Skip to content

golang: bump Go version to 1.25.0-1; major version update #14511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

golang: bump Go version to 1.25.0-1; major version update #14511

wants to merge 6 commits into from

Conversation

dagood
Copy link
Member

@dagood dagood commented Aug 13, 2025
edited
Loading

Important

This release adds toolchain telemetry.

@microsoft-github-policy-service microsoft-github-policy-service bot added Packaging 3.0-dev PRs Destined for AzureLinux 3.0 labels Aug 13, 2025
@CBL-Mariner-Bot
Copy link
Collaborator

CBL-Mariner-Bot commented Aug 13, 2025
edited
Loading

✅ PR Check Passed

No critical issues detected in spec file changes.

🤖 AI Analysis Summary:

Brief Analysis: The spec file updates largely adjust BuildRequires to “golang < 1.25” and increment release numbers, while ensuring CVE patches remain referenced and applied via %autopatch.
Critical Issues Found: No ERROR/CRITICAL issues were detected—the referenced CVE patch files are present and properly named, and the changelog entries document CVE fixes with the correct upstream attribution.
Recommended Actions:
• Verify that all other spec files maintain sequential patch numbering and proper %autopatch usage.
• Confirm that historical changelog entries match the applied patches for context consistency.
• Continue monitoring version updates for future security implications.

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.

@dagood dagood marked this pull request as ready for review August 13, 2025 18:22
@dagood dagood requested a review from a team as a code owner August 13, 2025 18:22
mfrw
mfrw requested changes Aug 18, 2025
View reviewed changes
Copy link
Member

@mfrw mfrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NACK -
I feel we should at least get some clarity on what is our steps forward with a few specs that I have a slight concern with.

SPECS/golang/golang-1.24.spec
Summary: Go
Name: golang
Version: 1.23.12
Version: 1.24.6
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am taking a look the specs and I have a concern w.r.t a few packages (this is something that caught my eye today):

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for checking this - I believe these packages will need to be patched/updated to be compatible with 1.24/1.25 before we remove the 1.23 spec.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you Andrew :)

@dagood
Copy link
Member Author

dagood commented Aug 21, 2025
edited
Loading

As an experiment, Here's a buddy build that includes the old 1.23: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=906521&view=results

@dagood dagood requested a review from mfrw August 25, 2025 21:44
mfrw
mfrw approved these changes Aug 29, 2025
View reviewed changes
Copy link
Member

@mfrw mfrw left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me :)
Requesting @anphel31 to take a look as well :)

Thank you @dagood.

@anphel31
Copy link
Member

anphel31 commented Aug 29, 2025
edited
Loading

I ran a full build with this change: 3.0.20250829-anphel-912722
x64 BuildRPMS
Arm64 BuildRpms
With these changes, a number of packages are now building with go 1.25, and hitting some build failures.
The most common error I see is Using a crypto backend requires CGO_ENABLED=1.
List of failing arm64 packages:

Failed SRPMs:
-->cf-cli-8.7.11-3.azl3.src.rpm
-->cloud-provider-kubevirt-0.5.1-1.azl3.src.rpm
-->containerd2-2.0.0-13.azl3.src.rpm
-->containerized-data-importer-1.57.0-14.azl3.src.rpm
-->coredns-1.11.4-7.azl3.src.rpm
-->cri-tools-1.32.0-2.azl3.src.rpm
-->dcos-cli-1.2.0-18.azl3.src.rpm
-->docker-buildx-0.14.0-6.azl3.src.rpm
-->flannel-0.24.2-15.azl3.src.rpm
-->jx-3.10.182-1.azl3.src.rpm
-->kubernetes-1.30.10-9.azl3.src.rpm
-->multus-4.0.2-5.azl3.src.rpm
-->prometheus-adapter-0.12.0-3.azl3.src.rpm
-->prometheus-process-exporter-0.8.2-2.azl3.src.rpm

Looks like more details here: https://devblogs.microsoft.com/go/microsoft-go-defaults-to-system-crypto/

anphel31
anphel31 requested changes Aug 29, 2025
View reviewed changes
Copy link
Member

@anphel31 anphel31 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking for now due to the package breaks in the full build (see my previous comment).
I'm fine with upgrading to go 1.25 and keeping the 1.23 spec around temporarily, but we will need to sort out the build breaks before merging.

@anphel31
Copy link
Member

anphel31 commented Sep 3, 2025

My changes to resolve the build breaks by pinning incompatible packages to golang 1.24 are visible here: https://github.com/microsoft/azurelinux/compare/3.0-dev...anphel/clone-dev/dagood/go-1.25?expand=1
@dagood could you integrate these changes into your branch?

anphel31 and others added 2 commits September 3, 2025 15:28
@anphel31 @dagood
restrict failing packages to golang < 1.25
6f6d04d 
fix golang br for dcos-cli and kubernetes

try workaround for multus and containerized-data-importer

revert ExclusiveArch in containerized-data-importer

use recommends for golang-packaging
@dagood
Merge remote-tracking branch 'msft/3.0-dev' into dev/dagood/go-1.25
c5f1eca
anphel31
anphel31 reviewed Sep 3, 2025
View reviewed changes
anphel31
anphel31 approved these changes Sep 4, 2025
View reviewed changes
@Kanishk-Bansal
Copy link
Contributor

/azurepipelines run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

@dagood
Copy link
Member Author

dagood commented Sep 4, 2025

Thanks, applied fixes. New buddy build: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=918100&view=results

@Kanishk-Bansal
Copy link
Contributor

@dagood, could you please retarget your branch to fasttrack/3.0 ? We need to ship the rpm as soon as possible.

@dagood
Copy link
Member Author

dagood commented Sep 4, 2025

@dagood, could you please retarget your branch to fasttrack/3.0 ? We need to ship the rpm as soon as possible.

It seems like there are a lot of conflicts if I try to rebase (8 files). I'm not sure how that branch is meant to operate. It seems to me like it would be better/faster if an Azure Linux maintainer does this.

@dagood dagood mentioned this pull request Sep 4, 2025
Merged
@dagood
Copy link
Member Author

dagood commented Sep 4, 2025

Here's my attempt at a fasttrack/3.0 port: #14616

@dagood
Copy link
Member Author

dagood commented Sep 4, 2025

@dagood dagood closed this Sep 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfrw mfrw mfrw approved these changes

@anphel31 anphel31 anphel31 approved these changes

Assignees
No one assigned
Labels
3.0-dev PRs Destined for AzureLinux 3.0 Packaging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dagood @CBL-Mariner-Bot @anphel31 @Kanishk-Bansal @mfrw