[RFE] Update the default Go to 1.21 with exceptions of Docker/containerd

[dongsupark]

Current situation

By default Flatcar uses Go 1.20 for all packages.

However, Go 1.20 is already EOL, so it gets no security update at all. So Flatcar should have Go 1.21. At the same time, the default Go version should be updated to 1.21, and then Go 1.19 can be dropped from the Flatcar SDK.

On the other hand, as upstream projects Docker 24.0.x and containerd 1.7.x are still with Go 1.20, those exceptions should still stay with 1.20.

The thing is, ebuilds of the projects, being synced with Gentoo, do not rely on coreos-go-*.eclass any more. As a result, there is no simple way to specifically pin Go version for each case.

Status of the current blockers:

• [x] containerd (upstream uses Go 1.21 since v1.7.14)
• [ ] docker (Docker 25 or newer uses Go 1.21, while Docker 24 stays with Go 1.20, Flatcar still has Docker 24.)
  • See also https://github.com/flatcar/Flatcar/issues/1360
• [x] runc (Release with Go 1.22 available, update to 1.1.13)

blocks https://github.com/flatcar/Flatcar/issues/1387

[dongsupark]

blocks https://github.com/flatcar/Flatcar/issues/1387

[dongsupark]

Updated description for the current blockers. Docker and runc are still open blockers.

[pothos]

Thanks, the runc PR looks close to land, and since Docker 25 doesn't block on the runc release we can already start updating Docker to have everything in place once the runc release is ready.

[pothos]

I think we can also build runc with 1.21 and let kola check if we have any issues (The readme says runc only supports Linux. It must be built with Go version 1.19 or higher. - but there is an open issue about breakage with 1.22, I hope that 1.21 would work, though).

[tormath1]

For what is worth, it's going to block the Incus addition too. I'm currently testing Incus with a custom patch to use Go 1.21.

[tormath1]

It seems that runc is now using go 1.21: https://github.com/opencontainers/runc/commit/6b2eb52fb08de4c33473ea54bb50d892b2003f5d