foxcpp
Libdns causing countless check sum errors
Describe the bug
verifying github.com/libdns/[email protected]: checksum mismatch downloaded: h1:Z5JKDpDGXIYYJPTnBegI0I2CHPBlNwiOfbWkKXAbvfA= go.sum: h1:WiT1cO2LWY95YNocTVBGipHjvRaFQOxMQ9X5bTiryRo=
What do you think is wrong? the libdns folks seem to be overwriting their release tags which is messing up go.sum checksums across their projects
Steps to reproduce
clone the maddy repo checkout master run ./build.sh
Log files
`[root@webserver maddy]# go clean -modcache [root@webserver maddy]# go mod tidy go: downloading github.com/emersion/go-imap v1.2.1-0.20220119134953-dcd9ee65c8c7 go: downloading github.com/emersion/go-imap-appendlimit v0.0.0-20210907172056-e3baed77bbe4 go: downloading github.com/emersion/go-imap-specialuse v0.0.0-20201101201809-1ab93d3d150e go: downloading github.com/foxcpp/go-imap-sql v0.5.1-0.20210828123943-f74ead8f06cd go: downloading github.com/urfave/cli v1.22.5 go: downloading golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 go: downloading github.com/caddyserver/certmagic v0.15.0 go: downloading github.com/emersion/go-smtp v0.15.1-0.20220119142625-1c322d2783aa go: downloading github.com/miekg/dns v1.1.43 go: downloading golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0 go: downloading golang.org/x/text v0.3.7 go: downloading go.uber.org/zap v1.19.1 go: downloading github.com/emersion/go-sasl v0.0.0-20211008083017-0b9dcfb154ac go: downloading github.com/foxcpp/go-dovecot-sasl v0.0.0-20200522223722-c4699d7a24bf go: downloading github.com/go-ldap/ldap/v3 v3.4.1 go: downloading github.com/emersion/go-message v0.15.0 go: downloading github.com/emersion/go-msgauth v0.6.5 go: downloading github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 go: downloading github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 go: downloading github.com/emersion/go-milter v0.3.2 go: downloading golang.org/x/sync v0.0.0-20210220032951-036812b2e83c go: downloading blitiri.com.ar/go/spf v1.2.0 go: downloading github.com/emersion/go-imap-compress v0.0.0-20201103190257-14809af1d1b9 go: downloading github.com/emersion/go-imap-move v0.0.0-20210907172020-fe4558f9c872 go: downloading github.com/emersion/go-imap-sortthread v1.2.0 go: downloading github.com/emersion/go-imap-unselect v0.0.0-20210907172115-4c2c4843bf69 go: downloading github.com/foxcpp/go-imap-i18nlevel v0.0.0-20200208001533-d6ec88553005 go: downloading github.com/foxcpp/go-imap-namespace v0.0.0-20200722130255-93092adf35f1 go: downloading github.com/prometheus/client_golang v1.11.0 go: downloading github.com/google/uuid v1.3.0 go: downloading github.com/libdns/alidns v1.0.2 go: downloading github.com/libdns/cloudflare v0.1.0 verifying github.com/libdns/[email protected]: checksum mismatch downloaded: h1:Z5JKDpDGXIYYJPTnBegI0I2CHPBlNwiOfbWkKXAbvfA= go.sum: h1:WiT1cO2LWY95YNocTVBGipHjvRaFQOxMQ9X5bTiryRo=
SECURITY ERROR This download does NOT match an earlier download recorded in go.sum. The bits may have been replaced on the origin server, or an attacker may have intercepted the download attempt` Use a service like hastebin.com or attach a file if it is big
Configuration file
N/A
Environment information
- Master Branch - Fedora 34
go get: github.com/foxcpp/go-imap-mess@none updating to github.com/foxcpp/[email protected] requires github.com/emersion/[email protected]: invalid version: unknown revision 271ea913b422
go get: github.com/foxcpp/go-imap-mess@none updating to github.com/foxcpp/[email protected] requires github.com/emersion/[email protected]: invalid version: unknown revision 271ea913b422
https://github.com/emersion/go-imap/commit/271ea913b422
Seems like go-imap-mess go.mod references a dangling commit in emersion/go-imap. Though it should not cause any issues, since it is replace'd anyway by foxcpp/go-imap...
re-producible by me, what do?
Removing $GOPATH/pkg/mod/github.com/libdns/[email protected] directory may help.
go get: github.com/foxcpp/go-imap-mess@none updating to github.com/foxcpp/[email protected] requires github.com/emersion/[email protected]: invalid version: unknown revision 271ea913b422
Another strange error I am failing to reproduce locally. dc11656 should fix it.
I pushed 44dc130 that pins libdns/gandi and libdns/alidns versions via commit. That should prevent overwriting Git tags from causing go.sum check failures. Can anybody confirm this indeed fixes the issue?