Open johnnybubonic opened 3 months ago
Related Issues and Documentation
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
The error form the .info endpoint:
not found: r00t2.io/wireproto@v1.0.0: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /tmp/gopath/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225: exit status 128:
fatal: mismatched algorithms: client sha1; server sha256
is the same as if you used GOPROXY=direct
:
$ go get -v -x r00t2.io/wireproto@v1.0.0
# get https://r00t2.io/?go-get=1
# get https://r00t2.io/wireproto?go-get=1
# get https://r00t2.io/?go-get=1: 200 OK (0.775s)
# get https://r00t2.io/wireproto?go-get=1: 200 OK (0.882s)
get "r00t2.io/wireproto": found meta tag vcs.metaImport{Prefix:"r00t2.io/wireproto", VCS:"git", RepoRoot:"https://git.r00t2.io/r00t2/go_wireproto"} at //r00t2.io/wireproto?go-get=1
mkdir -p /home/user/.data/go/pkg/mod/cache/vcs # git3 https://git.r00t2.io/r00t2/go_wireproto
# lock /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225.lock
# /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225 for git3 https://git.r00t2.io/r00t2/go_wireproto
cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git tag -l
0.004s # cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git tag -l
cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git ls-remote -q origin
0.519s # cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git ls-remote -q origin
cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git -c log.showsignature=false log --no-decorate -n1 '--format=format:%H %ct %D' 15fd8df0bff4b9b0f2c455422e57ef2bc6f8add5c95e045f9b51021874f22440 --
0.004s # cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git -c log.showsignature=false log --no-decorate -n1 '--format=format:%H %ct %D' 15fd8df0bff4b9b0f2c455422e57ef2bc6f8add5c95e045f9b51021874f22440 --
cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git -c protocol.version=2 fetch -f --depth=1 origin refs/tags/v1.0.0:refs/tags/v1.0.0
0.513s # cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git -c protocol.version=2 fetch -f --depth=1 origin refs/tags/v1.0.0:refs/tags/v1.0.0
cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git fetch -f origin 'refs/heads/*:refs/heads/*' 'refs/tags/*:refs/tags/*'
0.504s # cd /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225; git fetch -f origin 'refs/heads/*:refs/heads/*' 'refs/tags/*:refs/tags/*'
go: r00t2.io/wireproto@v1.0.0: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/user/.data/go/pkg/mod/cache/vcs/3e171304ac1e55b26a8f8d1dae1cb29af5fc6089d97d912ba5cb27873649d225: exit status 128:
fatal: mismatched algorithms: client sha1; server sha256
go
fetches the a version using git init
+ git remote add
+ fetches,
and the local init will use sha1, resulting in a mismatch with the remote using sha256
I needed this library accessible for other projects, so I have deleted the above repository and re-recreated it using SHA1 commit hashes.
In its place, I have turned up a testing repository/module that can be used (and is quite a bit smaller) to aid in testing SHA256 commit hashes with go mod
:
https://git.r00t2.io/r00t2/go_sha256repo
The import path is r00t2.io/sha256repo
; I have set up an identical import URL for it.
It sounds like we can look at the hash length from ls-remote and then add --objectformat=sha256 to the 'git init' that we do.
Go version
go version go1.22.4 linux/amd64
Output of
go env
in your module/workspace:What did you do?
Let me preface this that this is likely (also?) an issue with the Go mod proxy, and my apologies if there's already an open issue for this but I looked and didn't see one (though one can imagine searching for
"git" "sha256"
in the Issues is going to return a lot of unrelated issues regardless for this project).It is, however, unfortunately painfully apparent that SHA256 commit hashes do not seem to be supported:
(NOTE: Please see this comment; the module shown below has been recreated with SHA1 hashes and a new repository/module has been created to test with.)
See also here, which provides a bit more useful info.
The same issue is present with 1.23 RC1 as well, of course:
The repository itself is fine (I have so-called "vanity" Go module roots/import paths):
The redirect is correct:
And it works fine with older repositories still using
SHA1
commit hashes.What did you see happen?
(See above)
What did you expect to see?
SHA256 commit hashes supported (as they've been in upstream git since ~ early 2021-ish?).