x/tools/cmd/auth: tag and delete

[samthanawalla]

Proposal Details

The x/tools/cmd/auth directory is obsolete. We've integrated its GOAUTH implementation directly into src/cmd/go/internal/auth as part of issue #26232. This means we no longer need to maintain the separate reference implementation in x/tools/cmd/auth.

Therefore, let's delete x/tools/cmd/auth

[adonovan]

BTW, the process for deleting a package is to create a new module in its subdirectory, release it by tagging a version, and then delete it. That way any project that imports it will automatically depend on the deleted module (after upgrading) and will continue to build. See for example #59676.

[shashank-priyadarshi]

@samthanawalla can I please take this up?

[samthanawalla]

@samthanawalla can I please take this up?

That would be great! However the proposal needs to get accepted first

[rsc]

It looks like netrcauth and gitauth are integrated into the go command but not cookieauth. Should we leave cookieauth around or provide it somewhere else?

[rsc]

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

[samthanawalla]

I think it makes sense to move cookieauth somewhere else so as to not confuse people but I am not sure where.

[aclements]

Why was cookieauth not added to cmd/go's built-in support the way gitauth and netrcauth were? If it were also built in, then we could tag and delete the whole tree.

[aclements]

@samthanawalla , ping on my above question. Thanks!

[samthanawalla]

The accepted proposal did not include cookieauth as a built-in command.

[aclements]

Thanks.

I'm having a lot of trouble reconstructing the history here. I see on Feb 7, 2019, @bcmills proposed what eventually became the GOAUTH mechanism. The next day, he created the three reference implementations, x/tools/cmd/auth/{gitauth,netrcauth,cookieauth}. His proposal doesn't include a cookieauth setting for GOAUTH, though his rationale mentions cookies.txt and it's in his reference implementations, which makes me wonder if this was an unintentional omission. There doesn't seem to be any discussion one way or the other about cookieauth in #26232 other than one early mention that cookies.txt is preferable to netrc.

Then it looks like GOAUTH support (including git, netrc, and custom commands) was released in Go 1.24.

None of this really explains why cookieauth has a reference implementation, but wasn't part of GOAUTH. Independent of the question of tagging and deleting x/tools/cmd/auth, does it make sense to add built-in cookies.txt support to GOAUTH? It seems like it does, but I'm not an expert on this. If the answer is "yes", then we should just do that and then there's no issue with tagging and deleting x/tools/cmd/auth wholesale.

[samthanawalla]

Thanks for looking into that. I missed the mention of cookies.txt in the proposal.

At this point, we can either (1) proceed with implementing cookieauth in 1.25 or (2) wait for increased demand of cookieauth.

I would say number 2 makes sense as there are probably other priorities for the Go Command in the backlog.

[aclements]

Thanks.

I think we can move forward with tagging and deleting this. go install golang.org/x/tools/cmd/auth/cookieauth@latest would continue to work because that will resolve to the latest tag of that specific package.

If it turns out there's enough demand for cookieauth, we can consider adding built-in support.

[aclements]

Based on the discussion above, this proposal seems like a likely accept.
— aclements for the proposal review group

The proposal is to tag and delete the golang.org/x/tools/cmd/auth packages.

With the exception of cookieauth, these have been integrated into the go command, so the external helpers are not needed. People can continue to use the last version of the external cookieauth helper before it was deleted, and if there's demand we can revisit adding built-in support for cookieauth to cmd/go.

[aclements]

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— aclements for the proposal review group

The proposal is to tag and delete the golang.org/x/tools/cmd/auth packages.

With the exception of cookieauth, these have been integrated into the go command, so the external helpers are not needed. People can continue to use the last version of the external cookieauth helper before it was deleted, and if there's demand we can revisit adding built-in support for cookieauth to cmd/go.

[shashank-priyadarshi]

@samthanawalla glad to take it off your plate!

[shashank-priyadarshi]

Hi @samthanawalla , is there a specific convention to follow for naming tags for obsolete modules? If any such convention/documentation exists, could you please share it here!
If not, should I go ahead with this: cmd/auth/latest-deprecated , as it is in line with tags for other deprecated packages listed below:

cmd/cover/v0.1.0-deprecated
cmd/getgo/v0.1.0-deprecated
cmd/gorename/v0.1.0-deprecated
cmd/guru/v0.1.0-deprecated
cmd/guru/v0.1.1-deprecated
go/pointer/v0.1.0-deprecated
go/vcs/v0.1.0-deprecated

[shashank-priyadarshi]

@samthanawalla ping on the above question!

[samthanawalla]

v0.1.0-deprecated should be fine

[shashank-priyadarshi]

Hi @samthanawalla , submitted change on gerrit to tag and release auth module.

[adonovan]

Hi @samthanawalla , submitted change on gerrit to tag and release auth module.

Which CL was this? Creating a tag usually requires a temporary escalation of privilege through a tool that requires approval of two Googlers.

[shashank-priyadarshi]

This has not yet been approved @adonovan . Added reviewers are @samthanawalla & @matloob

[adonovan]

This has not yet been approved

What is "this"? (This proposal? It has been approved. A CL? Which one?)

[shashank-priyadarshi]

It is a change that I have submitted through Gerrit. Here's the link: https://go-review.googlesource.com/c/tools/+/666975
Please let me know if changes are required.

[gopherbot]

Change https://go.dev/cl/669035 mentions this issue: cmd/auth: tag and delete deprecated auth module

[matloob]

@shashank-priyadarshi Your change deletes the auth module, but we need to tag the module first, as @adonovan mentioned above.