Skip to content

"go get" fails for subgroups

Problem to solve

go 1.13 modified how import paths are resolved, and searches possible import paths in parallel. Because GitLab returns a <meta name="go-import" […]> response for both non-existant and unauthenticated paths, this causes import path resolution to fail.

Further details

For a description of the changes made in Go 1.13, see https://github.com/golang/go/issues/34094#issuecomment-531249471

Proposal

As proposes by bcmills, with CL 194679 in, there are several possible fixes:

  1. You could continue to serve <meta name="go-import" […]> tags for all URLs that could potentially exist as repositories, but serve 404s or 410s (instead of 401s) for requests for the actual repository (https://[…].git) when that the user is authorized to access any repository that has the requested path as a prefix.

    For example: if the user is authorized to see https://gitlab.com/umputuntests/sub/example.git, then a response for https://gitlab.com/umputuntests/sub.git or https://gitlab.com/umputuntests.git should have code 404 or 410, not 401.

    This seems the preferred approach

  2. You could remove the <meta name="go-import" […]> tags from https://[…]?go-get=1 responses for all URLs that don't correspond to actual repositories. (The HTTP response code does not matter as long as it is not a redirect.)

    To preserve path secrecy, you would presumably want to also remove <meta […]> tags for repositories that the requester is not authorized to see. Unfortunately, that might cause go get to fail for users on Go 1.12 due to https://github.com/golang/go/issues/29888 (which is fixed in 1.13).

    This seems problematic since it would break Go 1.12

  3. You could remove the <meta name="go-import" […]> tags from https://[…]?go-get=1 responses for all URLs that don't correspond to actual repositories when the user is authorized to access a repository that has the requested path as a prefix.

    For example, if the user is authorized to see https://gitlab.com/umputuntests/sub/example.git, then a response for https://gitlab.com/umputuntests/sub?go-get=1 should omit the <meta […]> tag, since the user already knows that that URL does not correspond to an actual repository.

Links / references

Edited by James Ramsay (ex-GitLab)