Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Libdns causing countless check sum errors #461

Closed
daniel-widrick opened this issue Feb 24, 2022 · 8 comments
Closed

Libdns causing countless check sum errors #461

daniel-widrick opened this issue Feb 24, 2022 · 8 comments
Assignees
@foxcpp
Labels
bug Something isn't working. ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele

Comments

@daniel-widrick
Copy link

Describe the bug

verifying github.com/libdns/[email protected]: checksum mismatch
downloaded: h1:Z5JKDpDGXIYYJPTnBegI0I2CHPBlNwiOfbWkKXAbvfA=
go.sum: h1:WiT1cO2LWY95YNocTVBGipHjvRaFQOxMQ9X5bTiryRo=

What do you think is wrong?
the libdns folks seem to be overwriting their release tags which is messing up go.sum checksums across their projects

Steps to reproduce

clone the maddy repo
checkout master
run ./build.sh

Log files

`[root@webserver maddy]# go clean -modcache
[root@webserver maddy]# go mod tidy
go: downloading github.com/emersion/go-imap v1.2.1-0.20220119134953-dcd9ee65c8c7
go: downloading github.com/emersion/go-imap-appendlimit v0.0.0-20210907172056-e3baed77bbe4
go: downloading github.com/emersion/go-imap-specialuse v0.0.0-20201101201809-1ab93d3d150e
go: downloading github.com/foxcpp/go-imap-sql v0.5.1-0.20210828123943-f74ead8f06cd
go: downloading github.com/urfave/cli v1.22.5
go: downloading golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
go: downloading github.com/caddyserver/certmagic v0.15.0
go: downloading github.com/emersion/go-smtp v0.15.1-0.20220119142625-1c322d2783aa
go: downloading github.com/miekg/dns v1.1.43
go: downloading golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0
go: downloading golang.org/x/text v0.3.7
go: downloading go.uber.org/zap v1.19.1
go: downloading github.com/emersion/go-sasl v0.0.0-20211008083017-0b9dcfb154ac
go: downloading github.com/foxcpp/go-dovecot-sasl v0.0.0-20200522223722-c4699d7a24bf
go: downloading github.com/go-ldap/ldap/v3 v3.4.1
go: downloading github.com/emersion/go-message v0.15.0
go: downloading github.com/emersion/go-msgauth v0.6.5
go: downloading github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
go: downloading github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897
go: downloading github.com/emersion/go-milter v0.3.2
go: downloading golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
go: downloading blitiri.com.ar/go/spf v1.2.0
go: downloading github.com/emersion/go-imap-compress v0.0.0-20201103190257-14809af1d1b9
go: downloading github.com/emersion/go-imap-move v0.0.0-20210907172020-fe4558f9c872
go: downloading github.com/emersion/go-imap-sortthread v1.2.0
go: downloading github.com/emersion/go-imap-unselect v0.0.0-20210907172115-4c2c4843bf69
go: downloading github.com/foxcpp/go-imap-i18nlevel v0.0.0-20200208001533-d6ec88553005
go: downloading github.com/foxcpp/go-imap-namespace v0.0.0-20200722130255-93092adf35f1
go: downloading github.com/prometheus/client_golang v1.11.0
go: downloading github.com/google/uuid v1.3.0
go: downloading github.com/libdns/alidns v1.0.2
go: downloading github.com/libdns/cloudflare v0.1.0
verifying github.com/libdns/[email protected]: checksum mismatch
downloaded: h1:Z5JKDpDGXIYYJPTnBegI0I2CHPBlNwiOfbWkKXAbvfA=
go.sum: h1:WiT1cO2LWY95YNocTVBGipHjvRaFQOxMQ9X5bTiryRo=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt`
Use a service like hastebin.com or attach a file if it is big

Configuration file

N/A

Environment information

  • Master Branch - Fedora 34
@daniel-widrick daniel-widrick added the bug Something isn't working. label Feb 24, 2022
@foxcpp
Copy link
Owner

foxcpp commented Mar 6, 2022

I am unable to reproduce the error with empty GOPATH and build cache.

@xdkaka
Copy link

xdkaka commented May 17, 2022

go get: github.com/foxcpp/go-imap-mess@none updating to
github.com/foxcpp/[email protected] requires
github.com/emersion/[email protected]: invalid version: unknown revision 271ea913b422

@foxcpp
Copy link
Owner

foxcpp commented Jun 19, 2022

go get: github.com/foxcpp/go-imap-mess@none updating to
github.com/foxcpp/[email protected] requires
github.com/emersion/[email protected]: invalid version: unknown revision 271ea913b422

emersion/go-imap@271ea913b422
Seems like go-imap-mess go.mod references a dangling commit in emersion/go-imap. Though it should not cause any issues, since it is replace'd anyway by foxcpp/go-imap...

@foxcpp foxcpp self-assigned this Jun 19, 2022
@apprehensions
Copy link

re-producible by me, what do?

@foxcpp foxcpp mentioned this issue Jan 8, 2023
Closed
@foxcpp
Copy link
Owner

foxcpp commented Jan 8, 2023

re-producible by me, what do?

Removing $GOPATH/pkg/mod/github.com/libdns/[email protected] directory may help.

@foxcpp
Copy link
Owner

foxcpp commented Jan 8, 2023

go get: github.com/foxcpp/go-imap-mess@none updating to
github.com/foxcpp/[email protected] requires
github.com/emersion/[email protected]: invalid version: unknown revision 271ea913b422

Another strange error I am failing to reproduce locally. dc11656 should fix it.

foxcpp added a commit that referenced this issue Jan 8, 2023
@foxcpp
Bump libdns implementations versions to dev versions
44dc130 
Done to make sure go.mod references commits rather than tags.
There is some evidence libdns developers overwrite them, causing
go.sum failures when building maddy. The only known offenders
are libdns/alidns and libdns/gandi, but I did the change for all
libdns implementations just in case.

See #461.
@foxcpp
Copy link
Owner

foxcpp commented Jan 8, 2023
edited
Loading

I pushed 44dc130 that pins libdns/gandi and libdns/alidns versions via commit. That should prevent overwriting Git tags from causing go.sum check failures. Can anybody confirm this indeed fixes the issue?

@apprehensions
Copy link

Yes.

@foxcpp foxcpp added the ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele label Jan 8, 2023
@foxcpp foxcpp closed this as completed Jan 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@foxcpp foxcpp

Labels
bug Something isn't working. ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xdkaka @daniel-widrick @foxcpp @apprehensions