New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: go get -insecure doesn't fallback to http #18179

Open
mg6maciej opened this Issue Dec 3, 2016 · 3 comments

Comments

Projects
None yet
5 participants
@mg6maciej

mg6maciej commented Dec 3, 2016

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go1.7.4

What operating system and processor architecture are you using (go env)?

darwin/amd64

What did you do?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

go get -insecure -d -v llvm.org/llvm/bindings/go/llvm doesn't download repo over http.

What did you expect to see?

No errors. Package downloaded.

What did you see instead?

Fetching https://llvm.org/llvm/bindings/go/llvm?go-get=1
Parsing meta tags from https://llvm.org/llvm/bindings/go/llvm?go-get=1 (status code 404)
package llvm.org/llvm/bindings/go/llvm: unrecognized import path "llvm.org/llvm/bindings/go/llvm" (parse https://llvm.org/llvm/bindings/go/llvm?go-get=1: no go-import meta tags)

Apparently this change introduced this regression while fixing another edge case scenario. After analyzing the code a bit, I came to conclusion that it would be better to try the whole process of getting go-import meta tags via https and when it fails, retrying with http. Currently the code fails here after getting err != nil from matchGoImport. Only at this point (or earlier if error happens from one of the calls above) there should be switch to http, if insecure flag is given.

@bradfitz bradfitz added this to the Go1.9 milestone Dec 3, 2016

@bradfitz

This comment has been minimized.

Member

bradfitz commented Dec 3, 2016

Sorry, this isn't a regression from Go 1.7 to Go 1.8, so flagging for Go 1.9, since we're in a code freeze for the Go 1.8 release right now.

@bradfitz bradfitz changed the title from go get -insecure doesn't fallback to http to cmd/go: go get -insecure doesn't fallback to http Dec 3, 2016

@rsc

This comment has been minimized.

Contributor

rsc commented Jun 22, 2017

I am not convinced this is incorrect behavior. -insecure means to try HTTP if HTTPS fails. HTTPS has not failed: it gave an authoritative answer (a 404 page with no <meta> tag).

Is there a good reason for llvm.org to serve only a subset of its content via HTTPS?

@bradfitz bradfitz modified the milestones: Go1.10, Go1.9 Jun 28, 2017

@rsc rsc modified the milestones: Go1.10, Go1.11 Dec 1, 2017

@gopherbot gopherbot modified the milestones: Go1.11, Unplanned May 23, 2018

@chowey

This comment has been minimized.

chowey commented Sep 26, 2018

Possibly related, this also seems to break -insecure while going through an http proxy when there is no https. I presume this is because the http proxy returns "503 Bad Gateway" instead of a net error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment