New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/go: relax module consistency checks if vendor/modules.txt is missing #37948
Comments
Change https://golang.org/cl/224057 mentions this issue: |
Could you say more about why Also, why not build a |
@jayconrod Because network is not available during the build. The list of required dependencies is generated from |
If you have a full copy of You may be able to construct the I don't think we should disable the |
Alternatively, you can add an option to go to optionally wave the consistency check. (A full copy of vendor/modules.txt is available at some point during the port maintainer update, but it's problematic to keep it into the build phase within the FreeBSD ports framework.) |
The design of Go assumes that network is available at all times during build, while during package build the network is not available for security reasons. The new consistency checking exacerbate this conflict, putting more and more burden on port developers/maintainers. |
The consistency check does not use the network, by design. It compares the lexical contents of the And note that |
…sing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) MFH: 2020Q2 Differential Revision: https://reviews.freebsd.org/D24122 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@530387 35697150-7ecd-e111-bb59-0022644237b5
…sing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) MFH: 2020Q2 Differential Revision: https://reviews.freebsd.org/D24122
…sing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) MFH: 2020Q2 Differential Revision: https://reviews.freebsd.org/D24122 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@530387 35697150-7ecd-e111-bb59-0022644237b5
lang/go: relax module consistency checks if vendor/modules.txt is missing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) Differential Revision: https://reviews.freebsd.org/D24122 Approved by: ports-secteam (joneum)
Downgrade back to go modules 1.13 until this issue is fixed: golang/go#37948
lang/go: relax module consistency checks if vendor/modules.txt is missing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) Differential Revision: https://reviews.freebsd.org/D24122 Approved by: ports-secteam (joneum)
Closing old issues that still have the WaitingForInfo label where enough details to investigate weren't provided. Feel free to leave a comment with more details and we can reopen. |
Strong consistency checks in go1.14 and requirement that
vendor/modules.txt
must be present make it hard to package Go software (e.g. as FreeBSD ports).Because network is not available during the port build, ports are built in
-mod=vendor
mode. All required dependencies are fetched beforehand and then unpacked into vendor directory simulating the result ofgo mod vendor
, except thatvendor/modules.txt
is not present. If software's go.mod specifiesgo.14
, missingvendor/modules.txt
is a hard error (... is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
) and working around it requires patching go.mod back togo1.13
Proposed change relaxes module consistency checks and switches back to go1.13 behaviour if
vendor/modules.tx
is not present during the build.The text was updated successfully, but these errors were encountered: