私人仓库-Go 1.13-`go mod ..`失败:ping"sum.golang.org/lookup" ..验证包.. 410不见了 [英] private repo - go 1.13 - `go mod ..` failed: ping "sum.golang.org/lookup" .. verifying package .. 410 gone

问题描述

我正在使用golang 1.13.

我有一个依赖于私人gitlab项目的项目.

我有相同的ssh键.

当我尝试为新创建的模块检索依赖项时，出现以下错误:

$ go version
go version go1.13 linux/amd64

$ go mod why
go: downloading gitlab.com/mycompany/myproject v0.0.145
verifying gitlab.com/mycompany/myproject@v0.0.145: gitlab.com/mycompany/myproject@v0.0.145: reading https://sum.golang.org/lookup/gitlab.com/mycompany/myproject@v0.0.145: 410 Gone

我不知道为什么要尝试对sum.golang.org/lookup进行ping操作，因为它是一个私有gitlab项目.

我的〜/.gitconfig包含以下内容(基于我在google搜索中查找的类似错误)

# Enforce SSH
[url "ssh://git@github.com/"]
  insteadOf = https://github.com/
[url "ssh://git@gitlab.com/"]
        insteadOf = https://gitlab.com/
[url "ssh://git@bitbucket.org/"]
  insteadOf = https://bitbucket.org/
[url "git@gitlab.com:"]
        insteadOf = https://gitlab.com/

错误仍然存​​在.

我希望将软件包从我的私人gitlab项目存储库下载到当前项目.

我是否需要在我的私人gitlab项目存储库中做任何事情以使其准备好开始使用"?

私有gitlab项目存储库已经包含该项目的go.sum和go.mod.

我想念什么吗?

edit:1)私人存储库名称和公司名称不包含星号或任何其他特殊字符.仅字母，甚至不包括数字字符.

解决方案

抬起头来回答我自己的问题，

设置GOPRIVATE变量似乎有帮助.

GOPRIVATE=gitlab.com/mycompany/*  go mod why

" 新的GOPRIVATE环境变量指示了不可公开获得的模块路径.它用作较低级别的GONOPROXY和GONOSUMDB变量的默认值，它们对通过代理获取并使用校验和数据库进行验证的模块提供了更细粒度的控制. 来自<​​a href="https://golang.org/doc/go1.13" rel="noreferrer"> https://golang.org/doc/go1.13

升力:

设置环境变量GONOSUMDB似乎也可以. 具体来说，调用以下命令似乎有帮助.

    GONOSUMDB=gitlab.com/mycompany/* go mod why

上面的env变量阻止ping到sum.golang.org/lookup以进行校验和匹配.它还可以防止将私有存储库的名称泄露给公共校验和数据库. [来源- https://docs.gomods.io/configuration/sumdb/]

也-在这里

  * GONOSUMDB=prefix1,prefix2,prefix3 sets a list of module path prefixes, again possibly containing globs, that should not be looked up using the database.

源: https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md

相关问题:

• https://github.com/golang/go/issues/32291
• https://github.com/golang/go/issues/33985 ["Go 1.13已发布，并且此问题已在冻结窗口之后提交.建议的更改不会在1.13中发生，但不要假设它们也一定会在1.14中发生."从上面的问题33985中获取. ]

I am using golang 1.13 .

I have a project that depends on a private gitlab project.

I have the ssh keys for the same.

When I try to retrieve the dependencies for a newly created module, I am getting the following error:

$ go version
go version go1.13 linux/amd64

$ go mod why
go: downloading gitlab.com/mycompany/myproject v0.0.145
verifying gitlab.com/mycompany/myproject@v0.0.145: gitlab.com/mycompany/myproject@v0.0.145: reading https://sum.golang.org/lookup/gitlab.com/mycompany/myproject@v0.0.145: 410 Gone

I have no idea why it is trying to ping sum.golang.org/lookup since it is a private gitlab project.

My ~/.gitconfig contains the following (based on my looking up in google search for similar errors)

# Enforce SSH
[url "ssh://git@github.com/"]
  insteadOf = https://github.com/
[url "ssh://git@gitlab.com/"]
        insteadOf = https://gitlab.com/
[url "ssh://git@bitbucket.org/"]
  insteadOf = https://bitbucket.org/
[url "git@gitlab.com:"]
        insteadOf = https://gitlab.com/

The error still persists.

I would expect the package to be downloaded from my private gitlab project repository to the current project.

Is there anything I need to do in my private gitlab project repository to make it ready for 'go get' ?

The private gitlab project repository already contains the go.sum and go.mod for the project as well.

Anything that I am missing ?

edit: 1) The private repo name and the company name contains no asterisks or any other special characters. only alphabets and not even numeric characters.

解决方案

Answering my own question after looking up,

Setting the GOPRIVATE variable seems to help.

GOPRIVATE=gitlab.com/mycompany/*  go mod why

" The new GOPRIVATE environment variable indicates module paths that are not publicly available. It serves as the default value for the lower-level GONOPROXY and GONOSUMDB variables, which provide finer-grained control over which modules are fetched via proxy and verified using the checksum database. " from https://golang.org/doc/go1.13

Aliter:

Setting the env variable GONOSUMDB also seems to work. Specifically, invoking the following command seems to help.

    GONOSUMDB=gitlab.com/mycompany/* go mod why

The above env variable prevents the ping to sum.golang.org/lookup for a checksum match. It also prevents leaking the names of private repos to a public checksum db. [ Source - https://docs.gomods.io/configuration/sumdb/ ]

Also - here at

  * GONOSUMDB=prefix1,prefix2,prefix3 sets a list of module path prefixes, again possibly containing globs, that should not be looked up using the database.

source: https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md

Related Issues:

• https://github.com/golang/go/issues/32291
• https://github.com/golang/go/issues/33985 ["Go 1.13 has been released, and this issue was filed well after the freeze window. The proposed changes will not happen in 1.13, but don't assume they will necessarily happen in 1.14 either." from issue 33985 above. ]

这篇关于私人仓库-Go 1.13-`go mod ..`失败:ping"sum.golang.org/lookup" ..验证包.. 410不见了的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！