Open iwahbe opened 7 months ago
This should be fixed in go 1.21.4
This happened to me on go 1.12.5...
Package os/user does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
and many others. Am I doing something wrong?
The problem is that in library.go
, the isStdlib()
function checks whether a package is stored below GOROOT or not, and if so, it is considered to be a standard library which is allowed to have no module info. That is not true anymore when using toolchains, e.g. for me while my GOROOT is /opt/homebrew/Cellar/go/1.21.4/libexec/
, the package for a standard library is coming from /Users/roland/Development/go/workspace/pkg/mod/golang.org/toolchain@v0.0.1-go1.21.5.darwin-arm64/src/encoding/json/decode.go
, a directory outside of GOROOT
.
The result is that your standard libs (that don't have any modules) will then trigger this error because they are not detected as standard libs anymore.
// isStdLib returns true if this package is part of the Go standard library.
func isStdLib(pkg *packages.Package) bool {
if pkg.Name == "unsafe" {
// Special case unsafe stdlib, because it does not contain go files.
return true
}
if len(pkg.GoFiles) == 0 {
return false
}
prefix := build.Default.GOROOT
sep := string(filepath.Separator)
if !strings.HasSuffix(prefix, sep) {
prefix += sep
}
return strings.HasPrefix(pkg.GoFiles[0], prefix)
}
The solution would be to fix isStdLib()
to respect toolchains to be stored outside of GOROOT
.
Some additional context:
GOTOOLCHAIN=local
as an environment variable.go.mod
), then go will download that toolchain below $GOPATH, not $GOROOT.You could add a toolchain default
to your go.mod file.
In the end, it's a lottery ;-) If your local go installation is the same or newer than any specified toolchain (either in go.mod or via env var), then you are lucky because your bundled toolchain is used. If not, the toolchain will be downloaded by your go installation and stored below $GOPATH,
not $GOROOT
(probably because you might not have permission to do so).
All the gory details about toolchains are in the go toolchain docs
I am seeing a license warning for all stdlib packages used:
(source: https://github.com/pulumi/pulumi-vault/actions/runs/6817936124/job/18542508655?pr=330)
This is not the case when I change the version back from
go 1.21.3
togo 1.21
.It looks like there is some problem with https://github.com/google/go-licenses/tree/master/internal/third_party/pkgsite, but I'm not familiar enough with this repo to be sure.