bottlerocket-os
Add Go 1.24 support, drop Go 1.22 support, and make default Go major version 1.23
Issue number: Closes #262
Description of changes: Go 1.24.1 has been released. Following the Go release policy, drop support for Go 1.22. Set the default Go major version to 1.23.
We carry the same patches from 1.23 to 1.24 except 0002-Always-restrict-boringcrypto-crypto-tls-to-FIPS.patch, which we can drop after this upstream commit: https://github.com/golang/go/commit/4671276c5d5f2e51dd43e856267eac44cff18652
Testing done:
- [x] Build SDK on
x86_64andaarch64 - [x] Build Core-kit and Kernel-kit
x86_64andaarch64with new SDK - [x] Quick test for non-NVIDIA variants and GPU test for NVIDIA variants for oldest, mid, and newest k8s versions:
NAME TYPE STATE PASSED FAILED SKIPPED BUILD ID LAST UPDATE
aarch64-aws-k8s-125-ipv6-quick Test passed 4 0 7065 833cf9ad-dirty 2025-03-28T01:52:18Z
aarch64-aws-k8s-125-nvidia-test Test passed 11 0 0 833cf9ad-dirty 2025-03-28T01:53:37Z
aarch64-aws-k8s-125-quick Test passed 4 0 7065 833cf9ad-dirty 2025-03-28T01:52:06Z
aarch64-aws-k8s-129-ipv6-quick Test passed 5 0 7410 833cf9ad-dirty 2025-03-28T01:52:19Z
aarch64-aws-k8s-129-nvidia-test Test passed 11 0 0 833cf9ad-dirty 2025-03-28T01:54:27Z
aarch64-aws-k8s-129-quick Test passed 5 0 7410 833cf9ad-dirty 2025-03-28T01:52:25Z
aarch64-aws-k8s-132-ipv6-quick Test passed 5 0 6621 833cf9ad-dirty 2025-03-28T01:53:23Z
aarch64-aws-k8s-132-nvidia-test Test passed 11 0 0 833cf9ad-dirty 2025-03-28T01:54:19Z
aarch64-aws-k8s-132-quick Test passed 5 0 6621 833cf9ad-dirty 2025-03-28T01:52:36Z
x86-64-aws-k8s-125-ipv6-quick Test passed 4 0 7065 833cf9ad-dirty 2025-03-28T01:52:58Z
x86-64-aws-k8s-125-nvidia-test Test passed 11 0 0 833cf9ad-dirty 2025-03-28T01:53:38Z
x86-64-aws-k8s-125-quick Test passed 4 0 7065 833cf9ad-dirty 2025-03-28T01:51:16Z
x86-64-aws-k8s-129-ipv6-quick Test passed 5 0 7410 833cf9ad-dirty 2025-03-28T01:53:01Z
x86-64-aws-k8s-129-nvidia-test Test passed 11 0 0 833cf9ad-dirty 2025-03-28T01:53:38Z
x86-64-aws-k8s-129-quick Test passed 5 0 7410 833cf9ad-dirty 2025-03-28T01:51:11Z
x86-64-aws-k8s-132-ipv6-quick Test passed 5 0 6621 833cf9ad-dirty 2025-03-28T01:52:23Z
x86-64-aws-k8s-132-nvidia-test Test passed 11 0 0 833cf9ad-dirty 2025-03-28T01:55:37Z
x86-64-aws-k8s-132-quick Test passed 5 0 6621 833cf9ad-dirty 2025-03-28T01:50:13Z
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.
I'll need to investigate the FIPS-related changes here; please don't merge without a deeper analysis.
@koooosh shared an AMI built with the provided patch, I confirmed that the patch works as expected and Go binaries refuse connections when the endpoint doesn't support any FIPS ciphers:
INFO[0000] host will try HTTPS first since it is configured for HTTP with a TLS configuration, consider changing host to HTTPS or removing unused TLS configuration host="localhost:8043"
INFO[0000] trying next host error="failed to do request: Head \"https://localhost:8043/v2/image/manifests/latest\": remote error: tls: handshake failure" host="localhost:8043"
ctr: failed to resolve reference "localhost:8043/image:latest": failed to do request: Head "https://localhost:8043/v2/image/manifests/latest": remote error: tls: handshake failure
Force push above adds a new 0002-Always-restrict-boringcrypto-crypto-tls-to-FIPS.patch -- thanks @arnaldo2792 !
^ Force push adds the latest Go 1.24 version 1.24.2 and also adds a commit updating the Go 1.23 version to 1.23.8.
Reran the same tests stated in the description:
- [x] Build SDK on
x86_64andaarch64 - [x] Build Core-kit and Kernel-kit
x86_64andaarch64with new SDK - [x] Quick test for non-NVIDIA variants and GPU test for NVIDIA variants for oldest, mid, and newest k8s versions:
NAME TYPE STATE PASSED FAILED SKIPPED BUILD ID LAST UPDATE
aarch64-aws-k8s-125-ipv6-quick Test passed 4 0 7065 e5cd08cf-dirty 2025-04-11T09:38:37Z
aarch64-aws-k8s-125-nvidia-test Test passed 11 0 0 e5cd08cf-dirty 2025-04-11T09:55:43Z
aarch64-aws-k8s-125-quick Test passed 4 0 7065 e5cd08cf-dirty 2025-04-11T09:37:22Z
aarch64-aws-k8s-129-ipv6-quick Test passed 5 0 7410 e5cd08cf-dirty 2025-04-11T09:39:05Z
aarch64-aws-k8s-129-nvidia-test Test passed 11 0 0 e5cd08cf-dirty 2025-04-11T09:55:06Z
aarch64-aws-k8s-129-quick Test passed 5 0 7410 e5cd08cf-dirty 2025-04-11T09:37:15Z
aarch64-aws-k8s-132-ipv6-quick Test passed 5 0 6623 e5cd08cf-dirty 2025-04-11T09:39:23Z
aarch64-aws-k8s-132-nvidia-test Test passed 11 0 0 e5cd08cf-dirty 2025-04-11T09:53:49Z
aarch64-aws-k8s-132-quick Test passed 5 0 6623 e5cd08cf-dirty 2025-04-11T09:37:56Z
x86-64-aws-k8s-125-ipv6-quick Test passed 4 0 7065 e5cd08cf-dirty 2025-04-11T09:38:51Z
x86-64-aws-k8s-125-nvidia-test Test passed 11 0 0 e5cd08cf-dirty 2025-04-11T09:55:56Z
x86-64-aws-k8s-125-quick Test passed 4 0 7065 e5cd08cf-dirty 2025-04-11T09:37:50Z
x86-64-aws-k8s-129-ipv6-quick Test passed 5 0 7410 e5cd08cf-dirty 2025-04-11T09:39:46Z
x86-64-aws-k8s-129-nvidia-test Test passed 11 0 0 e5cd08cf-dirty 2025-04-11T09:54:55Z
x86-64-aws-k8s-129-quick Test passed 5 0 7410 e5cd08cf-dirty 2025-04-11T09:37:24Z
x86-64-aws-k8s-132-ipv6-quick Test passed 5 0 6623 e5cd08cf-dirty 2025-04-11T09:38:55Z
x86-64-aws-k8s-132-nvidia-test Test passed 11 0 0 e5cd08cf-dirty 2025-04-11T09:55:17Z
x86-64-aws-k8s-132-quick Test passed 5 0 6623 e5cd08cf-dirty 2025-04-11T09:36:19Z
