Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: get -insecure not supported in modules #27049

Closed
kminami opened this issue Aug 17, 2018 · 11 comments
Closed

cmd/go: get -insecure not supported in modules #27049

kminami opened this issue Aug 17, 2018 · 11 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go1.11

Comments

@kminami
Copy link

kminami commented Aug 17, 2018

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.11rc1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/myapp/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build371106128=/tmp/go-build -gno-record-gcc-switches"

What did you do?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

go get -v -insecure example.com/my/project

What did you expect to see?

Fetching https://example.com/my/project?go-get=1
https fetch failed: Get https://example.com/my/project?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
Fetching http://example.com/my/project?go-get=1
Parsing meta tags from http://example.com/my/project?go-get=1 (status code 200)
example.com/my/project (download)
example.com/my/project

What did you see instead?

Fetching https://example.com/my/project?go-get=1
https fetch failed: Get https://example.com/my/project?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
Fetching https://example.com/my?go-get=1
https fetch failed: Get https://example.com/my?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
Fetching https://example.com?go-get=1
https fetch failed: Get https://example.com?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
go get example.com/my/project: unrecognized import path "example.com/my/project" (https fetch: Get https://example.com/my/project?go-get=1: dial tcp x.x.x.x:443: connect: connection refused)
@kminami kminami changed the title go get -insecure not supported in modules? cmd/go: go get -insecure not supported in modules? Aug 17, 2018
@mvdan
Copy link
Member

mvdan commented Aug 17, 2018

cc @bcmills @myitcv

This does seem like a bug to me, unless module-aware go get behaves like this for a specific reason.

@mvdan mvdan changed the title cmd/go: go get -insecure not supported in modules? cmd/go: get -insecure not supported in modules Aug 17, 2018
@mvdan mvdan added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Aug 17, 2018
@mvdan mvdan added this to the Go1.11 milestone Aug 17, 2018
@kardianos
Copy link
Contributor

It was intentional. Further reading: #25434 .

@rsc
Copy link
Contributor

rsc commented Aug 17, 2018

Yes, the problem is that lots of commands now fetch from the network, so either we need to make them all accept -insecure and teach people to use it always (very sad) or else find a different way forward.

I'd like to hear more about what people use -insecure for, especially now that SSL certs are free.

@rsc
Copy link
Contributor

rsc commented Aug 17, 2018

Leaving for Go 1.12 regardless.

@rsc rsc modified the milestones: Go1.11, Go1.12 Aug 17, 2018
@kminami
Copy link
Author

kminami commented Aug 17, 2018

Thank you for the reference. I understood the current status.

We are using a GitLab server on a private network with private domain name such as gitlab.internal.mycompany.com.
We can use private CA certs, but it's a bit hard to automate operations.
I will try to use free SSL certs like let's encrypt with combining with public DNS.
However, introduction of -insecure mechanism to modules will still help us.

By the way, some descriptions about current status in the release notes or Module-aware go get will also help. Espetially, I think the latter is very misleading.

@rsc
Copy link
Contributor

rsc commented Aug 18, 2018

Moving back to Go 1.11. I didn't realize the module get docs said -insecure should work.

@rsc rsc modified the milestones: Go1.12, Go1.11 Aug 18, 2018
@rsc
Copy link
Contributor

rsc commented Aug 18, 2018

OK, that was just a bug. get -insecure will work. Automatic download during 'go build' will always use secure mode, so you'll just have to run go get more often than you might otherwise. (The same amount as with GOPATH, but everyone else will be running it less with modules.)

@gopherbot
Copy link

Change https://golang.org/cl/129801 mentions this issue: cmd/go: fix module get -insecure

@ChrisHines ChrisHines mentioned this issue Aug 20, 2018
Closed
@soniah
Copy link

soniah commented Dec 6, 2018

@rsc my issue with -insecure is that I'm working in a restricted environment that requires using an untrusted SSL certificate ie it's doing man-in-the-middle to decode/verify all comms. Yes the infrastructure should be setup to add the cert to the trusted key store, but it hasn't been and I can't change it.

@gdamore
Copy link

gdamore commented Mar 6, 2019

I have an issue with GitHub where using subdomain go.nanomsg.org does not properly because the certs they issue only work with www and apex domains. Sadly they don't seem to support doing this for multiple subdomains.

I wish I could get a free site that hosted vanity domains for go. On GitHub it always feels really contorted.

@puremourning
Copy link

@rsc my issue with -insecure is that I'm working in a restricted environment that requires using an untrusted SSL certificate ie it's doing man-in-the-middle to decode/verify all comms. Yes the infrastructure should be setup to add the cert to the trusted key store, but it hasn't been and I can't change it.

Same, did you find a solution to make go always ignore the certs ?

@golang golang locked and limited conversation to collaborators Jun 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Go1.11
Development

No branches or pull requests
8 participants
@soniah @rsc @kardianos @gdamore @mvdan @kminami @gopherbot @puremourning