SUSE-RU-2021:0604-1: moderate: Recommended update for go1.16
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Feb 25 17:20:46 UTC 2021
SUSE Recommended Update: Recommended update for go1.16
______________________________________________________________________________
Announcement ID: SUSE-RU-2021:0604-1
Rating: moderate
References: #1182345
Affected Products:
SUSE Linux Enterprise Module for Development Tools 15-SP2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update brings go1.16 to the Development Tools Module.
go1.16 (released 2021-02-16)
Go 1.16 is a major release of Go.
go1.16.x minor releases will be provided through February 2022.
See https://github.com/golang/go/wiki/Go-Release-Cycle
Most changes are in the implementation of the toolchain, runtime, and
libraries. As always, the release maintains the Go 1 promise
of compatibility. We expect almost all Go programs to continue to compile
and run as before.
* See release notes https://golang.org/doc/go1.16. Excerpts relevant to
OBS environment and for SUSE/openSUSE follow:
* Module-aware mode is enabled by default, regardless of whether a go.mod
file is present in the current working directory or a parent directory.
More precisely, the GO111MODULE environment variable now defaults to on.
To switch to the previous behavior, set GO111MODULE to auto.
* Build commands like go build and go test no longer modify go.mod and
go.sum by default. Instead, they report an error if a module requirement
or checksum needs to be added or updated (as if the -mod=readonly flag
were used). Module requirements and sums may be adjusted with go mod
tidy or go get.
* go install now accepts arguments with version suffixes (for example, go
install example.com/cmd at v1.0.0). This causes go install to build and
install packages in module-aware mode, ignoring the go.mod file in the
current directory or any parent directory, if there is one. This is
useful for installing executables without affecting the dependencies of
the main module.
* go install, with or without a version suffix (as described above), is
now the recommended way to build and install packages in module mode. go
get should be used with the -d flag to adjust the current module's
dependencies without building packages, and use of go get to build and
install packages is deprecated. In a future release, the -d flag will
always be enabled.
* retract directives may now be used in a go.mod file to indicate that
certain published versions of the module should not be used by other
modules. A module author may retract a version after a severe problem is
discovered or if the version was published unintentionally.
* The go mod vendor and go mod tidy subcommands now accept the -e flag,
which instructs them to proceed despite errors in resolving missing
packages.
* The go command now ignores requirements on module versions excluded by
exclude directives in the main module. Previously, the go command used
the next version higher than an excluded version, but that version could
change over time, resulting in non-reproducible builds.
* In module mode, the go command now disallows import paths that include
non-ASCII characters or path elements with a leading dot character (.).
Module paths with these characters were already disallowed (see Module
paths and versions), so this change affects only paths within module
subdirectories.
* The go command now supports including static files and file trees as
part of the final executable, using the new //go:embed directive. See
the documentation for the new embed package for details.
* When using go test, a test that calls os.Exit(0) during execution of a
test function will now be considered to fail. This will help catch cases
in which a test calls code that calls os.Exit(0) and thereby stops
running all future tests. If a TestMain function calls os.Exit(0) that
is still considered to be a passing test.
* go test reports an error when the -c or -i flags are used together with
unknown flags. Normally, unknown flags are passed to tests, but when -c
or -i are used, tests are not run.
* The go get -insecure flag is deprecated and will be removed in a future
version. This flag permits fetching from repositories and resolving
custom domains using insecure schemes such as HTTP, and also bypasses
module sum validation using the checksum database. To permit the use of
insecure schemes, use the GOINSECURE environment variable instead. To
bypass module sum validation, use GOPRIVATE or GONOSUMDB. See go help
environment for details.
* go get example.com/mod at patch now requires that some version of
example.com/mod already be required by the main module. (However, go get
-u=patch continues to patch even newly-added dependencies.)
* GOVCS is a new environment variable that limits which version control
tools the go command may use to download source code. This mitigates
security issues with tools that are typically used in trusted,
authenticated environments. By default, git and hg may be used to
download code from any repository. svn, bzr, and fossil may only be used
to download code from repositories with module paths or package paths
matching patterns in the GOPRIVATE environment variable. See go help vcs
for details.
* When the main module's go.mod file declares go 1.16 or higher, the all
package pattern now matches only those packages that are transitively
imported by a package or test found in the main module. (Packages
imported by tests of packages imported by the main module are no longer
included.) This is the same set of packages retained by go mod vendor
since Go 1.11.
* When the -toolexec build flag is specified to use a program when
invoking toolchain programs like compile or asm, the environment
variable TOOLEXEC_IMPORTPATH is now set to the import path of the
package being built.
* The -i flag accepted by go build, go install, and go test is now
deprecated. The -i flag instructs the go command to install packages
imported by packages named on the command line. Since the build cache
was introduced in Go 1.10, the -i flag no longer has a significant
effect on build times, and it causes errors when the install directory
is not writable.
* When the -export flag is specified, the BuildID field is now set to the
build ID of the compiled package. This is equivalent to running go tool
buildid on go list -exported -f {{.Export}}, but without the extra step.
* The -overlay flag specifies a JSON configuration file containing a set
of file path replacements. The -overlay flag may be used with all build
commands and go mod subcommands. It is primarily intended to be used by
editor tooling such as gopls to understand the effects of unsaved
changes to source files. The config file maps actual file paths to
replacement file paths and the go command and its builds will run as if
the actual file paths exist with the contents given by the replacement
file paths, or don't exist if the replacement file paths are empty.
* The cgo tool will no longer try to translate C struct bitfields into Go
struct fields, even if their size can be represented in Go. The order in
which C bitfields appear in memory is implementation dependent, so in
some cases the cgo tool produced results that were silently incorrect.
* The linux/riscv64 port now supports cgo and -buildmode=pie. This release
also includes performance optimizations and code generation improvements
for RISC-V.
* The new runtime/metrics package introduces a stable interface for
reading implementation-defined metrics from the Go runtime. It
supersedes existing functions like runtime.ReadMemStats and
debug.GCStats and is significantly more general and efficient. See the
package documentation for more details.
* Setting the GODEBUG environment variable to inittrace=1 now causes the
runtime to emit a single line to standard error for each package init,
summarizing its execution time and memory allocation. This trace can be
used to find bottlenecks or regressions in Go startup performance. The
GODEBUG documentation describes the format.
* On Linux, the runtime now defaults to releasing memory to the
operating system promptly (using MADV_DONTNEED), rather than lazily when
the operating system is under memory pressure (using MADV_FREE). This
means process-level memory statistics like RSS will more accurately
reflect the amount of physical memory being used by Go processes.
Systems that are currently using GODEBUG=madvdontneed=1 to improve
memory monitoring behavior no longer need to set this environment
variable.
* Go 1.16 fixes a discrepancy between the race detector and the Go memory
model. The race detector now more precisely follows the channel
synchronization rules of the memory model. As a result, the detector may
now report races it previously missed.
* linker: This release includes additional improvements to the Go linker,
reducing linker resource usage (both time and memory) and improving code
robustness/maintainability. These changes form the second half of a
two-release project to modernize the Go linker.
* The linker changes in 1.16 extend the 1.15 improvements to all supported
architecture/OS combinations (the 1.15 performance improvements were
primarily focused on ELF-based OSes and amd64 architectures). For a
representative set of large Go programs, linking is 20-25% faster than
1.15 and requires 5-15% less memory on average for linux/amd64, with
larger improvements for
other architectures and OSes. Most binaries are also smaller as a result
of more aggressive symbol pruning.
* The new embed package provides access to files embedded in the program
during compilation using the new //go:embed directive.
* The new io/fs package defines the fs.FS interface, an abstraction for
read-only trees of files. The standard library packages have been
adapted to make use of the interface as appropriate.
* For testing code that implements fs.FS, the new testing/fstest package
provides a TestFS function that checks for and reports common mistakes.
It also provides a simple in-memory file system implementation, MapFS,
which can be useful for testing code that accepts fs.FS implementations.
* syscall: On Linux, Setgid, Setuid, and related calls are now
implemented. Previously, they returned an syscall.EOPNOTSUPP error. On
Linux, the new functions AllThreadsSyscall and AllThreadsSyscall6 may be
used to make a system call on all Go threads in the process. These
functions may only be used by programs that do not use cgo; if a program
uses cgo, they will always return syscall.ENOTSUP.
* time/tzdata: The slim timezone data format is now used for the timezone
database in $GOROOT/lib/time/zoneinfo.zip and the embedded copy in this
package. This reduces the size of the timezone database by about 350 KB.
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-604=1
Package List:
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64):
go1.16-1.16-1.3.1
go1.16-doc-1.16-1.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
go1.16-race-1.16-1.3.1
References:
https://bugzilla.suse.com/1182345
More information about the sle-updates
mailing list