cmd/go: 'go mod download' fails with xyz+incompatible replacement targets while 'go mod verifies' works #34254
Description
What version of Go are you using (go version)?
go version go1.13 darwin/amd64
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (go env)?
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
What did you do?
my go.mod file contains replacement targets like:
github.com/pkg/errors => git.ourcompany.com/mirror-github/pkg--errors v0.8.1+incompatible
gopkg.in/yaml.v2 => git.ourcompany.com/mirror-github/go-yaml--yaml v2.2.2+incompatible
I ran go mod verify and go mod download.
What did you expect to see?
Since the project used to build with go1.12 and still builds / tests run fine, I expect both commands to work without errors.
What did you see instead?
go mod verify shows all modules verified (as expected), but go mod download fails with:
$ go mod download
go: finding git.ourcompany.com/mirror-github/pkg--errors v0.8.1+incompatible
go: finding git.ourcompany.com/mirror-github/go-yaml--yaml v2.2.2+incompatible
git.ourcompany.com/mirror-github/pkg--errors@v0.8.1+incompatible: invalid version: +incompatible suffix not allowed: major version v0 is compatible
git.ourcompany.com/mirror-github/go-yaml--yaml@v2.2.2+incompatible: invalid version: +incompatible suffix not allowed: module contains a go.mod file, so semantic import versioning is required
This seems related to #34217; on slack @bcmills said that it is likely a bug.
would argue that the acceptable versions should be:
gopkg.in/yaml.v2 => git.ourcompany.com/mirror-github/go-yaml--yaml/v2 v2.2.2
(because[…]/v2should be able to replacegopkg.in/[…].v2, bug notwithstanding) or
gopkg.in/yaml.v2 => git.ourcompany.com/mirror-github/go-yaml--yaml v2.2.2
(because the go.mod file should say gopkg.in/yaml.v2 explicitly, and that should be good enough for validation).