Go install doesn't work due to checksum mismatch

[jonahjon]

Description

The latest go install isn't working due to a checksum mismatch. It should be able to install using @latest tag. ``` go version go1.17.2 darwin/amd64 ... go install github.com/sigstore/k8s-manifest-sigstore/cmd/kubectl-sigstore@latest go: downloading github.com/sigstore/k8s-manifest-sigstore v0.1.0 go install: github.com/sigstore/k8s-manifest-sigstore/cmd/kubectl-sigstore@latest: github.com/sigstore/k8s-manifest-sigstore@v0.1.0: verifying module: checksum mismatch downloaded: h1:hEGzVLLm5wdwrxkThgo1VKEE6JH68OKz+gXKQN9eQl8= sum.golang.org: h1:NKVclDH/UFHBSYPVvgKbOwLLi8WTjvtiHOW8vY+E9kg= SECURITY ERROR This download does NOT match the one reported by the checksum server. The bits may have been replaced on the origin server, or an attacker may have intercepted the download attempt. ```

[hirokuni-kitahara]

Thank you for reporting this @jonahjon Unfortunately, this issue did not reproduce both in my laptop and in a newly installed go 1.17.2 env inside a docker container. The log was like the below.

$ docker run --name go -t -i --rm golang:1.17.2 bash

root@1bd9865c03fa:/go# go install github.com/sigstore/k8s-manifest-sigstore/cmd/kubectl-sigstore@latest
go: downloading github.com/sigstore/k8s-manifest-sigstore v0.1.0
go: downloading github.com/ghodss/yaml v1.0.0

...

go: downloading github.com/Azure/go-autorest/autorest/azure/cli v0.4.2
go: downloading github.com/dimchansky/utfbom v1.1.1

root@1bd9865c03fa:/go# kubectl-sigstore version
{"Major":"0","Minor":"1","GitVersion":"v0.1.0","GitCommit":"unknown","GitTreeState":"unknown","BuildDate":"unknown","GoVersion":"go1.17.2","Compiler":"gc","Platform":"linux/amd64"}

As far as I know, that checksum issue can be caused by local module cache, so you can try cleaning them with the command below. (this could take a while)

$ go clean -modcache