Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: get -insecure not supported in modules #27049

Closed
kminami opened this issue Aug 17, 2018 · 11 comments
Closed

cmd/go: get -insecure not supported in modules #27049

kminami opened this issue Aug 17, 2018 · 11 comments

Comments

@kminami
Copy link

@kminami kminami commented Aug 17, 2018

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version go1.11rc1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/myapp/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build371106128=/tmp/go-build -gno-record-gcc-switches"

What did you do?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.

go get -v -insecure example.com/my/project

What did you expect to see?

Fetching https://example.com/my/project?go-get=1
https fetch failed: Get https://example.com/my/project?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
Fetching http://example.com/my/project?go-get=1
Parsing meta tags from http://example.com/my/project?go-get=1 (status code 200)
example.com/my/project (download)
example.com/my/project

What did you see instead?

Fetching https://example.com/my/project?go-get=1
https fetch failed: Get https://example.com/my/project?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
Fetching https://example.com/my?go-get=1
https fetch failed: Get https://example.com/my?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
Fetching https://example.com?go-get=1
https fetch failed: Get https://example.com?go-get=1: dial tcp x.x.x.x:443: connect: connection refused
go get example.com/my/project: unrecognized import path "example.com/my/project" (https fetch: Get https://example.com/my/project?go-get=1: dial tcp x.x.x.x:443: connect: connection refused)
@kminami kminami changed the title go get -insecure not supported in modules? cmd/go: go get -insecure not supported in modules? Aug 17, 2018
@mvdan
Copy link
Member

@mvdan mvdan commented Aug 17, 2018

cc @bcmills @myitcv

This does seem like a bug to me, unless module-aware go get behaves like this for a specific reason.

@mvdan mvdan changed the title cmd/go: go get -insecure not supported in modules? cmd/go: get -insecure not supported in modules Aug 17, 2018
@mvdan mvdan added this to the Go1.11 milestone Aug 17, 2018
@kardianos
Copy link
Contributor

@kardianos kardianos commented Aug 17, 2018

It was intentional. Further reading: #25434 .

@rsc
Copy link
Contributor

@rsc rsc commented Aug 17, 2018

Yes, the problem is that lots of commands now fetch from the network, so either we need to make them all accept -insecure and teach people to use it always (very sad) or else find a different way forward.

I'd like to hear more about what people use -insecure for, especially now that SSL certs are free.

@rsc
Copy link
Contributor

@rsc rsc commented Aug 17, 2018

Leaving for Go 1.12 regardless.

@rsc rsc removed this from the Go1.11 milestone Aug 17, 2018
@rsc rsc added this to the Go1.12 milestone Aug 17, 2018
@kminami
Copy link
Author

@kminami kminami commented Aug 17, 2018

Thank you for the reference. I understood the current status.

We are using a GitLab server on a private network with private domain name such as gitlab.internal.mycompany.com.
We can use private CA certs, but it's a bit hard to automate operations.
I will try to use free SSL certs like let's encrypt with combining with public DNS.
However, introduction of -insecure mechanism to modules will still help us.

By the way, some descriptions about current status in the release notes or Module-aware go get will also help. Espetially, I think the latter is very misleading.

@rsc
Copy link
Contributor

@rsc rsc commented Aug 18, 2018

Moving back to Go 1.11. I didn't realize the module get docs said -insecure should work.

@rsc rsc removed this from the Go1.12 milestone Aug 18, 2018
@rsc rsc added this to the Go1.11 milestone Aug 18, 2018
@rsc
Copy link
Contributor

@rsc rsc commented Aug 18, 2018

OK, that was just a bug. get -insecure will work. Automatic download during 'go build' will always use secure mode, so you'll just have to run go get more often than you might otherwise. (The same amount as with GOPATH, but everyone else will be running it less with modules.)

@gopherbot
Copy link

@gopherbot gopherbot commented Aug 18, 2018

Change https://golang.org/cl/129801 mentions this issue: cmd/go: fix module get -insecure

@soniah
Copy link

@soniah soniah commented Dec 6, 2018

@rsc my issue with -insecure is that I'm working in a restricted environment that requires using an untrusted SSL certificate ie it's doing man-in-the-middle to decode/verify all comms. Yes the infrastructure should be setup to add the cert to the trusted key store, but it hasn't been and I can't change it.

@gdamore
Copy link

@gdamore gdamore commented Mar 6, 2019

I have an issue with GitHub where using subdomain go.nanomsg.org does not properly because the certs they issue only work with www and apex domains. Sadly they don't seem to support doing this for multiple subdomains.

I wish I could get a free site that hosted vanity domains for go. On GitHub it always feels really contorted.

@puremourning
Copy link

@puremourning puremourning commented Jun 15, 2019

@rsc my issue with -insecure is that I'm working in a restricted environment that requires using an untrusted SSL certificate ie it's doing man-in-the-middle to decode/verify all comms. Yes the infrastructure should be setup to add the cert to the trusted key store, but it hasn't been and I can't change it.

Same, did you find a solution to make go always ignore the certs ?

@golang golang locked and limited conversation to collaborators Jun 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants