I’ve been banging my head against this for a while. Do you have a proxy that is maybe getting in the way of Go (via Hugo) module downloads?
Any ideas? I don’t see this on the forum as something others have seen in the past.
AFAICT I have the same versions of Go and Hugo as I am using on Netlify but they still are producing different checksums (but consistently the same checksum on my side, and on Netlify’s side) for the same github repo / module.
Site name: www.wildtechgarden.ca.
Example deploy log: Netlify App
9:36:23 AM: Building for audit in /opt/build/repo/public for environment development
9:36:25 AM: hugo: downloading modules …
9:36:26 AM: verifying github.com/danielfdickinson/image-handling-mod-demo@v0.0.1: checksum mismatch
9:36:26 AM: downloaded: h1:+FUsQG3sHlTRterPW3xgj7tM2hchMkvT9KaQ1dBjNQE=
9:36:26 AM: go.sum: h1:j/KbJgZSghWxlob43nXFT5jlDRuMk5xy1rBBK+/Vj0g=
9:36:26 AM: SECURITY ERROR
9:36:26 AM: This download does NOT match an earlier download recorded in go.sum.
9:36:26 AM: The bits may have been replaced on the origin server, or an attacker may
9:36:26 AM: have intercepted the download attempt.
9:36:26 AM: For more information, see 'go help module-auth'.
9:36:26 AM: hugo: collected modules in 2880 ms
9:36:26 AM: Error: failed to load modules: failed to download modules: failed to execute 'go [mod download]': failed to execute binary go with args [mod download]: verifying github.com/danielfdickinson/image-handling-mod-demo@v0.0.1: checksum mismatch
9:36:26 AM: downloaded: h1:+FUsQG3sHlTRterPW3xgj7tM2hchMkvT9KaQ1dBjNQE=
9:36:26 AM: go.sum: h1:j/KbJgZSghWxlob43nXFT5jlDRuMk5xy1rBBK+/Vj0g=
9:36:26 AM: SECURITY ERROR
9:36:26 AM: This download does NOT match an earlier download recorded in go.sum.
9:36:26 AM: The bits may have been replaced on the origin server, or an attacker may
9:36:26 AM: have intercepted the download attempt.
9:36:26 AM: For more information, see 'go help module-auth'.
9:36:26 AM: *errors.errorString