git: 4e29133174db - main - Mk/Uses/go.mk: Be more lenient about vendoring

From: Dmitri Goutnik <dmgk_at_FreeBSD.org>
Date: Thu, 05 May 2022 11:40:17 UTC
The branch main has been updated by dmgk:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4e29133174dbb05c197b8398edd3831da9e5994f

commit 4e29133174dbb05c197b8398edd3831da9e5994f
Author:     Dmitri Goutnik <dmgk@FreeBSD.org>
AuthorDate: 2022-05-05 11:12:44 +0000
Commit:     Dmitri Goutnik <dmgk@FreeBSD.org>
CommitDate: 2022-05-05 11:39:45 +0000

    Mk/Uses/go.mk: Be more lenient about vendoring
    
    Add flag to `go mod vendor` instructing it to proceed despite errors
    encountered while loading packages. This will allow build to continue
    (with warnings) when e.g. upstream ships outdated go.sum with missing
    checksums for some packages. Invalid checksums are still security
    errors [1].
    
    While here, add additional module cache revalidation after fetching
    dependencies.
    
    [1] https://go.dev/ref/mod#authenticating
---
 Mk/Uses/go.mk | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Mk/Uses/go.mk b/Mk/Uses/go.mk
index d77c78c63b84..96c46ce30fbc 100644
--- a/Mk/Uses/go.mk
+++ b/Mk/Uses/go.mk
@@ -162,7 +162,8 @@ post-fetch:
 	@${ECHO_MSG} "===> Fetching ${GO_MODNAME} dependencies";
 	@(cd ${DISTDIR}/${DIST_SUBDIR}; \
 		[ -e go.mod ] || ${RLN} ${GO_MODFILE} go.mod; \
-		${SETENV} ${GO_ENV} GOPROXY=${GO_GOPROXY} ${GO_CMD} mod download -x)
+		${SETENV} ${GO_ENV} GOPROXY=${GO_GOPROXY} ${GO_CMD} mod download -x; \
+		${SETENV} ${GO_ENV} GOPROXY=${GO_GOPROXY} ${GO_CMD} mod verify)
 .  endif
 
 .  if !target(post-extract)
@@ -172,7 +173,7 @@ post-extract:
 	@${LN} -sf ${WRKSRC} ${GO_WRKSRC}
 .    elif ${go_ARGS:Mmodules} && defined(GO_MODULE)
 post-extract:
-	@(cd ${GO_WRKSRC}; ${SETENV} ${GO_ENV} GOPROXY=off ${GO_CMD} mod vendor)
+	@(cd ${GO_WRKSRC}; ${SETENV} ${GO_ENV} GOPROXY=off ${GO_CMD} mod vendor -e)
 .    endif 
 .  endif