Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update golang #16109

Merged
merged 1 commit into from
Jan 23, 2024
Merged

Update golang #16109

merged 1 commit into from
Jan 23, 2024

Conversation

tianon
Copy link
Member

@tianon tianon commented Jan 22, 2024

Changes:

@docker-library-bot
Update golang
9bef251 
Changes:

- docker-library/golang@26b9447: Merge pull request docker-library/golang#505 from infosiftr/link-test
- docker-library/golang@a6fd6ec: Use `COPY --link` to share Go layer across OS variants / updates
- docker-library/golang@09d6a0c: Adjust versions.json field ordering to be more human-friendly
@tianon tianon requested a review from yosifkit as a code owner January 22, 2024 18:27
@github-actions GitHub Actions
Copy link

Diff for 9bef251: 
diff --git a/_bashbrew-cat b/_bashbrew-cat
index 462ce12..0dfe302 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,25 +1,26 @@
 Maintainers: Tianon Gravi <[email protected]> (@tianon), Joseph Ferguson <[email protected]> (@yosifkit), Johan Euphrosine <[email protected]> (@proppy)
 GitRepo: https://github.com/docker-library/golang.git
+Builder: buildkit
 
 Tags: 1.20.13-alpine3.18, 1.20-alpine3.18
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.20/alpine3.18
 
 Tags: 1.20.13-alpine3.19, 1.20-alpine3.19, 1.20.13-alpine, 1.20-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.20/alpine3.19
 
 Tags: 1.20.13-bookworm, 1.20-bookworm
 SharedTags: 1.20.13, 1.20
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.20/bookworm
 
 Tags: 1.20.13-bullseye, 1.20-bullseye
 Architectures: amd64, arm32v5, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.20/bullseye
 
 Tags: 1.20.13-nanoserver-1809, 1.20-nanoserver-1809
@@ -27,6 +28,7 @@ SharedTags: 1.20.13-nanoserver, 1.20-nanoserver
 Architectures: windows-amd64
 GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
 Directory: 1.20/windows/nanoserver-1809
+Builder: classic
 Constraints: nanoserver-1809, windowsservercore-1809
 
 Tags: 1.20.13-nanoserver-ltsc2022, 1.20-nanoserver-ltsc2022
@@ -34,6 +36,7 @@ SharedTags: 1.20.13-nanoserver, 1.20-nanoserver
 Architectures: windows-amd64
 GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
 Directory: 1.20/windows/nanoserver-ltsc2022
+Builder: classic
 Constraints: nanoserver-ltsc2022, windowsservercore-ltsc2022
 
 Tags: 1.20.13-windowsservercore-1809, 1.20-windowsservercore-1809
@@ -41,6 +44,7 @@ SharedTags: 1.20.13-windowsservercore, 1.20-windowsservercore, 1.20.13, 1.20
 Architectures: windows-amd64
 GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
 Directory: 1.20/windows/windowsservercore-1809
+Builder: classic
 Constraints: windowsservercore-1809
 
 Tags: 1.20.13-windowsservercore-ltsc2022, 1.20-windowsservercore-ltsc2022
@@ -48,27 +52,28 @@ SharedTags: 1.20.13-windowsservercore, 1.20-windowsservercore, 1.20.13, 1.20
 Architectures: windows-amd64
 GitCommit: 9cbaa438ce9da574c97fc39d32b660aab5aad129
 Directory: 1.20/windows/windowsservercore-ltsc2022
+Builder: classic
 Constraints: windowsservercore-ltsc2022
 
 Tags: 1.21.6-alpine3.18, 1.21-alpine3.18, 1-alpine3.18, alpine3.18
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.21/alpine3.18
 
 Tags: 1.21.6-alpine3.19, 1.21-alpine3.19, 1-alpine3.19, alpine3.19, 1.21.6-alpine, 1.21-alpine, 1-alpine, alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.21/alpine3.19
 
 Tags: 1.21.6-bookworm, 1.21-bookworm, 1-bookworm, bookworm
 SharedTags: 1.21.6, 1.21, 1, latest
 Architectures: amd64, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.21/bookworm
 
 Tags: 1.21.6-bullseye, 1.21-bullseye, 1-bullseye, bullseye
 Architectures: amd64, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.21/bullseye
 
 Tags: 1.21.6-nanoserver-1809, 1.21-nanoserver-1809, 1-nanoserver-1809, nanoserver-1809
@@ -76,6 +81,7 @@ SharedTags: 1.21.6-nanoserver, 1.21-nanoserver, 1-nanoserver, nanoserver
 Architectures: windows-amd64
 GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
 Directory: 1.21/windows/nanoserver-1809
+Builder: classic
 Constraints: nanoserver-1809, windowsservercore-1809
 
 Tags: 1.21.6-nanoserver-ltsc2022, 1.21-nanoserver-ltsc2022, 1-nanoserver-ltsc2022, nanoserver-ltsc2022
@@ -83,6 +89,7 @@ SharedTags: 1.21.6-nanoserver, 1.21-nanoserver, 1-nanoserver, nanoserver
 Architectures: windows-amd64
 GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
 Directory: 1.21/windows/nanoserver-ltsc2022
+Builder: classic
 Constraints: nanoserver-ltsc2022, windowsservercore-ltsc2022
 
 Tags: 1.21.6-windowsservercore-1809, 1.21-windowsservercore-1809, 1-windowsservercore-1809, windowsservercore-1809
@@ -90,6 +97,7 @@ SharedTags: 1.21.6-windowsservercore, 1.21-windowsservercore, 1-windowsservercor
 Architectures: windows-amd64
 GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
 Directory: 1.21/windows/windowsservercore-1809
+Builder: classic
 Constraints: windowsservercore-1809
 
 Tags: 1.21.6-windowsservercore-ltsc2022, 1.21-windowsservercore-ltsc2022, 1-windowsservercore-ltsc2022, windowsservercore-ltsc2022
@@ -97,27 +105,28 @@ SharedTags: 1.21.6-windowsservercore, 1.21-windowsservercore, 1-windowsservercor
 Architectures: windows-amd64
 GitCommit: 885ba4379edde75bd04e37c23996fecedfc57301
 Directory: 1.21/windows/windowsservercore-ltsc2022
+Builder: classic
 Constraints: windowsservercore-ltsc2022
 
 Tags: 1.22rc1-alpine3.18, 1.22-rc-alpine3.18
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 8188fe464dc344c8ac20cad12cf80e65f452af93
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.22-rc/alpine3.18
 
 Tags: 1.22rc1-alpine3.19, 1.22-rc-alpine3.19, 1.22rc1-alpine, 1.22-rc-alpine
 Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
-GitCommit: 8188fe464dc344c8ac20cad12cf80e65f452af93
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.22-rc/alpine3.19
 
 Tags: 1.22rc1-bookworm, 1.22-rc-bookworm
 SharedTags: 1.22rc1, 1.22-rc
 Architectures: amd64, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 8188fe464dc344c8ac20cad12cf80e65f452af93
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.22-rc/bookworm
 
 Tags: 1.22rc1-bullseye, 1.22-rc-bullseye
 Architectures: amd64, arm32v7, arm64v8, i386, mips64le, ppc64le, s390x
-GitCommit: 8188fe464dc344c8ac20cad12cf80e65f452af93
+GitCommit: a6fd6eceb0cb26da2fceefb4353768c472f84420
 Directory: 1.22-rc/bullseye
 
 Tags: 1.22rc1-nanoserver-1809, 1.22-rc-nanoserver-1809
@@ -125,6 +134,7 @@ SharedTags: 1.22rc1-nanoserver, 1.22-rc-nanoserver
 Architectures: windows-amd64
 GitCommit: 46d44c197aa3ce81c16ad43a2e4b331cc188053a
 Directory: 1.22-rc/windows/nanoserver-1809
+Builder: classic
 Constraints: nanoserver-1809, windowsservercore-1809
 
 Tags: 1.22rc1-nanoserver-ltsc2022, 1.22-rc-nanoserver-ltsc2022
@@ -132,6 +142,7 @@ SharedTags: 1.22rc1-nanoserver, 1.22-rc-nanoserver
 Architectures: windows-amd64
 GitCommit: 46d44c197aa3ce81c16ad43a2e4b331cc188053a
 Directory: 1.22-rc/windows/nanoserver-ltsc2022
+Builder: classic
 Constraints: nanoserver-ltsc2022, windowsservercore-ltsc2022
 
 Tags: 1.22rc1-windowsservercore-1809, 1.22-rc-windowsservercore-1809
@@ -139,6 +150,7 @@ SharedTags: 1.22rc1-windowsservercore, 1.22-rc-windowsservercore, 1.22rc1, 1.22-
 Architectures: windows-amd64
 GitCommit: 46d44c197aa3ce81c16ad43a2e4b331cc188053a
 Directory: 1.22-rc/windows/windowsservercore-1809
+Builder: classic
 Constraints: windowsservercore-1809
 
 Tags: 1.22rc1-windowsservercore-ltsc2022, 1.22-rc-windowsservercore-ltsc2022
@@ -146,4 +158,5 @@ SharedTags: 1.22rc1-windowsservercore, 1.22-rc-windowsservercore, 1.22rc1, 1.22-
 Architectures: windows-amd64
 GitCommit: 46d44c197aa3ce81c16ad43a2e4b331cc188053a
 Directory: 1.22-rc/windows/windowsservercore-ltsc2022
+Builder: classic
 Constraints: windowsservercore-ltsc2022
diff --git a/golang_1.20-alpine/Dockerfile b/golang_1.20-alpine/Dockerfile
index 26ee4bb..93e3f3e 100644
--- a/golang_1.20-alpine/Dockerfile
+++ b/golang_1.20-alpine/Dockerfile
@@ -4,16 +4,19 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM alpine:3.19
-
-RUN apk add --no-cache ca-certificates
+FROM alpine:3.19 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
 ENV GOLANG_VERSION 1.20.13
 
 RUN set -eux; \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
+	apk add --no-cache --virtual .fetch-deps \
+		ca-certificates \
+		gnupg \
+# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
+		tar \
+	; \
 	arch="$(apk --print-arch)"; \
 	url=; \
 	case "$arch" in \
@@ -69,6 +72,12 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	if [ -n "$build" ]; then \
 		apk add --no-cache --virtual .build-deps \
 			bash \
@@ -102,13 +111,31 @@ RUN set -eux; \
 			/usr/local/go/src/cmd/dist/dist \
 			"$GOCACHE" \
 		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
+		touch -t "$date" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+		touch -t "$date" /usr/local; \
 	fi; \
 	\
 	apk del --no-network .fetch-deps; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM alpine:3.19
+
+RUN apk add --no-cache ca-certificates
+
+ENV GOLANG_VERSION 1.20.13
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.20-alpine3.18/Dockerfile b/golang_1.20-alpine3.18/Dockerfile
index e593c44..f34d169 100644
--- a/golang_1.20-alpine3.18/Dockerfile
+++ b/golang_1.20-alpine3.18/Dockerfile
@@ -4,16 +4,19 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM alpine:3.18
-
-RUN apk add --no-cache ca-certificates
+FROM alpine:3.18 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
 ENV GOLANG_VERSION 1.20.13
 
 RUN set -eux; \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
+	apk add --no-cache --virtual .fetch-deps \
+		ca-certificates \
+		gnupg \
+# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
+		tar \
+	; \
 	arch="$(apk --print-arch)"; \
 	url=; \
 	case "$arch" in \
@@ -69,6 +72,12 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	if [ -n "$build" ]; then \
 		apk add --no-cache --virtual .build-deps \
 			bash \
@@ -102,13 +111,31 @@ RUN set -eux; \
 			/usr/local/go/src/cmd/dist/dist \
 			"$GOCACHE" \
 		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
+		touch -t "$date" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+		touch -t "$date" /usr/local; \
 	fi; \
 	\
 	apk del --no-network .fetch-deps; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM alpine:3.18
+
+RUN apk add --no-cache ca-certificates
+
+ENV GOLANG_VERSION 1.20.13
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.20-bookworm/Dockerfile b/golang_1.20-bookworm/Dockerfile
index c9e6749..f477cb4 100644
--- a/golang_1.20-bookworm/Dockerfile
+++ b/golang_1.20-bookworm/Dockerfile
@@ -4,19 +4,7 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM buildpack-deps:bookworm-scm
-
-# install cgo-related dependencies
-RUN set -eux; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends \
-		g++ \
-		gcc \
-		libc6-dev \
-		make \
-		pkg-config \
-	; \
-	rm -rf /var/lib/apt/lists/*
+FROM buildpack-deps:bookworm-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
@@ -89,10 +77,18 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	if [ -n "$build" ]; then \
 		savedAptMark="$(apt-mark showmanual)"; \
 		apt-get update; \
 		apt-get install -y --no-install-recommends golang-go; \
+# cgo-related deps (for 1.21+, we should instead use CGO_ENABLED=0; https://github.com/golang/go/blob/b44f6378233ada888f0dc79e0ac56def4673d9ed/src/cmd/dist/build.go#L1312 / https://github.com/golang/go/commit/da0c375c571037ec5ea6f8ef2be8f07593b40eb6)
+		apt-get install -y --no-install-recommends gcc libc6-dev; \
 		\
 		export GOCACHE='/tmp/gocache'; \
 		\
@@ -118,11 +114,39 @@ RUN set -eux; \
 			/usr/local/go/src/cmd/dist/dist \
 			"$GOCACHE" \
 		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
+		touch -t "$date" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+		touch -t "$date" /usr/local; \
 	fi; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM buildpack-deps:bookworm-scm
+
+# install cgo-related dependencies
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GOLANG_VERSION 1.20.13
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.20-bullseye/Dockerfile b/golang_1.20-bullseye/Dockerfile
index 9acdba1..cf91b46 100644
--- a/golang_1.20-bullseye/Dockerfile
+++ b/golang_1.20-bullseye/Dockerfile
@@ -4,19 +4,7 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM buildpack-deps:bullseye-scm
-
-# install cgo-related dependencies
-RUN set -eux; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends \
-		g++ \
-		gcc \
-		libc6-dev \
-		make \
-		pkg-config \
-	; \
-	rm -rf /var/lib/apt/lists/*
+FROM buildpack-deps:bullseye-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
@@ -89,6 +77,12 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	if [ -n "$build" ]; then \
 		savedAptMark="$(apt-mark showmanual)"; \
 # add backports for newer go version for bootstrap build: https://github.com/golang/go/issues/44505
@@ -99,6 +93,8 @@ RUN set -eux; \
 			apt-get update; \
 			apt-get install -y --no-install-recommends -t "$VERSION_CODENAME-backports" golang-go; \
 		); \
+# cgo-related deps (for 1.21+, we should instead use CGO_ENABLED=0; https://github.com/golang/go/blob/b44f6378233ada888f0dc79e0ac56def4673d9ed/src/cmd/dist/build.go#L1312 / https://github.com/golang/go/commit/da0c375c571037ec5ea6f8ef2be8f07593b40eb6)
+		apt-get install -y --no-install-recommends gcc libc6-dev; \
 		\
 		export GOCACHE='/tmp/gocache'; \
 		\
@@ -124,11 +120,39 @@ RUN set -eux; \
 			/usr/local/go/src/cmd/dist/dist \
 			"$GOCACHE" \
 		; \
+		\
+# clamp timestamps for reproducibility (allows "COPY --link" to be more clever/useful)
+		date="$(date -d "@$SOURCE_DATE_EPOCH" '+%Y%m%d%H%M.%S')"; \
+		touch -t "$date" /usr/local/.go-date-stamp; \
+		find /usr/local/go -depth -newer /usr/local/.go-date-stamp -exec touch -ht "$date" '{}' +; \
+		rm /usr/local/.go-date-stamp; \
+		touch -t "$date" /usr/local; \
 	fi; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM buildpack-deps:bullseye-scm
+
+# install cgo-related dependencies
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GOLANG_VERSION 1.20.13
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.22-rc-alpine/Dockerfile b/golang_1.22-rc-alpine/Dockerfile
index f9049f8..afef0c0 100644
--- a/golang_1.22-rc-alpine/Dockerfile
+++ b/golang_1.22-rc-alpine/Dockerfile
@@ -4,16 +4,19 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM alpine:3.19
-
-RUN apk add --no-cache ca-certificates
+FROM alpine:3.19 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
 ENV GOLANG_VERSION 1.22rc1
 
 RUN set -eux; \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
+	apk add --no-cache --virtual .fetch-deps \
+		ca-certificates \
+		gnupg \
+# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
+		tar \
+	; \
 	arch="$(apk --print-arch)"; \
 	url=; \
 	case "$arch" in \
@@ -69,15 +72,32 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	apk del --no-network .fetch-deps; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM alpine:3.19
+
+RUN apk add --no-cache ca-certificates
+
+ENV GOLANG_VERSION 1.22rc1
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.22-rc-alpine3.18/Dockerfile b/golang_1.22-rc-alpine3.18/Dockerfile
index 81c5407..d3e7d6a 100644
--- a/golang_1.22-rc-alpine3.18/Dockerfile
+++ b/golang_1.22-rc-alpine3.18/Dockerfile
@@ -4,16 +4,19 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM alpine:3.18
-
-RUN apk add --no-cache ca-certificates
+FROM alpine:3.18 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
 ENV GOLANG_VERSION 1.22rc1
 
 RUN set -eux; \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
+	apk add --no-cache --virtual .fetch-deps \
+		ca-certificates \
+		gnupg \
+# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
+		tar \
+	; \
 	arch="$(apk --print-arch)"; \
 	url=; \
 	case "$arch" in \
@@ -69,15 +72,32 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	apk del --no-network .fetch-deps; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM alpine:3.18
+
+RUN apk add --no-cache ca-certificates
+
+ENV GOLANG_VERSION 1.22rc1
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.22-rc-bookworm/Dockerfile b/golang_1.22-rc-bookworm/Dockerfile
index e10376a..d9123b6 100644
--- a/golang_1.22-rc-bookworm/Dockerfile
+++ b/golang_1.22-rc-bookworm/Dockerfile
@@ -4,19 +4,7 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM buildpack-deps:bookworm-scm
-
-# install cgo-related dependencies
-RUN set -eux; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends \
-		g++ \
-		gcc \
-		libc6-dev \
-		make \
-		pkg-config \
-	; \
-	rm -rf /var/lib/apt/lists/*
+FROM buildpack-deps:bookworm-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
@@ -78,13 +66,40 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
-	go version
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM buildpack-deps:bookworm-scm
+
+# install cgo-related dependencies
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GOLANG_VERSION 1.22rc1
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_1.22-rc-bullseye/Dockerfile b/golang_1.22-rc-bullseye/Dockerfile
index f25a8ac..cd0bccc 100644
--- a/golang_1.22-rc-bullseye/Dockerfile
+++ b/golang_1.22-rc-bullseye/Dockerfile
@@ -4,19 +4,7 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM buildpack-deps:bullseye-scm
-
-# install cgo-related dependencies
-RUN set -eux; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends \
-		g++ \
-		gcc \
-		libc6-dev \
-		make \
-		pkg-config \
-	; \
-	rm -rf /var/lib/apt/lists/*
+FROM buildpack-deps:bullseye-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
@@ -78,13 +66,40 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
-	go version
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM buildpack-deps:bullseye-scm
+
+# install cgo-related dependencies
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GOLANG_VERSION 1.22rc1
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_alpine/Dockerfile b/golang_alpine/Dockerfile
index 37edf8c..d5add57 100644
--- a/golang_alpine/Dockerfile
+++ b/golang_alpine/Dockerfile
@@ -4,16 +4,19 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM alpine:3.19
-
-RUN apk add --no-cache ca-certificates
+FROM alpine:3.19 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
 ENV GOLANG_VERSION 1.21.6
 
 RUN set -eux; \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
+	apk add --no-cache --virtual .fetch-deps \
+		ca-certificates \
+		gnupg \
+# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
+		tar \
+	; \
 	arch="$(apk --print-arch)"; \
 	url=; \
 	case "$arch" in \
@@ -69,15 +72,32 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	apk del --no-network .fetch-deps; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM alpine:3.19
+
+RUN apk add --no-cache ca-certificates
+
+ENV GOLANG_VERSION 1.21.6
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_alpine3.18/Dockerfile b/golang_alpine3.18/Dockerfile
index ee194d0..d82fec1 100644
--- a/golang_alpine3.18/Dockerfile
+++ b/golang_alpine3.18/Dockerfile
@@ -4,16 +4,19 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM alpine:3.18
-
-RUN apk add --no-cache ca-certificates
+FROM alpine:3.18 AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
 ENV GOLANG_VERSION 1.21.6
 
 RUN set -eux; \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
+	apk add --no-cache --virtual .fetch-deps \
+		ca-certificates \
+		gnupg \
+# busybox's "tar" doesn't handle directory mtime correctly, so our SOURCE_DATE_EPOCH lookup doesn't work (the mtime of "/usr/local/go" always ends up being the extraction timestamp)
+		tar \
+	; \
 	arch="$(apk --print-arch)"; \
 	url=; \
 	case "$arch" in \
@@ -69,15 +72,32 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
 	apk del --no-network .fetch-deps; \
 	\
-	go version
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM alpine:3.18
+
+RUN apk add --no-cache ca-certificates
+
+ENV GOLANG_VERSION 1.21.6
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_bookworm/Dockerfile b/golang_bookworm/Dockerfile
index 7caa364..835bcc5 100644
--- a/golang_bookworm/Dockerfile
+++ b/golang_bookworm/Dockerfile
@@ -4,19 +4,7 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM buildpack-deps:bookworm-scm
-
-# install cgo-related dependencies
-RUN set -eux; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends \
-		g++ \
-		gcc \
-		libc6-dev \
-		make \
-		pkg-config \
-	; \
-	rm -rf /var/lib/apt/lists/*
+FROM buildpack-deps:bookworm-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
@@ -78,13 +66,40 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
-	go version
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM buildpack-deps:bookworm-scm
+
+# install cgo-related dependencies
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GOLANG_VERSION 1.21.6
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH
diff --git a/golang_bullseye/Dockerfile b/golang_bullseye/Dockerfile
index 00b5ceb..b876b86 100644
--- a/golang_bullseye/Dockerfile
+++ b/golang_bullseye/Dockerfile
@@ -4,19 +4,7 @@
 # PLEASE DO NOT EDIT IT DIRECTLY.
 #
 
-FROM buildpack-deps:bullseye-scm
-
-# install cgo-related dependencies
-RUN set -eux; \
-	apt-get update; \
-	apt-get install -y --no-install-recommends \
-		g++ \
-		gcc \
-		libc6-dev \
-		make \
-		pkg-config \
-	; \
-	rm -rf /var/lib/apt/lists/*
+FROM buildpack-deps:bullseye-scm AS build
 
 ENV PATH /usr/local/go/bin:$PATH
 
@@ -78,13 +66,40 @@ RUN set -eux; \
 	tar -C /usr/local -xzf go.tgz; \
 	rm go.tgz; \
 	\
-	go version
+# save the timestamp from the tarball so we can restore it for reproducibility, if necessary (see below)
+	SOURCE_DATE_EPOCH="$(stat -c '%Y' /usr/local/go)"; \
+	export SOURCE_DATE_EPOCH; \
+# for logging validation/edification
+	date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
+	\
+# smoke test
+	go version; \
+# make sure our reproducibile timestamp is probably still correct (best-effort inline reproducibility test)
+	epoch="$(stat -c '%Y' /usr/local/go)"; \
+	[ "$SOURCE_DATE_EPOCH" = "$epoch" ]
+
+FROM buildpack-deps:bullseye-scm
+
+# install cgo-related dependencies
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		g++ \
+		gcc \
+		libc6-dev \
+		make \
+		pkg-config \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+ENV GOLANG_VERSION 1.21.6
 
 # don't auto-upgrade the gotoolchain
 # https://github.com/docker-library/golang/issues/472
 ENV GOTOOLCHAIN=local
 
 ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
+ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
+COPY --from=build --link /usr/local/go/ /usr/local/go/
 RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 1777 "$GOPATH"
 WORKDIR $GOPATH

Relevant Maintainers:

@tianon tianon merged commit ad5ce94 into docker-library:master Jan 23, 2024
23 checks passed
@tianon tianon deleted the golang branch January 23, 2024 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yosifkit yosifkit yosifkit approved these changes

Assignees
No one assigned
Labels
library/golang
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tianon @yosifkit @docker-library-bot