jaegertracing / jaeger-client-go

🛑 This library is DEPRECATED!

Home Page:https://jaegertracing.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

go get v2.26.0 checksum mismatch

bygui86 opened this issue · comments

Requirement - what kind of business use case are you trying to solve?

Building a PoC to introduce tracing in company project

Problem - what in Jaeger blocks you from solving the requirement?

As mentioned in the README, I try to run go get -u github.com/uber/jaeger-client-go/ but I get following error

go: downloading github.com/uber/jaeger-client-go v2.26.0+incompatible
go get: github.com/uber/jaeger-client-go@v2.26.0+incompatible: verifying module: checksum mismatch
	downloaded: h1:ZI30Y3B7H1lHLDAv8Y3pngXEnDOIHdCbybgcZwqMLJg=
	sum.golang.org: h1:h285ag9YqU5dfE+D2tc2mL93wjg1YLveCCDgm2y4Rsg=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

If I change to v2.25.0 in my go.mod file, everything works.

Proposal - what do you suggest to solve the problem or improve the existing situation?

No idea how to solve this.

Additional info

  • OS: MacOS Big Sur 11.2.3
  • Go version: go1.16.3 darwin/amd64
  • Shell: zsh 5.8 (x86_64-apple-darwin19.6.0)

@joe-elliott this could be a side effect if retagging the release to a different commit. If we can't bust the cache, we may need to release a 2.26.1 patch.

I am currently able to pull 2.26.0 without issue:

@bygui86 do you mind trying again? perhaps cleaning the cache will help? (see below)

$ go mod init example.com/m
go: creating new go.mod: module example.com/m

$ go get -u github.com/uber/jaeger-client-go/
go: downloading github.com/uber/jaeger-client-go v2.26.0+incompatible
go: downloading github.com/uber/jaeger-lib v2.4.1+incompatible
go get: added github.com/opentracing/opentracing-go v1.2.0
go get: added github.com/uber/jaeger-client-go v2.26.0+incompatible
go get: added github.com/uber/jaeger-lib v2.4.1+incompatible
go get: added go.uber.org/atomic v1.7.0

$ go clean --modcache

$ go get -u github.com/uber/jaeger-client-go/
go: downloading github.com/uber/jaeger-client-go v2.26.0+incompatible
go: downloading github.com/opentracing/opentracing-go v1.2.0
go: downloading github.com/uber/jaeger-lib v2.4.1+incompatible
go: downloading go.uber.org/atomic v1.7.0
go: downloading github.com/uber/jaeger-lib v1.5.0
go: downloading github.com/uber/jaeger-client-go v1.6.0

I am seeing this same issue today and I can replicate @joe-elliott's pulling in a fresh project, but everytime I try to run the update in my existing project I still get an error

$ go clean --modcache
$ go get -u github.com/uber/jaeger-client-go
go: downloading github.com/uber/jaeger-client-go v2.26.0+incompatible
verifying github.com/uber/jaeger-client-go@v2.26.0+incompatible: checksum mismatch
	downloaded: h1:h285ag9YqU5dfE+D2tc2mL93wjg1YLveCCDgm2y4Rsg=
	go.sum:     h1:ZI30Y3B7H1lHLDAv8Y3pngXEnDOIHdCbybgcZwqMLJg=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

I was able to fix it by deleting the go.sum file first

$ rm go.sum
$ go get -u github.com/uber/jaeger-client-go
go: downloading github.com/uber/jaeger-client-go v2.26.0+incompatible
go: downloading github.com/uber/jaeger-lib v2.4.0+incompatible
go: downloading go.uber.org/atomic v1.7.0
go: downloading github.com/uber/jaeger-lib v1.5.0
go: downloading github.com/uber/jaeger-lib v2.4.1+incompatible
go: downloading github.com/uber/jaeger-client-go v1.6.0
go get: upgraded github.com/uber/jaeger-lib v2.4.0+incompatible => v2.4.1+incompatible

If the old hash got into your go.sum, you could see this mismatch.

Hello, the reason here is that module on proxy.golang.org has checksum:

h1:h285ag9YqU5dfE+D2tc2mL93wjg1YLveCCDgm2y4Rsg=

While when not using proxy.golang.org and having GOPROXY=direct results into module downloading from vcs with checksum:

h1:ZI30Y3B7H1lHLDAv8Y3pngXEnDOIHdCbybgcZwqMLJg=

I suppose the simplest thing to do is releasing new tag and never re-tag in the future.

I think @FZambia is right. I had the very same experience with go-proxy developing other libraries.

@joe-elliott unfortunately for me still does not work. Run following commands

$ rm -f go.sum

$ go clean --modcache

$ go mod download

go mod download: github.com/uber/jaeger-client-go@v2.26.0+incompatible: verifying module: checksum mismatch
	downloaded: h1:ZI30Y3B7H1lHLDAv8Y3pngXEnDOIHdCbybgcZwqMLJg=
	sum.golang.org: h1:h285ag9YqU5dfE+D2tc2mL93wjg1YLveCCDgm2y4Rsg=

SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

Here is my go.mod file:

module github.com/bygui86/go-postgres-cicd

go 1.16

require (
	github.com/DATA-DOG/go-sqlmock v1.5.0
	github.com/ExpansiveWorlds/instrumentedsql v0.0.0-20171218214018-45abb4b1947d
	github.com/HdrHistogram/hdrhistogram-go v1.1.0 // indirect
	github.com/cenkalti/backoff v2.2.1+incompatible
	github.com/docker/go-connections v0.4.0
	github.com/google/martian v2.1.0+incompatible // indirect
	github.com/googleapis/gax-go v1.0.3 // indirect
	github.com/gorilla/mux v1.8.0
	github.com/lib/pq v1.10.0
	github.com/mattn/go-sqlite3 v1.14.7 // indirect
	github.com/opentracing/opentracing-go v1.2.0
	github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5
	github.com/openzipkin/zipkin-go v0.2.5
	github.com/prometheus/client_golang v1.10.0
	github.com/stretchr/testify v1.7.0
	github.com/testcontainers/testcontainers-go v0.10.0
	github.com/uber/jaeger-client-go v2.26.0+incompatible
	github.com/uber/jaeger-lib v2.4.1+incompatible
	go.uber.org/zap v1.16.0
)

I changed manually from github.com/uber/jaeger-client-go v2.25.0+incompatible to github.com/uber/jaeger-client-go v2.26.0+incompatible

Released 2.27.0

Amazing thanks!!