Go build fail: main.go:16:2: cannot find package "github.com/fabpot/local-php-security-checker/v2/security"
Closed this issue · 5 comments
Hi,
While packaging php-security-checker for mageia I encountered this error:
+ umask 022
+ cd /<somewhere>/golang-github-fabpot-local-php-security-checker/BUILD
+ cd local-php-security-checker-2.0.6
+ '[' 1 -eq 1 ']'
+ '[' 1 -eq 1 ']'
++ head -c20 /dev/urandom
++ od -An -tx1
++ tr -d ' \n'
+ GOPATH=/<somewhere>/golang-github-fabpot-local-php-security-checker/BUILD/local-php-security-checker-2.0.6/_build:/usr/share/gocode
+ GO111MODULE=off
+ go build -buildmode pie -compiler gc '-tags=rpm_crashtraceback ' -ldflags ' -X github.com/fabpot/local-php-security-checker/version=2.0.6 -B 0x3c851294f8739414c979313e66410b7553ac5e28 -compressdwarf=false -linkmode=external -extldflags '\'' -Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags '\''' -a -v -x
WORK=/home/rapsys/tmp/go-build602147573
main.go:16:2: cannot find package "github.com/fabpot/local-php-security-checker/v2/security" in any of:
/usr/lib/golang/src/github.com/fabpot/local-php-security-checker/v2/security (from $GOROOT)
/<somewhere>/golang-github-fabpot-local-php-security-checker/BUILD/local-php-security-checker-2.0.6/_build/src/github.com/fabpot/local-php-security-checker/v2/security (from $GOPATH)
/usr/share/gocode/src/github.com/fabpot/local-php-security-checker/v2/security
After applying this patch it worked.
local-php-security-checker-2.0.6-v2_security.patch:
diff -urNp local-php-security-checker-2.0.6/main.go.orig local-php-security-checker-2.0.6/main.go
--- local-php-security-checker-2.0.6/main.go.orig 2023-12-01 12:34:40.180294052 +0100
+++ local-php-security-checker-2.0.6/main.go 2023-12-01 12:34:44.390332423 +0100
@@ -13,7 +13,7 @@ import (
"fmt"
"os"
- "github.com/fabpot/local-php-security-checker/v2/security"
+ "github.com/fabpot/local-php-security-checker/security"
)
var (
Is there a reason for this v2/security ? New unpublished repository maybe ?
Should it work fine with my patch ?
I've just tested, and it works as is.
Just clone the repo, and run go run main.go and it should work fine.
I narrowed why it happens.
I can't use prebuilt binaries as it's against any linux distribution guidelines, nor can't simply just run the program from cloned repository.
The problem happend when packaging it as mageia rpm (or any fedora/redhat/rpm distribution).
When building the package these environement variables are set by fedora rpm go macros:
GOPATH=/<somewhere>/local-php-security-checker-2.0.6/_build:/usr/share/gocode
GO111MODULE=off
It prevent go build process to download anything from internet and search for modules only in GOPATH defined to local build path and distribution installed modules.
Then go build will fail because it do not find the github.com/fabpot/local-php-security-checker/v2/security module which can't exists in this configuration.
Changing to relative path instead of invalid github link fixes the issue as well:
diff -urNp local-php-security-checker-2.0.6/main.go.orig local-php-security-checker-2.0.6/main.go
--- local-php-security-checker-2.0.6/main.go.orig 2023-12-02 00:36:20.957896817 +0100
+++ local-php-security-checker-2.0.6/main.go 2023-12-02 00:36:28.467965899 +0100
@@ -13,7 +13,7 @@ import (
"fmt"
"os"
- "github.com/fabpot/local-php-security-checker/v2/security"
+ "./security"
)
var (
To reproduce problem:
export GOPATH=/<somewhere>/local-php-security-checker-2.0.6/_build:/usr/share/gocode
export GO111MODULE=off
go build
From what I understand, the import path should exists when refered as outside module.
Closing as I'm going to archive this repository. Use composer audit instead.