go.sum 中的校验和是如何计算的?
How are the checksums in go.sum computed?
我查看了 https://go.dev/doc/modules/gomod-ref and https://go.dev/ref/mod#go-mod-tidy,但在这两个页面上我都找不到任何说明如何计算 go.sum 中的校验和的文档。
go.sum 中的校验和是如何计算的?
校验和是依赖项的哈希值。您要查找的文档是 https://go.dev/ref/mod#go-sum-files.
Each line in go.sum has three fields separated by spaces: a module path, a version (possibly ending with /go.mod), and a hash.
- The module path is the name of the module the hash belongs to.
- The version is the version of the module the hash belongs to. If the version ends with /go.mod, the hash is for the module’s go.mod file only; otherwise, the hash is for the files within the module’s .zip file.
- The hash column consists of an algorithm name (like h1) and a base64-encoded cryptographic hash, separated by a colon (:). Currently, SHA-256 (h1) is the only supported hash algorithm. If a vulnerability in SHA-256 is discovered in the future, support will be added for another algorithm (named h2 and so on).
示例 go.sum 带有 module version hash 的行就像
github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=
github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=
我查看了 https://go.dev/doc/modules/gomod-ref and https://go.dev/ref/mod#go-mod-tidy,但在这两个页面上我都找不到任何说明如何计算 go.sum 中的校验和的文档。
go.sum 中的校验和是如何计算的?
校验和是依赖项的哈希值。您要查找的文档是 https://go.dev/ref/mod#go-sum-files.
Each line in go.sum has three fields separated by spaces: a module path, a version (possibly ending with /go.mod), and a hash.
- The module path is the name of the module the hash belongs to.
- The version is the version of the module the hash belongs to. If the version ends with /go.mod, the hash is for the module’s go.mod file only; otherwise, the hash is for the files within the module’s .zip file.
- The hash column consists of an algorithm name (like h1) and a base64-encoded cryptographic hash, separated by a colon (:). Currently, SHA-256 (h1) is the only supported hash algorithm. If a vulnerability in SHA-256 is discovered in the future, support will be added for another algorithm (named h2 and so on).
示例 go.sum 带有 module version hash 的行就像
github.com/go-chi/chi v1.5.4 h1:QHdzF2szwjqVV4wmByUnTcsbIg7UGaQ0tPF2t5GcAIs=
github.com/go-chi/chi v1.5.4/go.mod h1:uaf8YgoFazUOkPBG7fxPftUylNumIev9awIWOENIuEg=