nerdctl: v1.0.0: checksum mismatch when running go mod vendor (`nydus-snapshotter@v0.3.0`); main: (`accelerated-container-image@v0.5.2`)
Description
Working on updating the Buildroot package for nerdctl.
We run ‘go mod vendor’ to download the vendor/ tree.
The following error happens on my build machine:
verifying github.com/containerd/nydus-snapshotter@v0.3.0: checksum mismatch
downloaded: h1:IhG/jkmFKenwAeHNHqLFMfSwNs3pfdH36xd5lpr5PS0=
go.sum: h1:15z2Bslu1A7oi++vByV6cTIFzoSjvOGScVCU2y6bRdA=
SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
I guess the checksum of nydus-snapshotter has changed?
If so please release a v1.0.1 with updated checksums.
Steps to reproduce the issue
- Run “go mod vendor”
Describe the results you received and expected
Expected “go mod vendor” to work correctly.
What version of nerdctl are you using?
v1.0.0
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 15 (11 by maintainers)
Thanks. I’m going to release v1.1.0 soon.
Thanks @imeoer for confirmation 👍 . Could you consider updating https://github.com/containerd/nydus-snapshotter/releases/tag/v0.3.0 to note that the tag was reused?