Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update golang #18465

Merged
merged 1 commit into from
Feb 15, 2025
Merged

Update golang #18465

merged 1 commit into from
Feb 15, 2025

Conversation

tianon
Copy link
Member

@tianon tianon commented Feb 15, 2025

Changes:

@docker-library-bot
Update golang
b38af28 
Changes:

- docker-library/golang@9f79103: Merge pull request docker-library/golang#554 from infosiftr/tip-arches
- docker-library/golang@e3086cb: Fix "tip" arches (and set "latest" alias automatically)
- docker-library/golang@2a49384: Merge pull request docker-library/golang#531 from infosiftr/tip
- docker-library/golang@5a29b9e: Add "tip" version
@tianon tianon requested a review from a team as a code owner February 15, 2025 00:11
@github-actions GitHub Actions
Copy link

Diff for b38af28: 
diff --git a/_bashbrew-cat b/_bashbrew-cat
index 5557f1e..99b22ae 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -139,3 +139,24 @@ GitCommit: 04edff02d63505fdac6f0c8b1857b25529713441
 Directory: 1.24/windows/windowsservercore-ltsc2025
 Builder: classic
 Constraints: windowsservercore-ltsc2025
+
+Tags: tip-20250209-alpine3.20, tip-alpine3.20
+Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
+GitCommit: 5a29b9e587f019aa33410a8fefb67af33e15b63c
+Directory: tip/alpine3.20
+
+Tags: tip-20250209-alpine3.21, tip-alpine3.21, tip-20250209-alpine, tip-alpine
+Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
+GitCommit: 5a29b9e587f019aa33410a8fefb67af33e15b63c
+Directory: tip/alpine3.21
+
+Tags: tip-20250209-bookworm, tip-bookworm
+SharedTags: tip-20250209, tip
+Architectures: amd64, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
+GitCommit: 5a29b9e587f019aa33410a8fefb67af33e15b63c
+Directory: tip/bookworm
+
+Tags: tip-20250209-bullseye, tip-bullseye
+Architectures: amd64, arm32v7, arm64v8, i386
+GitCommit: 5a29b9e587f019aa33410a8fefb67af33e15b63c
+Directory: tip/bullseye
diff --git a/_bashbrew-list b/_bashbrew-list
index 3641cca..77edf10 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -78,6 +78,18 @@ golang:nanoserver
 golang:nanoserver-1809
 golang:nanoserver-ltsc2022
 golang:nanoserver-ltsc2025
+golang:tip
+golang:tip-20250209
+golang:tip-20250209-alpine
+golang:tip-20250209-alpine3.20
+golang:tip-20250209-alpine3.21
+golang:tip-20250209-bookworm
+golang:tip-20250209-bullseye
+golang:tip-alpine
+golang:tip-alpine3.20
+golang:tip-alpine3.21
+golang:tip-bookworm
+golang:tip-bullseye
 golang:windowsservercore
 golang:windowsservercore-1809
 golang:windowsservercore-ltsc2022
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index 1c01174..a55bafc 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -9,6 +9,10 @@ golang:alpine
 golang:alpine3.20
 golang:bookworm
 golang:bullseye
+golang:tip-alpine
+golang:tip-alpine3.20
+golang:tip-bookworm
+golang:tip-bullseye
 golang:windowsservercore-1809
 golang:windowsservercore-ltsc2022
 golang:windowsservercore-ltsc2025
diff --git a/golang_1.23-alpine/Dockerfile b/golang_tip-alpine/Dockerfile
similarity index 43%
copy from golang_1.23-alpine/Dockerfile
copy to golang_tip-alpine/Dockerfile
index 37bfa8f..5dde102 100644
--- a/golang_1.23-alpine/Dockerfile
+++ b/golang_tip-alpine/Dockerfile
@@ -8,73 +8,57 @@ FROM alpine:3.21 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
-ENV GOLANG_VERSION 1.23.6
+COPY --from=golang:alpine3.21 /usr/local/go /usr/local/goroot-bootstrap
+
+# tip-20250209: https://github.com/golang/go/tree/ff27d270c9f95178f9749bc8e1f15957b1c1d5b3
+ARG GOLANG_COMMIT='ff27d270c9f95178f9749bc8e1f15957b1c1d5b3'
+ENV GOLANG_COMMIT $GOLANG_COMMIT
 
 RUN set -eux; \
 	now="$(date '+%s')"; \
 	apk add --no-cache --virtual .fetch-deps \
-		ca-certificates \
-		gnupg \
-# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
-		tar \
+		bash \
+		git \
 	; \
 	arch="$(apk --print-arch)"; \
-	url=; \
 	case "$arch" in \
 		'x86_64') \
-			url='https://dl.google.com/go/go1.23.6.linux-amd64.tar.gz'; \
-			sha256='9379441ea310de000f33a4dc767bd966e72ab2826270e038e78b2c53c2e7802d'; \
+			export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
 			;; \
 		'armhf') \
-			url='https://dl.google.com/go/go1.23.6.linux-armv6l.tar.gz'; \
-			sha256='27a4611010c16b8c4f37ade3aada55bd5781998f02f348b164302fd5eea4eb74'; \
+			export GOARCH='arm' GOARM='6' GOOS='linux'; \
 			;; \
 		'armv7') \
-			url='https://dl.google.com/go/go1.23.6.linux-armv6l.tar.gz'; \
-			sha256='27a4611010c16b8c4f37ade3aada55bd5781998f02f348b164302fd5eea4eb74'; \
+			export GOARCH='arm' GOARM='7' GOOS='linux'; \
 			;; \
 		'aarch64') \
-			url='https://dl.google.com/go/go1.23.6.linux-arm64.tar.gz'; \
-			sha256='561c780e8f4a8955d32bf72e46af0b5ee5e0debe1e4633df9a03781878219202'; \
+			export GOARCH='arm64' GOARM64='v8.0' GOOS='linux'; \
 			;; \
 		'x86') \
-			url='https://dl.google.com/go/go1.23.6.linux-386.tar.gz'; \
-			sha256='e61f87693169c0bbcc43363128f1e929b9dff0b7f448573f1bdd4e4a0b9687ba'; \
+			export GO386='softfloat' GOARCH='386' GOOS='linux'; \
 			;; \
 		'ppc64le') \
-			url='https://dl.google.com/go/go1.23.6.linux-ppc64le.tar.gz'; \
-			sha256='0f817201e83d78ddbfa27f5f78d9b72450b92cc21d5e045145efacd0d3244a99'; \
+			export GOARCH='ppc64le' GOOS='linux'; \
 			;; \
 		'riscv64') \
-			url='https://dl.google.com/go/go1.23.6.linux-riscv64.tar.gz'; \
-			sha256='f95f7f817ab22ecab4503d0704d6449ea1aa26a595f57bf9b9f94ddf2aa7c1f3'; \
+			export GOARCH='riscv64' GOOS='linux' GORISCV64='rva20u64'; \
 			;; \
 		's390x') \
-			url='https://dl.google.com/go/go1.23.6.linux-s390x.tar.gz'; \
-			sha256='321e7ed0d5416f731479c52fa7610b52b8079a8061967bd48cec6d66f671a60e'; \
+			export GOARCH='s390x' GOOS='linux'; \
 			;; \
 		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
 	esac; \
 	\
-	wget -O go.tgz.asc "$url.asc"; \
-	wget -O go.tgz "$url"; \
-	echo "$sha256 *go.tgz" | sha256sum -c -; \
-	\
-# https://github.com/golang/go/issues/14739#issuecomment-324767697
-	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
-# https://www.google.com/linuxrepositories/
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796'; \
-# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998  D857 78BD 6547 3CB3 BD13'; \
-	gpg --batch --verify go.tgz.asc go.tgz; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" go.tgz.asc; \
+# before we get too far, let's validate that our "bootstrap" Go works
+	export GOROOT_BOOTSTRAP=/usr/local/goroot-bootstrap; \
+	"$GOROOT_BOOTSTRAP/bin/go" version; \
 	\
-	tar -C /usr/local -xzf go.tgz; \
-	rm go.tgz; \
+	git init --quiet /usr/local/go; \
+	git -C /usr/local/go fetch --depth 1 https://github.com/golang/go.git "$GOLANG_COMMIT:"; \
+	git -C /usr/local/go checkout --quiet FETCH_HEAD; \
 	\
-# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
-	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+# save the Git timestamp so we can use it for reproducibility
+	SOURCE_DATE_EPOCH="$(git -C /usr/local/go log -1 --format='format:%ct' HEAD)"; \
 	export SOURCE_DATE_EPOCH; \
 	touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
 # for logging validation/edification
@@ -82,18 +66,34 @@ RUN set -eux; \
 # sanity check (detected value should be older than our wall clock)
 	[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
 	\
-	if [ "$arch" = 'armv7' ]; then \
-		[ -s /usr/local/go/go.env ]; \
-		before="$(go env GOARM)"; [ "$before" != '7' ]; \
-		{ \
-			echo; \
-			echo '# https://github.com/docker-library/golang/issues/494'; \
-			echo 'GOARM=7'; \
-		} >> /usr/local/go/go.env; \
-		after="$(go env GOARM)"; [ "$after" = '7' ]; \
-# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
-		touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
-	fi; \
+	( \
+		export \
+			GOCACHE='/tmp/gocache' \
+# set GOHOST* to make sure explicitly 32bit builds on 64bit infra work correctly
+			GOHOSTOS="$GOOS" \
+			GOHOSTARCH="$GOARCH" \
+		; \
+		\
+		cd /usr/local/go/src; \
+		./make.bash; \
+		\
+# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain (and ".git" that is hard to make reproducible)
+		rm -rf \
+			/usr/local/go/.git* \
+			/usr/local/go/pkg/*/cmd \
+			/usr/local/go/pkg/bootstrap \
+			/usr/local/go/pkg/obj \
+			/usr/local/go/pkg/tool/*/api \
+			/usr/local/go/pkg/tool/*/go_bootstrap \
+			/usr/local/go/src/cmd/dist/dist \
+			"$GOCACHE" \
+		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		touch -t "$touchy" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$touchy" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+	); \
 	\
 # ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
 	mkdir /target /target/usr /target/usr/local; \
@@ -114,8 +114,6 @@ FROM alpine:3.21
 
 RUN apk add --no-cache ca-certificates
 
-ENV GOLANG_VERSION 1.23.6
-
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
diff --git a/golang_1.23-alpine3.20/Dockerfile b/golang_tip-alpine3.20/Dockerfile
similarity index 43%
copy from golang_1.23-alpine3.20/Dockerfile
copy to golang_tip-alpine3.20/Dockerfile
index 3db988c..f7a0055 100644
--- a/golang_1.23-alpine3.20/Dockerfile
+++ b/golang_tip-alpine3.20/Dockerfile
@@ -8,73 +8,57 @@ FROM alpine:3.20 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
-ENV GOLANG_VERSION 1.23.6
+COPY --from=golang:alpine3.20 /usr/local/go /usr/local/goroot-bootstrap
+
+# tip-20250209: https://github.com/golang/go/tree/ff27d270c9f95178f9749bc8e1f15957b1c1d5b3
+ARG GOLANG_COMMIT='ff27d270c9f95178f9749bc8e1f15957b1c1d5b3'
+ENV GOLANG_COMMIT $GOLANG_COMMIT
 
 RUN set -eux; \
 	now="$(date '+%s')"; \
 	apk add --no-cache --virtual .fetch-deps \
-		ca-certificates \
-		gnupg \
-# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
-		tar \
+		bash \
+		git \
 	; \
 	arch="$(apk --print-arch)"; \
-	url=; \
 	case "$arch" in \
 		'x86_64') \
-			url='https://dl.google.com/go/go1.23.6.linux-amd64.tar.gz'; \
-			sha256='9379441ea310de000f33a4dc767bd966e72ab2826270e038e78b2c53c2e7802d'; \
+			export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
 			;; \
 		'armhf') \
-			url='https://dl.google.com/go/go1.23.6.linux-armv6l.tar.gz'; \
-			sha256='27a4611010c16b8c4f37ade3aada55bd5781998f02f348b164302fd5eea4eb74'; \
+			export GOARCH='arm' GOARM='6' GOOS='linux'; \
 			;; \
 		'armv7') \
-			url='https://dl.google.com/go/go1.23.6.linux-armv6l.tar.gz'; \
-			sha256='27a4611010c16b8c4f37ade3aada55bd5781998f02f348b164302fd5eea4eb74'; \
+			export GOARCH='arm' GOARM='7' GOOS='linux'; \
 			;; \
 		'aarch64') \
-			url='https://dl.google.com/go/go1.23.6.linux-arm64.tar.gz'; \
-			sha256='561c780e8f4a8955d32bf72e46af0b5ee5e0debe1e4633df9a03781878219202'; \
+			export GOARCH='arm64' GOARM64='v8.0' GOOS='linux'; \
 			;; \
 		'x86') \
-			url='https://dl.google.com/go/go1.23.6.linux-386.tar.gz'; \
-			sha256='e61f87693169c0bbcc43363128f1e929b9dff0b7f448573f1bdd4e4a0b9687ba'; \
+			export GO386='softfloat' GOARCH='386' GOOS='linux'; \
 			;; \
 		'ppc64le') \
-			url='https://dl.google.com/go/go1.23.6.linux-ppc64le.tar.gz'; \
-			sha256='0f817201e83d78ddbfa27f5f78d9b72450b92cc21d5e045145efacd0d3244a99'; \
+			export GOARCH='ppc64le' GOOS='linux'; \
 			;; \
 		'riscv64') \
-			url='https://dl.google.com/go/go1.23.6.linux-riscv64.tar.gz'; \
-			sha256='f95f7f817ab22ecab4503d0704d6449ea1aa26a595f57bf9b9f94ddf2aa7c1f3'; \
+			export GOARCH='riscv64' GOOS='linux' GORISCV64='rva20u64'; \
 			;; \
 		's390x') \
-			url='https://dl.google.com/go/go1.23.6.linux-s390x.tar.gz'; \
-			sha256='321e7ed0d5416f731479c52fa7610b52b8079a8061967bd48cec6d66f671a60e'; \
+			export GOARCH='s390x' GOOS='linux'; \
 			;; \
 		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
 	esac; \
 	\
-	wget -O go.tgz.asc "$url.asc"; \
-	wget -O go.tgz "$url"; \
-	echo "$sha256 *go.tgz" | sha256sum -c -; \
-	\
-# https://github.com/golang/go/issues/14739#issuecomment-324767697
-	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
-# https://www.google.com/linuxrepositories/
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796'; \
-# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998  D857 78BD 6547 3CB3 BD13'; \
-	gpg --batch --verify go.tgz.asc go.tgz; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" go.tgz.asc; \
+# before we get too far, let's validate that our "bootstrap" Go works
+	export GOROOT_BOOTSTRAP=/usr/local/goroot-bootstrap; \
+	"$GOROOT_BOOTSTRAP/bin/go" version; \
 	\
-	tar -C /usr/local -xzf go.tgz; \
-	rm go.tgz; \
+	git init --quiet /usr/local/go; \
+	git -C /usr/local/go fetch --depth 1 https://github.com/golang/go.git "$GOLANG_COMMIT:"; \
+	git -C /usr/local/go checkout --quiet FETCH_HEAD; \
 	\
-# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
-	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+# save the Git timestamp so we can use it for reproducibility
+	SOURCE_DATE_EPOCH="$(git -C /usr/local/go log -1 --format='format:%ct' HEAD)"; \
 	export SOURCE_DATE_EPOCH; \
 	touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
 # for logging validation/edification
@@ -82,18 +66,34 @@ RUN set -eux; \
 # sanity check (detected value should be older than our wall clock)
 	[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
 	\
-	if [ "$arch" = 'armv7' ]; then \
-		[ -s /usr/local/go/go.env ]; \
-		before="$(go env GOARM)"; [ "$before" != '7' ]; \
-		{ \
-			echo; \
-			echo '# https://github.com/docker-library/golang/issues/494'; \
-			echo 'GOARM=7'; \
-		} >> /usr/local/go/go.env; \
-		after="$(go env GOARM)"; [ "$after" = '7' ]; \
-# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
-		touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
-	fi; \
+	( \
+		export \
+			GOCACHE='/tmp/gocache' \
+# set GOHOST* to make sure explicitly 32bit builds on 64bit infra work correctly
+			GOHOSTOS="$GOOS" \
+			GOHOSTARCH="$GOARCH" \
+		; \
+		\
+		cd /usr/local/go/src; \
+		./make.bash; \
+		\
+# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain (and ".git" that is hard to make reproducible)
+		rm -rf \
+			/usr/local/go/.git* \
+			/usr/local/go/pkg/*/cmd \
+			/usr/local/go/pkg/bootstrap \
+			/usr/local/go/pkg/obj \
+			/usr/local/go/pkg/tool/*/api \
+			/usr/local/go/pkg/tool/*/go_bootstrap \
+			/usr/local/go/src/cmd/dist/dist \
+			"$GOCACHE" \
+		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		touch -t "$touchy" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$touchy" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+	); \
 	\
 # ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
 	mkdir /target /target/usr /target/usr/local; \
@@ -114,8 +114,6 @@ FROM alpine:3.20
 
 RUN apk add --no-cache ca-certificates
 
-ENV GOLANG_VERSION 1.23.6
-
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
diff --git a/golang_bookworm/Dockerfile b/golang_tip-bookworm/Dockerfile
similarity index 46%
copy from golang_bookworm/Dockerfile
copy to golang_tip-bookworm/Dockerfile
index f4be99d..1e6383b 100644
--- a/golang_bookworm/Dockerfile
+++ b/golang_tip-bookworm/Dockerfile
@@ -8,67 +8,56 @@ FROM buildpack-deps:bookworm-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
-ENV GOLANG_VERSION 1.24.0
+COPY --from=golang:bookworm /usr/local/go /usr/local/goroot-bootstrap
+
+# tip-20250209: https://github.com/golang/go/tree/ff27d270c9f95178f9749bc8e1f15957b1c1d5b3
+ARG GOLANG_COMMIT='ff27d270c9f95178f9749bc8e1f15957b1c1d5b3'
+ENV GOLANG_COMMIT $GOLANG_COMMIT
 
 RUN set -eux; \
 	now="$(date '+%s')"; \
 	arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
-	url=; \
 	case "$arch" in \
 		'amd64') \
-			url='https://dl.google.com/go/go1.24.0.linux-amd64.tar.gz'; \
-			sha256='dea9ca38a0b852a74e81c26134671af7c0fbe65d81b0dc1c5bfe22cf7d4c8858'; \
+			export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
+			;; \
+		'armel') \
+			export GOARCH='arm' GOARM='5' GOOS='linux'; \
 			;; \
 		'armhf') \
-			url='https://dl.google.com/go/go1.24.0.linux-armv6l.tar.gz'; \
-			sha256='695dc54fa14cd3124fa6900d7b5ae39eeac23f7a4ecea81656070160fac2c54a'; \
+			export GOARCH='arm' GOARM='7' GOOS='linux'; \
 			;; \
 		'arm64') \
-			url='https://dl.google.com/go/go1.24.0.linux-arm64.tar.gz'; \
-			sha256='c3fa6d16ffa261091a5617145553c71d21435ce547e44cc6dfb7470865527cc7'; \
+			export GOARCH='arm64' GOARM64='v8.0' GOOS='linux'; \
 			;; \
 		'i386') \
-			url='https://dl.google.com/go/go1.24.0.linux-386.tar.gz'; \
-			sha256='90521453a59c6ce20364d2dc7c38532949b033b602ba12d782caeb90af1b0624'; \
+			export GO386='softfloat' GOARCH='386' GOOS='linux'; \
 			;; \
 		'mips64el') \
-			url='https://dl.google.com/go/go1.24.0.linux-mips64le.tar.gz'; \
-			sha256='b847893ff119389c939adc2b8516b6500204b7cb49d5e19b25e1c2091d2c74c6'; \
+			export GOARCH='mips64le' GOOS='linux'; \
 			;; \
 		'ppc64el') \
-			url='https://dl.google.com/go/go1.24.0.linux-ppc64le.tar.gz'; \
-			sha256='a871a43de7d26c91dd90cb6e0adacb214c9e35ee2188c617c91c08c017efe81a'; \
+			export GOARCH='ppc64le' GOOS='linux'; \
 			;; \
 		'riscv64') \
-			url='https://dl.google.com/go/go1.24.0.linux-riscv64.tar.gz'; \
-			sha256='620dcf48c6297519aad6c81f8e344926dc0ab09a2a79f1e306964aece95a553d'; \
+			export GOARCH='riscv64' GOOS='linux' GORISCV64='rva20u64'; \
 			;; \
 		's390x') \
-			url='https://dl.google.com/go/go1.24.0.linux-s390x.tar.gz'; \
-			sha256='544d78b077c6b54bf78958c4a8285abec2d21f668fb007261c77418cd2edbb46'; \
+			export GOARCH='s390x' GOOS='linux'; \
 			;; \
 		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
 	esac; \
 	\
-	wget -O go.tgz.asc "$url.asc"; \
-	wget -O go.tgz "$url" --progress=dot:giga; \
-	echo "$sha256 *go.tgz" | sha256sum -c -; \
-	\
-# https://github.com/golang/go/issues/14739#issuecomment-324767697
-	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
-# https://www.google.com/linuxrepositories/
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796'; \
-# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998  D857 78BD 6547 3CB3 BD13'; \
-	gpg --batch --verify go.tgz.asc go.tgz; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" go.tgz.asc; \
+# before we get too far, let's validate that our "bootstrap" Go works
+	export GOROOT_BOOTSTRAP=/usr/local/goroot-bootstrap; \
+	"$GOROOT_BOOTSTRAP/bin/go" version; \
 	\
-	tar -C /usr/local -xzf go.tgz; \
-	rm go.tgz; \
+	git init --quiet /usr/local/go; \
+	git -C /usr/local/go fetch --depth 1 https://github.com/golang/go.git "$GOLANG_COMMIT:"; \
+	git -C /usr/local/go checkout --quiet FETCH_HEAD; \
 	\
-# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
-	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+# save the Git timestamp so we can use it for reproducibility
+	SOURCE_DATE_EPOCH="$(git -C /usr/local/go log -1 --format='format:%ct' HEAD)"; \
 	export SOURCE_DATE_EPOCH; \
 	touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
 # for logging validation/edification
@@ -76,18 +65,34 @@ RUN set -eux; \
 # sanity check (detected value should be older than our wall clock)
 	[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
 	\
-	if [ "$arch" = 'armhf' ]; then \
-		[ -s /usr/local/go/go.env ]; \
-		before="$(go env GOARM)"; [ "$before" != '7' ]; \
-		{ \
-			echo; \
-			echo '# https://github.com/docker-library/golang/issues/494'; \
-			echo 'GOARM=7'; \
-		} >> /usr/local/go/go.env; \
-		after="$(go env GOARM)"; [ "$after" = '7' ]; \
-# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
-		touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
-	fi; \
+	( \
+		export \
+			GOCACHE='/tmp/gocache' \
+# set GOHOST* to make sure explicitly 32bit builds on 64bit infra work correctly
+			GOHOSTOS="$GOOS" \
+			GOHOSTARCH="$GOARCH" \
+		; \
+		\
+		cd /usr/local/go/src; \
+		./make.bash; \
+		\
+# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain (and ".git" that is hard to make reproducible)
+		rm -rf \
+			/usr/local/go/.git* \
+			/usr/local/go/pkg/*/cmd \
+			/usr/local/go/pkg/bootstrap \
+			/usr/local/go/pkg/obj \
+			/usr/local/go/pkg/tool/*/api \
+			/usr/local/go/pkg/tool/*/go_bootstrap \
+			/usr/local/go/src/cmd/dist/dist \
+			"$GOCACHE" \
+		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		touch -t "$touchy" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$touchy" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+	); \
 	\
 # ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
 	mkdir /target /target/usr /target/usr/local; \
@@ -116,8 +121,6 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
-ENV GOLANG_VERSION 1.24.0
-
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
diff --git a/golang_1.23-bullseye/Dockerfile b/golang_tip-bullseye/Dockerfile
similarity index 46%
copy from golang_1.23-bullseye/Dockerfile
copy to golang_tip-bullseye/Dockerfile
index 215b6e3..a8c657f 100644
--- a/golang_1.23-bullseye/Dockerfile
+++ b/golang_tip-bullseye/Dockerfile
@@ -8,67 +8,56 @@ FROM buildpack-deps:bullseye-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
-ENV GOLANG_VERSION 1.23.6
+COPY --from=golang:bullseye /usr/local/go /usr/local/goroot-bootstrap
+
+# tip-20250209: https://github.com/golang/go/tree/ff27d270c9f95178f9749bc8e1f15957b1c1d5b3
+ARG GOLANG_COMMIT='ff27d270c9f95178f9749bc8e1f15957b1c1d5b3'
+ENV GOLANG_COMMIT $GOLANG_COMMIT
 
 RUN set -eux; \
 	now="$(date '+%s')"; \
 	arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
-	url=; \
 	case "$arch" in \
 		'amd64') \
-			url='https://dl.google.com/go/go1.23.6.linux-amd64.tar.gz'; \
-			sha256='9379441ea310de000f33a4dc767bd966e72ab2826270e038e78b2c53c2e7802d'; \
+			export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
+			;; \
+		'armel') \
+			export GOARCH='arm' GOARM='5' GOOS='linux'; \
 			;; \
 		'armhf') \
-			url='https://dl.google.com/go/go1.23.6.linux-armv6l.tar.gz'; \
-			sha256='27a4611010c16b8c4f37ade3aada55bd5781998f02f348b164302fd5eea4eb74'; \
+			export GOARCH='arm' GOARM='7' GOOS='linux'; \
 			;; \
 		'arm64') \
-			url='https://dl.google.com/go/go1.23.6.linux-arm64.tar.gz'; \
-			sha256='561c780e8f4a8955d32bf72e46af0b5ee5e0debe1e4633df9a03781878219202'; \
+			export GOARCH='arm64' GOARM64='v8.0' GOOS='linux'; \
 			;; \
 		'i386') \
-			url='https://dl.google.com/go/go1.23.6.linux-386.tar.gz'; \
-			sha256='e61f87693169c0bbcc43363128f1e929b9dff0b7f448573f1bdd4e4a0b9687ba'; \
+			export GO386='softfloat' GOARCH='386' GOOS='linux'; \
 			;; \
 		'mips64el') \
-			url='https://dl.google.com/go/go1.23.6.linux-mips64le.tar.gz'; \
-			sha256='74ca7bc475bcc084c6718b74df024d7de9612932cea8a6dc75e29d3a5315a23a'; \
+			export GOARCH='mips64le' GOOS='linux'; \
 			;; \
 		'ppc64el') \
-			url='https://dl.google.com/go/go1.23.6.linux-ppc64le.tar.gz'; \
-			sha256='0f817201e83d78ddbfa27f5f78d9b72450b92cc21d5e045145efacd0d3244a99'; \
+			export GOARCH='ppc64le' GOOS='linux'; \
 			;; \
 		'riscv64') \
-			url='https://dl.google.com/go/go1.23.6.linux-riscv64.tar.gz'; \
-			sha256='f95f7f817ab22ecab4503d0704d6449ea1aa26a595f57bf9b9f94ddf2aa7c1f3'; \
+			export GOARCH='riscv64' GOOS='linux' GORISCV64='rva20u64'; \
 			;; \
 		's390x') \
-			url='https://dl.google.com/go/go1.23.6.linux-s390x.tar.gz'; \
-			sha256='321e7ed0d5416f731479c52fa7610b52b8079a8061967bd48cec6d66f671a60e'; \
+			export GOARCH='s390x' GOOS='linux'; \
 			;; \
 		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
 	esac; \
 	\
-	wget -O go.tgz.asc "$url.asc"; \
-	wget -O go.tgz "$url" --progress=dot:giga; \
-	echo "$sha256 *go.tgz" | sha256sum -c -; \
-	\
-# https://github.com/golang/go/issues/14739#issuecomment-324767697
-	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
-# https://www.google.com/linuxrepositories/
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796'; \
-# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998  D857 78BD 6547 3CB3 BD13'; \
-	gpg --batch --verify go.tgz.asc go.tgz; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" go.tgz.asc; \
+# before we get too far, let's validate that our "bootstrap" Go works
+	export GOROOT_BOOTSTRAP=/usr/local/goroot-bootstrap; \
+	"$GOROOT_BOOTSTRAP/bin/go" version; \
 	\
-	tar -C /usr/local -xzf go.tgz; \
-	rm go.tgz; \
+	git init --quiet /usr/local/go; \
+	git -C /usr/local/go fetch --depth 1 https://github.com/golang/go.git "$GOLANG_COMMIT:"; \
+	git -C /usr/local/go checkout --quiet FETCH_HEAD; \
 	\
-# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
-	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+# save the Git timestamp so we can use it for reproducibility
+	SOURCE_DATE_EPOCH="$(git -C /usr/local/go log -1 --format='format:%ct' HEAD)"; \
 	export SOURCE_DATE_EPOCH; \
 	touchy="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
 # for logging validation/edification
@@ -76,18 +65,34 @@ RUN set -eux; \
 # sanity check (detected value should be older than our wall clock)
 	[ "$SOURCE_DATE_EPOCH" -lt "$now" ]; \
 	\
-	if [ "$arch" = 'armhf' ]; then \
-		[ -s /usr/local/go/go.env ]; \
-		before="$(go env GOARM)"; [ "$before" != '7' ]; \
-		{ \
-			echo; \
-			echo '# https://github.com/docker-library/golang/issues/494'; \
-			echo 'GOARM=7'; \
-		} >> /usr/local/go/go.env; \
-		after="$(go env GOARM)"; [ "$after" = '7' ]; \
-# (re-)clamp timestamp for reproducibility (allows "COPY --link" to be more clever/useful)
-		touch -t "$touchy" /usr/local/go/go.env /usr/local/go; \
-	fi; \
+	( \
+		export \
+			GOCACHE='/tmp/gocache' \
+# set GOHOST* to make sure explicitly 32bit builds on 64bit infra work correctly
+			GOHOSTOS="$GOOS" \
+			GOHOSTARCH="$GOARCH" \
+		; \
+		\
+		cd /usr/local/go/src; \
+		./make.bash; \
+		\
+# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain (and ".git" that is hard to make reproducible)
+		rm -rf \
+			/usr/local/go/.git* \
+			/usr/local/go/pkg/*/cmd \
+			/usr/local/go/pkg/bootstrap \
+			/usr/local/go/pkg/obj \
+			/usr/local/go/pkg/tool/*/api \
+			/usr/local/go/pkg/tool/*/go_bootstrap \
+			/usr/local/go/src/cmd/dist/dist \
+			"$GOCACHE" \
+		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		touch -t "$touchy" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$touchy" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+	); \
 	\
 # ideally at this point, we would just "COPY --link ... /usr/local/go/ /usr/local/go/" but BuildKit insists on creating the parent directories (perhaps related to https://github.com/opencontainers/image-spec/pull/970), and does so with unreproducible timestamps, so we instead create a whole new "directory tree" that we can "COPY --link" to accomplish what we want
 	mkdir /target /target/usr /target/usr/local; \
@@ -116,8 +121,6 @@ RUN set -eux; \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
-ENV GOLANG_VERSION 1.23.6
-
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local

Relevant Maintainers:

@tianon
Copy link
Member Author

tianon commented Feb 15, 2025

Windows failures are #18435 (comment):

The problem is that the windows-2025 runner is too old to run the mcr.microsoft.com/windows/servercore:ltsc2025 image released this week (actions/runner-images#11582).

@yosifkit yosifkit merged commit 9443c46 into docker-library:master Feb 15, 2025
17 of 19 checks passed
@yosifkit yosifkit deleted the golang branch February 15, 2025 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yosifkit yosifkit yosifkit approved these changes

Assignees
No one assigned
Labels
library/golang
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tianon @yosifkit @docker-library-bot