File README.md of Package golang-oldstable-openssl-image

# Go 1.24-openssl development container image

![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green)
[![SLSA](https://img.shields.io/badge/SLSA_(v0.1)-Level_4-Green)](https://documentation.suse.com/sbp/security/html/SBP-SLSA4/)
[![Provenance: Available](https://img.shields.io/badge/Provenance-Available-Green)](https://documentation.suse.com/container/all/html/Container-guide/index.html#container-verify)

## Description

[Go](https://go.dev/) (a.k.a., Golang) is a statically-typed programming
language, with syntax loosely derived from C. Go offers additional features
such as garbage collection, type safety, certain dynamic-typing capabilities,
additional built-in types (for example, variable-length arrays and key-value
maps) and a large standard library.

## FIPS 140-3

The image includes a FIPS 140-2/140-3 enabled Go wrapper that prefers using OpenSSL
for cryptographic operations, if available at runtime.
Therefore, you can use FIPS 140-2/140-3 validated routines, provided by the OpenSSL
library, for cryptographic operations in the container environment.


## Usage
We recommend using the Go image as a build environment. Thus,
the compiler does not need to be shipped as part of the images that are
deployed. Instead, we recommend using the Go image as the
builder image only.

There are two options to work with Go images. First, you can encapsulate your
application in a `scratch` container image, essentially an empty file system
image. This approach only works if your Go application does not depend on libc
or any other library or files, as they will not be available.

The second option uses a slim base container image with just the minimal
packages required to run the Go application.

To compile and deploy an application, copy the sources, fetch dependencies
(assuming go.mod is used for dependency management), and build the binary using
the following Dockerfile options.


### Building from `scratch`

```Dockerfile
# Build the application using the Go 1.24-openssl development container image
FROM registry.suse.com/bci/golang:1.24-openssl as build

WORKDIR /app

# pre-copy/cache go.mod for pre-downloading dependencies and only
# redownloading them in subsequent builds if they change
COPY go.mod go.sum ./
RUN go mod download && go mod verify

COPY . ./

# Make sure to build the application with CGO disabled.
# This will force Go to use some Go implementations of code
# rather than those supplied by the host operating system.
# You need this for scratch images as those supporting libraries
# are not available.
RUN CGO_ENABLED=0 go build -o /hello

# Bundle the application into a scratch image
FROM scratch

COPY --from=build /hello /usr/local/bin/hello

CMD ["/usr/local/bin/hello"]
```

Build and run the container image:

```ShellSession
$ podman build -t my-golang-app .
$ podman run -it --rm my-golang-app
```

There are situations when you don't want to run an application inside a container.

To compile the application, without running it inside a container instance, use the following command:

```ShellSession
$ podman run --rm -v "$PWD":/app:Z -w /app registry.suse.com/bci/golang:1.24-openssl go build -v
```

To run the application tests inside a container, use the following command:

```ShellSession
$ podman run --rm -v "$PWD":/app:Z -w /app registry.suse.com/bci/golang:1.24-openssl go test -v
```


### Building from SUSE Linux BCI

The [SUSE Linux BCI General Purpose Base Containers](https://opensource.suse.com/bci-docs/documentation/general-purpose-bci/)
images offer four different options for deployment, depending on your exact requirements.

```Dockerfile
# Build the application using the Go 1.24-openssl development Container Image
FROM registry.suse.com/bci/golang:1.24-openssl as build

WORKDIR /app

# pre-copy/cache go.mod for pre-downloading dependencies and only
# redownloading them in subsequent builds if they change
COPY go.mod go.sum ./
RUN go mod download && go mod verify

COPY . ./

RUN go build -o /hello

# Bundle the application into a scratch image
FROM registry.suse.com/bci/bci-micro:latest

COPY --from=build /hello /usr/local/bin/hello

CMD ["/usr/local/bin/hello"]
```

The above example uses the SUSE Linux BCI micro image as the deployment image for
the resulting application. See the [SUSE Linux BCI use with Go
documentation](https://opensource.suse.com/bci-docs/guides/use-with-golang/)
for further details.

## FIPS 140-3

To restrict all TLS configuration to FIPS-approved settings, add
the following line:

```go
import _ "crypto/tls/fipsonly"
```


## Additional tools

In addition to the standard SUSE Linux BCI development packages, the following tools
are included in the image:

- go1.24-openssl-race
- make

## Licensing

`SPDX-License-Identifier: MIT`

This documentation and the build recipe are licensed as MIT.
The container itself contains various software components under various open source licenses listed in the associated
Software Bill of Materials (SBOM).


This image is based on [SUSE Linux BCI](https://opensource.suse.com/bci/), a stable and redistributable foundation for software innovation. SUSE Linux BCI is enterprise-ready, and it comes with an option for support.

See the [SUSE Linux BCI EULA](https://www.suse.com/licensing/eula/#bci) for further information.