diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 988dbb182b2..3d2dac31a98 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -67,7 +67,7 @@ steps: command: ".buildkite/scripts/steps/unit-tests.sh" env: FIPS: "true" - GODEBUG: "fips140=only" + GODEBUG: "fips140=only,tlsmlkem=0" artifact_paths: - "build/TEST-*.html" - "build/TEST-*.xml" diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index e04dc6678b8..ad9f8875eb2 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -30,7 +30,7 @@ jobs: uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v2.1.0 + version: v2.5.0 # Give the job more time to execute. # Regarding `--whole-files`, the linter is supposed to support linting of changed a patch only but, diff --git a/.go-version b/.go-version index 8407e260086..d905a6d1d61 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.24.7 +1.25.1 diff --git a/Dockerfile b/Dockerfile index eeaf452479f..0d35c813f40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.24.7 +ARG GO_VERSION=1.25.1 FROM circleci/golang:${GO_VERSION} diff --git a/changelog/fragments/1758822287-bump-golang-1.25.1.yaml b/changelog/fragments/1758822287-bump-golang-1.25.1.yaml new file mode 100644 index 00000000000..d3838e1e254 --- /dev/null +++ b/changelog/fragments/1758822287-bump-golang-1.25.1.yaml @@ -0,0 +1,32 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: enhancement + +# Change summary; a 80ish characters long description of the change. +summary: Update Go version to 1.25.1 + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment. +#description: + +# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc. +component: elastic-agent + +# PR URL; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +pr: https://github.com/elastic/elastic-agent/pull/10156 + +# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: https://github.com/owner/repo/1234 diff --git a/dev-tools/mage/gotest.go b/dev-tools/mage/gotest.go index a259aa5fbd2..5d11e395d5a 100644 --- a/dev-tools/mage/gotest.go +++ b/dev-tools/mage/gotest.go @@ -86,7 +86,7 @@ func makeGoTestArgsForModule(name, module string) GoTestArgs { func testTagsFromEnv() []string { tags := strings.Split(strings.Trim(os.Getenv("TEST_TAGS"), ", "), ",") if FIPSBuild { - tags = append(tags, "requirefips", "ms_tls13kdf") + tags = append(tags, "requirefips") } return tags } diff --git a/dev-tools/mage/gotest_test.go b/dev-tools/mage/gotest_test.go index 59c1a9aad9f..bf082b7dbd6 100644 --- a/dev-tools/mage/gotest_test.go +++ b/dev-tools/mage/gotest_test.go @@ -331,9 +331,7 @@ func TestGoTest_Helper_WithPanic(t *testing.T) { var wantTestWithPanic = `(?sm: === FAIL: dev-tools/mage TestGoTest_Helper_WithPanic.* -panic: Kaputt. \[recovered\].* - panic: Kaputt.* -)` +panic: Kaputt. \[recovered, repanicked\].*)` func TestGoTest_Helper_WithWrongPanic(t *testing.T) { if !gotestHelperMode { diff --git a/dev-tools/mage/otel/deps_test.go b/dev-tools/mage/otel/deps_test.go index 5b1695cfd5e..03be8a72b9d 100644 --- a/dev-tools/mage/otel/deps_test.go +++ b/dev-tools/mage/otel/deps_test.go @@ -16,7 +16,7 @@ import ( func TestGetOtelDependencies(t *testing.T) { goModContent := `module github.com/elastic/elastic-agent -go 1.24.1 +go 1.25.1 require ( github.com/elastic/opentelemetry-collector-components/connector/signaltometricsconnector v0.3.0 diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index 85897269fd7..dadae65ffd9 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -43,7 +43,6 @@ settings: MS_GOTOOLCHAIN_TELEMETRY_ENABLED: "0" tags: - requirefips - - ms_tls13kdf platforms: - *linux-amd64 - *linux-arm64 diff --git a/go.mod b/go.mod index 27633344f84..30cd1e47377 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/elastic-agent -go 1.24.7 +go 1.25.1 require ( github.com/Jeffail/gabs/v2 v2.6.0 diff --git a/magefile.go b/magefile.go index 0fd309dd585..4902b4c786b 100644 --- a/magefile.go +++ b/magefile.go @@ -323,7 +323,7 @@ func (Build) WindowsArchiveRootBinary() error { if devtools.FIPSBuild { // there is no actual FIPS relevance for this particular binary // but better safe than sorry - args.ExtraFlags = append(args.ExtraFlags, "-tags=requirefips,ms_tls13kdf") + args.ExtraFlags = append(args.ExtraFlags, "-tags=requirefips") args.Env["MS_GOTOOLCHAIN_TELEMETRY_ENABLED"] = "0" args.CGO = true } @@ -487,8 +487,17 @@ func (Test) Unit(ctx context.Context) error { // FIPSOnlyUnit runs all the unit tests with GODEBUG=fips140=only. func (Test) FIPSOnlyUnit(ctx context.Context) error { mg.Deps(Prepare.Env, Build.TestBinaries) + params := devtools.DefaultGoTestUnitArgs() - params.Env["GODEBUG"] = "fips140=only" + params.Env["FIPS"] = "true" + + // We also set GODEBUG=tlsmlkem=0 to disable the X25519MLKEM768 TLS key + // exchange mechanism; without this setting and with the GODEBUG=fips140=only + // setting, we get errors in tests like so: + // Failed to connect: crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode + // Note that we are only disabling this TLS key exchange mechanism in tests! + params.Env["GODEBUG"] = "fips140=only,tlsmlkem=0" + params.Tags = append(params.Tags, "requirefips") return devtools.GoTest(ctx, params) } diff --git a/version/docs/version.asciidoc b/version/docs/version.asciidoc index 9337d2f5c75..9db7fbf6554 100644 --- a/version/docs/version.asciidoc +++ b/version/docs/version.asciidoc @@ -3,7 +3,7 @@ // FIXME: once elastic.co docs have been switched over to use `main`, remove // the `doc-site-branch` line below as well as any references to it in the code. :doc-site-branch: master -:go-version: 1.24.7 +:go-version: 1.25.1 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/wrapper/windows/archive-proxy/go.mod b/wrapper/windows/archive-proxy/go.mod index 1c6c1431b6f..fdf074103fd 100644 --- a/wrapper/windows/archive-proxy/go.mod +++ b/wrapper/windows/archive-proxy/go.mod @@ -1,6 +1,6 @@ module github.com/elastic/elastic-agent/wrapper/windows/archive-proxy -go 1.24.7 +go 1.25.1 require github.com/elastic/elastic-agent v0.0.0