Use go get to require dependency from private github repo on WSL 2

Question

I'm trying out WSL 2 on windows 10 and it's gone well so far, but I've been struggling for 2 weeks to make this work, because for some reason go get doesn't use or is not able to make the Git Credentials Manager to prompt for my credentials.

I followed this blog to set up WSL2 with GCM https://www.edwardthomson.com/blog/git_credential_manager_with_windows_subsystem_for_linux.html

And it works very good for most of the daily tasks like cloning, read and write. But when using go get I get this error.

go get <remote github repo>@<latest commit id>
go: <remote github repo> 681dceefc81203e094872401c184d038090d6049 => v0.0.17-0.20200501212733-681dceefc812
go get: <remote github repo>@v0.0.17-0.20200501212733-681dceefc812/go.mod: verifying module: <remote github repo>@v0.0.17-0.20200501212733-681dceefc812/go.mod: reading https://sum.golang.org/lookup/<remote github repo>@v0.0.17-0.20200501212733-681dceefc812: 410 Gone
        server response:
        not found: <remote github repo>@v0.0.17-0.20200501212733-681dceefc812: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /tmp/gopath/pkg/mod/cache/vcs/232ff028cb2fdebd254e30bfc612843483f0fe3fbeb18d5fc8fb4b20f21c9021: exit status 128:
                fatal: could not read Username for 'https://github.com': terminal prompts disabled

Already tried ssh-keys and the solutions proposed here go get results in 'terminal prompts disabled' error for github private repo

But the error remains the same, when enabling env GIT_TERMINAL_PROMPT=1 nothing happens, I guess it's because WSL 2 doesn't have the permissions to do that. Anyway I also tried this tool https://github.com/microsoft/Git-Credential-Manager-for-Mac-and-Linux and by setting a variable for plain credentials store, it prompts in the terminal for credentials. But I'm using 2FA because it's required by the organization and the prompt only asks for username and password, so the authentication fails.

So I have to reach out to a mate who is using Mac. He is able to go get the dependency to affect go.mod, make a commit and push the change so I can pull it and continue from there. But of course this is not ideal, and he doesn't have any problem, he uses osxkeychain to manage his git credentials.

Anyone has faced this issue? or know how to solve it? Thank you so much in advance.

Answer 1

Go is not able to understand that certain modules are private and their checksum should not be validated against go's checksum library. The following error comes from that

verifying module: <remote github repo>@v0.0.17-0.20200501212733-681dceefc812/go.mod: reading https://sum.golang.org/lookup/<remote github repo>@v0.0.17-0.20200501212733-681dceefc812: 410 Gone

If possible use at least go 1.13 or, higher. Go had introduced an env variables by name GOPRIVATE, GONOPROXY and GONOSUMDB for managing private modules better. Simplest way to signal to Go that you are importing a private repo is to use GOPRIVATE. Set the pattern of private repos to GOPRIVATE env variable to suppress checksum validation and usage of GOPROXY. Example below avoids checksum for all repos in that hierarchy:

GOPRIVATE=github.com/<your org>/*

Check out answers here and here. You can also do go help module-private for help.