New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vgo: possible non-determinism in updating go.sum #26310
Comments
To make things even more odd, I removed |
Just to provide some more context, I'm seeing some unpredictable (possibly racy?) behavior between the two lines in +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= |
The hash is a checksum over the one-file tree containing only the go.mod for the module now. It is normal that the checksum not changed, but the version changed. |
The details reported so far seems to be working correctly to me. What you're probably missing is that vgo goes out of its way to avoid downloading information until that information is necessary. This is an important optimization.
'vgo install ./...' after 'vgo get -u' does need the source code for the new dependencies, because now it's actually reading the source code. That's why it adds new entries for some directory trees to go.sum. If a go.mod says it requires foo.com/bar and no import found during the build points into foo.com/bar, then vgo will not load that module's source code at all. That's why not all /go.mod entries in go.sum have corresponding non-/go.mod entries, even after After removing I don't understand the comment about go-spew. What command are you running that adds that line to go.sum? Does it happen every time you run the command? Just half the time? If the behavior is non-deterministic, can you say what setup is required to reproduce the non-determinism? Thanks. |
vgo get -u
Gotcha, I was expecting the I was still experiencing some kind of non-determinism as best as I could tell. I will see if I can come up with a repro case tomorrow. |
Closing this since it was due to my misunderstanding of how/when Specifically my build process involves a |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
I'm using the current latest released go and golang/vgo@cdd82a7.
What operating system and processor architecture are you using (
go env
)?What did you do?
I knew there was an update to one of my dependencies (crawshaw.io/sqlite) and ran
vgo get -u
to pull in that and any other updates.What did you expect to see?
I expected to see changed revisions as well as updated cryptographic checksums in
go.sum
.What did you see instead?
go.sum
shows me new entries for the updated revisions, but the checksums are the same as the old ones. Here's thegit diff
after runningvgo get -u
:Next I ran
vgo install ./...
inside my module, and I sawgo.sum
was modified again, this time new checksums showed up for some of the entries (noticegolang.org/x/net
was not changed):Something seems to be off?
The text was updated successfully, but these errors were encountered: