2 minutes
Fixing the Double Folder Level Issue with Go Modules in GitLab
To provide context for the issue, I’ll first describe an example project.
Suppose I have a repository at gitlab.myserver.com/teamA/coolprojects/phonevalidator. Note that this is a private GitLab instance hosted at gitlab.myserver.com.
This repository contains a Go project that runs a service and also exposes a library for sharing functionality with other Go projects.
For instance, in gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes, there is a go.mod file with the following content:
module gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes
// ...
To allow other projects to use this library, I create a tag pkg/phonecodes/v0.0.1. This should enable me to run go get gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes@v0.0.1 to install the module.
However, running the command results in an error:
go get -v gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes@v0.0.1
get "gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes": found meta tag vcs.metaImport{Prefix:"gitlab.myserver.com/teamA/coolprojects", VCS:"git", RepoRoot:"https://gitlab.myserver.com/teamA/coolprojects.git"} at //gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes?go-get=1
get "gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes": verifying non-authoritative meta tag
go: gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes@v0.0.1: reading gitlab.myserver.com/teamA/coolprojects/phonevalidator/pkg/phonecodes/go.mod at revision emulator/pkg/events/v0.0.1: git ls-remote -q origin in /Users/myuser/go/pkg/mod/cache/vcs/1234....: exit status 128:
remote:
remote: ========================================================================
remote:
remote: The project you were looking for could not be found or you don't have permission to view it.
remote:
remote: ========================================================================
remote:
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The error shows that go get attempts to access https://gitlab.myserver.com/teamA/coolprojects.git, which is neither accessible nor the correct repository.
Cause
GitLab restricts access to repository paths beyond one level for security reasons. This prevents unauthenticated requests from revealing the structure of private repositories.
GitLab’s code comments explain this behavior:
if project
# If a project is found and the user has access, we return the full project path
return project.full_path, project.default_branch
else
# If not, we return the first two components as if it were a simple `namespace/project` path,
# so that we don't reveal the existence of a nested project the user doesn't have access to.
# This means that for an unauthenticated request to `group/subgroup/project/subpackage`
# for a private `group/subgroup/project` with subpackage path `subpackage`, GitLab will respond
# as if the user is looking for project `group/subgroup`, with subpackage path `project/subpackage`.
# Since `go get` doesn't authenticate by default, this means that
# `go get gitlab.com/group/subgroup/project/subpackage` will not work for private projects.
# `go get gitlab.com/group/subgroup/project.git/subpackage` will work, since Go is smart enough
# to figure that out. `import 'gitlab.com/...'` behaves the same as `go get`.
return simple_project_path, 'master'
end
Solution
To resolve this issue, add a .netrc file in your home directory with the following content:
machine gitlab.myserver.com
login <my-gitlab-user>
password <personal-access-token>
You will need to create a GitLab personal access token with appropriate permissions.