<h3 id="go-command">Go command</h3>
-<p>
- TODO: complete this section, or delete if not needed
+<h4 id="go-get"><code>go</code> <code>get</code></h4>
+
+<p><!-- golang.org/issue/37519 -->
+ The <code>go</code> <code>get</code> <code>-insecure</code> flag is
+ deprecated and has been removed. To permit the use of insecure schemes
+ when fetching dependencies, please use the <code>GOINSECURE</code>
+ environment variable. The <code>-insecure</code> flag also bypassed module
+ sum validation, use <code>GOPRIVATE</code> or <code>GONOSUMDB</code> if
+ you need that functionality. See <code>go</code> <code>help</code>
+ <code>environment</code> for details.
</p>
<h2 id="runtime">Runtime</h2>
//
// Usage:
//
-// go get [-d] [-t] [-u] [-v] [-insecure] [build flags] [packages]
+// go get [-d] [-t] [-u] [-v] [build flags] [packages]
//
// Get resolves its command-line arguments to packages at specific module versions,
// updates go.mod to require those versions, downloads source code into the
// When the -t and -u flags are used together, get will update
// test dependencies as well.
//
-// The -insecure flag permits fetching from repositories and resolving
-// custom domains using insecure schemes such as HTTP, and also bypassess
-// module sum validation using the checksum database. Use with caution.
-// This flag is deprecated and will be removed in a future version of go.
-// To permit the use of insecure schemes, use the GOINSECURE environment
-// variable instead. To bypass module sum validation, use GOPRIVATE or
-// GONOSUMDB. See 'go help environment' for details.
-//
// The -d flag instructs get not to build or install packages. get will only
// update go.mod and download source code needed to build packages.
//
// Comma-separated list of glob patterns (in the syntax of Go's path.Match)
// of module path prefixes that should always be fetched in an insecure
// manner. Only applies to dependencies that are being fetched directly.
-// Unlike the -insecure flag on 'go get', GOINSECURE does not disable
-// checksum database validation. GOPRIVATE or GONOSUMDB may be used
-// to achieve that.
+// GOINSECURE does not disable checksum database validation. GOPRIVATE or
+// GONOSUMDB may be used to achieve that.
// GOOS
// The operating system for which to compile code.
// Examples are linux, darwin, windows, netbsd.
// This help text, accessible as 'go help gopath-get' even in module-aware mode,
// describes 'go get' as it operates in legacy GOPATH mode.
//
-// Usage: go get [-d] [-f] [-t] [-u] [-v] [-fix] [-insecure] [build flags] [packages]
+// Usage: go get [-d] [-f] [-t] [-u] [-v] [-fix] [build flags] [packages]
//
// Get downloads the packages named by the import paths, along with their
// dependencies. It then installs the named packages, like 'go install'.
// The -fix flag instructs get to run the fix tool on the downloaded packages
// before resolving dependencies or building the code.
//
-// The -insecure flag permits fetching from repositories and resolving
-// custom domains using insecure schemes such as HTTP. Use with caution.
-// This flag is deprecated and will be removed in a future version of go.
-// The GOINSECURE environment variable should be used instead, since it
-// provides control over which packages may be retrieved using an insecure
-// scheme. See 'go help environment' for details.
-//
// The -t flag instructs get to also download the packages required to build
// the tests for the specified packages.
//
// will result in the following requests:
//
// https://example.org/pkg/foo?go-get=1 (preferred)
-// http://example.org/pkg/foo?go-get=1 (fallback, only with -insecure)
+// http://example.org/pkg/foo?go-get=1 (fallback, only with use of correctly set GOINSECURE)
//
// If that page contains the meta tag
//
ModCacheRW bool // -modcacherw flag
ModFile string // -modfile flag
- Insecure bool // -insecure flag
-
CmdName string // "build", "install", "list", "mod tidy", etc.
DebugActiongraph string // -debug-actiongraph flag (undocumented, unstable)
)
var CmdGet = &base.Command{
- UsageLine: "go get [-d] [-f] [-t] [-u] [-v] [-fix] [-insecure] [build flags] [packages]",
+ UsageLine: "go get [-d] [-f] [-t] [-u] [-v] [-fix] [build flags] [packages]",
Short: "download and install packages and dependencies",
Long: `
Get downloads the packages named by the import paths, along with their
The -fix flag instructs get to run the fix tool on the downloaded packages
before resolving dependencies or building the code.
-The -insecure flag permits fetching from repositories and resolving
-custom domains using insecure schemes such as HTTP. Use with caution.
-This flag is deprecated and will be removed in a future version of go.
-The GOINSECURE environment variable should be used instead, since it
-provides control over which packages may be retrieved using an insecure
-scheme. See 'go help environment' for details.
-
The -t flag instructs get to also download the packages required to build
the tests for the specified packages.
}
var (
- getD = CmdGet.Flag.Bool("d", false, "")
- getF = CmdGet.Flag.Bool("f", false, "")
- getT = CmdGet.Flag.Bool("t", false, "")
- getU = CmdGet.Flag.Bool("u", false, "")
- getFix = CmdGet.Flag.Bool("fix", false, "")
+ getD = CmdGet.Flag.Bool("d", false, "")
+ getF = CmdGet.Flag.Bool("f", false, "")
+ getT = CmdGet.Flag.Bool("t", false, "")
+ getU = CmdGet.Flag.Bool("u", false, "")
+ getFix = CmdGet.Flag.Bool("fix", false, "")
+ getInsecure = CmdGet.Flag.Bool("insecure", false, "")
)
func init() {
work.AddBuildFlags(CmdGet, work.OmitModFlag|work.OmitModCommonFlags)
CmdGet.Run = runGet // break init loop
- CmdGet.Flag.BoolVar(&cfg.Insecure, "insecure", cfg.Insecure, "")
}
func runGet(ctx context.Context, cmd *base.Command, args []string) {
if *getF && !*getU {
base.Fatalf("go get: cannot use -f flag without -u")
}
- if cfg.Insecure {
- fmt.Fprintf(os.Stderr, "go get: -insecure flag is deprecated; see 'go help get' for details\n")
+ if *getInsecure {
+ base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
}
// Disable any prompting for passwords by Git.
return fmt.Errorf("%s: invalid import path: %v", p.ImportPath, err)
}
security := web.SecureOnly
- if cfg.Insecure || module.MatchPrefixPatterns(cfg.GOINSECURE, importPrefix) {
+ if module.MatchPrefixPatterns(cfg.GOINSECURE, importPrefix) {
security = web.Insecure
}
will result in the following requests:
https://example.org/pkg/foo?go-get=1 (preferred)
- http://example.org/pkg/foo?go-get=1 (fallback, only with -insecure)
+ http://example.org/pkg/foo?go-get=1 (fallback, only with use of correctly set GOINSECURE)
If that page contains the meta tag
Comma-separated list of glob patterns (in the syntax of Go's path.Match)
of module path prefixes that should always be fetched in an insecure
manner. Only applies to dependencies that are being fetched directly.
- Unlike the -insecure flag on 'go get', GOINSECURE does not disable
- checksum database validation. GOPRIVATE or GONOSUMDB may be used
- to achieve that.
+ GOINSECURE does not disable checksum database validation. GOPRIVATE or
+ GONOSUMDB may be used to achieve that.
GOOS
The operating system for which to compile code.
Examples are linux, darwin, windows, netbsd.
+++ /dev/null
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package modfetch
-
-import (
- "cmd/go/internal/cfg"
-
- "golang.org/x/mod/module"
-)
-
-// allowInsecure reports whether we are allowed to fetch this path in an insecure manner.
-func allowInsecure(path string) bool {
- return cfg.Insecure || module.MatchPrefixPatterns(cfg.GOINSECURE, path)
-}
func lookupDirect(path string) (Repo, error) {
security := web.SecureOnly
- if allowInsecure(path) {
+ if module.MatchPrefixPatterns(cfg.GOINSECURE, path) {
security = web.Insecure
}
rr, err := vcs.RepoRootForImportPath(path, vcs.PreferMod, security)
// version control system, we ignore meta tags about modules
// and use only direct source control entries (get.IgnoreMod).
security := web.SecureOnly
- if allowInsecure(path) {
+ if module.MatchPrefixPatterns(cfg.GOINSECURE, path) {
security = web.Insecure
}
rr, err := vcs.RepoRootForImportPath(path, vcs.IgnoreMod, security)
// useSumDB reports whether to use the Go checksum database for the given module.
func useSumDB(mod module.Version) bool {
- return cfg.GOSUMDB != "off" && !cfg.Insecure && !module.MatchPrefixPatterns(cfg.GONOSUMDB, mod.Path)
+ return cfg.GOSUMDB != "off" && !module.MatchPrefixPatterns(cfg.GONOSUMDB, mod.Path)
}
// lookupSumDB returns the Go checksum database's go.sum lines for the given module,
"sync"
"cmd/go/internal/base"
- "cmd/go/internal/cfg"
"cmd/go/internal/imports"
"cmd/go/internal/load"
"cmd/go/internal/modload"
var CmdGet = &base.Command{
// Note: -d -u are listed explicitly because they are the most common get flags.
// Do not send CLs removing them because they're covered by [get flags].
- UsageLine: "go get [-d] [-t] [-u] [-v] [-insecure] [build flags] [packages]",
+ UsageLine: "go get [-d] [-t] [-u] [-v] [build flags] [packages]",
Short: "add dependencies to current module and install them",
Long: `
Get resolves its command-line arguments to packages at specific module versions,
When the -t and -u flags are used together, get will update
test dependencies as well.
-The -insecure flag permits fetching from repositories and resolving
-custom domains using insecure schemes such as HTTP, and also bypassess
-module sum validation using the checksum database. Use with caution.
-This flag is deprecated and will be removed in a future version of go.
-To permit the use of insecure schemes, use the GOINSECURE environment
-variable instead. To bypass module sum validation, use GOPRIVATE or
-GONOSUMDB. See 'go help environment' for details.
-
The -d flag instructs get not to build or install packages. get will only
update go.mod and download source code needed to build packages.
}
var (
- getD = CmdGet.Flag.Bool("d", false, "")
- getF = CmdGet.Flag.Bool("f", false, "")
- getFix = CmdGet.Flag.Bool("fix", false, "")
- getM = CmdGet.Flag.Bool("m", false, "")
- getT = CmdGet.Flag.Bool("t", false, "")
- getU upgradeFlag
- // -insecure is cfg.Insecure
+ getD = CmdGet.Flag.Bool("d", false, "")
+ getF = CmdGet.Flag.Bool("f", false, "")
+ getFix = CmdGet.Flag.Bool("fix", false, "")
+ getM = CmdGet.Flag.Bool("m", false, "")
+ getT = CmdGet.Flag.Bool("t", false, "")
+ getU upgradeFlag
+ getInsecure = CmdGet.Flag.Bool("insecure", false, "")
// -v is cfg.BuildV
)
func init() {
work.AddBuildFlags(CmdGet, work.OmitModFlag)
CmdGet.Run = runGet // break init loop
- CmdGet.Flag.BoolVar(&cfg.Insecure, "insecure", cfg.Insecure, "")
CmdGet.Flag.Var(&getU, "u", "")
}
if *getM {
base.Fatalf("go get: -m flag is no longer supported; consider -d to skip building packages")
}
- if cfg.Insecure {
- fmt.Fprintf(os.Stderr, "go get: -insecure flag is deprecated; see 'go help get' for details\n")
+ if *getInsecure {
+ base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
}
load.ModResolveTests = *getT
"cmd/internal/browser"
)
-// impatientInsecureHTTPClient is used in -insecure mode,
+// impatientInsecureHTTPClient is used with GOINSECURE,
// when we're connecting to https servers that might not be there
// or might be using self-signed certificates.
var impatientInsecureHTTPClient = &http.Client{
[!net] skip
[!exec:git] skip
+env GONOSUMDB=bazil.org,github.com,golang.org
env GO111MODULE=off
-go get -d -insecure bazil.org/fuse/fs/fstestutil
+go get -d bazil.org/fuse/fs/fstestutil
env GO111MODULE=on
env GOPROXY=direct
-go get -d -insecure bazil.org/fuse/fs/fstestutil
+go get -d bazil.org/fuse/fs/fstestutil
# GOPATH: Try go get -d of HTTP-only repo (should fail).
! go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
-# GOPATH: Try again with -insecure (should succeed).
-go get -d -insecure insecure.go-get-issue-15410.appspot.com/pkg/p
+# GOPATH: Try again with GOINSECURE (should succeed).
+env GOINSECURE=insecure.go-get-issue-15410.appspot.com
+go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
-# GOPATH: Try updating without -insecure (should fail).
+# GOPATH: Try updating without GOINSECURE (should fail).
+env GOINSECURE=''
! go get -d -u -f insecure.go-get-issue-15410.appspot.com/pkg/p
# Modules: Set up
# Modules: Try go get -d of HTTP-only repo (should fail).
! go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
-# Modules: Try again with -insecure (should succeed).
-go get -d -insecure insecure.go-get-issue-15410.appspot.com/pkg/p
+# Modules: Try again with GOINSECURE (should succeed).
+env GOINSECURE=insecure.go-get-issue-15410.appspot.com
+env GONOSUMDB=insecure.go-get-issue-15410.appspot.com
+go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
-# Modules: Try updating without -insecure (should fail).
+# Modules: Try updating without GOINSECURE (should fail).
+env GOINSECURE=''
+env GONOSUMDB=''
! go get -d -u -f insecure.go-get-issue-15410.appspot.com/pkg/p
go list -m ...
os.Exit(1)
}
-- module_file --
-module m
\ No newline at end of file
+module m
env GO111MODULE=off
! go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
-go get -d -insecure insecure.go-get-issue-15410.appspot.com/pkg/p
+
+env GOINSECURE=insecure.go-get-issue-15410.appspot.com
+go get -d insecure.go-get-issue-15410.appspot.com/pkg/p
+++ /dev/null
-# GOPATH: Set up
-env GO111MODULE=off
-
-# GOPATH: Fetch without insecure, no warning
-! go get test
-! stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
-
-# GOPATH: Fetch with insecure, should warn
-! go get -insecure test
-stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
-
-# Modules: Set up
-env GO111MODULE=on
-
-# Modules: Fetch without insecure, no warning
-! go get test
-! stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
-
-# Modules: Fetch with insecure, should warn
-! go get -insecure test
-stderr 'go get: -insecure flag is deprecated; see ''go help get'' for details'
--- /dev/null
+# GOPATH: Set up
+env GO111MODULE=off
+
+# GOPATH: Fetch with insecure, should error
+! go get -insecure test
+stderr 'go get: -insecure flag is no longer supported; use GOINSECURE instead'
+
+# Modules: Set up
+env GO111MODULE=on
+
+# Modules: Fetch with insecure, should error
+! go get -insecure test
+stderr 'go get: -insecure flag is no longer supported; use GOINSECURE instead'
-# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure.
+# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure (now replaced by GOINSECURE).
# golang.org/issue/34049: 'go get' would panic in case of an insecure redirect in GOPATH mode
[!net] skip
! go get -d vcs-test.golang.org/insecure/go/insecure
stderr 'redirected .* to insecure URL'
-go get -d -insecure vcs-test.golang.org/insecure/go/insecure
+env GOINSECURE=vcs-test.golang.org/insecure/go/insecure
+go get -d vcs-test.golang.org/insecure/go/insecure
# Clone the repo via HTTP manually.
exec git clone -q http://github.com/golang/example github.com/golang/example
-# Update without -insecure should fail.
-# Update with -insecure should succeed.
+# Update without GOINSECURE should fail.
# We need -f to ignore import comments.
! go get -d -u -f github.com/golang/example/hello
-go get -d -u -f -insecure github.com/golang/example/hello
+
+# Update with GOINSECURE should succeed.
+env GOINSECURE=github.com/golang/example/hello
+go get -d -u -f github.com/golang/example/hello
-# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure.
+# golang.org/issue/29591: 'go get' was following plain-HTTP redirects even without -insecure (now replaced by GOINSECURE).
[!net] skip
[!exec:git] skip
! go get -d vcs-test.golang.org/insecure/go/insecure
stderr 'redirected .* to insecure URL'
-go get -d -insecure vcs-test.golang.org/insecure/go/insecure
-
# insecure host
env GOINSECURE=vcs-test.golang.org
go clean -modcache
! go get -d rsc.io/quote@v1.5.2
stderr 504
-# but -insecure bypasses the checksum lookup entirely
-env GOINSECURE=
-go get -d -insecure rsc.io/quote@v1.5.2
-
-# and then it is in go.sum again
-go get -d rsc.io/quote@v1.5.2
-
-- go.mod.orig --
module m