private repo - go 1.13 - `go mod ..` failed: ping “sum.golang.org/lookup” .. verifying package .. 410 gone

前端未结

关注

 4  501

野性不改

I am using golang 1.13 .

I have a project that depends on a private gitlab project.

I have the ssh keys for the same.

When I try to retrieve the depen

相关标签:

4条回答

[愿得一人]

2021-02-03 21:48
Change following go variable's setting and then upgrade your package,
```
$ export GO111MODULE=on
$ export GOPROXY=direct
$ export GOSUMDB=off
$ go get -u <your dependency package>
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
名媛妹妹

2021-02-03 21:50
I have this scenario too and this works for me.
1. edit your .git/config and add two lines in it.( I have this in a global .gitconfig in home dir)
```
[url "ssh://youprivate.com"]
     insteadOf = https://yourprivate.com
```
1. export GOSUMDB=off
Then everything will OK.
0 讨论(0)
发布评论:

提交评论
- 加载中...
醉话见心

2021-02-03 21:57
Answering my own question after looking up,

Setting the GOPRIVATE variable seems to help.
```
GOPRIVATE=gitlab.com/mycompany/*  go mod why
```
" The new GOPRIVATE environment variable indicates module paths that are not publicly available. It serves as the default value for the lower-level GONOPROXY and GONOSUMDB variables, which provide finer-grained control over which modules are fetched via proxy and verified using the checksum database. " from https://golang.org/doc/go1.13

Aliter:

Setting the env variable GONOSUMDB also seems to work. Specifically, invoking the following command seems to help.
```
    GONOSUMDB=gitlab.com/mycompany/* go mod why
```
The above env variable prevents the ping to sum.golang.org/lookup for a checksum match. It also prevents leaking the names of private repos to a public checksum db. [ Source - https://docs.gomods.io/configuration/sumdb/ ]

Also - here at
```
  * GONOSUMDB=prefix1,prefix2,prefix3 sets a list of module path prefixes, again possibly containing globs, that should not be looked up using the database.
```
source: https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md

Related Issues:
- https://github.com/golang/go/issues/32291
- https://github.com/golang/go/issues/33985 ["Go 1.13 has been released, and this issue was filed well after the freeze window. The proposed changes will not happen in 1.13, but don't assume they will necessarily happen in 1.14 either." from issue 33985 above. ]
0 讨论(0)
发布评论:

提交评论
- 加载中...
挽巷

2021-02-03 21:58
Basically it failed to verify private repository. However I don't like turning off checksum, but you can easily set GOSUMDB to off before trying to get module. something like this:
```
GOSUMDB=off go get github.com/mycompany/myproject
```
ref: https://github.com/golang/go/issues/35164#issuecomment-546503518

A second and better solution is to set GOPRIVATE environment variable that controls which modules the go command considers to be private (not available publicly) and should therefore NOT use the proxy or checksum database. The variable is a comma-separated list of glob patterns (same syntax of Go's path.Match) of module path prefixes. For example,
```
export GOPRIVATE=*.corp.example.com,rsc.io/private
```
Or
```
go env -w GOPRIVATE=github.com/mycompany/*
```
Last solution you can try is to turn off such checks for all private repositories that you don't want to go public or being verified through sum.golang.org/lookup/github.com/mycompany/...
```
GONOSUMDB=gitlab.com/mycompany/* go mod why
```
Note that:

If you have issues fetching modules or repos over https, you may want to add the following to your ~/.gitconfig to make go get/fetch repositories using ssh instead of https

[url "ssh://git@github.com/"] insteadOf = https://github.com/
0 讨论(0)
发布评论:

提交评论
- 加载中...