all: upd golibs

2025-10-26 11:27:18 +00:00 · 2025-10-07 10:19:45 +03:00 · 2025-10-07 10:19:45 +03:00 · af9fe5bd90
commit af9fe5bd90
parent 2fde53bb59
10 changed files with 154 additions and 45 deletions
--- a/go.mod
+++ b/go.mod
@ -3,8 +3,9 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.25.1

 require (
-	github.com/AdguardTeam/dnsproxy v0.76.1
-	github.com/AdguardTeam/golibs v0.34.1
+	github.com/AdguardTeam/dnsproxy v0.76.3-0.20251007064855-e5894f620693
+	// TODO(f.setrakov): !! upd to tag.
+	github.com/AdguardTeam/golibs v0.34.2-0.20251006140805-a10e1e3576e3
 	github.com/AdguardTeam/urlfilter v0.22.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.4.0
@ -42,11 +43,11 @@ require (
 )

 require (
-	cloud.google.com/go v0.122.0 // indirect
+	cloud.google.com/go v0.123.0 // indirect
 	cloud.google.com/go/ai v0.12.1 // indirect
 	cloud.google.com/go/auth v0.16.5 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
-	cloud.google.com/go/compute/metadata v0.8.3 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	cloud.google.com/go/longrunning v0.6.7 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/ameshkov/dnsstamps v1.0.3 // indirect
@ -75,7 +76,7 @@ require (
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/rogpeppe/go-internal v1.14.1 // indirect
-	github.com/securego/gosec/v2 v2.22.8 // indirect
+	github.com/securego/gosec/v2 v2.22.9 // indirect
 	github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
 	github.com/uudashr/gocognit v1.2.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
@ -90,7 +91,7 @@ require (
 	golang.org/x/mod v0.28.0 // indirect
 	golang.org/x/oauth2 v0.31.0 // indirect
 	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053 // indirect
+	golang.org/x/telemetry v0.0.0-20250930190813-8e6447515a8c // indirect
 	golang.org/x/term v0.35.0 // indirect
 	golang.org/x/text v0.29.0 // indirect
 	golang.org/x/time v0.13.0 // indirect
@ -100,7 +101,7 @@ require (
 	google.golang.org/api v0.249.0 // indirect
 	google.golang.org/genproto v0.0.0-20250908214217-97024824d090 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250929231259-57b25ae835d4 // indirect
 	google.golang.org/grpc v1.75.1 // indirect
 	google.golang.org/protobuf v1.36.9 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,6 @@
 cloud.google.com/go v0.122.0 h1:0JTLGrcSIs3HIGsgVPvTx3cfyFSP/k9CI8vLPHTd6Wc=
 cloud.google.com/go v0.122.0/go.mod h1:xBoMV08QcqUGuPW65Qfm1o9Y4zKZBpGS+7bImXLTAZU=
+cloud.google.com/go v0.123.0/go.mod h1:xBoMV08QcqUGuPW65Qfm1o9Y4zKZBpGS+7bImXLTAZU=
 cloud.google.com/go/ai v0.12.1 h1:m1n/VjUuHS+pEO/2R4/VbuuEIkgk0w67fDQvFaMngM0=
 cloud.google.com/go/ai v0.12.1/go.mod h1:5vIPNe1ZQsVZqCliXIPL4QnhObQQY4d9hAGHdVc4iw4=
 cloud.google.com/go/auth v0.16.5 h1:mFWNQ2FEVWAliEQWpAdH80omXFokmrnbDhUS9cBywsI=
@ -8,12 +9,19 @@ cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIi
 cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
 cloud.google.com/go/compute/metadata v0.8.3 h1:1AzcHmzbrX8t3m0CVosfxCAwGvaAShtrnlNxDriLgIk=
 cloud.google.com/go/compute/metadata v0.8.3/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
+cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
 cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE=
 cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY=
 github.com/AdguardTeam/dnsproxy v0.76.1 h1:ms5vgdbYYXrKGPEpMFqUeql2j3aSfK1tGbCKju9rUgM=
 github.com/AdguardTeam/dnsproxy v0.76.1/go.mod h1:9Mw3wQMTYwM/HR9FdtatQAd+m0S8mbwq2J+UZiy/gXc=
+github.com/AdguardTeam/dnsproxy v0.76.3-0.20251007064855-e5894f620693 h1:qwkXbXB6l+U/bl08sxLUpeEPkWrItQjemPUTyhzEQY8=
+github.com/AdguardTeam/dnsproxy v0.76.3-0.20251007064855-e5894f620693/go.mod h1:1D/sh/7paAC0i5acVR9rjQd8A64llAP0x3eZh6UF7uw=
 github.com/AdguardTeam/golibs v0.34.1 h1:RyBpZiXnJqlO3T+xjWldlxsEZDelmaFfKvXiJHDZZFQ=
 github.com/AdguardTeam/golibs v0.34.1/go.mod h1:K4C2EbfSEM1zY5YXoti9SfbTAHN/kIX97LpDtCwORrM=
+github.com/AdguardTeam/golibs v0.34.2-0.20251002170933-067fe882809b h1:qHsD0KwCAK4gDmobKpDyacAfscWJ6Ii392uc0DkRo6o=
+github.com/AdguardTeam/golibs v0.34.2-0.20251002170933-067fe882809b/go.mod h1:y552twxCtvOD8KKQ7ESjo10KZBAE+HSj24yAuAvz9IA=
+github.com/AdguardTeam/golibs v0.34.2-0.20251006140805-a10e1e3576e3 h1:Mz2UBvwzzjMEhuZId7NWe3FC7IUJtMDtPNxE5EpKFp8=
+github.com/AdguardTeam/golibs v0.34.2-0.20251006140805-a10e1e3576e3/go.mod h1:y552twxCtvOD8KKQ7ESjo10KZBAE+HSj24yAuAvz9IA=
 github.com/AdguardTeam/urlfilter v0.22.0 h1:ybOz3FywbpGDGC+8gFFkM1LMUOSosY7CWSBXIYXnG1U=
 github.com/AdguardTeam/urlfilter v0.22.0/go.mod h1:q0lWKapXlYTA4TUWUM1YDwU6Q0PKvQEokztcvRV2OW0=
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
@ -147,6 +155,7 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/securego/gosec/v2 v2.22.8 h1:3NMpmfXO8wAVFZPNsd3EscOTa32Jyo6FLLlW53bexMI=
 github.com/securego/gosec/v2 v2.22.8/go.mod h1:ZAw8K2ikuH9qDlfdV87JmNghnVfKB1XC7+TVzk6Utto=
+github.com/securego/gosec/v2 v2.22.9/go.mod h1:x3qEF4J5bkDFIm8siAwsYZ40Uu5tD4JWpfVDPx3P3+0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
@ -224,6 +233,7 @@ golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053 h1:dHQOQddU4YHS5gY33/6klKjq7Gp3WwMyOXGNp5nzRj8=
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
+golang.org/x/telemetry v0.0.0-20250930190813-8e6447515a8c/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
 golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
@ -255,6 +265,7 @@ google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090 h1:
 google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090/go.mod h1:U8EXRNSd8sUYyDfs/It7KVWodQr+Hf9xtxyxWudSwEw=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 h1:/OQuEa4YWtDt7uQWHd3q3sUMb+QOLQUg1xa8CEsRv5w=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250929231259-57b25ae835d4/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ=
 google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI=
 google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
 google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
--- a/internal/aghnet/aghnet_test.go
+++ b/internal/aghnet/aghnet_test.go
@ -0,0 +1,6 @@
+package aghnet_test
+
+import "time"
+
+// testTimeout is a common timeout for tests.
+const testTimeout = time.Second
--- a/internal/aghnet/hostscontainer.go
+++ b/internal/aghnet/hostscontainer.go
@ -50,6 +50,7 @@ const ErrNoHostsPaths errors.Error = "no valid paths to hosts files provided"
 // shouldn't be empty and each of paths should locate either a file or a
 // directory in fsys.  fsys and w must be non-nil.
 func NewHostsContainer(
+	ctx context.Context,
 	fsys fs.FS,
 	w aghos.FSWatcher,
 	paths ...string,
@ -79,7 +80,7 @@ func NewHostsContainer(
 	log.Debug("%s: starting", hostsContainerPrefix)

 	// Load initially.
-	if err = hc.refresh(); err != nil {
+	if err = hc.refresh(ctx); err != nil {
 		return nil, err
 	}

@ -93,7 +94,7 @@ func NewHostsContainer(
 		}
 	}

-	go hc.handleEvents()
+	go hc.handleEvents(ctx)

 	return hc, nil
 }
@ -159,7 +160,7 @@ func pathsToPatterns(fsys fs.FS, paths []string) (patterns []string, err error)
 // handleEvents concurrently handles the file system events.  It closes the
 // update channel of HostsContainer when finishes.  It is intended to be used as
 // a goroutine.
-func (hc *HostsContainer) handleEvents() {
+func (hc *HostsContainer) handleEvents(ctx context.Context) {
 	defer log.OnPanic(fmt.Sprintf("%s: handling events", hostsContainerPrefix))

 	defer close(hc.updates)
@ -175,7 +176,7 @@ func (hc *HostsContainer) handleEvents() {
 				continue
 			}

-			if err := hc.refresh(); err != nil {
+			if err := hc.refresh(ctx); err != nil {
 				log.Error("%s: warning: refreshing: %s", hostsContainerPrefix, err)
 			}
 		case _, ok = <-hc.done:
@ -206,14 +207,14 @@ func (hc *HostsContainer) sendUpd(recs *hostsfile.DefaultStorage) {
 // needed.
 //
 // TODO(e.burkov):  Accept a parameter to specify the files to refresh.
-func (hc *HostsContainer) refresh() (err error) {
+func (hc *HostsContainer) refresh(ctx context.Context) (err error) {
 	log.Debug("%s: refreshing", hostsContainerPrefix)

 	// The error is always nil here since no readers passed.
-	strg, _ := hostsfile.NewDefaultStorage()
+	strg, _ := hostsfile.NewDefaultStorage(ctx, &hostsfile.DefaultStorageConfig{})
 	_, err = aghos.FileWalker(func(r io.Reader) (patterns []string, cont bool, err error) {
 		// Don't wrap the error since it's already informative enough as is.
-		return nil, true, hostsfile.Parse(strg, r, nil)
+		return nil, true, hostsfile.Parse(ctx, strg, r, nil)
 	}).Walk(hc.fsys, hc.patterns...)
 	if err != nil {
 		// Don't wrap the error since it's informative enough as is.
--- a/internal/aghnet/hostscontainer_test.go
+++ b/internal/aghnet/hostscontainer_test.go
@ -67,7 +67,8 @@ func TestNewHostsContainer(t *testing.T) {
 				return eventsCh
 			}

-			hc, err := aghnet.NewHostsContainer(testFS, &aghtest.FSWatcher{
+			ctx := testutil.ContextWithTimeout(t, testTimeout)
+			hc, err := aghnet.NewHostsContainer(ctx, testFS, &aghtest.FSWatcher{
 				OnStart: func(ctx context.Context) (_ error) {
 					panic(testutil.UnexpectedCall(ctx))
 				},
@ -95,8 +96,9 @@ func TestNewHostsContainer(t *testing.T) {
 	}

 	t.Run("nil_fs", func(t *testing.T) {
+		ctx := testutil.ContextWithTimeout(t, testTimeout)
 		require.Panics(t, func() {
-			_, _ = aghnet.NewHostsContainer(nil, &aghtest.FSWatcher{
+			_, _ = aghnet.NewHostsContainer(ctx, nil, &aghtest.FSWatcher{
 				OnStart: func(ctx context.Context) (_ error) {
 					panic(testutil.UnexpectedCall(ctx))
 				},
@ -109,8 +111,9 @@ func TestNewHostsContainer(t *testing.T) {
 	})

 	t.Run("nil_watcher", func(t *testing.T) {
+		ctx := testutil.ContextWithTimeout(t, testTimeout)
 		require.Panics(t, func() {
-			_, _ = aghnet.NewHostsContainer(testFS, nil, p)
+			_, _ = aghnet.NewHostsContainer(ctx, testFS, nil, p)
 		})
 	})

@ -124,7 +127,8 @@ func TestNewHostsContainer(t *testing.T) {
 			OnShutdown: func(_ context.Context) (err error) { return nil },
 		}

-		hc, err := aghnet.NewHostsContainer(testFS, errWatcher, p)
+		ctx := testutil.ContextWithTimeout(t, testTimeout)
+		hc, err := aghnet.NewHostsContainer(ctx, testFS, errWatcher, p)
 		require.ErrorIs(t, err, errOnAdd)

 		assert.Nil(t, hc)
@ -173,12 +177,13 @@ func TestHostsContainer_refresh(t *testing.T) {
 		OnShutdown: func(_ context.Context) (err error) { return nil },
 	}

-	hc, err := aghnet.NewHostsContainer(testFS, w, "dir")
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	hc, err := aghnet.NewHostsContainer(ctx, testFS, w, "dir")
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)

-	strg, _ := hostsfile.NewDefaultStorage()
-	strg.Add(r1)
+	strg, _ := hostsfile.NewDefaultStorage(ctx, &hostsfile.DefaultStorageConfig{})
+	strg.Add(ctx, r1)

 	t.Run("initial_refresh", func(t *testing.T) {
 		upd, ok := testutil.RequireReceive(t, hc.Upd(), 1*time.Second)
@ -187,7 +192,7 @@ func TestHostsContainer_refresh(t *testing.T) {
 		assert.True(t, strg.Equal(upd))
 	})

-	strg.Add(r2)
+	strg.Add(ctx, r2)

 	t.Run("second_refresh", func(t *testing.T) {
 		testFS["dir/file2"] = &fstest.MapFile{Data: r2Data}
--- a/internal/client/storage_test.go
+++ b/internal/client/storage_test.go
@ -153,10 +153,10 @@ func TestStorage_Add_hostsfile(t *testing.T) {

 	t.Run("add_hosts", func(t *testing.T) {
 		var s *hostsfile.DefaultStorage
-		s, err = hostsfile.NewDefaultStorage()
+		s, err = hostsfile.NewDefaultStorage(ctx, &hostsfile.DefaultStorageConfig{})
 		require.NoError(t, err)

-		s.Add(&hostsfile.Record{
+		s.Add(ctx, &hostsfile.Record{
 			Addr:  cliIP1,
 			Names: []string{cliName1},
 		})
@ -173,10 +173,10 @@ func TestStorage_Add_hostsfile(t *testing.T) {

 	t.Run("update_hosts", func(t *testing.T) {
 		var s *hostsfile.DefaultStorage
-		s, err = hostsfile.NewDefaultStorage()
+		s, err = hostsfile.NewDefaultStorage(ctx, &hostsfile.DefaultStorageConfig{})
 		require.NoError(t, err)

-		s.Add(&hostsfile.Record{
+		s.Add(ctx, &hostsfile.Record{
 			Addr:  cliIP2,
 			Names: []string{cliName2},
 		})
@ -452,10 +452,10 @@ func TestClientsDHCP(t *testing.T) {

 	require.True(t, t.Run("find_runtime_higher_priority", func(t *testing.T) {
 		// Add a higher-priority client.
-		s, strgErr := hostsfile.NewDefaultStorage()
+		s, strgErr := hostsfile.NewDefaultStorage(ctx, &hostsfile.DefaultStorageConfig{})
 		require.NoError(t, strgErr)

-		s.Add(&hostsfile.Record{
+		s.Add(ctx, &hostsfile.Record{
 			Addr:  cliIP1,
 			Names: []string{cliName1},
 		})
@ -476,7 +476,7 @@ func TestClientsDHCP(t *testing.T) {
 		//
 		// TODO(a.garipov):  Consider adding ways of explicitly clearing runtime
 		// sources by source.
-		s, strgErr = hostsfile.NewDefaultStorage()
+		s, strgErr = hostsfile.NewDefaultStorage(ctx, &hostsfile.DefaultStorageConfig{})
 		require.NoError(t, strgErr)

 		testutil.RequireSend(t, etcHostsCh, s, testTimeout)
--- a/internal/dnsforward/dnsforward_internal_test.go
+++ b/internal/dnsforward/dnsforward_internal_test.go
@ -209,11 +209,19 @@ func createServerTLSConfig(tb testing.TB) (*tls.Config, []byte, []byte) {
 	}
 	template.DNSNames = append(template.DNSNames, tlsServerName)

-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(privateKey), privateKey)
+	derBytes, err := x509.CreateCertificate(
+		rand.Reader,
+		&template,
+		&template,
+		publicKey(privateKey),
+		privateKey,
+	)
 	require.NoErrorf(tb, err, "failed to create certificate: %s", err)

 	certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	keyPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
+	keyPem := pem.EncodeToMemory(
+		&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)},
+	)

 	cert, err := tls.X509KeyPair(certPem, keyPem)
 	require.NoErrorf(tb, err, "failed to create certificate: %s", err)
@ -1065,10 +1073,29 @@ func TestNullBlockedRequest(t *testing.T) {

 	reply, err := dns.Exchange(&req, addr.String())
 	require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
-	require.Lenf(t, reply.Answer, 1, "dns server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
+	require.Lenf(
+		t,
+		reply.Answer,
+		1,
+		"dns server %s returned reply with wrong number of answers - %d",
+		addr,
+		len(reply.Answer),
+	)
 	a, ok := reply.Answer[0].(*dns.A)
-	require.Truef(t, ok, "dns server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
-	assert.Truef(t, a.A.IsUnspecified(), "dns server %s returned wrong answer instead of 0.0.0.0: %v", addr, a.A)
+	require.Truef(
+		t,
+		ok,
+		"dns server %s returned wrong answer type instead of A: %v",
+		addr,
+		reply.Answer[0],
+	)
+	assert.Truef(
+		t,
+		a.A.IsUnspecified(),
+		"dns server %s returned wrong answer instead of 0.0.0.0: %v",
+		addr,
+		a.A,
+	)
 }

 func TestBlockedCustomIP(t *testing.T) {
@ -1184,10 +1211,30 @@ func TestBlockedByHosts(t *testing.T) {

 	reply, err := dns.Exchange(req, addr.String())
 	require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
-	require.Lenf(t, reply.Answer, 1, "dns server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
+	require.Lenf(
+		t,
+		reply.Answer,
+		1,
+		"dns server %s returned reply with wrong number of answers - %d",
+		addr,
+		len(reply.Answer),
+	)
 	a, ok := reply.Answer[0].(*dns.A)
-	require.Truef(t, ok, "dns server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
-	assert.Equalf(t, net.IP{127, 0, 0, 1}, a.A, "dns server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
+	require.Truef(
+		t,
+		ok,
+		"dns server %s returned wrong answer type instead of A: %v",
+		addr,
+		reply.Answer[0],
+	)
+	assert.Equalf(
+		t,
+		net.IP{127, 0, 0, 1},
+		a.A,
+		"dns server %s returned wrong answer instead of 8.8.8.8: %v",
+		addr,
+		a.A,
+	)
 }

 func TestBlockedBySafeBrowsing(t *testing.T) {
@ -1235,7 +1282,14 @@ func TestBlockedBySafeBrowsing(t *testing.T) {

 	reply, err := dns.Exchange(req, addr.String())
 	require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
-	require.Lenf(t, reply.Answer, 1, "dns server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
+	require.Lenf(
+		t,
+		reply.Answer,
+		1,
+		"dns server %s returned reply with wrong number of answers - %d",
+		addr,
+		len(reply.Answer),
+	)

 	assertResponse(t, reply, ans4)
 }
@ -1465,7 +1519,9 @@ func TestPTRResponseFromHosts(t *testing.T) {
 	}

 	var eventsCalledCounter uint32
-	hc, err := aghnet.NewHostsContainer(testFS, &aghtest.FSWatcher{
+
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	hc, err := aghnet.NewHostsContainer(ctx, testFS, &aghtest.FSWatcher{
 		OnStart: func(ctx context.Context) (_ error) { panic(testutil.UnexpectedCall(ctx)) },
 		OnEvents: func() (e <-chan struct{}) {
 			assert.Equal(t, uint32(1), atomic.AddUint32(&eventsCalledCounter, 1))
@ -1642,7 +1698,9 @@ func TestServer_Exchange(t *testing.T) {
 	extUpsHdlr := dns.HandlerFunc(func(w dns.ResponseWriter, req *dns.Msg) {
 		resp := cmp.Or(
 			aghtest.MatchedResponse(req, dns.TypePTR, onesRevExtIPv4, dns.Fqdn(onesHost)),
-			doubleTTL(aghtest.MatchedResponse(req, dns.TypePTR, twosRevExtIPv4, dns.Fqdn(twosHost))),
+			doubleTTL(
+				aghtest.MatchedResponse(req, dns.TypePTR, twosRevExtIPv4, dns.Fqdn(twosHost)),
+			),
 			new(dns.Msg).SetRcode(req, dns.RcodeNameError),
 		)

--- a/internal/dnsforward/http_internal_test.go
+++ b/internal/dnsforward/http_internal_test.go
@ -292,7 +292,11 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {

 		t.Run(tc.name, func(t *testing.T) {
 			t.Cleanup(func() {
-				s.dnsFilter.SetBlockingMode(filtering.BlockingModeDefault, netip.Addr{}, netip.Addr{})
+				s.dnsFilter.SetBlockingMode(
+					filtering.BlockingModeDefault,
+					netip.Addr{},
+					netip.Addr{},
+				)
 				s.conf = defaultConf
 				s.conf.Config.EDNSClientSubnet = &EDNSClientSubnet{}
 				s.dnsFilter.SetBlockedResponseTTL(testBlockedRespTTL)
@ -362,7 +366,9 @@ func TestServer_HandleTestUpstreamDNS(t *testing.T) {
 		Host:   netutil.JoinHostPort(upstreamHost, hostsListener.Port()),
 	}).String()

+	ctx := testutil.ContextWithTimeout(t, testTimeout)
 	hc, err := aghnet.NewHostsContainer(
+		ctx,
 		fstest.MapFS{
 			hostsFileName: &fstest.MapFile{
 				Data: []byte(hostsListener.Addr().String() + " " + upstreamHost),
--- a/internal/filtering/hosts_test.go
+++ b/internal/filtering/hosts_test.go
@ -49,7 +49,9 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		OnAdd:      func(name string) (err error) { return nil },
 		OnShutdown: func(_ context.Context) (err error) { return nil },
 	}
-	hc, err := aghnet.NewHostsContainer(files, watcher, "hosts")
+
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	hc, err := aghnet.NewHostsContainer(ctx, files, watcher, "hosts")
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)

--- a/internal/home/home.go
+++ b/internal/home/home.go
@ -265,7 +265,11 @@ func setupHostsContainer(ctx context.Context, baseLogger *slog.Logger) (err erro
 		return fmt.Errorf("getting default system hosts paths: %w", err)
 	}

-	globalContext.etcHosts, err = aghnet.NewHostsContainer(osutil.RootDirFS(), hostsWatcher, paths...)
+	globalContext.etcHosts, err = aghnet.NewHostsContainer(
+		ctx,
+		osutil.RootDirFS(),
+		hostsWatcher,
+		paths...)
 	if err != nil {
 		closeErr := hostsWatcher.Shutdown(ctx)
 		if errors.Is(err, aghnet.ErrNoHostsPaths) {
@ -743,7 +747,14 @@ func run(
 	confPath := configFilePath()

 	updLogger := slogLogger.With(slogutil.KeyPrefix, "updater")
-	upd, isCustomURL := newUpdater(ctx, updLogger, config, globalContext.workDir, confPath, execPath)
+	upd, isCustomURL := newUpdater(
+		ctx,
+		updLogger,
+		config,
+		globalContext.workDir,
+		confPath,
+		execPath,
+	)

 	// TODO(e.burkov): This could be made earlier, probably as the option's
 	// effect.
@ -813,7 +824,15 @@ func run(
 	}

 	if !opts.noPermCheck {
-		checkPermissions(ctx, slogLogger, globalContext.workDir, confPath, dataDir, statsDir, querylogDir)
+		checkPermissions(
+			ctx,
+			slogLogger,
+			globalContext.workDir,
+			confPath,
+			dataDir,
+			statsDir,
+			querylogDir,
+		)
 	}

 	web.start(ctx)