获取引用无效标签

huangapple go评论98阅读模式
英文:

go get referring invalid tag

问题

我一直在开发一个基于Go的二进制文件,遇到了一个奇怪的问题。

我有A包和B包,其中B包直接在A包中引用。

主应用程序(A包)使用B包,并且B包是通过其mod文件引用的。

所以我通过go get packageB-ref@v1.1.0为A包添加了B包的标记版本,但是遇到了一些问题,我删除了本地和远程(Github)上的该版本和标记,并基于新的提交创建了一个新的标记。Github确认新的发布是基于新的引用,但是当我通过新的提交引用相同的标记时,实际上引用的是相同的旧代码版本。

最近为了解决问题,我创建了一个名为v1.1.1的标记,虽然它修复了问题,但是现在即使我引用v1.1.0,它也会在最后给我以下消息。

root@CaesarPrime-AcerE5:/mnt/d/AppA# go get github.com/xxxx/B@master
go: downloading github.com/xxxx/B v1.11.0
go: downloading github.com/xxxx/xxxxz v0.3.2
go: downloading github.com/xxxx/xxxxd v1.1.1
go: downloading golang.org/xxxx/xxxxv v0.0.0-20220127200216-cd36cc0744dd
go: downloading golang.org/xxxx/xxxxb v0.3.7
go: downloading github.com/xxxx/xxxx v0.0.0-20170810143723-de5bf2ad4578
go: upgraded github.com/xxxx/B v1.1.0 => v1.1.1

我认为这可能是由于某种缓存问题,因为我在远程或本地都没有看到v1.1.1的标记。但是如果go git从远程存储库中拉取内容,它是如何拉取一些已删除的标记的呢?

或者我在包管理方面做错了什么奇怪的事情吗?

英文:

I have been developing a go based binary and there was a strange issue that I can across with.

So I do have package A and package B, where package B is directly referred in package A.

Main App (Package A) uses Package B
and package B is referred via it's mod file.

So I have added the tagged release of package B for package A via go get packageB-ref@v1.1.0, but as I encountered some issue, I deleted that release and tag locally and on remote (Github) and created a tag based on the newer commit. Github confirms that the new release is based on the new reference, however while I was referring the same tag via the new commit, it was actually referring to the same old code version.

And most recently, just to fix and come over with the issue, I created a tag named v1.1.1, however though it fixed the issue, now even by the time I refer v1.1.0, it gives me the following message in the end.

root@CaesarPrime-AcerE5:/mnt/d/AppA# go get github.com/xxxx/B@master
go: downloading github.com/xxxx/B v1.11.0
go: downloading github.com/xxxx/xxxxz v0.3.2
go: downloading github.com/xxxx/xxxxd v1.1.1
go: downloading golang.org/xxxx/xxxxv v0.0.0-20220127200216-cd36cc0744dd
go: downloading golang.org/xxxx/xxxxb v0.3.7
go: downloading github.com/xxxx/xxxx v0.0.0-20170810143723-de5bf2ad4578
go: upgraded github.com/xxxx/B v1.1.0 => v1.1.1

I believe that this would be due to some caching issue as I do neither see tag v1.1.1 in either remote or my local. But how can this happen if go git is pulling content from a remote repository as it had been pulling some deleted late tags.

Or am I doing something awkwardly wrong here in package management?

答案1

得分: 1

你是对的,被删除的标签可能存在于Go的公共代理中。

Go文档中提到:

一旦创建了一个标签,就不应该删除或更改为不同的修订版本。版本是经过身份验证的,以确保安全、可重复的构建。如果修改了标签,客户端在下载时可能会出现安全错误。即使标签被删除,其内容仍然可能在模块代理上可用。

你可以通过在go.mod文件中添加以下内容来撤销版本:

retract (
    v1.0.0 // 误发布的版本。
    v1.0.1 // 仅包含撤销内容。
)
英文:

You are right, the deleted tags probably exist in Go's public proxy

The go docs say:

> Once a tag is created, it should not be deleted or changed to a
> different revision. Versions are authenticated to ensure safe,
> repeatable builds. If a tag is modified, clients may see a security
> error when downloading it. Even after a tag is deleted, its content
> may remain available on module proxies.

You may retract a version by putting a stanza like this in go.mod:

retract (
    v1.0.0 // Published accidentally.
    v1.0.1 // Contains retractions only.
)

huangapple
  • 本文由 发表于 2023年1月30日 11:20:11
  • 转载请务必保留本文链接:https://go.coder-hub.com/75279991.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定