Go: cmd/go: go install with getmode vendor and mod sync issue
What version of Go are you using (go version)?
go version go1.11beta2 darwin/amd64
Does this issue reproduce with the latest release?
Yes.
What did you do?
go mod -vendor
go mod -sync
go mod -verify
go install -getmode=vendor ./cmd/xyz
go mod -sync
What did you expect to see?
The go.mod to reflect the dependencies prior to running go install. Specifically, was expecting many indirect entries to remain the same.
What did you see instead?
Running the above removed many indirect entries from go.mod and replaced with latest available. E.g., this is one of the entries in go.mod prior to go install:
go.mod:
github.com/satori/go.uuid v1.1.0 // indirect
vendor/modules.txt:
# github.com/satori/go.uuid v1.1.0
github.com/satori/go.uuid
go install -getmode=vendor ./cmd/xyz removed the indirect entry for v1.1.0 from go.mod
then go mod -sync added v1.2.0 to go.mod:
github.com/satori/go.uuid v1.2.0 // indirect
mfridman
All 9 comments
CC @bcmills
ianlancetaylor
on 3 Aug 2018
I'm not able to reproduce this issue with the go command built from head.
Please try installing from source and see if you can reproduce the error. (Note that many of the mod subcommands have changed due to #26581.)
A complete repository that demonstrates it would be ideal: there may be some subtle interaction with the imports of your program (or the other packages in the module) that we cannot infer from the reported information.
$ cat cmd/xyz/xyz.go
package xyz
import _ "github.com/satori/go.uuid"
func main() {}
$ go mod init github.com/golang/go/issues/26704
$ go get github.com/satori/[email protected]
$ go mod vendor
$ find vendor/
vendor/
vendor/github.com
vendor/github.com/satori
vendor/github.com/satori/go.uuid
vendor/github.com/satori/go.uuid/README.md
vendor/github.com/satori/go.uuid/.travis.yml
vendor/github.com/satori/go.uuid/uuid.go
vendor/github.com/satori/go.uuid/LICENSE
vendor/modules.txt
$ go list -m all
github.com/golang/go/issues/26704
github.com/satori/go.uuid v1.1.0
$ go mod tidy
$ go mod verify
all modules verified
$ go list -m all
github.com/golang/go/issues/26704
github.com/satori/go.uuid v1.1.0
$ go install -mod=vendor ./cmd/xyz
$ go list -m all
github.com/golang/go/issues/26704
github.com/satori/go.uuid v1.1.0
bcmills
on 3 Aug 2018
@bcmills Will try repro with head. Thanks for getting back.
mfridman
on 3 Aug 2018
(I'm using satori/go.uuid as an example, there are 30+ indirect items getting removed then re-added with latest tag available)
Will try and put together a public repro.
```
$ go version
go version devel +9594ba4fe5 Fri Aug 3 15:44:22 2018 +0000 darwin/amd64
$ go list -m all | grep satori
github.com/satori/go.uuid v1.1.0
$ go mod tidy
$ go mod verify
all modules verified
$ go list -m all | grep satori
github.com/satori/go.uuid v1.1.0
$ GOGC=off go install -v -mod=vendor ./cmd/xyz
$ git diff | grep satori
- github.com/satori/go.uuid v1.1.0 // indirect
$ go list -m all
// satori does not appear in the output
$ go mod tidy
go: finding ... // satori does not appear in the output
$ git diff | grep satori
- github.com/satori/go.uuid v1.1.0 // indirect
+ github.com/satori/go.uuid v1.2.0 // indirect
-github.com/satori/go.uuid v1.1.0 h1:B9KXyj+GzIpJbV7gmr873NsY6zpbxNy24CBtGrk7jHo=
-github.com/satori/go.uuid v1.1.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
mfridman
on 3 Aug 2018
@bcmills I've put together a contrived example.
I found it odd that go mod vendor pulls v1.1.0 of the satori pkg.
- then running install (or build) completely removes the
// indirectentry, presumably builds withv1.1.0 - then
go mod tidypulls in the latest taggedv1.2.0of satori pkg - then running
go mod vendorrebuilds the vendor dir withv1.2.0
git clone [email protected]:mfridman/go-modules.git
cd go-modules
$ go version
go version devel +9594ba4fe5 Fri Aug 3 15:44:22 2018 +0000 darwin/amd64
$ go list -m all | grep satori
github.com/satori/go.uuid v1.1.0
$ go mod tidy
$ go mod verify
all modules verified
$ go list -m all | grep satori
github.com/satori/go.uuid v1.1.0
$ go mod vendor
$ cat vendor/modules.txt | grep satori
# github.com/satori/go.uuid v1.1.0
github.com/satori/go.uuid
$ GOGC=off go install -v -mod=vendor
$ git diff | grep satori
- github.com/satori/go.uuid v1.1.0 // indirect
$ go list -m all
// trimmed...
$ go mod tidy
go: finding gopkg.in/check.v1 latest
$ git diff | grep satori
- github.com/satori/go.uuid v1.1.0 // indirect
+ github.com/satori/go.uuid v1.2.0 // indirect
-github.com/satori/go.uuid v1.1.0 h1:B9KXyj+GzIpJbV7gmr873NsY6zpbxNy24CBtGrk7jHo=
-github.com/satori/go.uuid v1.1.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
$ go mod vendor
$ cat vendor/modules.txt | grep satori
# github.com/satori/go.uuid v1.2.0
github.com/satori/go.uuid
@gopherbot, please remove label waitingforinfo
mfridman
on 5 Aug 2018
Vendor is still written as though it has complete knowledge of the graph, like tidy, but it does not. So it must not fiddle with indirect tags.
rsc
on 9 Aug 2018
Change https://golang.org/cl/128899 mentions this issue: cmd/go: fix go.mod corruption using -mod=vendor
gopherbot
on 9 Aug 2018
My earlier diagnosis about vendor was wrong; go mod vendor is behavior correctly. The problem is go install -mod=vendor, which is incorrectly assuming it knows anything about the module graph and has any justification for updating go.mod. It does not.
rsc
on 9 Aug 2018
Related issues
michaelsafyan
·
3Comments
dominikh
·
3Comments
rsc
·
3Comments
myitcv
·
3Comments
enoodle
·
3Comments
Most helpful comment
My earlier diagnosis about vendor was wrong; go mod vendor is behavior correctly. The problem is go install -mod=vendor, which is incorrectly assuming it knows anything about the module graph and has any justification for updating go.mod. It does not.