Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: go get -insecure requires GIT_SSL_NO_VERIFY #34568

Open
kyroy opened this issue Sep 27, 2019 · 2 comments
Open

cmd/go: go get -insecure requires GIT_SSL_NO_VERIFY #34568

kyroy opened this issue Sep 27, 2019 · 2 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@kyroy
Copy link
Contributor

kyroy commented Sep 27, 2019

What version of Go are you using (go version)?

$ go version
go version go1.13 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/go/test/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build128427995=/tmp/go-build -gno-record-gcc-switches"

What did you do?

$ docker run  -ti --rm golang:1.13 bash
$ mkdir test && cd test && go mod init test
$ export GOPRIVATE=github.xxxx.xxxxx.corp

$ go get github.xxxx.xxxxx.corp/myorg/go
go get github.xxxx.xxxxx.corp/myorg/go: unrecognized import path "github.xxxx.xxxxx.corp/myorg/go" (https fetch: Get https://github.xxxx.xxxxx.corp/myorg/go?go-get=1: x509: certificate signed by unknown authority)

$ go get -insecure -x -v  github.xxxx.xxxxx.corp/myorg/go
# get https://github.xxxx.xxxxx.corp/?go-get=1
# get https://github.xxxx.xxxxx.corp/myorg?go-get=1
# get https://github.xxxx.xxxxx.corp/myorg/go?go-get=1
# get //github.xxxx.xxxxx.corp/myorg/go?go-get=1: 200 OK (0.068s)
get "github.xxxx.xxxxx.corp/myorg/go": found meta tag get.metaImport{Prefix:"github.xxxx.xxxxx.corp/myorg/go", VCS:"git", RepoRoot:"https://github.xxxx.xxxxx.corp/myorg/go.git"} at //github.xxxx.xxxxx.corp/myorg/go?go-get=1
mkdir -p /go/pkg/mod/cache/vcs # git3 https://github.xxxx.xxxxx.corp/myorg/go.git
# lock /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe.lockmkdir -p /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe # git3 https://github.xxxx.xxxxx.corp/myorg/go.git
cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git init --bare
0.005s # cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git init --bare
cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git remote add origin -- https://github.xxxx.xxxxx.corp/myorg/go.git
0.003s # cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git remote add origin -- https://github.xxxx.xxxxx.corp/myorg/go.git
cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git ls-remote -q origin
# get //github.xxxx.xxxxx.corp/?go-get=1: 200 OK (0.101s)
0.111s # cd /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe; git ls-remote -q origin
# get //github.xxxx.xxxxx.corp/myorg?go-get=1: 200 OK (1.277s)
go get github.xxxx.xxxxx.corp/myorg/go: git ls-remote -q origin in /go/pkg/mod/cache/vcs/1e0d9b889f3416a56ea37502ad1137f6723e61f8260c10aaf3fb8c45d44204fe: exit status 128:
	fatal: unable to access 'https://github.xxxx.xxxxx.corp/myorg/go.git/': server certificate verification failed. CAfile: none CRLfile: none

$ GIT_SSL_NO_VERIFY=1 go get -insecure github.xxxx.xxxxx.corp/myorg/go
go: finding github.xxxx.xxxxx.corp/myorg/go latest
go: downloading github.xxxx.xxxxx.corp/myorg/go v0.0.0-20190903123812-3090d622918c
go: extracting github.xxxx.xxxxx.corp/myorg/go v0.0.0-20190903123812-3090d622918c

What did you expect to see?

I would expect that the option -insecure also disables the SSL verification for git.

What did you see instead?

go get -insecure fails and I have to enable GIT_SSL_NO_VERIFY to be able to download my dependency.
@kyroy kyroy mentioned this issue Sep 27, 2019
Closed
@bcmills bcmills added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 27, 2019
@bcmills
Copy link
Contributor

bcmills commented Sep 27, 2019

We should probably revisit this in conjunction with #32966.

@bcmills bcmills added this to the Unplanned milestone Sep 27, 2019
@bcmills
Copy link
Contributor

bcmills commented Sep 27, 2019

CC @jayconrod @FiloSottile

@jayconrod jayconrod modified the milestones: Unplanned, Backlog Nov 12, 2019
@witchard witchard mentioned this issue Feb 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@jayconrod @kyroy @bcmills