v2.2.3 or @latest cannot be installed on FreeBSD 14.0's go1.20

sigstore / cosign

Code signing and transparency for containers and binaries

Apache License 2.0

4.24k stars 507 forks source link

v2.2.3 or @latest cannot be installed on FreeBSD 14.0's go1.20 #3631

Closed mandree closed 3 months ago

mandree commented 3 months ago

Description

Installation on FreeBSD 14.0 amd64's Go1.20 package fails:

/home/mandree/go/pkg/mod/github.com/buildkite/agent/v3@v3.62.0/api/retryable.go:8:2: package slices is not in GOROOT (/usr/local/go120/src/slices)
note: imported by a module that requires go 1.21

v2.2.2 can be installed.

Version

I tried both go install github.com/sigstore/cosign/v2/cmd/cosign@latest and go install github.com/sigstore/cosign/v2/cmd/cosign@v2.2.3, both failed.

$ go version go version go1.20.14 freebsd/amd64

cpanato commented 3 months ago

you need to upgrade your Go to at least 1.21, as Go1.20 is deprecated

mandree commented 3 months ago

This will happen when the FreeBSD port gets upgraded, not sooner. It doesn't suddently stop functioning when being deprecated. But thanks anyways, I'll go with a Python verifier then and forgo this user-unfriendly software.

cpanato commented 3 months ago

@mandree, you also can download the release binary we provide https://github.com/sigstore/cosign/releases/tag/v2.2.3

This issue is not a bug, it was upgraded to have the minimum GO1.21 because GO1.20 is deprecated

mandree commented 3 months ago

Then please make sure the thing rejects go1.20 (or go1.20 rejects cosign v2.2.3 or newer) before going to download shitloads of modules.