cmd/go: relax module consistency checks if vendor/modules.txt is missing #37948
Comments
|
Change https://golang.org/cl/224057 mentions this issue: |
bcmills
added
modules
NeedsInvestigation
|
Could you say more about why Also, why not build a |
bcmills
added
the
WaitingForInfo
|
@jayconrod Because network is not available during the build. The list of required dependencies is generated from |
|
If you have a full copy of You may be able to construct the I don't think we should disable the |
|
Alternatively, you can add an option to go to optionally wave the consistency check. (A full copy of vendor/modules.txt is available at some point during the port maintainer update, but it's problematic to keep it into the build phase within the FreeBSD ports framework.) |
|
The design of Go assumes that network is available at all times during build, while during package build the network is not available for security reasons. The new consistency checking exacerbate this conflict, putting more and more burden on port developers/maintainers. |
|
The consistency check does not use the network, by design. It compares the lexical contents of the And note that |
…sing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) MFH: 2020Q2 Differential Revision: https://reviews.freebsd.org/D24122 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@530387 35697150-7ecd-e111-bb59-0022644237b5
…sing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) MFH: 2020Q2 Differential Revision: https://reviews.freebsd.org/D24122
…sing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) MFH: 2020Q2 Differential Revision: https://reviews.freebsd.org/D24122 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@530387 35697150-7ecd-e111-bb59-0022644237b5
lang/go: relax module consistency checks if vendor/modules.txt is missing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) Differential Revision: https://reviews.freebsd.org/D24122 Approved by: ports-secteam (joneum)
Downgrade back to go modules 1.13 until this issue is fixed: golang/go#37948
lang/go: relax module consistency checks if vendor/modules.txt is missing Starting from go1.14, go verifies that vendor/modules.txt matches the requirements and replacements listed in the main module go.mod file, and it is a hard failure if vendor/modules.txt is missing. Relax module consistency checks and switch back to pre go1.14 behaviour if vendor/modules.txt is missing and GO_NO_VENDOR_CHECKS=1 is set in the environment regardless of go version requirement in go.mod. Upstream PR: golang/go#37948 PR: 244783 Reported by: Christopher Hall <hsw@bitmark.com> Reviewed by: mikael swills yuri Approved by: jlaffaye (maintainer timeout, 2 weeks) Differential Revision: https://reviews.freebsd.org/D24122 Approved by: ports-secteam (joneum)
|
Closing old issues that still have the WaitingForInfo label where enough details to investigate weren't provided. Feel free to leave a comment with more details and we can reopen. |
Strong consistency checks in go1.14 and requirement that
vendor/modules.txtmust be present make it hard to package Go software (e.g. as FreeBSD ports).Because network is not available during the port build, ports are built in
-mod=vendormode. All required dependencies are fetched beforehand and then unpacked into vendor directory simulating the result ofgo mod vendor, except thatvendor/modules.txtis not present. If software's go.mod specifiesgo.14, missingvendor/modules.txtis a hard error (... is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt) and working around it requires patching go.mod back togo1.13Proposed change relaxes module consistency checks and switches back to go1.13 behaviour if
vendor/modules.txis not present during the build.The text was updated successfully, but these errors were encountered: