fix(golang): override snapshot to pick up 1.25.8 cert fix#16274
fix(golang): override snapshot to pick up 1.25.8 cert fix#16274WithEnoughCoffee wants to merge 1 commit intotomls/base/mainfrom
Conversation
WithEnoughCoffee
requested review from
christopherco,
ddstreetmicrosoft and
reubeno
as code owners
There was a problem hiding this comment.
Pull request overview
This PR addresses golang %check failures caused by an expired net/smtp test certificate by pinning the Fedora 43 snapshot to one that includes the Go 1.25.8 fix, and by adding a direct upstream source download entry for the new tarball while internal lookaside is not yet synced.
Changes:
- Add a dedicated
golang.comp.tomlto override the Fedora 43 snapshot to 2026-03-10 and pick upgolang-1.25.8-1.fc43. - Add a
source-filesentry to downloadgo1.25.8.src.tar.gzdirectly fromgo.dev. - Remove the inline
golangentry fromcomponents-full.toml(now defined via the dedicated component file).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| base/comps/golang/golang.comp.toml | Pins Fedora snapshot for golang and adds direct upstream tarball download metadata. |
| base/comps/components-full.toml | Removes the inline golang component entry in favor of the dedicated comp file. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
base/comps/golang/golang.comp.toml
Outdated
| # TODO: Drop this explicit Fedora 43 snapshot override once the default Fedora 43 snapshot | ||
| # in distro/azurelinux.distro.toml advances to a build that includes golang-1.25.8-1.fc43 | ||
| # (net/smtp TLS test certificate fix). | ||
| spec = { type = "upstream", upstream-distro = { name = "fedora", version = "43", snapshot = "2026-03-10T00:00:00-08:00" } } |
There was a problem hiding this comment.
question (non-blocking): Out of curiosity, how did you choose 03/10? Nothing wrong with it, but I think that change went in on 03/06 -- https://src.fedoraproject.org/rpms/golang/c/e0faaabdb215feb6be2b3232f480a03ce76ca132?branch=f43.
There was a problem hiding this comment.
I picked 03/10 to match the existing rust snapshot override (rust.comp.toml also uses 2026-03-10),
which gives a few days of buffer after the Fedora f43 commit on 03/06 to ensure the built RPM was available in the repo.
There was a problem hiding this comment.
@WithEnoughCoffee -- Can we please use a specific commit instead? We need to use the timestamp for the global default, but we should prefer a specific commit hash for individual components.
tobiasb-ms
dismissed
their stale review
Other feedback makes it clear that I approved too soon.
WithEnoughCoffee
force-pushed
the
fix/golang-expired-cert
branch
from
0c27f58 to
69b426f
Compare
There was a problem hiding this comment.
Other than the one comment I left, rest generally LGTM. Once fixed, I can re-review.
Also I see there are currently 2 commits in this PR, but since this is one functional change unit, this should really be just one commit in the end after all the feedback is applied in. Please do a rebase squash so your 2 commits are combined into just 1 commit. We're moving to a "rebase-merge" policy instead of a "squash-merge" policy so we will be looking for clean commit messages and commit history in branch (and I am authoring the Contributing.md to clarify this for new inbound contributions)
.github/copilot-instructions.md
Outdated
|
|
||
| ## Commit Messages | ||
|
|
||
| Do NOT add `Co-authored-by: Copilot` trailers to any commit messages. |
There was a problem hiding this comment.
issue: This diff to the copilot-instructions is not relevant to this PR. Please remove and make copilot-instruction updates in a separate dedicated PR.
This is separate to whether we should or should not attribute changes to Copilot, which personally I think we should give attribution to Copilot when we use Copilot to generate parts of the changes
WithEnoughCoffee
force-pushed
the
fix/golang-expired-cert
branch
from
69b426f to
1a6ae7c
Compare
Go 1.25.8 fixes an expired net/smtp TLS test certificate that causes %check failures after 2026-03-18 (golang/go#77504, golang/go#77531). - Add dedicated golang.comp.toml with upstream-commit pinned to Fedora commit e0faaabdb2 (golang-1.25.8-1.fc43) - Remove golang entry from components-full.toml (now in dedicated file)
WithEnoughCoffee
force-pushed
the
fix/golang-expired-cert
branch
from
1a6ae7c to
1cffcfb
Compare
|
All commits have been squashed and comments have been addressed. |
Summary
The
net/smtptest certificate (localhostCert) expired on 2026-03-18, causing%checkfailures in golang-1.25.7 builds. The fix landed in Go 1.25.8 (upstream, backport) and Fedora f43 updated on ~2026-03-06.The default snapshot (2026-02-24) predates this fix.
Changes
golang/golang.comp.tomlwith a Mar 10 snapshot to pick upgolang-1.25.8-1.fc43.go1.25.8.src.tar.gztarball yet, so asource-filesentry with an upstream download origin (go.dev) is added to bypass the cache. This follows the same pattern askernel.comp.toml.Merge Checklist
Does this affect the toolchain?
YES — golang is a toolchain component. Dependent packages with static linkage will need Release bumps.
Test Methodology
azl4-bootstrap-rpms-targetwith commitf021d533cbuild link https://controltower-dev-jwisitgpr74k6-gjb0fchvgkbnamgp.b01.azurefd.net/workflow/package/7d6b1530-41b0-4479-41bc-08de8a9d163b
Addressed comments from copilot review , build passed : https://controltower-dev-jwisitgpr74k6-gjb0fchvgkbnamgp.b01.azurefd.net/workflow/package/02ec0073-68a5-4ee5-41bd-08de8a9d163b
build to test after latest comments addressed. https://controltower-dev-jwisitgpr74k6-gjb0fchvgkbnamgp.b01.azurefd.net/workflow/61a6e605-6760-4651-cda6-08de8c31d520