Change https://golang.org/cl/191218 mentions this issue: cmd/go: add module proxy support for modfetch.ImportRepoRev``

I suggest applying those changes to Go 1.13 since it has not yet been released. 😊

Go 1.13 is well into the release freeze at this point, so we're pretty much only fixing critical regressions from here on out. The good news is, the tree will be opening for 1.14 very soon.

And this problem isn't just for Gopkg.lock. It exists when translating legacy versioning system configs. So the title should be corrected.

Hi @bcmills, someone has reported this bug to me (again) today. This bug isn't only triggered when go mod init is called, but in every operation (such as go test, go run, go build etc) that might generate a go.mod file from a legacy dependency (when GO111MODULE=on). The people who have encountered this bug are blaming their Go module proxies (at least goproxy.cn was blamed by someone). They think that Go module proxy should be able to proxy this kind of initialization operation.

So, please merge https://golang.org/cl/191218 and consider applying those changes to Go 1.13.1 (or 1.13.2). We really need it. 🙏

Thanks again. ❤️

CL 191218 is in, although I don't think it meets the backport criteria (it wasn't a regression and the workaround is to run go mod tidy after go mod init).

Regarding other operations that might generate a go.mod file: they no longer do as of 1.13. (Only go mod init creates the go.mod file now.) That was #29433.

Alright, I got it. Thank you for your reply. :-)

This was reverted in CL 194797 due to a test failure, possibly related to #34092. Investigating now.

The reason for the test failure seems to be that some of the converted formats specify package paths rather than module paths, and modfetch.Stat does not know how to resolve a package path to a module.

The usual function that converts a package path to a module path is modload.QueryPackage, but we can't call that within modconv due to a circular dependency.

The circular dependency exists because modload is currently performing (at least) two different roles:

1. Managing the contents of the main module's build list, and
2. managing the mapping of module paths and versions to source file locations.

Role (2) will need significant refactoring for #26904 anyway, so I'm planning to revisit this once that has been addressed.

CC @jayconrod

Role (2) will need significant refactoring for #26904 anyway, so I'm planning to revisit this once that has been addressed.

I don't think I'll have time to get to that in 1.14 after all. 😞

This will still make sense for people under firewall(AKA MOSTLY Chinese Gopher) , can we put it in Go1.17 or other recent releases , thanks.

Create the empty go.mod file and run go mod tidy seems hack and inconvenient for developers 🙏

@scbizu Sorry, I almost forgot this one, thanks for the ping.

I just checked the code, and modload still imports modconv, so there is no way to directly call anything in modload in modconv (import cycle not allowed). So before #26904 is resolved, we only have one way to fix this bug, which is to pass modload.QueryPackages as a parameter to modconv.ConvertLegacyConfig.

I'll submit a CL later.

Change https://golang.org/cl/306809 mentions this issue: cmd/go/internal/modconv: involve GOPROXY in ConvertLegacyConfig

I find out that maybe the way create go.mod first and run go mod tidy do not work in some cases that go mod tidy do not recognize the old vendored version and use the latest version . In these cases , we must use go mod init to generate the correct version go.mod .