diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 98e5436f7cb..d530e944f6b 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -69,7 +69,7 @@ steps: # Note: The GODEBUG=fips140=only environment variable must be set in the command itself (as opposed to # in the env block) so that it is applied *only* to the 'go' command invoked by the script, and # not to any other Go code executed as part of the Buildkite agent itself. - command: 'GODEBUG="fips140=only" .buildkite/scripts/steps/unit-tests.sh' + command: 'GODEBUG="fips140=only,tlsmlkem=0" .buildkite/scripts/steps/unit-tests.sh' env: FIPS: "true" artifact_paths: diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 15514b3e5ba..d0842c70704 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -30,7 +30,7 @@ jobs: uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v2.1.0 + version: v2.5.0 # Give the job more time to execute. # Regarding `--whole-files`, the linter is supposed to support linting of changed a patch only but, diff --git a/.go-version b/.go-version index 59b05446606..e6a6e7cd3e9 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.24.13 +1.25.8 diff --git a/Dockerfile b/Dockerfile index eeaf452479f..fb5e0291c54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.24.7 +ARG GO_VERSION=1.25.8 FROM circleci/golang:${GO_VERSION} diff --git a/NOTICE-fips.txt b/NOTICE-fips.txt index 675cc50fd0b..0bee1daa7fb 100644 --- a/NOTICE-fips.txt +++ b/NOTICE-fips.txt @@ -41410,11 +41410,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : github.com/gomodule/redigo -Version: v1.9.2 +Version: v1.9.3 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.2/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.3/LICENSE: Apache License @@ -41597,11 +41597,11 @@ Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.2/ -------------------------------------------------------------------------------- Dependency : github.com/google/cel-go -Version: v0.26.0 +Version: v0.26.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/google/cel-go@v0.26.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/google/cel-go@v0.26.1/LICENSE: Apache License diff --git a/NOTICE.txt b/NOTICE.txt index b78e593726e..089b14a59f8 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -44557,11 +44557,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : github.com/gomodule/redigo -Version: v1.9.2 +Version: v1.9.3 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.2/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.3/LICENSE: Apache License @@ -44744,11 +44744,11 @@ Contents of probable licence file $GOMODCACHE/github.com/gomodule/redigo@v1.9.2/ -------------------------------------------------------------------------------- Dependency : github.com/google/cel-go -Version: v0.26.0 +Version: v0.26.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/google/cel-go@v0.26.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/google/cel-go@v0.26.1/LICENSE: Apache License diff --git a/changelog/fragments/1758822287-bump-golang-1.25.8.yaml b/changelog/fragments/1758822287-bump-golang-1.25.8.yaml new file mode 100644 index 00000000000..0137e55863e --- /dev/null +++ b/changelog/fragments/1758822287-bump-golang-1.25.8.yaml @@ -0,0 +1,32 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: enhancement + +# Change summary; a 80ish characters long description of the change. +summary: Update Go version to 1.25.8 + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment. +#description: + +# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc. +component: elastic-agent + +# PR URL; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +pr: https://github.com/elastic/elastic-agent/pull/10156 + +# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: https://github.com/owner/repo/1234 diff --git a/dev-tools/mage/gotest_test.go b/dev-tools/mage/gotest_test.go index 59c1a9aad9f..bf082b7dbd6 100644 --- a/dev-tools/mage/gotest_test.go +++ b/dev-tools/mage/gotest_test.go @@ -331,9 +331,7 @@ func TestGoTest_Helper_WithPanic(t *testing.T) { var wantTestWithPanic = `(?sm: === FAIL: dev-tools/mage TestGoTest_Helper_WithPanic.* -panic: Kaputt. \[recovered\].* - panic: Kaputt.* -)` +panic: Kaputt. \[recovered, repanicked\].*)` func TestGoTest_Helper_WithWrongPanic(t *testing.T) { if !gotestHelperMode { diff --git a/dev-tools/mage/otel/deps_test.go b/dev-tools/mage/otel/deps_test.go index 5b1695cfd5e..2a678aef3cc 100644 --- a/dev-tools/mage/otel/deps_test.go +++ b/dev-tools/mage/otel/deps_test.go @@ -16,7 +16,7 @@ import ( func TestGetOtelDependencies(t *testing.T) { goModContent := `module github.com/elastic/elastic-agent -go 1.24.1 +go 1.25.8 require ( github.com/elastic/opentelemetry-collector-components/connector/signaltometricsconnector v0.3.0 diff --git a/dev-tools/mage/settings.go b/dev-tools/mage/settings.go index bde8cc3c180..eca1c49ca1d 100644 --- a/dev-tools/mage/settings.go +++ b/dev-tools/mage/settings.go @@ -1713,7 +1713,7 @@ func (s *Settings) TestTagsWithFIPS() []string { tags := make([]string, len(s.Test.Tags)) copy(tags, s.Test.Tags) if s.Build.FIPSBuild { - tags = append(tags, "requirefips", "ms_tls13kdf") + tags = append(tags, "requirefips") } if s.Build.OTELComponentBuild { tags = append(tags, "otelexternal") diff --git a/dev-tools/mage/settings_test.go b/dev-tools/mage/settings_test.go index cd7b5974b3e..373da27b1ff 100644 --- a/dev-tools/mage/settings_test.go +++ b/dev-tools/mage/settings_test.go @@ -307,7 +307,7 @@ func TestSettingsTestTagsWithFIPS(t *testing.T) { tags := s.TestTagsWithFIPS() - assert.Equal(t, []string{"tag1", "requirefips", "ms_tls13kdf"}, tags) + assert.Equal(t, []string{"tag1", "requirefips"}, tags) }) t.Run("does not modify original tags", func(t *testing.T) { @@ -327,7 +327,7 @@ func TestSettingsTestTagsWithFIPS(t *testing.T) { tags := s.TestTagsWithFIPS() - assert.Equal(t, []string{"requirefips", "ms_tls13kdf"}, tags) + assert.Equal(t, []string{"requirefips"}, tags) }) } diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index fa12eba7fe5..4951bdbc1c9 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -46,7 +46,6 @@ settings: MS_GOTOOLCHAIN_TELEMETRY_ENABLED: "0" tags: - requirefips - - ms_tls13kdf platforms: - *linux-amd64 - *linux-arm64 diff --git a/go.mod b/go.mod index c56f31fe98f..f0c60c6cb20 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/elastic-agent -go 1.24.13 +go 1.25.8 require ( github.com/Jeffail/gabs/v2 v2.6.0 @@ -386,9 +386,9 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v1.0.0 // indirect - github.com/gomodule/redigo v1.9.2 // indirect + github.com/gomodule/redigo v1.9.3 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.26.0 // indirect + github.com/google/cel-go v0.26.1 // indirect github.com/google/flatbuffers v25.2.10+incompatible // indirect github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-querystring v1.1.0 // indirect diff --git a/go.sum b/go.sum index e5c4928b53a..382613939a0 100644 --- a/go.sum +++ b/go.sum @@ -782,13 +782,13 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s= -github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw= +github.com/gomodule/redigo v1.9.3 h1:dNPSXeXv6HCq2jdyWfjgmhBdqnR6PRO3m/G05nvpPC8= +github.com/gomodule/redigo v1.9.3/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= -github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= +github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= +github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q= github.com/google/flatbuffers v25.2.10+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= diff --git a/internal/edot/go.mod b/internal/edot/go.mod index 42464ca746f..95cc265e85d 100644 --- a/internal/edot/go.mod +++ b/internal/edot/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/elastic-agent/internal/edot -go 1.24.13 +go 1.25.8 replace github.com/elastic/elastic-agent => ../../ @@ -373,8 +373,8 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v1.0.0 // indirect - github.com/gomodule/redigo v1.9.2 // indirect - github.com/google/cel-go v0.26.0 // indirect + github.com/gomodule/redigo v1.9.3 // indirect + github.com/google/cel-go v0.26.1 // indirect github.com/google/flatbuffers v25.2.10+incompatible // indirect github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-cmp v0.7.0 // indirect diff --git a/internal/edot/go.sum b/internal/edot/go.sum index ead57a58946..6e4ce63e3fa 100644 --- a/internal/edot/go.sum +++ b/internal/edot/go.sum @@ -707,13 +707,13 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/gomodule/redigo v1.9.2 h1:HrutZBLhSIU8abiSfW8pj8mPhOyMYjZT/wcA4/L9L9s= -github.com/gomodule/redigo v1.9.2/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw= +github.com/gomodule/redigo v1.9.3 h1:dNPSXeXv6HCq2jdyWfjgmhBdqnR6PRO3m/G05nvpPC8= +github.com/gomodule/redigo v1.9.3/go.mod h1:KsU3hiK/Ay8U42qpaJk+kuNa3C+spxapWpM+ywhcgtw= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= -github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= +github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= +github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/flatbuffers v25.2.10+incompatible h1:F3vclr7C3HpB1k9mxCGRMXq6FdUalZ6H/pNX4FP1v0Q= github.com/google/flatbuffers v25.2.10+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= diff --git a/internal/pkg/agent/application/upgrade/marker_watcher.go b/internal/pkg/agent/application/upgrade/marker_watcher.go index f4a1b33d849..4448aa984aa 100644 --- a/internal/pkg/agent/application/upgrade/marker_watcher.go +++ b/internal/pkg/agent/application/upgrade/marker_watcher.go @@ -20,6 +20,7 @@ import ( type MarkerWatcher interface { Watch() <-chan UpdateMarker Run(ctx context.Context) error + Done() <-chan struct{} SetUpgradeStarted() } @@ -27,6 +28,7 @@ type MarkerFileWatcher struct { markerFilePath string logger *logger.Logger updateCh chan UpdateMarker + doneCh chan struct{} upgradeStarted atomic.Bool lastMarker *UpdateMarker @@ -39,6 +41,7 @@ func newMarkerFileWatcher(upgradeMarkerFilePath string, logger *logger.Logger) M markerFilePath: upgradeMarkerFilePath, logger: logger, updateCh: make(chan UpdateMarker), + doneCh: make(chan struct{}), } } @@ -50,6 +53,10 @@ func (mfw *MarkerFileWatcher) SetUpgradeStarted() { mfw.upgradeStarted.Store(true) } +func (mfw *MarkerFileWatcher) Done() <-chan struct{} { + return mfw.doneCh +} + func (mfw *MarkerFileWatcher) Run(ctx context.Context) error { watcher, err := fsnotify.NewWatcher() if err != nil { @@ -70,6 +77,7 @@ func (mfw *MarkerFileWatcher) Run(ctx context.Context) error { // Handle watching go func() { + defer close(mfw.doneCh) defer watcher.Close() for { select { @@ -100,7 +108,7 @@ func (mfw *MarkerFileWatcher) Run(ctx context.Context) error { case e.Op&(fsnotify.Create|fsnotify.Write) != 0: // Upgrade marker file was created or updated; read its contents // and send them over the update channel. - mfw.processMarker(version.GetAgentPackageVersion(), version.Commit()) + mfw.processMarker(ctx, version.GetAgentPackageVersion(), version.Commit()) case e.Op&(fsnotify.Remove) != 0: // Upgrade marker file was removed. // - Upgrade could've been rolled back @@ -109,11 +117,15 @@ func (mfw *MarkerFileWatcher) Run(ctx context.Context) error { // upgrade was successful if mfw.lastMarker != nil && mfw.lastMarker.Details != nil && mfw.lastMarker.Details.State != details.StateRollback { mfw.lastMarker.Details = nil - mfw.updateCh <- *mfw.lastMarker + select { + case mfw.updateCh <- *mfw.lastMarker: + case <-ctx.Done(): + return + } } } case <-doInitialRead: - mfw.processMarker(version.GetAgentPackageVersion(), version.Commit()) + mfw.processMarker(ctx, version.GetAgentPackageVersion(), version.Commit()) } } }() @@ -121,7 +133,7 @@ func (mfw *MarkerFileWatcher) Run(ctx context.Context) error { return nil } -func (mfw *MarkerFileWatcher) processMarker(currentVersion string, commit string) { +func (mfw *MarkerFileWatcher) processMarker(ctx context.Context, currentVersion string, commit string) { marker, err := loadMarker(mfw.markerFilePath) if err != nil { mfw.logger.Error(err) @@ -151,5 +163,8 @@ func (mfw *MarkerFileWatcher) processMarker(currentVersion string, commit string } mfw.lastMarker = marker - mfw.updateCh <- *marker + select { + case mfw.updateCh <- *marker: + case <-ctx.Done(): + } } diff --git a/internal/pkg/agent/application/upgrade/marker_watcher_test.go b/internal/pkg/agent/application/upgrade/marker_watcher_test.go index ec25d198035..c037d115e9e 100644 --- a/internal/pkg/agent/application/upgrade/marker_watcher_test.go +++ b/internal/pkg/agent/application/upgrade/marker_watcher_test.go @@ -30,7 +30,10 @@ func TestMarkerWatcher(t *testing.T) { markerWatcher := newMarkerFileWatcher(testMarkerFile, testLogger) testCtx, testCancel := context.WithCancel(context.Background()) - defer testCancel() + defer func() { + testCancel() + <-markerWatcher.Done() + }() var testDetails *details.Details var testDetailsMu sync.Mutex @@ -270,7 +273,7 @@ details: mfw.SetUpgradeStarted() } - mfw.processMarker(currentVersion, currentCommit) + mfw.processMarker(t.Context(), currentVersion, currentCommit) // error loading marker if test.expectedErrLogMsg { diff --git a/internal/pkg/agent/application/upgrade/watcher.go b/internal/pkg/agent/application/upgrade/watcher.go index 1bd9e6ef55f..cee54fdbc49 100644 --- a/internal/pkg/agent/application/upgrade/watcher.go +++ b/internal/pkg/agent/application/upgrade/watcher.go @@ -374,13 +374,18 @@ type createContextWithTimeout func(ctx context.Context, timeout time.Duration) ( func waitForWatcherWithTimeoutCreationFunc(ctx context.Context, log *logger.Logger, markerFilePath string, waitTime time.Duration, createTimeoutContext createContextWithTimeout) error { // Wait for the watcher to be up and running watcherContext, cancel := createTimeoutContext(ctx, waitTime) - defer cancel() markerWatcher := newMarkerFileWatcher(markerFilePath, log) err := markerWatcher.Run(watcherContext) if err != nil { return fmt.Errorf("error starting update marker watcher: %w", err) } + // Ensure the fsnotify watcher goroutine fully exits before returning, + // so that directory handles are released (needed on Windows for cleanup). + defer func() { + cancel() + <-markerWatcher.Done() + }() log.Infof("waiting up to %s for upgrade watcher to set %s state in upgrade marker", waitTime, details.StateWatching) diff --git a/internal/pkg/agent/install/uninstall.go b/internal/pkg/agent/install/uninstall.go index ffaa8bc813d..dcbeb5fa954 100644 --- a/internal/pkg/agent/install/uninstall.go +++ b/internal/pkg/agent/install/uninstall.go @@ -286,7 +286,7 @@ func RemovePath(path string) error { start := time.Now() var lastErr error for time.Since(start) <= arbitraryTimeout { - lastErr = os.RemoveAll(path) + lastErr = removeAll(path) if lastErr == nil || !isRetryableError(lastErr) { return lastErr @@ -327,6 +327,70 @@ func RemoveBut(path string, bestEffort bool, exceptions ...string) error { return err } +// TODO: Replace this with a more robust and less mysterious approach. +// removeAll is a reimplementation of Go 1.24's os.RemoveAll. Go 1.25 switched +// to directory-relative unlinkat/openat syscalls (removeall_at.go) which on +// Windows use NtCreateFile with DELETE access — these are stricter about file +// state and fail on files that have been ADS-renamed. The simple path-based +// approach using os.Remove works correctly with the ADS rename trick that +// RemovePath uses to delete running executables on Windows. +// Taken from: https://cs.opensource.google/go/go/+/refs/tags/go1.24.13:src/os/removeall_noat.go;drc=a2baae6851a157d662dff7cc508659f66249698a;l=15 +// The implementation which breaks our install is here: +// https://cs.opensource.google/go/go/+/refs/tags/go1.25.8:src/os/removeall_at.go;drc=e81c624656e415626c7ac3a97768f5c2717979a4;l=15 +func removeAll(path string) error { + // Try simple remove first (handles files and empty directories). + err := os.Remove(path) + if err == nil || errors.Is(err, fs.ErrNotExist) { + return nil + } + + // Check if it's a directory. + info, serr := os.Lstat(path) + if serr != nil { + if errors.Is(serr, fs.ErrNotExist) { + return nil + } + return serr + } + if !info.IsDir() { + // Not a directory — return the original Remove error. + return err + } + + // Remove directory contents recursively. + err = removeAllChildren(path) + if err != nil { + return err + } + + // Remove the now-empty directory. + err = os.Remove(path) + if errors.Is(err, fs.ErrNotExist) { + return nil + } + return err +} + +func removeAllChildren(path string) error { + entries, err := os.ReadDir(path) + if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return nil + } + return err + } + + var firstErr error + for _, entry := range entries { + child := filepath.Join(path, entry.Name()) + err := removeAll(child) + if err != nil && firstErr == nil { + firstErr = err + } + } + return firstErr +} + func containsString(str string, a []string, caseSensitive bool) bool { if !caseSensitive { str = strings.ToLower(str) diff --git a/magefile.go b/magefile.go index 662e2aafad8..1ed69e18bd8 100644 --- a/magefile.go +++ b/magefile.go @@ -289,7 +289,7 @@ func (Build) windowsArchiveRootBinaryForGoArch(ctx context.Context, goarch strin if cfg.Build.FIPSBuild { // there is no actual FIPS relevance for this particular binary // but better safe than sorry - args.ExtraFlags = append(args.ExtraFlags, "-tags=requirefips,ms_tls13kdf") + args.ExtraFlags = append(args.ExtraFlags, "-tags=requirefips") args.Env["MS_GOTOOLCHAIN_TELEMETRY_ENABLED"] = "0" args.CGO = true } @@ -465,9 +465,18 @@ func (Test) Unit(ctx context.Context) error { // FIPSOnlyUnit runs all the unit tests with GODEBUG=fips140=only. func (Test) FIPSOnlyUnit(ctx context.Context) error { mg.Deps(Prepare.Env, Build.TestBinaries) + cfg := devtools.SettingsFromContext(ctx) params := devtools.DefaultGoTestUnitArgs(cfg) - params.Env["GODEBUG"] = "fips140=only" + params.Env["FIPS"] = "true" + + // We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key + // exchange mechanism; without this setting and with the GODEBUG=fips140=only + // setting, we get errors in tests like so: + // Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode + // Note that we are only disabling this TLS key exchange mechanism in tests! + params.Env["GODEBUG"] = "fips140=only,tlsmlkem=0" + params.Tags = append(params.Tags, "requirefips") return devtools.GoTest(ctx, params) } diff --git a/version/docs/version.asciidoc b/version/docs/version.asciidoc index 2b166f3e057..3bbe649d239 100644 --- a/version/docs/version.asciidoc +++ b/version/docs/version.asciidoc @@ -3,7 +3,7 @@ // FIXME: once elastic.co docs have been switched over to use `main`, remove // the `doc-site-branch` line below as well as any references to it in the code. :doc-site-branch: master -:go-version: 1.24.13 +:go-version: 1.25.8 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/wrapper/windows/archive-proxy/go.mod b/wrapper/windows/archive-proxy/go.mod index 937077e2cc9..7425f7c6522 100644 --- a/wrapper/windows/archive-proxy/go.mod +++ b/wrapper/windows/archive-proxy/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/elastic-agent/wrapper/windows/archive-proxy -go 1.24.13 +go 1.25.8 require github.com/elastic/elastic-agent v0.0.0