go version -m 输出中的箭头符号'=>”是什么意思?
- PHPz转载
- 2024-02-09 10:03:291099浏览
php小编草莓在这里为大家解答一个关于Go语言的疑问:在运行`go version -m`命令时,输出中的箭头符号"=>"代表的含义是什么呢?这个符号实际上是用来表示包的依赖关系的。当我们使用`go mod`进行包管理时,箭头符号会显示模块之间的依赖关系,指示一个模块依赖于另一个模块。通过这个符号,我们可以清晰地了解到每个模块之间的关联关系,方便我们进行包的管理和调试。
问题内容
我正在解析各种扫描仪在我的项目中识别出的 cve,其中一个 cve 与 golang 依赖项的版本相关联。
当我运行 go version -m ./binaryfile 时,被标记为易受攻击的依赖项旁边有这个箭头符号 => ,但我找不到任何地方记录它的含义。
完整的输出包含在下面...
$ go version -m /root/github.com/alexei-led/pumba/.bin/github.com/alexei-led/pumba
/root/github.com/alexei-led/pumba/.bin/github.com/alexei-led/pumba: go1.19.4
path command-line-arguments
dep github.com/alexei-led/pumba (devel)
dep github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:u+s90utsygptzmwqh2arr3luazljia+pg3kc1ylsyvy=
dep github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvcefjowuhtloarqs3+rkhyy13jywtu97c=
dep github.com/docker/distribution v2.7.1+incompatible h1:a5mlkvzth6w5a4foss3d2eo5bumsjpcb+crllu7csug=
dep github.com/docker/docker v1.13.1
=> github.com/docker/engine v17.12.0-ce-rc1.0.20190717161051-705d9623b7c1+incompatible h1:4pnn+rsurveibbmqlrtzh77hlmip4naaqrhook4apj8=
dep github.com/docker/go-connections v0.4.0 h1:el9xviselrb7bufusrzozjnkim5ynzcvinkohafqrjq=
dep github.com/docker/go-units v0.4.0 h1:3uh0pgvws3nia0q+mwdc8yjepf9zjrfzzwxzydct3tw=
dep github.com/gogo/protobuf v1.3.2 h1:ov1cvc58uf3b5xjbnzv7+opctcqfzebyjwzi34vdm4q=
dep github.com/golang/protobuf v1.4.3 h1:jjczwpvbqxdqfvmtfywevtmiyrl/npdpschpj0t/ram=
dep github.com/johntdyer/slack-go v0.0.0-20180213144715-95fac1160b22 h1:jkup9tq0c7x3w6+ipymit07re42mttwnd77sn2chngq=
dep github.com/johntdyer/slackrus v0.0.0-20180518184837-f7aae3243a07 h1:+kbg/8rjca6vxjzbujaie4mqmbebyc8nleb51frnvby=
dep github.com/opencontainers/go-digest v1.0.0 h1:apouws51w5plhuygyz9fceebiouda/6nw8oi/yohh5u=
dep github.com/opencontainers/image-spec v1.0.1 h1:jmemwkrwhx4zj+fvxwomcfm/8syggruvojfa6h/trci=
dep github.com/pkg/errors v0.9.1 h1:feblx1zs214owpjy7qsbeixburkuhqawrk5uwlgtwt4=
dep github.com/pmezard/go-difflib v1.0.0 h1:4dbwde0ngyqobhblqypwsupocmwr5bezik/f1lzbaqm=
dep github.com/russross/blackfriday/v2 v2.0.1 h1:lpqvate+huhnfhj/0lc98eswrz8afy9tm/0rk8m9o+q=
dep github.com/shurcool/sanitized_anchor_name v1.0.0 h1:pdmoco6wvbs+7yrjymort4/bmy5iyyjws/koiwx8mho=
dep github.com/sirupsen/logrus v1.7.0 h1:shrd1u9pzb12tx0cvy0dtepoch97k8etx+mg7zarutm=
dep github.com/stretchr/objx v0.1.0 h1:4g4v2do3vzwixgiroq5lfboy6nuhcyyzaqniapphys4=
dep github.com/stretchr/testify v1.6.1 h1:hdpohmpopp40lsulcqw7irrb/u7w6rpdc9399xyond0=
dep github.com/urfave/cli v1.22.4 h1:u7tspnppswafymm8iehjhy4ujmluuu/gmqskvj1inxa=
dep golang.org/x/net v0.0.0-20210917163549-3c21e5b27794 h1:poargvjk+mphife37zcmbwoljplramlkmvggjvlkyl8=
dep golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:sqfwasi55ru7vdns9yr0z324vnlrf+0wmqrxt4st8ck=
dep golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:rqytpxgr1ivnx7psjb3ff8y7snfinvfvkx1c8sjbkio=
dep google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kghl1aib/qcwari1cbqbz1rk19r85mnuf8habghugy=
dep google.golang.org/grpc v1.40.0 h1:agj0ih4mhjseibykfgh1dd9kj/eotz93i6hohhukq5q=
dep google.golang.org/protobuf v1.25.0 h1:ejskq+sypohkw+1uil0jjmtmhcgjpj/qwtxr8qp+r4c=
dep gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:duuwhk2qeco/6vqa44rthz8ie2qxmnekrthcny2nxvo=
build -compiler=gc
build -ldflags="-x main.version=0.8.0 -x main.gitcommit=0413655 -x main.gitbranch=head -x main.buildtime=2022-12-29t09:34:48-0500 "
build -tags=release
build cgo_enabled=0
build goarch=amd64
build goos=linux
build goamd64=v1
...感兴趣的线是:
=> github.com/docker/engine v17.12.0-ce-rc1.0.20190717161051-705d9623b7c1+incompatible h1:4Pnn+RsurVEiBbmqlRtzh77HLMiP4NaaqRHOOK4aPj8=
解决方法
=> 表示使用 replace 指令构建可执行二进制文件。
前一行也很重要,那就是替换的模块:
dep github.com/docker/docker v1.13.1
=> github.com/docker/engine v17.12.0-ce-rc1.0.20190717161051-705d9623b7c1+incompatible h1:4pnn+rsurveibbmqlrtzh77hlmip4naaqrhook4apj8=
这意味着 github.com/docker/docker v1.13.1 在构建过程中被 github.com/docker/engine v17.12.0-... 替换。
来自 go.mod 文件的 replace 指令示例:
replace golang.org/x/net v1.2.3 => example.com/fork/net v1.4.5
这就是 => 文字的来源。将其视为所引用的 golang.org/x/net 包“指向” example.com/fork/net(这就是实际使用的内容)。
以上是go version -m 输出中的箭头符号'=>”是什么意思?的详细内容。更多信息请关注PHP中文网其他相关文章!
声明:
本文转载于:stackoverflow.com。如有侵权,请联系admin@php.cn删除