Can't get this repo

[Shawn-Huang-Tron]

go get: github.com/anacrolix/torrent@none updating to
        github.com/anacrolix/torrent@v1.46.0 requires
        github.com/anacrolix/dht/v2@v2.16.2-0.20220311024416-dd658f18fd51 requires
        github.com/anacrolix/torrent@v1.41.1-0.20220309095723-02b6ee995497 requires
        github.com/anacrolix/dht/v2@v2.15.2-0.20220123034220-0538803801cb: invalid version: unknown revision 0538803801cb```

[anacrolix]

Could you try with go get github.com/anacrolix/torrent@master?

[anacrolix]

Scratch that please try go get github.com/anacrolix/torrent@v1.47.0

[Shawn-Huang-Tron]

both of them still not working.

[anacrolix]

What version of Go are you using?

[anacrolix]

Wow, this really sucks. Even updating dependencies on anacrolix/torrent to a version that doesn't depend on dht versions that don't depend on older anacrolix/torrent doesn't work. The Go tooling here is appalling. I'm at a loss.

[bcmills]

Note that with the default GOPROXY setting the module can still be fetched from proxy.golang.org.
That said, I can appreciate that you probably want to fix this for all users regardless of which GOPROXY they're using.

Fortunately, as of Go 1.17 we do have two features that should help.

One is module graph pruning. To activate it, run go mod tidy -go=1.17 (or some higher Go version) in the module that you want to be pruned. You may need to turn on pruning in several modules in order to eliminate the problematic dependency.

The other is better semantics for exclude directives. If you exclude the problematic transitive dependency, you should be able to fetch the rest of the module graph and carry on:

$ go mod edit -exclude=github.com/anacrolix/dht/v2@v2.15.2-0.20220123034220-0538803801cb

$ go get github.com/anacrolix/torrent
go: added crawshaw.io/sqlite v0.3.3-0.20210127221821-98b1f83c5508
go: added github.com/RoaringBitmap/roaring v1.2.1
go: added github.com/ajwerner/btree v0.0.0-20211221152037-f427b3e689c0
go: added github.com/alecthomas/atomic v0.1.0-alpha2
go: added github.com/anacrolix/chansync v0.3.0
go: added github.com/anacrolix/dht/v2 v2.19.0
go: added github.com/anacrolix/envpprof v1.2.1
go: added github.com/anacrolix/generics v0.0.0-20220618083756-f99e35403a60
go: added github.com/anacrolix/go-libutp v1.2.0
go: added github.com/anacrolix/log v0.13.2-0.20220711050817-613cb738ef30
go: added github.com/anacrolix/missinggo v1.3.0
go: added github.com/anacrolix/missinggo/perf v1.0.0
go: added github.com/anacrolix/missinggo/v2 v2.7.0
go: added github.com/anacrolix/mmsg v1.0.0
go: added github.com/anacrolix/multiless v0.3.0
go: added github.com/anacrolix/stm v0.4.0
go: added github.com/anacrolix/sync v0.4.0
go: added github.com/anacrolix/torrent v1.47.0
go: added github.com/anacrolix/upnp v0.1.3-0.20220123035249-922794e51c96
go: added github.com/anacrolix/utp v0.1.0
go: added github.com/bahlo/generic-list-go v0.2.0
go: added github.com/benbjohnson/immutable v0.3.0
go: added github.com/bits-and-blooms/bitset v1.2.2
go: added github.com/bradfitz/iter v0.0.0-20191230175014-e8f45d346db8
go: added github.com/davecgh/go-spew v1.1.1
go: added github.com/dustin/go-humanize v1.0.0
go: added github.com/edsrzf/mmap-go v1.1.0
go: added github.com/go-logr/logr v1.2.3
go: added github.com/go-logr/stdr v1.2.2
go: added github.com/google/btree v1.1.2
go: added github.com/google/uuid v1.3.0
go: added github.com/gorilla/websocket v1.5.0
go: added github.com/huandu/xstrings v1.3.2
go: added github.com/lispad/go-generics-tools v1.1.0
go: added github.com/mschoch/smat v0.2.0
go: added github.com/pion/datachannel v1.5.2
go: added github.com/pion/dtls/v2 v2.1.5
go: added github.com/pion/ice/v2 v2.2.6
go: added github.com/pion/interceptor v0.1.11
go: added github.com/pion/logging v0.2.2
go: added github.com/pion/mdns v0.0.5
go: added github.com/pion/randutil v0.1.0
go: added github.com/pion/rtcp v1.2.9
go: added github.com/pion/rtp v1.7.13
go: added github.com/pion/sctp v1.8.2
go: added github.com/pion/sdp/v3 v3.0.5
go: added github.com/pion/srtp/v2 v2.0.9
go: added github.com/pion/stun v0.3.5
go: added github.com/pion/transport v0.13.1
go: added github.com/pion/turn/v2 v2.0.8
go: added github.com/pion/udp v0.1.1
go: added github.com/pion/webrtc/v3 v3.1.42
go: added github.com/pkg/errors v0.9.1
go: added github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417
go: added github.com/tidwall/btree v1.3.1
go: added go.etcd.io/bbolt v1.3.6
go: added go.opentelemetry.io/otel v1.8.0
go: added go.opentelemetry.io/otel/trace v1.8.0
go: added golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
go: added golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
go: added golang.org/x/net v0.0.0-20220630215102-69896b714898
go: added golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
go: added golang.org/x/sys v0.0.0-20220702020025-31831981b65f
go: added golang.org/x/time v0.0.0-20220609170525-579cf78fd858

Ideally, you can combine exclude directives and module graph pruning: if you turn on graph pruning for your own modules and use an exclude directive to notch out the bad version, then anyone who depends on your module (and has graph pruning enabled) also won't see that bad version unless they also add a direct dependency on something that requires it.

[anacrolix]

Thank you so much @bcmills!

[anacrolix]

@bcmills this doesn't actually work from the library side: If a potential downstream runs go mod edit -exclude=github.com/anacrolix/dht/v2@v2.15.2-0.20220123034220-0538803801cb, they're able to avoid this bad dependency, but there's no way for me to make pruning or excluding work from either anacrolix/dht/v2 or anacrolix/torrent. You can observe this by trying to prune with go mod tidy -compat=1.18 -go=1.18 before, or after a go mod edit -exclude=github.com/anacrolix/dht/v2@v2.15.2-0.20220123034220-0538803801cb in either of those repos. There's absolutely no change to go.mod or go.sum.

[Shawn-Huang-Tron]

go version go1.16.15 darwin/arm64

[Shawn-Huang-Tron]

There is another error:

go mod edit -exclude=github.com/anacrolix/dht/v2@v2.15.2-0.20220123034220-0538803801cb
go get github.com/anacrolix/torrent
go: downloading github.com/RoaringBitmap/roaring v1.2.1
go: downloading github.com/anacrolix/chansync v0.3.0
go: downloading github.com/anacrolix/dht/v2 v2.19.0
go: downloading github.com/anacrolix/generics v0.0.0-20220618083756-f99e35403a60
go: downloading github.com/anacrolix/go-libutp v1.2.0
go: downloading github.com/anacrolix/log v0.13.2-0.20220711050817-613cb738ef30
go: downloading github.com/anacrolix/missinggo v1.3.0
go: downloading github.com/anacrolix/missinggo/perf v1.0.0
go: downloading github.com/anacrolix/missinggo/v2 v2.7.0
go: downloading github.com/anacrolix/multiless v0.3.0
go: downloading github.com/anacrolix/sync v0.4.0
go: downloading github.com/anacrolix/upnp v0.1.3-0.20220123035249-922794e51c96
go: downloading github.com/anacrolix/utp v0.1.0
go: downloading github.com/bahlo/generic-list-go v0.2.0
go: downloading github.com/google/btree v1.1.2
go: downloading github.com/lispad/go-generics-tools v1.1.0
go: downloading github.com/pion/datachannel v1.5.2
go: downloading github.com/pion/webrtc/v3 v3.1.42
go: downloading go.opentelemetry.io/otel v1.8.0
go: downloading golang.org/x/time v0.0.0-20220609170525-579cf78fd858
go: downloading golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
go: downloading github.com/bradfitz/iter v0.0.0-20191230175014-e8f45d346db8
go: downloading github.com/rs/dnscache v0.0.0-20211102005908-e0241e321417
go: downloading github.com/anacrolix/mmsg v1.0.0
go: downloading github.com/anacrolix/envpprof v1.2.1
go: downloading go.opentelemetry.io/otel/trace v1.8.0
go: downloading github.com/ajwerner/btree v0.0.0-20211221152037-f427b3e689c0
go: downloading github.com/tidwall/btree v1.3.1
go: downloading crawshaw.io/sqlite v0.3.3-0.20210127221821-98b1f83c5508
go: downloading go.etcd.io/bbolt v1.3.6
go: downloading github.com/pion/logging v0.2.2
go: downloading github.com/huandu/xstrings v1.3.2
go: downloading github.com/pion/sctp v1.8.2
go: downloading github.com/benbjohnson/immutable v0.3.0
go: downloading github.com/pion/dtls/v2 v2.1.5
go: downloading github.com/pion/ice/v2 v2.2.6
go: downloading github.com/pion/interceptor v0.1.11
go: downloading github.com/pion/randutil v0.1.0
go: downloading github.com/pion/rtcp v1.2.9
go: downloading github.com/pion/rtp v1.7.13
go: downloading github.com/pion/sdp/v3 v3.0.5
go: downloading github.com/pion/srtp/v2 v2.0.9
go: downloading github.com/pion/transport v0.13.1
go: downloading github.com/go-logr/logr v1.2.3
go: downloading github.com/anacrolix/stm v0.4.0
go: downloading github.com/pion/mdns v0.0.5
go: downloading github.com/pion/stun v0.3.5
go: downloading github.com/pion/turn/v2 v2.0.8
go: downloading github.com/pion/udp v0.1.1
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading github.com/alecthomas/atomic v0.1.0-alpha2
go: downloading github.com/mschoch/smat v0.2.0
go: downloading github.com/bits-and-blooms/bitset v1.2.2
github.com/anacrolix/torrent imports
        net/netip: package net/netip is not in GOROOT (/usr/local/go/src/net/netip)

[anacrolix]

@Shawn-Huang-Tron net/netip was only added in go 1.18, so you must use that.

[Shawn-Huang-Tron]

Is that means that I have to upgrade my go version to 1.18?

[bcmills]

@Shawn-Huang-Tron, per the Go release policy, the only major releases of the toolchain currently supported by the Go project are 1.18 (currently 1.16.6) and 1.19 (currently 1.19.1). You should upgrade either way so that you pick up current security fixes. 😅

[bcmills]

There's absolutely no change to go.mod or go.sum.

Hmm, it looks like you've already got graph pruning enabled — and, even more confusingly, once the go get completes using proxy.golang.org, the bad version doesn't remain in the module graph:

$ go mod init example
go: creating new go.mod: module example

$ go get github.com/anacrolix/dht/v2
go: added github.com/anacrolix/chansync v0.3.0
go: added github.com/anacrolix/dht/v2 v2.19.0
go: added github.com/anacrolix/log v0.13.2-0.20220426014722-7b7d13a55d55
go: added github.com/anacrolix/missinggo v1.3.0
go: added github.com/anacrolix/missinggo/perf v1.0.0
go: added github.com/anacrolix/missinggo/v2 v2.7.0
go: added github.com/anacrolix/multiless v0.2.1-0.20211218050420-533661eef5dc
go: added github.com/anacrolix/stm v0.3.0
go: added github.com/anacrolix/sync v0.4.0
go: added github.com/anacrolix/torrent v1.46.0
go: added github.com/benbjohnson/immutable v0.3.0
go: added github.com/bradfitz/iter v0.0.0-20191230175014-e8f45d346db8
go: added github.com/edsrzf/mmap-go v1.1.0
go: added github.com/huandu/xstrings v1.3.2
go: added github.com/rs/dnscache v0.0.0-20210201191234-295bba877686
go: added golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
go: added golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e
go: added golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac

$ go mod graph | grep -o '[^ ]*dht[^ ]*' | sort -u
github.com/anacrolix/dht/v2@v2.16.2-0.20220311024416-dd658f18fd51
github.com/anacrolix/dht/v2@v2.19.0

[bcmills]

This looks to me like a bug in go get, or an least an unexpected mode of operation in graph pruning. I've filed it as golang/go#55955.

[anacrolix]

Thank you @Shawn-Huang-Tron for putting the effort in to report this.

[anacrolix]

This seems to be unreproducible with go1.20.3. I don't think a patch in golang/go has arrived, but suspect some dependencies have been shuffled around in newer versions of anacrolix/torrent and anacrolix/dht that avoid the problem. Please reopen if the issue comes up again.