Description
What version of Go are you using (go version)?
$ go version go version go1.17.2 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/home/wkaluza/.cache/go-build" GOENV="/home/wkaluza/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/home/wkaluza/go/pkg/mod" GONOPROXY="github.com/wkaluza/*" GONOSUMDB="github.com/wkaluza/*" GOOS="linux" GOPATH="/home/wkaluza/go" GOPRIVATE="github.com/wkaluza/*" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.17.2" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/dev/null" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3476795626=/tmp/go-build -gno-record-gcc-switches" GOROOT/bin/go version: go version go1.17.2 linux/amd64 GOROOT/bin/go tool compile -V: compile version go1.17.2 uname -sr: Linux 5.11.0-38-generic Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal /lib/x86_64-linux-gnu/libc.so.6: GNU C Library (Ubuntu GLIBC 2.31-0ubuntu9.2) stable release version 2.31. lldb --version: lldb version 10.0.0 gdb --version: GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
What did you do?
We have the following two files.
// go.mod
module m
go 1.17
replace quote_alias => rsc.io/quote v1.5.2
require rsc.io/quote v1.5.2
// main.go
package main
import (
"fmt"
q "quote_alias"
)
func main() {
fmt.Println(q.Go())
}
Attempting to execute go run main.go results in an error.
main.go:5:2: rsc.io/quote@v1.5.2: missing go.sum entry; to add it:
go mod download rsc.io/quote
Running go mod download rsc.io/quote and then go run main.go again gives another error:
main.go:5:2: module quote_alias provides package quote_alias and is replaced but not required; to add it:
go get quote_alias
Executing go get quote_alias fails with the error:
go: downloading rsc.io/sampler v1.3.0
go: downloading golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c
go: rsc.io/quote@v1.5.2 used for two different module paths (quote_alias and rsc.io/quote)
The go.mod file is clearly malformed, but can be fixed by running go mod tidy. The result is as follows:
// go.mod
module m
go 1.17
replace quote_alias => rsc.io/quote v1.5.2
require quote_alias v0.0.0-00010101000000-000000000000
require (
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c // indirect
rsc.io/sampler v1.3.0 // indirect
)
Now go run main.go works as expected. However, go mod verify fails with the following message:
quote_alias v0.0.0-00010101000000-000000000000: missing ziphash: open hash: no such file or directory
What did you expect to see?
I expected go mod tidy to fix the go.mod file (which it did) and for go mod verify to accept the result.
What did you see instead?
The go mod verify command treated the requirement with a placeholder ZeroPseudoVersion as a real package, attempted to look for it and failed.
Shouldn't go mod verify ignore ZeroPseudoVersion-ed requirements on principle? After all, a ZPV is a synthetic placeholder, not a real version string. If the discussion here reaches this conclusion, I may already have a fix and a regression test ready for review.