env GO111MODULE=on
env sumdb=$GOSUMDB
env proxy=$GOPROXY
env GOPROXY GONOPROXY GOSUMDB GONOSUMDB
env dbname=localhost.localdev/sumdb

# disagreeing with the sumdb produces security errors
# (this also populates tiles on the sumdb server).
cp go.mod.orig go.mod
env GOSUMDB=$sumdb' '$proxy/sumdb-wrong
! go get rsc.io/quote
stderr 'go: rsc.io/[email protected]: verifying module: checksum mismatch'
stderr 'downloaded: h1:3fEy'
stderr 'localhost.localdev/sumdb: h1:wrong'
stderr 'SECURITY ERROR\nThis download does NOT match the one reported by the checksum server.'
! go get rsc.io/sampler
! go get golang.org/x/text

go mod edit -require rsc.io/[email protected]
! go mod tidy
stderr 'go: rsc.io/[email protected]: verifying go.mod: checksum mismatch'
stderr 'SECURITY ERROR\n'

rm go.sum

# switching to truthful sumdb detects timeline inconsistency
cp go.mod.orig go.mod
env GOSUMDB=$sumdb
! go get rsc.io/fortune
stderr 'SECURITY ERROR\ngo.sum database server misbehavior detected!'
stderr 'proof of misbehavior:'

# removing the cached wrong tree head and cached tiles clears the bad data
rm $GOPATH/pkg/sumdb/$dbname/latest
go clean -modcache
go get rsc.io/fortune

-- go.mod.orig --
module m

go 1.16
-- m.go --
package m

import _ "rsc.io/quote"