Go install doesn't work due to checksum mismatch
jonahjon opened this issue · 1 comments
jonahjon commented
Description
The latest go install isn't working due to a checksum mismatch. It should be able to install using @latest tag.go version go1.17.2 darwin/amd64
...
go install github.com/sigstore/k8s-manifest-sigstore/cmd/kubectl-sigstore@latest
go: downloading github.com/sigstore/k8s-manifest-sigstore v0.1.0
go install: github.com/sigstore/k8s-manifest-sigstore/cmd/kubectl-sigstore@latest: github.com/sigstore/k8s-manifest-sigstore@v0.1.0: verifying module: checksum mismatch
downloaded: h1:hEGzVLLm5wdwrxkThgo1VKEE6JH68OKz+gXKQN9eQl8=
sum.golang.org: h1:NKVclDH/UFHBSYPVvgKbOwLLi8WTjvtiHOW8vY+E9kg=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
hirokuni-kitahara commented
Thank you for reporting this @jonahjon
Unfortunately, this issue did not reproduce both in my laptop and in a newly installed go 1.17.2 env inside a docker container. The log was like the below.
$ docker run --name go -t -i --rm golang:1.17.2 bash
root@1bd9865c03fa:/go# go install github.com/sigstore/k8s-manifest-sigstore/cmd/kubectl-sigstore@latest
go: downloading github.com/sigstore/k8s-manifest-sigstore v0.1.0
go: downloading github.com/ghodss/yaml v1.0.0
...
go: downloading github.com/Azure/go-autorest/autorest/azure/cli v0.4.2
go: downloading github.com/dimchansky/utfbom v1.1.1
root@1bd9865c03fa:/go# kubectl-sigstore version
{"Major":"0","Minor":"1","GitVersion":"v0.1.0","GitCommit":"unknown","GitTreeState":"unknown","BuildDate":"unknown","GoVersion":"go1.17.2","Compiler":"gc","Platform":"linux/amd64"}
As far as I know, that checksum issue can be caused by local module cache, so you can try cleaning them with the command below. (this could take a while)
$ go clean -modcache