cmd/go/internal/modfetch: treat malformed versions as “not found” on the proxy path #32955
Comments
|
/cc @bcmills |
ALTree
changed the title
ALTree
added
the
NeedsInvestigation
|
Should this have the |
|
@bcmills @jayconrod I think this is a side-effect of changing GOPROXY. $ GOOS=windows GOPROXY=direct GONOSUM=.* go1.13beta get golang.zx2c4.com/wireguard/windows@pkg/walk go: finding golang.zx2c4.com/wireguard/windows pkg/walk The problem can be reproducible with go1.12 if GOPROXY is set. GOOS=windows GOPROXY=https://proxy.golang.org GONOSUM=.* go get golang.zx2c4.com/wireguard/windows@pkg/walk go: finding golang.zx2c4.com/wireguard/windows pkg/walk go: finding golang.zx2c4.com/wireguard pkg/walk go: finding golang.zx2c4.com pkg/walk go get golang.zx2c4.com/wireguard/windows@pkg/walk: disallowed version string "pkg/walk" |
|
Such version strings are not accepted by golang.org/x/mod/module package that is used by both go command and proxy.golang.org as well. The module proxy protocol doc ( |
|
@zx2c4, can you confirm that setting |
|
This might be a limitation in the proxy, rather than the Go command. With go1.13beta1, the command below succeeds: However, it fails with When the proxy is enabled, this is the first request the Go command will send in order to find out the canonical version for |
Set |
bcmills
changed the title
The general solution here may be for the proxy to treat any (non-pseudo-) version that fails |
|
Note that the same code is being used in the go command. |
|
It wasn't clear to me, so for the record: the problem is that the |
Confirmed. |
bcmills
changed the title
bcmills
added
the
NeedsDecision
gopherbot
removed
the
NeedsInvestigation
Yes, extremely common. For example, some projects use it to denote the owner of the branch |
|
fyi - proxy.golang.org now serves 404/410 for this $ curl -i https://proxy.golang.org/golang.zx2c4.com/wireguard/windows/@v/pkg/walk.info HTTP/1.1 410 Gone Content-Type: text/plain; charset=UTF-8 ... bad request: invalid escaped version "pkg/walk": invalid char '/' |
Go 1.13 introduced a proxy for go modules versioning. This proxy doesn't allow to `go get` package that have '/' in the version string. eg `go get github.com/go-flutter-desktop/go-flutter@v0.30.0` works. But `go get get github.com/go-flutter-desktop/go-flutter@feature/test` wont because of the '/' after the '@'. The issue is reported in golang/go#32955 A fix is to by-pass the PROXY by using the `GOPROXY=direct` venv. Go 1.13 also doesn't fetch '@latest' when the tag is already valid. This commit sets '@latest' to the version string when needed (hover upgrade)
Go 1.13 introduced a proxy for go modules versioning. This proxy doesn't allow to `go get` package that have '/' in the version string. eg `go get github.com/go-flutter-desktop/go-flutter@v0.30.0` works. But `go get get github.com/go-flutter-desktop/go-flutter@feature/test` wont because of the '/' after the '@'. The issue is reported in golang/go#32955 A fix is to by-pass the PROXY by using the `GOPROXY=direct` venv. Go 1.13 also doesn't fetch '@latest' when the tag is already valid. This commit sets '@latest' to the version string when needed (hover upgrade)
|
This bug also affects module imports from a subdirectory of another module. Here's an example tree for a repo: If I were to import package What're the next steps for that one - do we want to fix |
|
@utrack, the versions in the proxy protocol are not the same as the tags in the underlying repo. The tag for the module in the |
|
@utrack try the
|
|
Using the hash of the branch |
As much as I don't personally use them, I'm afraid they are common. Where I work, pretty much everyone works in branches like |
|
To add to my last comment, the convention is even documented here: https://github.com/ipfs/community/blob/master/CONTRIBUTING_GO.md#branch-names
|
This comment was marked as spam.
This comment was marked as spam.
Before this patch, We were replacing go.mod in openstack-operator with PR commit using branch name. ex: ~~ go mod edit --replace github.com/openstack-k8s-operators/keystone-operator/api@$version= github.com/ysandeep93/keystone-operator/api@dependabot/go_modules/ sigs.k8s.io/controller-runtime-0.13.1 ~~~ After Go 1.13, there is an known issue if we have slashes in branch name.[1] ~~~ $go mod tidy go: errors parsing go.mod: /tmp/openstack-operator/go.mod:97: replace github.com/ysandeep93/keystone-operator/api: version "dependabot/go_modules/sigs.k8s.io/controller-runtime-0.13.1" invalid: version "dependabot/go_modules/sigs.k8s.io/controller-runtime-0.13.1" invalid: disallowed version string ~~~ With this patch, updating our logic to use hash of branch instead of branch name, same workaround/fix is mentioned here[2]. [1] golang/go#32955 [2] golang/go#34175 (comment)
|
Any chance that this gets fixed at any point? Slashes in branch names are very common and it's frustrating to have to work around this limitation all the time. |
|
I am building a package main
import (
// ...
_ "github.com/go-sql-driver/mysql"
_ "github.com/jackc/pgx/v5/stdlib"
_ "github.com/mattn/go-sqlite3"
_ "github.com/microsoft/go-mssqldb"
_ "github.com/sijms/go-ora/v2"
_ "modernc.org/sqlite"
) |
|
It seems it works as of go 1.20.1. I am quite satisfied as it is. But I am not sure if I overlooked anything. |
|
@elgs this issue is about interacting with branches that have a forward slash ( |
For Go 1.11 and 1.12, I have in my
go.modsomething like:I use this to indicate that usage of
github.com/lxn/walkshould be replaced with the latest contents of a branch calledpkg/walkfromgolang.zx2c4.com/wireguard/windows.With 1.13beta1, this now breaks with a message:
This poses a significant problem.
The text was updated successfully, but these errors were encountered: