-
Notifications
You must be signed in to change notification settings - Fork 500
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Athens does not calculate the correct checksum #1881
Comments
Same issue with github.com/homeport/dyff@v1.5.7 package (without proxy module downloaded succesfully):
|
The only way I can think of this happening is that a given tag was released twice and Athens has a different one than sum.golang.org knows about. You can try removing the artifact from Athens' disk storage. |
In this problem reproduction scenario, there is no persistent storage. This issue is still reproducing. Start latest athens in one terminal: docker run --rm -p 3000:3000 gomods/athens:v0.13.3 Try download package in another terminal: cd $(mktemp -d)
go mod init example.net/foo
GOMODCACHE=$(mktemp -d) GOPROXY=http://127.0.0.1:3000/ go get github.com/homeport/dyff@v1.5.7 Also you can simply try download package with curl: curl -vf http://127.0.0.1:3000/github.com/homeport/dyff/@v/v1.5.7.mod You can see error in docker container logs:
|
Curious! I started up a local version of Athens and was able to reproduce that message with Server logs:
Client logs:
|
The H1 is what's failing, so I'm going to attempt to verify the H1 using this. |
Well that's pretty curious! I was able to use this tool to reproduce the sum.golang.org H1:
I was not able to reproduce the Checksum Athens produced ( |
I was able to confirm with What's curious is I haven't seen where we get |
The error source is on the op Inside the This is the error:
|
I did find this in the
|
Okay, so far more weird. All we're actually doing here is calling
I get the same behavior! Now, when I enable the Go proxy I get a very different response.
The H1's are the same, but the second response returns a So, to recap:
I need to get ahold of the artifact that Go is retrieving with |
Now we're getting somewhere. I was able to force Go to fetch the module
That error comes from here. Now for the real evidence:
|
To be clear, this is not a bug with Athens. Athens did what it is supposed to do and what I said I originally suspected is likely what happened: The repository maintainer reassigned that tag to a different commit but it was already in proxy.golang.org and sum.golang.org. One way to mitigate this is to tell Athens to use proxy.golang.org: |
Lastly, the smoking gun. The Checksum in sum.golang.org comes from this commit
|
Describe the bug
Maybe this is not the right forum, but I am not sure where to ask else.
I use a docker athene container and another fresh golang container.
In the golang container I setup athene container as goproxy.
when I run
go install github.com/mgechev/revive@latest
I see an error messagebut if I do not use athene as a proxy I can't see this error.
Error Message
If applicable add error message to help explain your problem or console output enclose in triple back-ticks eg,
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Same behavior with and without proxy.
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: