go: cmd/go: unclear error when SumDB tree note is corrupted
What version of Go are you using (go version)?
$ go version go version go1.14.2 windows/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
go env Output
$ go env set GO111MODULE=on set GOARCH=amd64 set GOBIN= set GOCACHE=C:\Users\Nicolas\AppData\Local\go-build set GOENV=C:\Users\Nicolas\AppData\Roaming\go\env set GOEXE=.exe set GOFLAGS= -mod= set GOHOSTARCH=amd64 set GOHOSTOS=windows set GOINSECURE= set GONOPROXY= set GONOSUMDB= set GOOS=windows set GOPATH=D:\Mis Documentos\Programacion\Go set GOPRIVATE= set GOPROXY=direct set GOROOT=C:\Go set GOSUMDB=sum.golang.org set GOTMPDIR= set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64 set GCCGO=gccgo set AR=ar set CC=gcc set CXX=g++ set CGO_ENABLED=1 set GOMOD=NUL set CGO_CFLAGS=-g -O2 set CGO_CPPFLAGS= set CGO_CXXFLAGS=-g -O2 set CGO_FFLAGS=-g -O2 set CGO_LDFLAGS=-g -O2 set PKG_CONFIG=pkg-config set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users\Nicolas\AppData\Local\Temp\go-build045229398=/tmp/go-build -gno-record-gcc-switches
What did you do?
I’m trying to use go mod tidy command. Since my computer turned off because of a blackout it never worked again
What did you expect to see?
Succesful go.mod file
What did you see instead?
For every project and import I’m seeing this error:
github.com/sirupsen/logrus: github.com/sirupsen/logrus@v1.5.0: verifying module: github.com/sirupsen/logrus@v1.5.0: initializing sumdb.Client: reading tree note: malformed note
note:
github.com/dgrijalva/jwt-go: github.com/dgrijalva/jwt-go@v1.0.2: verifying module: github.com/dgrijalva/jwt-go@v1.0.2: initializing sumdb.Client: reading tree note: malformed note
note:
I know I just copied 2 libraries, but It’s happening with every one
About this issue
- Original URL
- State: open
- Created 4 years ago
- Reactions: 1
- Comments: 17 (7 by maintainers)
Hi,
Not sure, if it helps, but was facing the same issue, the following steps actually resolved the issue for me (Windows 10 - go version go1.14.4 windows/amd64)
The file %GOPATH%\pkg\sumdb\sum.golang.org\latest did not exist when I was got this error
Steps:
Ok. Putting on hold until / unless we get more reports.
For what it’s worth, I’ll add that I similarly had a power outage (as in, my PC at some point deadlocked on all processes, Go or otherwise, including in the middle of a
go get, so I was forced to cut the power), and I too got the “malformed note” error, which went away after deleting the%GOPATH%\pkg\sumdb\sum.golang.org\latestfile (which was just 187 null bytes at that point). However, unlike the comments above me, another error took its place:I’m also running on Windows, in case it’s relevant.
Apologies if this new error deserves a separate issue; this seemed relevant enough to me to warrant adding to this issue, but I’m also rather new to Go.
@nicolascamilo Can you share with us the contents of
$(go env GOPATH)/pkg/sumdb/sum.golang.org/latest? Then you can delete that file and it should unblock you.@bcmills If the corrupted file is
GOPATH/pkg/sumdb/sum.golang.org/latest, it would be important to understand how it came to be corrupted, because if an attacker can cause that they can downgrade the security guarantees significantly. If it’s any other file, we can blow it away.