search

bytedance / sonic

A blazingly fast JSON serializing & deserializing library
Apache License 2.0
6.54k stars 322 forks source link

github.com/bytedance/sonic/loader@v0.1.0: verifying go.mod: checksum mismatch #622

Closed yangyile1990 closed 2 months ago

yangyile1990 commented 2 months ago 
go get github.com/bytedance/sonic/loader@v0.1.0
go: github.com/cloudwego/base64x@v0.1.3 requires
        github.com/bytedance/sonic/loader@v0.1.0: verifying go.mod: checksum mismatch
        downloaded: h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
        sum.golang.org: h1:UmRT+IRTGKz/DAkzcEGzyVqQFJ7H9BqwBO3pm9H/+HY=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
yangyile1990 commented 2 months ago

use this not use others

GOPROXY=https://proxy.golang.org,direct
AsterDY commented 2 months ago

This is because I unexpectedly delete the tag and push it again. You can resolve this through two options:

zhuwensi commented 2 months ago

This is because I push unexpectedly delete the tag and push it again. You can resolve this through two options:

  • clean you mod cache go clean -modcache and repull all dependency again
  • update to sonic v1.11.6 Sorry for disturbing. We will continue to work on making sonic more reliable and stable

Hi, with go clean -modcache, the error still exists. maybe other reasons?

felix021 commented 2 months ago

This is because I push unexpectedly delete the tag and push it again. You can resolve this through two options:

  • clean you mod cache go clean -modcache and repull all dependency again
  • update to sonic v1.11.6 Sorry for disturbing. We will continue to work on making sonic more reliable and stable

Hi, with go clean -modcache, the error still exists. maybe other reasons?

Update to the latest version of sonic should solve this:

go get github.com/bytedance/sonic@latest
zhuwensi commented 2 months ago 
go get github.com/bytedance/sonic@latest

Running go get github.com/bytedance/sonic@latest, it shows the same error:

[root@wonderland-01 one-api]# go get github.com/bytedance/sonic@latest
go: github.com/cloudwego/base64x@v0.1.3 requires
        github.com/bytedance/sonic/loader@v0.1.0: verifying go.mod: checksum mismatch
        downloaded: h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
        sum.golang.org: h1:UmRT+IRTGKz/DAkzcEGzyVqQFJ7H9BqwBO3pm9H/+HY=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.

I think this is because base64x depends on it. (and many other modules depend on sonic/loader@v0.1.0)

33 require (
 39     github.com/bytedance/sonic v1.11.6 // indirect
 41     github.com/cloudwego/base64x v0.1.3 // indirect  ======> here throws error.
AsterDY commented 2 months ago

try go get -u

zhuwensi commented 2 months ago

try go get -u

go get -u the same error.

AsterDY commented 2 months ago

execute go clean -modcache and rm go.sum first, then modify sonic's and base64x's (if depends) versions to the latest in "go.mod", finally go mod tidy

lovestu commented 1 month ago

maybe try go get github.com/bytedance/sonic@v1.11.8