possible
+	// can easily lead to security-relevant logic bugs. It's certainly possible
 	// to invent a workable scheme by massaging a JSON parsing library, though
 	// profoundly unwise.
 	//

tka/builder.go

@@ -114,7 +114,7 @@ func (b *UpdateBuilder) generateCheckpoint() error {
 		}
 	}
 
-	// Checkpoints cant specify a parent AUM.
+	// Checkpoints can't specify a parent AUM.
 	state.LastAUMHash = nil
 	return b.mkUpdate(AUM{MessageKind: AUMCheckpoint, State: &state})
 }

tka/key_test.go

@@ -42,7 +42,7 @@ func TestVerify25519(t *testing.T) {
 	aum := AUM{
 		MessageKind: AUMRemoveKey,
 		KeyID:       []byte{1, 2, 3, 4},
-		// Signatures is set to crap so we are sure its ignored in the sigHash computation.
+		// Signatures is set to crap so we are sure it's ignored in the sigHash computation.
 		Signatures: []tkatype.Signature{{KeyID: []byte{45, 42}}},
 	}
 	sigHash := aum.SigHash()
@@ -89,7 +89,7 @@ func TestNLPrivate(t *testing.T) {
 		t.Error("signature did not verify")
 	}
 
-	// We manually compute the keyID, so make sure its consistent with
+	// We manually compute the keyID, so make sure it's consistent with
 	// tka.Key.ID().
 	if !bytes.Equal(k.MustID(), p.KeyID()) {
 		t.Errorf("private.KeyID() & tka KeyID differ: %x != %x", k.MustID(), p.KeyID())

tka/scenario_test.go

@@ -204,7 +204,7 @@ func TestNormalPropagation(t *testing.T) {
     `)
 	control := s.mkNode("control")
 
-	// Lets say theres a node with some updates!
+	// Let's say there's a node with some updates!
 	n1 := s.mkNodeWithForks("n1", true, map[string]*testChain{
 		"L2": newTestchain(t, `L3 -> L4`),
 	})

tka/sig.go

@@ -277,7 +277,7 @@ func (s *NodeKeySignature) verifySignature(nodeKey key.NodePublic, verificationK
 		// Recurse to verify the signature on the nested structure.
 		var nestedPub key.NodePublic
 		// SigCredential signatures certify an indirection key rather than a node
-		// key, so theres no need to check the node key.
+		// key, so there's no need to check the node key.
 		if s.Nested.SigKind != SigCredential {
 			if err := nestedPub.UnmarshalBinary(s.Nested.Pubkey); err != nil {
 				return fmt.Errorf("nested pubkey: %v", err)

tka/sig_test.go

@@ -119,7 +119,7 @@ func TestSigNested(t *testing.T) {
 	}
 
 	// Test verification fails if the outer signature is signed with a
-	// different public key to whats specified in WrappingPubkey
+	// different public key to what's specified in WrappingPubkey
 	sig.Signature = ed25519.Sign(priv, sigHash[:])
 	if err := sig.verifySignature(node.Public(), k); err == nil {
 		t.Error("verifySignature(node) succeeded with different signature")
@@ -275,7 +275,7 @@ func TestSigCredential(t *testing.T) {
 	}
 
 	// Test verification fails if the outer signature is signed with a
-	// different public key to whats specified in WrappingPubkey
+	// different public key to what's specified in WrappingPubkey
 	sig.Signature = ed25519.Sign(priv, sigHash[:])
 	if err := sig.verifySignature(node.Public(), k); err == nil {
 		t.Error("verifySignature(node) succeeded with different signature")

tka/state.go

@@ -140,7 +140,7 @@ func (s State) checkDisablement(secret []byte) bool {
 // Specifically, the rules are:
 //   - The last AUM hash must match (transitively, this implies that this
 //     update follows the last update message applied to the state machine)
-//   - Or, the state machine knows no parent (its brand new).
+//   - Or, the state machine knows no parent (it's brand new).
 func (s State) parentMatches(update AUM) bool {
 	if s.LastAUMHash == nil {
 		return true

tka/sync.go

@@ -54,7 +54,7 @@ const (
 // can then be applied locally with Inform().
 //
 // This SyncOffer + AUM exchange should be performed by both ends,
-// because its possible that either end has AUMs that the other needs
+// because it's possible that either end has AUMs that the other needs
 // to find out about.
 func (a *Authority) SyncOffer(storage Chonk) (SyncOffer, error) {
 	oldest := a.oldestAncestor.Hash()
@@ -123,7 +123,7 @@ func computeSyncIntersection(storage Chonk, localOffer, remoteOffer SyncOffer) (
 	}
 
 	// Case: 'head intersection'
-	// If we have the remote's head, its more likely than not that
+	// If we have the remote's head, it's more likely than not that
 	// we have updates that build on that head. To confirm this,
 	// we iterate backwards through our chain to see if the given
 	// head is an ancestor of our current chain.
@@ -165,7 +165,7 @@ func computeSyncIntersection(storage Chonk, localOffer, remoteOffer SyncOffer) (
 	// Case: 'tail intersection'
 	// So we don't have a clue what the remote's head is, but
 	// if one of the ancestors they gave us is part of our chain,
-	// then theres an intersection, which is a starting point for
+	// then there's an intersection, which is a starting point for
 	// the remote to send us AUMs from.
 	//
 	// We iterate the list of ancestors in order because the remote

tka/sync_test.go

@@ -357,7 +357,7 @@ func TestSyncSimpleE2E(t *testing.T) {
 		t.Fatalf("control Open() failed: %v", err)
 	}
 
-	// Control knows the full chain, node only knows the genesis. Lets see
+	// Control knows the full chain, node only knows the genesis. Let's see
 	// if they can sync.
 	nodeOffer, err := node.SyncOffer(nodeStorage)
 	if err != nil {

tka/tka.go

@@ -94,7 +94,7 @@ func computeChainCandidates(storage Chonk, lastKnownOldest *AUMHash, maxIter int
 
 	// candidates.Oldest needs to be computed by working backwards from
 	// head as far as we can.
-	iterAgain := true // if theres still work to be done.
+	iterAgain := true // if there's still work to be done.
 	for i := 0; iterAgain; i++ {
 		if i >= maxIter {
 			return nil, fmt.Errorf("iteration limit exceeded (%d)", maxIter)
@@ -295,7 +295,7 @@ func computeStateAt(storage Chonk, maxIter int, wantHash AUMHash) (State, error)
 		}
 
 		// If we got here, the current state is dependent on the previous.
-		// Keep iterating backwards till thats not the case.
+		// Keep iterating backwards till that's not the case.
 		if curs, err = storage.AUM(parent); err != nil {
 			return State{}, fmt.Errorf("reading parent (%v): %v", parent, err)
 		}
@@ -324,7 +324,7 @@ func computeStateAt(storage Chonk, maxIter int, wantHash AUMHash) (State, error)
 		return curs.Hash() == wantHash
 	})
 	// fastForward only terminates before the done condition if it
-	// doesnt have any later AUMs to process. This cant be the case
+	// doesn't have any later AUMs to process. This can't be the case
 	// as we've already iterated through them above so they must exist,
 	// but we check anyway to be super duper sure.
 	if err == nil && *state.LastAUMHash != wantHash {
@@ -336,7 +336,7 @@ func computeStateAt(storage Chonk, maxIter int, wantHash AUMHash) (State, error)
 // computeActiveAncestor determines which ancestor AUM to use as the
 // ancestor of the valid chain.
 //
-// If all the chains end up having the same ancestor, then thats the
+// If all the chains end up having the same ancestor, then that's the
 // only possible ancestor, ezpz. However if there are multiple distinct
 // ancestors, that means there are distinct chains, and we need some
 // hint to choose what to use. For that, we rely on the chainsThroughActive
@@ -357,7 +357,7 @@ func computeActiveAncestor(chains []chain) (AUMHash, error) {
 		}
 	}
 
-	// Theres more than one, so we need to use the ancestor that was
+	// There's more than one, so we need to use the ancestor that was
 	// part of the active chain in a previous iteration.
 	// Note that there can only be one distinct ancestor that was
 	// formerly part of the active chain, because AUMs can only have
@@ -479,7 +479,7 @@ func (a *Authority) Head() AUMHash {
 // Open initializes an existing TKA from the given tailchonk.
 //
 // Only use this if the current node has initialized an Authority before.
-// If a TKA exists on other nodes but theres nothing locally, use Bootstrap().
+// If a TKA exists on other nodes but there's nothing locally, use Bootstrap().
 // If no TKA exists anywhere and you are creating it for the first
 // time, use New().
 func Open(storage Chonk) (*Authority, error) {
@@ -592,14 +592,14 @@ func (a *Authority) InformIdempotent(storage Chonk, updates []AUM) (Authority, e
 	toCommit := make([]AUM, 0, len(updates))
 	prevHash := a.Head()
 
-	// The state at HEAD is the current state of the authority. Its likely
+	// The state at HEAD is the current state of the authority. It's likely
 	// to be needed, so we prefill it rather than computing it.
 	stateAt[prevHash] = a.state
 
 	// Optimization: If the set of updates is a chain building from
 	// the current head, EG:
 	//   <a.Head()> ==> updates[0] ==> updates[1] ...
-	// Then theres no need to recompute the resulting state from the
+	// Then there's no need to recompute the resulting state from the
 	// stored ancestor, because the last state computed during iteration
 	// is the new state. This should be the common case.
 	// isHeadChain keeps track of this.

tka/verify.go

@@ -18,7 +18,7 @@ import (
 // provided AUM BLAKE2s digest, using the given key.
 func signatureVerify(s *tkatype.Signature, aumDigest tkatype.AUMSigHash, key Key) error {
 	// NOTE(tom): Even if we can compute the public from the KeyID,
-	//            its possible for the KeyID to be attacker-controlled
+	//            it's possible for the KeyID to be attacker-controlled
 	//            so we should use the public contained in the state machine.
 	switch key.Kind {
 	case Key25519: