search

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
10.79k stars 503 forks source link

Build fails with Go > 1.17: Inconsistent vendoring #770

Closed onny closed 1 year ago

onny commented 1 year ago

Describe the bug

Building OpenSnitch with Go > 1.17 fails

After applying following patch, it builds again

diff --git a/daemon/go.mod b/daemon/go.mod
index d42f97c..f9eb296 100644
--- a/daemon/go.mod
+++ b/daemon/go.mod
@@ -9,11 +9,8 @@ require (
        github.com/google/nftables v0.0.0-20210514154851-a285acebcad3
        github.com/iovisor/gobpf v0.2.0
        github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452
-       github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae // indirect
        golang.org/x/net v0.0.0-20191028085509-fe3aa8a45271
-       golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 // indirect
        golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
-       golang.org/x/text v0.3.0 // indirect
        google.golang.org/grpc v1.32.0
-       google.golang.org/protobuf v1.26.0 // indirect
+       google.golang.org/protobuf v1.26.0
 )

Include the following information:

To Reproduce

git clone https://github.com/NixOS/nixpkgs.git
cd nixpkgs
nix build -L -f . opensnitch

Post error logs: 

opensnitch> unpacking sources
opensnitch> unpacking source archive /nix/store/qaihjyxd6vmg2fxjvbqnx9y9lfaqkl9s-source
opensnitch> source root is source
opensnitch> patching sources
opensnitch> applying patch /nix/store/z3ikhcsg0hc60sczdc5y0wr8c24055m7-dont-require-config-in-etc.patch
opensnitch> patching file daemon/ui/config.go
opensnitch> configuring
opensnitch> building
opensnitch> make: Entering directory '/build/source/proto'
opensnitch> protoc -I. ui.proto --go_out=../daemon/ui/protocol/ --go-grpc_out=../daemon/ui/protocol/ --go_opt=paths=source_relative --go-grpc_opt=paths=source_relative
opensnitch> make: Leaving directory '/build/source/proto'
opensnitch> Building subPackage .
opensnitch> go: inconsistent vendoring in /build/source/daemon:
opensnitch>     github.com/evilsocket/ftrace@v1.2.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     github.com/fsnotify/fsnotify@v1.4.7: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     github.com/google/gopacket@v1.1.14: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     github.com/google/nftables@v0.0.0-20210514154851-a285acebcad3: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     github.com/iovisor/gobpf@v0.2.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     github.com/vishvananda/netlink@v0.0.0-20210811191823-e1a867c6b452: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     github.com/vishvananda/netns@v0.0.0-20200728191858-db3c7e526aae: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     golang.org/x/net@v0.0.0-20191028085509-fe3aa8a45271: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     golang.org/x/sync@v0.0.0-20200625203802-6e8e738ad208: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     golang.org/x/sys@v0.0.0-20200728102440-3e129f6d46b1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     golang.org/x/text@v0.3.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     google.golang.org/grpc@v1.32.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     google.golang.org/protobuf@v1.26.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     To ignore the vendor directory, use -mod=readonly or -mod=mod.
opensnitch>     To sync the vendor directory, run:
opensnitch>             go mod vendor
gustavo-iniguez-goya commented 1 year ago

Hi @onny ,

I've fixed the go.mod file on branch v1.5.0. It was not failing on Debian with Go 1.19, but anyway, those indirect deps weren't on master.

Thank you.

onny commented 1 year ago

Thank you for trying to fix the issue. When trying to apply your patch I still get following error

opensnitch> Building subPackage .
opensnitch> go: inconsistent vendoring in /build/source/daemon:
opensnitch>     github.com/golang/protobuf@v1.5.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
opensnitch>     To ignore the vendor directory, use -mod=readonly or -mod=mod.
opensnitch>     To sync the vendor directory, run:
opensnitch>             go mod vendor
gustavo-iniguez-goya commented 1 year ago

I don't have any of these issues on Debian (go 1.19.3). protobuf@v1.5.0was added by go mod tidy

Why don't you run go mod vendor? That would aligned go.mod versions with vendor/modules.txt

gustavo-iniguez-goya commented 1 year ago

if vendor/modules.txt is outdated run go mod vendor to sync needed versions.

by the way, thank you for packaging for nix! :heart:

onny commented 9 months ago

Still encountering this issue while trying to package for NixOS. Here's what I have to do: Run in the OpenSnitch daemon dir:

go mod tidy
go mod vendor

Override both files in the sources and update vendorHash in the nix package derivation.