mirror of
https://github.com/golang/go.git
synced 2024-09-21 10:28:27 +00:00
cmd/go: remove -insecure flag on go get
Resolves #37519
Change-Id: Iba675a180b0e61b12835cdb6ecd4c6dc61e0605c
GitHub-Last-Rev: aa018af6f8
GitHub-Pull-Request: golang/go#44724
Reviewed-on: https://go-review.googlesource.com/c/go/+/297709
Trust: Jay Conrod <jayconrod@google.com>
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
This commit is contained in:
parent
2a2f99eefb
commit
312fd9937d
@ -43,8 +43,16 @@ Do not send CLs removing the interior tags from such phrases.
|
||||
|
||||
<h3 id="go-command">Go command</h3>
|
||||
|
||||
<p>
|
||||
TODO: complete this section, or delete if not needed
|
||||
<h4 id="go-get"><code>go</code> <code>get</code></h4>
|
||||
|
||||
<p><!-- golang.org/issue/37519 -->
|
||||
The <code>go</code> <code>get</code> <code>-insecure</code> flag is
|
||||
deprecated and has been removed. To permit the use of insecure schemes
|
||||
when fetching dependencies, please use the <code>GOINSECURE</code>
|
||||
environment variable. The <code>-insecure</code> flag also bypassed module
|
||||
sum validation, use <code>GOPRIVATE</code> or <code>GONOSUMDB</code> if
|
||||
you need that functionality. See <code>go</code> <code>help</code>
|
||||
<code>environment</code> for details.
|
||||
</p>
|
||||
|
||||
<h2 id="runtime">Runtime</h2>
|
||||
|
@ -596,7 +596,7 @@
|
||||
//
|
||||
// Usage:
|
||||
//
|
||||
// go get [-d] [-t] [-u] [-v] [-insecure] [build flags] [packages]
|
||||
// go get [-d] [-t] [-u] [-v] [build flags] [packages]
|
||||
//
|
||||
// Get resolves its command-line arguments to packages at specific module versions,
|
||||
// updates go.mod to require those versions, downloads source code into the
|
||||
@ -641,14 +641,6 @@
|
||||
// When the -t and -u flags are used together, get will update
|
||||
// test dependencies as well.
|
||||
//
|
||||
// The -insecure flag permits fetching from repositories and resolving
|
||||
// custom domains using insecure schemes such as HTTP, and also bypassess
|
||||
// module sum validation using the checksum database. Use with caution.
|
||||
// This flag is deprecated and will be removed in a future version of go.
|
||||
// To permit the use of insecure schemes, use the GOINSECURE environment
|
||||
// variable instead. To bypass module sum validation, use GOPRIVATE or
|
||||
// GONOSUMDB. See 'go help environment' for details.
|
||||
//
|
||||
// The -d flag instructs get not to build or install packages. get will only
|
||||
// update go.mod and download source code needed to build packages.
|
||||
//
|
||||
@ -1783,9 +1775,8 @@
|
||||
// Comma-separated list of glob patterns (in the syntax of Go's path.Match)
|
||||
// of module path prefixes that should always be fetched in an insecure
|
||||
// manner. Only applies to dependencies that are being fetched directly.
|
||||
// Unlike the -insecure flag on 'go get', GOINSECURE does not disable
|
||||
// checksum database validation. GOPRIVATE or GONOSUMDB may be used
|
||||
// to achieve that.
|
||||
// GOINSECURE does not disable checksum database validation. GOPRIVATE or
|
||||
// GONOSUMDB may be used to achieve that.
|
||||
// GOOS
|
||||
// The operating system for which to compile code.
|
||||
// Examples are linux, darwin, windows, netbsd.
|
||||
@ -2135,7 +2126,7 @@
|
||||
// This help text, accessible as 'go help gopath-get' even in module-aware mode,
|
||||
// describes 'go get' as it operates in legacy GOPATH mode.
|
||||
//
|
||||
// Usage: go get [-d] [-f] [-t] [-u] [-v] [-fix] [-insecure] [build flags] [packages]
|
||||
// Usage: go get [-d] [-f] [-t] [-u] [-v] [-fix] [build flags] [packages]
|
||||
//
|
||||
// Get downloads the packages named by the import paths, along with their
|
||||
// dependencies. It then installs the named packages, like 'go install'.
|
||||
@ -2151,13 +2142,6 @@
|
||||
// The -fix flag instructs get to run the fix tool on the downloaded packages
|
||||
// before resolving dependencies or building the code.
|
||||
//
|
||||
// The -insecure flag permits fetching from repositories and resolving
|
||||
// custom domains using insecure schemes such as HTTP. Use with caution.
|
||||
// This flag is deprecated and will be removed in a future version of go.
|
||||
// The GOINSECURE environment variable should be used instead, since it
|
||||
// provides control over which packages may be retrieved using an insecure
|
||||
// scheme. See 'go help environment' for details.
|
||||
//
|
||||
// The -t flag instructs get to also download the packages required to build
|
||||
// the tests for the specified packages.
|
||||
//
|
||||
@ -2342,7 +2326,7 @@
|
||||
// will result in the following requests:
|
||||
//
|
||||
// https://example.org/pkg/foo?go-get=1 (preferred)
|
||||
// http://example.org/pkg/foo?go-get=1 (fallback, only with -insecure)
|
||||
// http://example.org/pkg/foo?go-get=1 (fallback, only with use of correctly set GOINSECURE)
|
||||
//
|
||||
// If that page contains the meta tag
|
||||
//
|
||||
|
@ -51,8 +51,6 @@ var (
|
||||
ModCacheRW bool // -modcacherw flag
|
||||
ModFile string // -modfile flag
|
||||
|
||||
Insecure bool // -insecure flag
|
||||
|
||||
CmdName string // "build", "install", "list", "mod tidy", etc.
|
||||
|
||||
DebugActiongraph string // -debug-actiongraph flag (undocumented, unstable)
|
||||
|
@ -26,7 +26,7 @@ import (
|
||||
)
|
||||
|
||||
var CmdGet = &base.Command{
|
||||
UsageLine: "go get [-d] [-f] [-t] [-u] [-v] [-fix] [-insecure] [build flags] [packages]",
|
||||
UsageLine: "go get [-d] [-f] [-t] [-u] [-v] [-fix] [build flags] [packages]",
|
||||
Short: "download and install packages and dependencies",
|
||||
Long: `
|
||||
Get downloads the packages named by the import paths, along with their
|
||||
@ -43,13 +43,6 @@ of the original.
|
||||
The -fix flag instructs get to run the fix tool on the downloaded packages
|
||||
before resolving dependencies or building the code.
|
||||
|
||||
The -insecure flag permits fetching from repositories and resolving
|
||||
custom domains using insecure schemes such as HTTP. Use with caution.
|
||||
This flag is deprecated and will be removed in a future version of go.
|
||||
The GOINSECURE environment variable should be used instead, since it
|
||||
provides control over which packages may be retrieved using an insecure
|
||||
scheme. See 'go help environment' for details.
|
||||
|
||||
The -t flag instructs get to also download the packages required to build
|
||||
the tests for the specified packages.
|
||||
|
||||
@ -105,17 +98,17 @@ Usage: ` + CmdGet.UsageLine + `
|
||||
}
|
||||
|
||||
var (
|
||||
getD = CmdGet.Flag.Bool("d", false, "")
|
||||
getF = CmdGet.Flag.Bool("f", false, "")
|
||||
getT = CmdGet.Flag.Bool("t", false, "")
|
||||
getU = CmdGet.Flag.Bool("u", false, "")
|
||||
getFix = CmdGet.Flag.Bool("fix", false, "")
|
||||
getD = CmdGet.Flag.Bool("d", false, "")
|
||||
getF = CmdGet.Flag.Bool("f", false, "")
|
||||
getT = CmdGet.Flag.Bool("t", false, "")
|
||||
getU = CmdGet.Flag.Bool("u", false, "")
|
||||
getFix = CmdGet.Flag.Bool("fix", false, "")
|
||||
getInsecure = CmdGet.Flag.Bool("insecure", false, "")
|
||||
)
|
||||
|
||||
func init() {
|
||||
work.AddBuildFlags(CmdGet, work.OmitModFlag|work.OmitModCommonFlags)
|
||||
CmdGet.Run = runGet // break init loop
|
||||
CmdGet.Flag.BoolVar(&cfg.Insecure, "insecure", cfg.Insecure, "")
|
||||
}
|
||||
|
||||
func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
||||
@ -129,8 +122,8 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
||||
if *getF && !*getU {
|
||||
base.Fatalf("go get: cannot use -f flag without -u")
|
||||
}
|
||||
if cfg.Insecure {
|
||||
fmt.Fprintf(os.Stderr, "go get: -insecure flag is deprecated; see 'go help get' for details\n")
|
||||
if *getInsecure {
|
||||
base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
|
||||
}
|
||||
|
||||
// Disable any prompting for passwords by Git.
|
||||
@ -435,7 +428,7 @@ func downloadPackage(p *load.Package) error {
|
||||
return fmt.Errorf("%s: invalid import path: %v", p.ImportPath, err)
|
||||
}
|
||||
security := web.SecureOnly
|
||||
if cfg.Insecure || module.MatchPrefixPatterns(cfg.GOINSECURE, importPrefix) {
|
||||
if module.MatchPrefixPatterns(cfg.GOINSECURE, importPrefix) {
|
||||
security = web.Insecure
|
||||
}
|
||||
|
||||
|
@ -251,7 +251,7 @@ For example,
|
||||
will result in the following requests:
|
||||
|
||||
https://example.org/pkg/foo?go-get=1 (preferred)
|
||||
http://example.org/pkg/foo?go-get=1 (fallback, only with -insecure)
|
||||
http://example.org/pkg/foo?go-get=1 (fallback, only with use of correctly set GOINSECURE)
|
||||
|
||||
If that page contains the meta tag
|
||||
|
||||
@ -517,9 +517,8 @@ General-purpose environment variables:
|
||||
Comma-separated list of glob patterns (in the syntax of Go's path.Match)
|
||||
of module path prefixes that should always be fetched in an insecure
|
||||
manner. Only applies to dependencies that are being fetched directly.
|
||||
Unlike the -insecure flag on 'go get', GOINSECURE does not disable
|
||||
checksum database validation. GOPRIVATE or GONOSUMDB may be used
|
||||
to achieve that.
|
||||
GOINSECURE does not disable checksum database validation. GOPRIVATE or
|
||||
GONOSUMDB may be used to achieve that.
|
||||
GOOS
|
||||
The operating system for which to compile code.
|
||||
Examples are linux, darwin, windows, netbsd.
|
||||
|
@ -1,16 +0,0 @@
|
||||
// Copyright 2018 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package modfetch
|
||||
|
||||
import (
|
||||
"cmd/go/internal/cfg"
|
||||
|
||||
"golang.org/x/mod/module"
|
||||
)
|
||||
|
||||
// allowInsecure reports whether we are allowed to fetch this path in an insecure manner.
|
||||
func allowInsecure(path string) bool {
|
||||
return cfg.Insecure || module.MatchPrefixPatterns(cfg.GOINSECURE, path)
|
||||
}
|
@ -267,7 +267,7 @@ var (
|
||||
func lookupDirect(path string) (Repo, error) {
|
||||
security := web.SecureOnly
|
||||
|
||||
if allowInsecure(path) {
|
||||
if module.MatchPrefixPatterns(cfg.GOINSECURE, path) {
|
||||
security = web.Insecure
|
||||
}
|
||||
rr, err := vcs.RepoRootForImportPath(path, vcs.PreferMod, security)
|
||||
@ -312,7 +312,7 @@ func ImportRepoRev(path, rev string) (Repo, *RevInfo, error) {
|
||||
// version control system, we ignore meta tags about modules
|
||||
// and use only direct source control entries (get.IgnoreMod).
|
||||
security := web.SecureOnly
|
||||
if allowInsecure(path) {
|
||||
if module.MatchPrefixPatterns(cfg.GOINSECURE, path) {
|
||||
security = web.Insecure
|
||||
}
|
||||
rr, err := vcs.RepoRootForImportPath(path, vcs.IgnoreMod, security)
|
||||
|
@ -34,7 +34,7 @@ import (
|
||||
|
||||
// useSumDB reports whether to use the Go checksum database for the given module.
|
||||
func useSumDB(mod module.Version) bool {
|
||||
return cfg.GOSUMDB != "off" && !cfg.Insecure && !module.MatchPrefixPatterns(cfg.GONOSUMDB, mod.Path)
|
||||
return cfg.GOSUMDB != "off" && !module.MatchPrefixPatterns(cfg.GONOSUMDB, mod.Path)
|
||||
}
|
||||
|
||||
// lookupSumDB returns the Go checksum database's go.sum lines for the given module,
|
||||
|
@ -37,7 +37,6 @@ import (
|
||||
"sync"
|
||||
|
||||
"cmd/go/internal/base"
|
||||
"cmd/go/internal/cfg"
|
||||
"cmd/go/internal/imports"
|
||||
"cmd/go/internal/load"
|
||||
"cmd/go/internal/modload"
|
||||
@ -53,7 +52,7 @@ import (
|
||||
var CmdGet = &base.Command{
|
||||
// Note: -d -u are listed explicitly because they are the most common get flags.
|
||||
// Do not send CLs removing them because they're covered by [get flags].
|
||||
UsageLine: "go get [-d] [-t] [-u] [-v] [-insecure] [build flags] [packages]",
|
||||
UsageLine: "go get [-d] [-t] [-u] [-v] [build flags] [packages]",
|
||||
Short: "add dependencies to current module and install them",
|
||||
Long: `
|
||||
Get resolves its command-line arguments to packages at specific module versions,
|
||||
@ -99,14 +98,6 @@ but changes the default to select patch releases.
|
||||
When the -t and -u flags are used together, get will update
|
||||
test dependencies as well.
|
||||
|
||||
The -insecure flag permits fetching from repositories and resolving
|
||||
custom domains using insecure schemes such as HTTP, and also bypassess
|
||||
module sum validation using the checksum database. Use with caution.
|
||||
This flag is deprecated and will be removed in a future version of go.
|
||||
To permit the use of insecure schemes, use the GOINSECURE environment
|
||||
variable instead. To bypass module sum validation, use GOPRIVATE or
|
||||
GONOSUMDB. See 'go help environment' for details.
|
||||
|
||||
The -d flag instructs get not to build or install packages. get will only
|
||||
update go.mod and download source code needed to build packages.
|
||||
|
||||
@ -227,13 +218,13 @@ variable for future go command invocations.
|
||||
}
|
||||
|
||||
var (
|
||||
getD = CmdGet.Flag.Bool("d", false, "")
|
||||
getF = CmdGet.Flag.Bool("f", false, "")
|
||||
getFix = CmdGet.Flag.Bool("fix", false, "")
|
||||
getM = CmdGet.Flag.Bool("m", false, "")
|
||||
getT = CmdGet.Flag.Bool("t", false, "")
|
||||
getU upgradeFlag
|
||||
// -insecure is cfg.Insecure
|
||||
getD = CmdGet.Flag.Bool("d", false, "")
|
||||
getF = CmdGet.Flag.Bool("f", false, "")
|
||||
getFix = CmdGet.Flag.Bool("fix", false, "")
|
||||
getM = CmdGet.Flag.Bool("m", false, "")
|
||||
getT = CmdGet.Flag.Bool("t", false, "")
|
||||
getU upgradeFlag
|
||||
getInsecure = CmdGet.Flag.Bool("insecure", false, "")
|
||||
// -v is cfg.BuildV
|
||||
)
|
||||
|
||||
@ -264,7 +255,6 @@ func (v *upgradeFlag) String() string { return "" }
|
||||
func init() {
|
||||
work.AddBuildFlags(CmdGet, work.OmitModFlag)
|
||||
CmdGet.Run = runGet // break init loop
|
||||
CmdGet.Flag.BoolVar(&cfg.Insecure, "insecure", cfg.Insecure, "")
|
||||
CmdGet.Flag.Var(&getU, "u", "")
|
||||
}
|
||||
|
||||
@ -284,8 +274,8 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
|
||||
if *getM {
|
||||
base.Fatalf("go get: -m flag is no longer supported; consider -d to skip building packages")
|
||||
}
|
||||
if cfg.Insecure {
|
||||
fmt.Fprintf(os.Stderr, "go get: -insecure flag is deprecated; see 'go help get' for details\n")
|
||||
if *getInsecure {
|
||||
base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
|
||||
}
|
||||
load.ModResolveTests = *getT
|
||||
|
||||
|
@ -28,7 +28,7 @@ import (
|
||||
"cmd/internal/browser"
|
||||
)
|
||||
|
||||
// impatientInsecureHTTPClient is used in -insecure mode,
|
||||
// impatientInsecureHTTPClient is used with GOINSECURE,
|
||||
// when we're connecting to https servers that might not be there
|
||||
// or might be using self-signed certificates.
|
||||
var impatientInsecureHTTPClient = &http.Client{
|
||||
|
5
src/cmd/go/testdata/script/get_404_meta.txt
vendored
5
src/cmd/go/testdata/script/get_404_meta.txt
vendored
@ -3,9 +3,10 @@
|
||||
[!net] skip
|
||||
[!exec:git] skip
|
||||
|
||||
env GONOSUMDB=bazil.org,github.com,golang.org
|
||||
env GO111MODULE=off
|
||||
go get -d -insecure bazil.org/fuse/fs/fstestutil
|
||||
go get -d bazil.org/fuse/fs/fstestutil
|
||||
|
||||
env GO111MODULE=on
|
||||
env GOPROXY=direct
|
||||
go get -d -insecure bazil.org/fuse/fs/fstestutil
|
||||
go get -d bazil.org/fuse/fs/fstestutil
|
||||
|
20
src/cmd/go/testdata/script/get_insecure.txt
vendored
20
src/cmd/go/testdata/script/get_insecure.txt
vendored
@ -12,10 +12,12 @@ env GO111MODULE=off
|
||||
# GOPATH: Try go get -d of HTTP-only repo (should fail).
|
||||
! go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
# GOPATH: Try again with -insecure (should succeed).
|
||||
go get -d -insecure insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
# GOPATH: Try again with GOINSECURE (should succeed).
|
||||
env GOINSECURE=insecure.go-get-issue-15410.appspot.com
|
||||
go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
# GOPATH: Try updating without -insecure (should fail).
|
||||
# GOPATH: Try updating without GOINSECURE (should fail).
|
||||
env GOINSECURE=''
|
||||
! go get -d -u -f insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
# Modules: Set up
|
||||
@ -29,10 +31,14 @@ env GOPROXY=''
|
||||
# Modules: Try go get -d of HTTP-only repo (should fail).
|
||||
! go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
# Modules: Try again with -insecure (should succeed).
|
||||
go get -d -insecure insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
# Modules: Try again with GOINSECURE (should succeed).
|
||||
env GOINSECURE=insecure.go-get-issue-15410.appspot.com
|
||||
env GONOSUMDB=insecure.go-get-issue-15410.appspot.com
|
||||
go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
# Modules: Try updating without -insecure (should fail).
|
||||
# Modules: Try updating without GOINSECURE (should fail).
|
||||
env GOINSECURE=''
|
||||
env GONOSUMDB=''
|
||||
! go get -d -u -f insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
go list -m ...
|
||||
@ -48,4 +54,4 @@ func main() {
|
||||
os.Exit(1)
|
||||
}
|
||||
-- module_file --
|
||||
module m
|
||||
module m
|
||||
|
@ -3,4 +3,6 @@
|
||||
env GO111MODULE=off
|
||||
|
||||
! go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
go get -d -insecure insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
||||
env GOINSECURE=insecure.go-get-issue-15410.appspot.com
|
||||
go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
|
||||
|
@ -1,21 +0,0 @@
|
||||
# GOPATH: Set up
|
||||
env GO111MODULE=off
|
||||
|
||||
# GOPATH: Fetch without insecure, no warning
|
||||
! go get test
|
||||
! stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
|
||||
|
||||
# GOPATH: Fetch with insecure, should warn
|
||||
! go get -insecure test
|
||||
stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
|
||||
|
||||
# Modules: Set up
|
||||
env GO111MODULE=on
|
||||
|
||||
# Modules: Fetch without insecure, no warning
|
||||
! go get test
|
||||
! stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
|
||||
|
||||
# Modules: Fetch with insecure, should warn
|
||||
! go get -insecure test
|
||||
stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
|
13
src/cmd/go/testdata/script/get_insecure_no_longer_supported.txt
vendored
Normal file
13
src/cmd/go/testdata/script/get_insecure_no_longer_supported.txt
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
# GOPATH: Set up
|
||||
env GO111MODULE=off
|
||||
|
||||
# GOPATH: Fetch with insecure, should error
|
||||
! go get -insecure test
|
||||
stderr 'go get: -insecure flag is no longer supported; use GOINSECURE instead'
|
||||
|
||||
# Modules: Set up
|
||||
env GO111MODULE=on
|
||||
|
||||
# Modules: Fetch with insecure, should error
|
||||
! go get -insecure test
|
||||
stderr 'go get: -insecure flag is no longer supported; use GOINSECURE instead'
|
@ -1,4 +1,4 @@
|
||||
# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure.
|
||||
# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure (now replaced by GOINSECURE).
|
||||
# golang.org/issue/34049: 'go get' would panic in case of an insecure redirect in GOPATH mode
|
||||
|
||||
[!net] skip
|
||||
@ -9,4 +9,5 @@ env GO111MODULE=off
|
||||
! go get -d vcs-test.golang.org/insecure/go/insecure
|
||||
stderr 'redirected .* to insecure URL'
|
||||
|
||||
go get -d -insecure vcs-test.golang.org/insecure/go/insecure
|
||||
env GOINSECURE=vcs-test.golang.org/insecure/go/insecure
|
||||
go get -d vcs-test.golang.org/insecure/go/insecure
|
||||
|
@ -5,8 +5,10 @@ env GO111MODULE=off
|
||||
# Clone the repo via HTTP manually.
|
||||
exec git clone -q http://github.com/golang/example github.com/golang/example
|
||||
|
||||
# Update without -insecure should fail.
|
||||
# Update with -insecure should succeed.
|
||||
# Update without GOINSECURE should fail.
|
||||
# We need -f to ignore import comments.
|
||||
! go get -d -u -f github.com/golang/example/hello
|
||||
go get -d -u -f -insecure github.com/golang/example/hello
|
||||
|
||||
# Update with GOINSECURE should succeed.
|
||||
env GOINSECURE=github.com/golang/example/hello
|
||||
go get -d -u -f github.com/golang/example/hello
|
||||
|
@ -1,4 +1,4 @@
|
||||
# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure.
|
||||
# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure (now replaced by GOINSECURE).
|
||||
|
||||
[!net] skip
|
||||
[!exec:git] skip
|
||||
@ -10,8 +10,6 @@ env GOSUMDB=off
|
||||
! go get -d vcs-test.golang.org/insecure/go/insecure
|
||||
stderr 'redirected .* to insecure URL'
|
||||
|
||||
go get -d -insecure vcs-test.golang.org/insecure/go/insecure
|
||||
|
||||
# insecure host
|
||||
env GOINSECURE=vcs-test.golang.org
|
||||
go clean -modcache
|
||||
|
@ -43,12 +43,5 @@ env GOPROXY=$proxy/sumdb-504
|
||||
! go get -d rsc.io/quote@v1.5.2
|
||||
stderr 504
|
||||
|
||||
# but -insecure bypasses the checksum lookup entirely
|
||||
env GOINSECURE=
|
||||
go get -d -insecure rsc.io/quote@v1.5.2
|
||||
|
||||
# and then it is in go.sum again
|
||||
go get -d rsc.io/quote@v1.5.2
|
||||
|
||||
-- go.mod.orig --
|
||||
module m
|
||||
|
Loading…
Reference in New Issue
Block a user