[英]why I use golang module, and import a module that is not opted in module, but go.sum file has go.mod file hash?
I am now using golang 1.13 and use go module.我现在使用 golang 1.13 并使用 go 模块。
However, when I import a package (for example, a) that is not opted in go module, in go.sum file there is still two lines.但是,当我导入一个没有在 go 模块中选择的包(例如,a)时,在 go.sum 文件中仍然有两行。 Go module tells us that "Each known module version results in two lines in the go.sum file. The first line gives the hash of the module version's file tree. The second line appends "/go.mod" to the version and gives the hash of only the module version's (possibly synthesized) go.mod file. The go.mod-only hash allows downloading and authenticating a module version's go.mod file, which is needed to compute the dependency graph, without also downloading all the module's source code."
Go 模块告诉我们“每个已知的模块版本都会在 go.sum 文件中生成两行。第一行给出模块版本文件树的哈希值。第二行将“/go.mod”附加到版本并给出仅模块版本(可能是合成的)go.mod 文件的哈希值。go.mod-only 哈希值允许下载和验证模块版本的 go.mod 文件,该文件是计算依赖图所必需的,而无需下载所有模块的源代码代码。”
( https://tip.golang.org/cmd/go/#hdr-Module_downloading_and_verification ). ( https://tip.golang.org/cmd/go/#hdr-Module_downloading_and_verification )。
But this package is not a module, and so it does not have a go.mod file?但是这个包不是一个模块,所以它没有 go.mod 文件? For example, if I import package call "github.com/example/a" that is not a module, in go.sum file, it still has these two lines:
例如,如果我导入不是模块的包调用“github.com/example/a”,在 go.sum 文件中,它仍然有这两行:
github.com/example/a v0.0.0-20190627063042-31896c4e4162 h1:rSqi2vQEpS+GAFKrLvmxzWW3OGlLI4hANnEf/ib/ofo=
github.com/example/a v0.0.0-20190627063042-31896c4e4162/go.mod h1:tcpxll8wcruwpPpWBbjAsWc1JbLHld/v9F+3rgLIr4c=
My question is, how the second line generated?我的问题是,第二行是如何生成的?
go.sum
contains the expected cryptographic checksums of the content of specific module versions. go.sum
包含特定模块版本内容的预期加密校验和。 Each time a dependency is used, its checksum is added to go.sum if missing or else required to match the existing entry in go.sum.每次使用依赖项时,如果缺少或需要匹配 go.sum 中的现有条目,则将其校验和添加到 go.sum。
Every package/module is dependency and every dependency mean to be maintained with checksums in go.sum
so whether it is package or module it would be maintained.每个包/模块都是依赖项,每个依赖项都意味着使用
go.sum
校验和进行维护,因此无论是包还是模块,都将对其进行维护。
The sources would be downloaded in $GOPATH/src
directory accordingly.源代码将相应地下载到
$GOPATH/src
目录中。
TRY -尝试 -
Cause in into the go.sum
file are written EVERY dependencies sum hash.导致在
go.sum
文件中写入每个依赖项 sum 哈希。 The one related to your go.mod
file, and the one imported from the modules that you have imported.一个与您的
go.mod
文件相关,另一个是从您导入的模块中导入的。 Try run go mod tidy
in order to reduce the imported modules, your go.mod
file will contains some //indirect
import, that are the one that your imported modules use internally.尝试运行
go mod tidy
以减少导入的模块,您的go.mod
文件将包含一些//indirect
import,这是您导入的模块内部使用的。
Maybe the Golang source code can explain the reason:或许Golang源码可以解释原因:
func (r *codeRepo) legacyGoMod(rev, dir string) []byte {
// We used to try to build a go.mod reflecting pre-existing
// package management metadata files, but the conversion
// was inherently imperfect (because those files don't have
// exactly the same semantics as go.mod) and, when done
// for dependencies in the middle of a build, impossible to
// correct. So we stopped.
// Return a fake go.mod that simply declares the module path.
return []byte(fmt.Sprintf("module %s\n", modfile.AutoQuote(r.modPath)))
}
code from here: https://github.com/golang/go/blob/acac535c3ca571beeb168c953d6d672f61387ef1/src/cmd/go/internal/modfetch/coderepo.go#L857来自这里的代码: https : //github.com/golang/go/blob/acac535c3ca571beeb168c953d6d672f61387ef1/src/cmd/go/internal/modfetch/coderepo.go#L857
↓ VSCode open /usr/local/go/src
: ↓ VSCode 打开
/usr/local/go/src
:
cmd/go/internal/modfetch/coderepo.go
, add a breakpoint to func legacyGoMod
cmd/go/internal/modfetch/coderepo.go
,给 func legacyGoMod
添加断点cmd/go/internal/modfetch/coderepo_test.go
, press F5cmd/go/internal/modfetch/coderepo_test.go
,按 F5
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.