buildGoModule with local src: inconsistent vendoring

magthe · August 19, 2020, 11:43am

Based on the post Use buildGoModule with local src I put together the following expression:

  thePkg = buildGoModule {
    pname = "mypkg";
    version = "0.0.1";
    src = lib.cleanSource ./.;
    vendorSha256 = sha256:0sjjj9z1dhilhpc8pq4154czrb79z9cm044jvn75kxcjv6v5l2m5;
  };

That worked when I first started out. Then I had no required packages in go.mod, no go.sum, no internal package, just a cmd/my-tool/main.go, … yes, it was pretty much a “Hello, World!” package.

Then I added code, a couple of internal packages (in internal/...) and some dependencies to go.mod, which of course resulted in a go.sum file. By now the expression above have stopped working, and I get the following output when I try to build:

nix-build --attr pkg
these derivations will be built:
  /nix/store/blhlxnn2fvahpvn4ascyi2wcxznj8iiv-mypkg-0.0.1.drv
building '/nix/store/blhlxnn2fvahpvn4ascyi2wcxznj8iiv-mypkg-0.0.1.drv'...
unpacking sources
unpacking source archive /nix/store/24bshfm5i0wpixrr9avigispybwvzr9f-source
source root is source
patching sources
configuring
building
Building subPackage ./cmd/my-tool
go: inconsistent vendoring in /build/source:
        github.com/beevik/etree@v1.1.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
        github.com/golang-migrate/migrate/v4@v4.12.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
        github.com/rs/zerolog@v1.19.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
        github.com/google/uuid@v1.1.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
        github.com/lib/pq@v1.8.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt

run 'go mod vendor' to sync, or use -mod=mod or -mod=readonly to ignore the vendor directory
builder for '/nix/store/blhlxnn2fvahpvn4ascyi2wcxznj8iiv-mypkg-0.0.1.drv' failed with exit code 1

I’m not really sure what I can do about it. Running go mod vendor manually doesn’t help (I didn’t really expect it to either).

Any help would be much appreciated.

magthe · August 19, 2020, 6:41pm

It looks like this is how a bad vendorSha256 manifests itself. Changing it to lib.fakeSha256, trying a build, copy-pasting the sha256 reported, and finally trying the build again made it all work.

It would have been nice if the wrong sha would have triggered the same error as lib.fakeSha256 does

johnrichardrinehart · May 16, 2021, 7:00am

Yeah, this needs to be changed.

Hubro · July 20, 2024, 10:23am

Oh for god’s sake… I should have Googled this sooner. This error message is catastrophically bad.

EDIT: I actually still can’t get it to work. I set vendorHash to lib.fakeSha256 and I’m still getting the same error. Any ideas?

(efm-langserver.overrideAttrs (finalAttrs: previousAttrs: {
  src = pkgs.fetchFromGitHub {
    owner = "kyoh86";
    repo = "efm-langserver";
    rev = "fix-281-2";
    sha256 = "sha256-i1EUEBe5RMjdVvmb3eYI37dLXU0DRJDkaMcpr5Gprqo=";
  };
  vendorHash = lib.fakeSha256;
  vendorSha256 = lib.fakeSha256;
}))

Build log:

sourcing setup hook '/nix/store/yq6n8b0mnk0qxzbs3ajsjcp8ziwqylrl-patchelf-0.15.0/nix-support/setup-hook'
sourcing setup hook '/nix/store/iks1pihvbilsh5sy8qvpd638k422w9i8-update-autotools-gnu-config-scripts-hook/nix-support/setup-hook'
sourcing setup hook '/nix/store/h9lc1dpi14z7is86ffhl3ld569138595-audit-tmpdir.sh'
sourcing setup hook '/nix/store/m54bmrhj6fqz8nds5zcj97w9s9bckc9v-compress-man-pages.sh'
sourcing setup hook '/nix/store/wgrbkkaldkrlrni33ccvm3b6vbxzb656-make-symlinks-relative.sh'
sourcing setup hook '/nix/store/5yzw0vhkyszf2d179m0qfkgxmp5wjjx4-move-docs.sh'
sourcing setup hook '/nix/store/fyaryjvghbkpfnsyw97hb3lyb37s1pd6-move-lib64.sh'
sourcing setup hook '/nix/store/kd4xwxjpjxi71jkm6ka0np72if9rm3y0-move-sbin.sh'
sourcing setup hook '/nix/store/pag6l61paj1dc9sv15l7bm5c17xn5kyk-move-systemd-user-units.sh'
sourcing setup hook '/nix/store/jivxp510zxakaaic7qkrb7v1dd2rdbw9-multiple-outputs.sh'
sourcing setup hook '/nix/store/ilaf1w22bxi6jsi45alhmvvdgy4ly3zs-patch-shebangs.sh'
sourcing setup hook '/nix/store/cickvswrvann041nqxb0rxilc46svw1n-prune-libtool-files.sh'
sourcing setup hook '/nix/store/xyff06pkhki3qy1ls77w10s0v79c9il0-reproducible-builds.sh'
sourcing setup hook '/nix/store/ngg1cv31c8c7bcm2n8ww4g06nq7s4zhm-set-source-date-epoch-to-latest.sh'
sourcing setup hook '/nix/store/gps9qrh99j7g02840wv5x78ykmz30byp-strip.sh'
sourcing setup hook '/nix/store/kp2j7yn0wzwq5piy494r54dafrh83s6s-gcc-wrapper-13.3.0/nix-support/setup-hook'
sourcing setup hook '/nix/store/9rz99vibv1782dxjkwvxr29s7f2f86wl-binutils-wrapper-2.42/nix-support/setup-hook'
@nix { "action": "setPhase", "phase": "unpackPhase" }
Running phase: unpackPhase
unpacking source archive /nix/store/8a4q8bsrjbpj79xbh6phy17shrix8rzp-source
calling 'unpackCmd' function hook '_defaultUnpack' /nix/store/8a4q8bsrjbpj79xbh6phy17shrix8rzp-source
source root is source
calling 'postUnpack' function hook '_updateSourceDateEpochFromSourceRoot'
@nix { "action": "setPhase", "phase": "patchPhase" }
Running phase: patchPhase
@nix { "action": "setPhase", "phase": "updateAutotoolsGnuConfigScriptsPhase" }
Running phase: updateAutotoolsGnuConfigScriptsPhase
@nix { "action": "setPhase", "phase": "configurePhase" }
Running phase: configurePhase
calling 'preConfigure' function hook '_multioutConfig'
@nix { "action": "setPhase", "phase": "buildPhase" }
Running phase: buildPhase
Building subPackage ./.
go: inconsistent vendoring in /build/source:
	github.com/google/go-cmp@v0.6.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt

	To ignore the vendor directory, use -mod=readonly or -mod=mod.
	To sync the vendor directory, run:
		go mod vendor

EDIT: I guess overrideAttrs doesn’t work as I thought. When I copy and modify the original derivation instead, it works as expected.