hsyed
commented
4 years ago I have no idea how this problem showed up all of a sudden github.com/friendsofgo/errors has seen no activity recently so what caused this ?
Open hsyed opened 4 years ago
hsyed
commented
4 years ago I have no idea how this problem showed up all of a sudden github.com/friendsofgo/errors has seen no activity recently so what caused this ?
hsyed
commented
4 years ago I think it is a bug that gazelle continues and silently drops pkgs with sum-violating packages in the transitive closure. The error is logged out so it should just continue business as usual I think ?
hsyed
commented
4 years ago The offending package is not listed in our go_repositories() macro it is fetched by a transitive dep.
hsyed
commented
4 years ago updated our make target to :
build:
GOSUMDB=off bazel run //:gazelle -- update-repos -prune=true -from_file=go.mod -to_macro=build/go_repositories.bzl%go_repositories
GOSUMDB=off bazel run //:gazelle
GOSUMDB=off bazel build //:platformAlso a bazel clean --expunge has to be done if the a fetch with a sum violation has been cached.
I don't see another work around. Declaring the offending package in the workspace doesn't solve the problem as it is used by many other external packages and these are not go modules. We also have no way to control what version of the package they chose to fetch.
aperezg
commented
4 years ago This was a bug in our side, we've fixed that publishing a new release, so now all must be working again. Truly sorry!
jayconrod
commented
4 years ago Sorry for taking so long to respond on this. The repeated error messages are certainly not a good experience.
When Gazelle resolves an import path to a dependency outside of the current prefix, it tries to resolve the path against known go_repository rules in WORKSPACE. You can declare additional rules with # gazelle:repository or functions full of rules with # gazelle:repository_macro. If no repository is found, Gazelle runs go list -find -f {{.Module.Path}} -- $importPath. Any errors from that command need to be reported.
I'm marking this as a bug and leaving it open though because we probably shouldn't be calling go list at all anymore. If something can't be resolved from known repositories, we could run go list -m -json all once and use that to resolve packages to modules.
jayconrod
commented
4 years ago Note to anyone reading, checksum errors are serious and you shouldn't workaround them without understanding why they happened. Usually, this is caused by a module author rewriting a version tag. They should change the tag back to the original commit. Users should upgrade or downgrade to a working version.
You can look up the "canonical" sum with:
curl https://sum.golang.org/lookup/<module>@<version>
loeffel-io
commented
2 years ago to keep it easy you can create a simple function for this
# .functions
function golangSum(){
curl https://sum.golang.org/lookup/$1@$2
}
What version of gazelle are you using?
0.18.2
What version of rules_go are you using?
0.19.4
What version of Bazel are you using?
1.1.0
Does this issue reproduce with the latest releases of all the above?
no
What operating system and processor architecture are you using?
Darwin catalina
Problem
This dependency is throwing a go sum db error
it's a transitive dependency for
sqlboilergazelle also errors when run on our mono repo:
Observed issues
Gazelle doesn't hard error out, it proceeds to generate the build files. But any external dep that transitively depends on
github.com/friendsofgo/errorsjust gets removed from the existing build files.Workarround ?
Our build is currently broken so any work around would be appreciated. How do we
GOSUMDB=offgazelle ?