private repo - go 1.13 - `go mod ..` failed: ping “sum.golang.org/lookup” .. verifying package .. 410 gone

Question

I am using golang 1.13 .

I have a project that depends on a private gitlab project.

I have the ssh keys for the same.

When I try to retrieve the depen

Answer 1

Answering my own question after looking up,

Setting the GOPRIVATE variable seems to help.

GOPRIVATE=gitlab.com/mycompany/*  go mod why

" The new GOPRIVATE environment variable indicates module paths that are not publicly available. It serves as the default value for the lower-level GONOPROXY and GONOSUMDB variables, which provide finer-grained control over which modules are fetched via proxy and verified using the checksum database. " from https://golang.org/doc/go1.13

Aliter:

Setting the env variable GONOSUMDB also seems to work. Specifically, invoking the following command seems to help.

    GONOSUMDB=gitlab.com/mycompany/* go mod why

The above env variable prevents the ping to sum.golang.org/lookup for a checksum match. It also prevents leaking the names of private repos to a public checksum db. [ Source - https://docs.gomods.io/configuration/sumdb/ ]

Also - here at

  * GONOSUMDB=prefix1,prefix2,prefix3 sets a list of module path prefixes, again possibly containing globs, that should not be looked up using the database.

source: https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md

Related Issues:

• https://github.com/golang/go/issues/32291
• https://github.com/golang/go/issues/33985 ["Go 1.13 has been released, and this issue was filed well after the freeze window. The proposed changes will not happen in 1.13, but don't assume they will necessarily happen in 1.14 either." from issue 33985 above. ]