Find checksum of every dependency in golang

I want to be able to get the checksum of every package used by a go program, including packages used within modules.

runtime/debug in the standard library has ReadBuildInfo(), which is great, but it only gives data for modules, not for packages.

Example:

package pkgA

var Foo = 1

package pkgB

import "pkgA"

var Bar = pkgA.Foo

package main

import (
	"fmt"
	"runtime/debug"

	"example/pkgB"
)

func main() {
	_ = pkgB.Bar

	b, ok := debug.ReadBuildInfo()
	if !ok {
		fmt.Println("not ok!")
		return
	}

	for _, module := range b.Deps {
		fmt.Println(module.Path, module.Sum)
	}
}

The output is like

pkgB v0.0.0-20210225235400-92e28d816f64

There is no info on A. I believe this is because pkgB and pkgA both belong to the same module.

Question: Is there any way to access the checksum for pkgA?

The Go checksum database stores checksums for modules, not packages.
The debug information embedded in a binary does not include the mapping from packages to modules, but if you have access to the module's source you can use go list to report the mapping from packages to modules:

go list -f '{{if .Module}}{{.ImportPath}}: {{.Module}}{{end}}' all

You can use that mapping, in conjunction with the module-level checksums, to verify that each package has the correct source code. (Note that go mod verify already implements that verification.)