flatbuffers: Checksum mismatch: go get github.com/google/flatbuffers/go
Could not get the library due to checksum mismatch:
$ go get -u github.com/google/flatbuffers/go
go: downloading github.com/google/flatbuffers v1.12.0
go get github.com/google/flatbuffers/go: github.com/google/flatbuffers@v1.12.0: verifying module: checksum mismatch
downloaded: h1:N8EguYFm2wwdpoNcpchQY0tPs85vOJkboFb2dPxmixo=
sum.golang.org: h1:/PtAHvnBY4Kqnx/xCQ3OIV9uYcSFGScBsWI3Oogeh6w=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.
$ go version
go version go1.15.7 darwin/amd64
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 25
Commits related to this issue
- replace unverified flatbuffer version See issue: https://github.com/google/flatbuffers/issues/6466 — committed to Avokadoen/gowarcserver by Avokadoen 3 years ago
- fix: Incorrect hash in go.sum (#613) Dependabot introduced [1] an incorrect hash in the go.sum file for the github.com/google/flatbuffers@v1.12.0 dependency. After working with Github support, the ... — committed to open-policy-agent/conftest by jalseth 3 years ago
- deps: Bump github.com/google/flatbuffers to v1.12.1 (#1746) The v1.12.0 version of the flatbuffers package has an issue where the hash of the package will differ depending on if you fetch the source... — committed to dgraph-io/badger by jalseth 3 years ago
- deps: Bump github.com/google/flatbuffers to v1.12.1 (#1746) The v1.12.0 version of the flatbuffers package has an issue where the hash of the package will differ depending on if you fetch the source ... — committed to dgraph-io/badger by jalseth 3 years ago
- fix: Incorrect hash in go.sum (#613) Dependabot introduced [1] an incorrect hash in the go.sum file for the github.com/google/flatbuffers@v1.12.0 dependency. After working with Github support, the ... — committed to macox/conftest by jalseth 3 years ago
- bump flatbuffers to v1.12.1 to fix bizarre checksum mismatch see https://github.com/google/flatbuffers/issues/6466 — committed to altergui/vocdoni-node by altergui 2 years ago
- bump flatbuffers to v1.12.1 to fix bizarre checksum mismatch see https://github.com/google/flatbuffers/issues/6466 — committed to altergui/vocdoni-node by altergui 2 years ago
- deps: Bump github.com/google/flatbuffers to v1.12.1 (#1746) The v1.12.0 version of the flatbuffers package has an issue where the hash of the package will differ depending on if you fetch the source... — committed to outcaste-io/outserv by jalseth 3 years ago
- deps: Bump github.com/google/flatbuffers to v1.12.1 (#1746) The v1.12.0 version of the flatbuffers package has an issue where the hash of the package will differ depending on if you fetch the source ... — committed to dgraph-io/badger by jalseth 3 years ago
I’ve resolved the issue. I set the GOPROXY variable explicitly:
Somehow, my default GOPROXY was pointed wrongly at
proxy.golang.com.cn.We now have https://github.com/google/flatbuffers/tree/v1.12.1
Note I will be releasing v2.0.0 likely today, so some of you may want to update to that instead.
Agreed, creating that tag would be very helpful for those with indirect (or direct!) dependencies.
@Avokadoen Using a replace directive will work, but it also introduces a small risk - later if some code you depend on uses the upcoming v1.20.0 version, your builds won’t pick that up automatically. Just something to watch out for.
I do believe that creating a
v1.12.1release would at least help those of us that has flatbuffers as a indirect dependency to resolve our CI issues using thereplacedirective. Thanks you @aardappel for all the hard work you do on this project, and thank you @ceejatec for investigating! ❤️