Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

buildGoModule: disable consult the checksum database on build #74811

Merged

Conversation

marsam
Copy link
Contributor

@marsam marsam commented Dec 2, 2019

Motivation for this change

Since Go 1.13, GOSUMDB defaults to "sum.golang.org", to consult the
checksum database of the main module's go.sum.

We already use the default behavior when building go-modules, but Go
tries to consult the checksum database again when building the module,
and fails because since it requires cacert and git, which are not
propagated when building the package.

example failure: https://github.com/NixOS/nixpkgs/pull/74798/checks?check_run_id=328167165

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc: @kalbasit, @c00w, @rvolosatovs

Since Go 1.13, `GOSUMDB` defaults to "sum.golang.org", to consult the
checksum database of the main module's go.sum.

We already use the default behavior when building `go-modules`, but Go
tries to consult the checksum database again when building the module,
and fails because since it requires `cacert` and `git` which are not
propagated when building the package.
@colemickens
Copy link
Member

It fails anyway since it tries to hit the network right? This issue blocked me here until I changed the version of Go used, based on another package using a similar workaround: #73613

@c00w
Copy link
Contributor

c00w commented Dec 2, 2019 via email

@marsam marsam merged commit 21c657c into NixOS:master Dec 7, 2019
@marsam
Copy link
Contributor Author

marsam commented Dec 7, 2019

It fails anyway since it tries to hit the network right?

yes, it's because go module-mode tries to access the network to consult the checksum database

I think the udp refusal is just the sandbox right?

kind of, if fails because the go package is built as a regular derivation which does not allow impurities such as accessing network.

Merging as-is because it's blocking: #74798 #74150 #73613

Thank you @colemickens, and @c00w

@marsam marsam deleted the buildGoModule-disable-goproxy-on-package-build branch December 7, 2019 23:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants