[WIP] Enhancement: Added a switch for kpm checksum to work without checksum #606
Description
Enhancement
At present, kpm needs to make network requests to obtain checksum of tripartite dependencies in the process of managing tripartite dependencies, which may cause the tool to fail to run in offline environment and lead to increased time consumption.
More details: #605
So I looked into go mod similar solution to this problem.
Skip Go Module Checksum Verification
Using GONOSUMDB
What is GONOSUMDB?
GONOSUMDBis an environment variable that specifies module paths or patterns for which Go skips checksum validation againstsum.golang.org.- Use Case: Ideal for private/internal repositories or environments where accessing
sum.golang.orgis restricted.
Configuration
- Temporary Setup (current terminal session):
export GONOSUMDB="github.com/yourcompany/*,git.example.com"
- Permanent Setup (add to shell config):
echo 'export GONOSUMDB="github.com/yourcompany/*,git.example.com"' >> ~/.bashrc # or ~/.zshrc source ~/.bashrc # reload the configuration
Path Rules
- Exact Paths:
github.com/yourteam/private-lib - Wildcards:
github.com/yourteam/*(matches all subpaths). - Multiple Paths: Separate entries with commas.
Example
For private dependencies:
github.com/yourteam/utilsgit.example.com/internal/auth
Configure:
export GONOSUMDB="github.com/yourteam/*,git.example.com/internal/auth"Now, all modules under github.com/yourteam and git.example.com/internal/auth will bypass the public checksum database.