1
0
mirror of https://github.com/golang/go synced 2024-11-23 17:30:02 -07:00

cmd/go/internal/modfetch: Add GOINSECURE.

Enables insecure fetching of dependencies whos path matches those specified in
the enironment variable GOINSECURE.

Fixes #32966
This commit is contained in:
witchard 2019-11-04 21:28:16 +00:00
parent 210e3677f9
commit 2c87b303ac
10 changed files with 87 additions and 7 deletions

View File

@ -1604,6 +1604,10 @@
// Because the entries are space-separated, flag values must
// not contain spaces. Flags listed on the command line
// are applied after this list and therefore override it.
// GOINSECURE
// Comma-separated list of glob patterns (in the syntax of Go's path.Match)
// of module path prefixes that should always be fetched in an insecure
// manner. Only applies to dependencies that are being fetched directly.
// GOOS
// The operating system for which to compile code.
// Examples are linux, darwin, windows, netbsd.

View File

@ -250,6 +250,7 @@ var (
GOPRIVATE = Getenv("GOPRIVATE")
GONOPROXY = envOr("GONOPROXY", GOPRIVATE)
GONOSUMDB = envOr("GONOSUMDB", GOPRIVATE)
GOINSECURE = Getenv("GOINSECURE")
)
// GetArchEnv returns the name and setting of the

View File

@ -75,6 +75,7 @@ func MkEnv() []cfg.EnvVar {
{Name: "GOFLAGS", Value: cfg.Getenv("GOFLAGS")},
{Name: "GOHOSTARCH", Value: runtime.GOARCH},
{Name: "GOHOSTOS", Value: runtime.GOOS},
{Name: "GOINSECURE", Value: cfg.GOINSECURE},
{Name: "GONOPROXY", Value: cfg.GONOPROXY},
{Name: "GONOSUMDB", Value: cfg.GONOSUMDB},
{Name: "GOOS", Value: cfg.Goos},

View File

@ -506,6 +506,10 @@ General-purpose environment variables:
Because the entries are space-separated, flag values must
not contain spaces. Flags listed on the command line
are applied after this list and therefore override it.
GOINSECURE
Comma-separated list of glob patterns (in the syntax of Go's path.Match)
of module path prefixes that should always be fetched in an insecure
manner. Only applies to dependencies that are being fetched directly.
GOOS
The operating system for which to compile code.
Examples are linux, darwin, windows, netbsd.

View File

@ -0,0 +1,16 @@
// Copyright 2018 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package modfetch
import (
"cmd/go/internal/cfg"
"cmd/go/internal/get"
"cmd/go/internal/str"
)
// allowInsecure reports whether we are allowed to fetch this path in an insecure manner.
func allowInsecure(path string) bool {
return get.Insecure || str.GlobsMatchPath(cfg.GOINSECURE, path)
}

View File

@ -257,7 +257,8 @@ var (
func lookupDirect(path string) (Repo, error) {
security := web.SecureOnly
if get.Insecure {
if allowInsecure(path) {
security = web.Insecure
}
rr, err := get.RepoRootForImportPath(path, get.PreferMod, security)
@ -302,7 +303,7 @@ func ImportRepoRev(path, rev string) (Repo, *RevInfo, error) {
// version control system, we ignore meta tags about modules
// and use only direct source control entries (get.IgnoreMod).
security := web.SecureOnly
if get.Insecure {
if allowInsecure(path) {
security = web.Insecure
}
rr, err := get.RepoRootForImportPath(path, get.IgnoreMod, security)

View File

@ -0,0 +1,24 @@
env GO111MODULE=on
# secure fetch should report insecure warning
cd $WORK/test
go mod init
stderr 'redirected .* to insecure URL'
# insecure fetch should not
env GOINSECURE=*.golang.org
rm go.mod
go mod init
! stderr 'redirected .* to insecure URL'
# insecure fetch invalid path should report insecure warning
env GOINSECURE=foo.golang.org
rm go.mod
go mod init
stderr 'redirected .* to insecure URL'
-- $WORK/test/dependencies.tsv --
vcs-test.golang.org/insecure/go/insecure git 6fecd21f7c0c 2019-09-04T18:39:48Z
-- $WORK/test/x.go --
package x // import "m"

View File

@ -11,3 +11,24 @@ env GOSUMDB=off
stderr 'redirected .* to insecure URL'
go get -d -insecure vcs-test.golang.org/insecure/go/insecure
# insecure host
env GOINSECURE=vcs-test.golang.org
go clean -modcache
go get -d vcs-test.golang.org/insecure/go/insecure
# insecure glob host
env GOINSECURE=*.golang.org
go clean -modcache
go get -d vcs-test.golang.org/insecure/go/insecure
# insecure multiple host
env GOINSECURE=somewhere-else.com,*.golang.org
go clean -modcache
go get -d vcs-test.golang.org/insecure/go/insecure
# different insecure host does not fetch
env GOINSECURE=somewhere-else.com
go clean -modcache
! go get -d vcs-test.golang.org/insecure/go/insecure
stderr 'redirected .* to insecure URL'

View File

@ -37,7 +37,14 @@ env GOPROXY=$proxy/sumdb-504
! go get -d rsc.io/quote@v1.5.2
stderr 504
# GOINSECURE does not bypass checksum lookup
env GOINSECURE=rsc.io
env GOPROXY=$proxy/sumdb-504
! go get -d rsc.io/quote@v1.5.2
stderr 504
# but -insecure bypasses the checksum lookup entirely
env GOINSECURE=
go get -d -insecure rsc.io/quote@v1.5.2
# and then it is in go.sum again

View File

@ -43,6 +43,7 @@ const KnownEnv = `
GOGCCFLAGS
GOHOSTARCH
GOHOSTOS
GOINSECURE
GOMIPS
GOMIPS64
GONOPROXY