GOEXPERIMENT support

[andrewryno]

Is your feature request related to a problem? Please describe. We need to enable the boringcrypto experiment in Go in order to get support for FIPS. Without Bazel this would be a matter of setting GOEXPERIMENT in your environment when running go build. With rules_go directly, there is support for GOEXPERIMENT, which rules_nixpkgs uses by setting nocoverageredesign for some versions, but there seems to be no way to add additional experiments.

Describe the solution you'd like We'd like a way to pass additional experiments through to rules_go from rules_nixpkgs.

Describe alternatives you've considered Right now I've decided to patch rules_nixpkgs_go and set boringcrypto explicitly:

diff --git a/go.bzl b/go.bzl
index a40c2ac..8c6b520 100644
--- a/go.bzl
+++ b/go.bzl
@@ -84,6 +84,7 @@ def go_sdk_for_arch(go_version):
     experiments = []
     if go_version.split('.')[0] == '1' and int(go_version.split('.')[1]) >= 20:
         experiments = ["nocoverageredesign"]
+    experiments.append("boringcrypto")

     go_sdk(
         name = "go_sdk",

I tried other solutions using go_wrap_sdk / go_register_toolchains but unfortunately I wasn't able to get anything working using that approach.

One solution could just be to pass experiments = ["boringcrypto"] into nixpkgs_go_configure which then can be passed through to go_sdk_for_arch instead of defaulting to [].

Additional context None.

[malt3]

Thank you for reaching out!

Your feature request makes a lot of sense. I’m curious, though, if there’s a specific reason you’re looking for a Go toolchain from nixpkgs. Starting with Go 1.21, rules_go provides a fully functional, statically linked Go toolchain right out of the box. You may also find this discussion on the potential deprecation of Go support in rules_nixpkgs helpful.

If continued support for Go in rules_nixpkgs is valuable to your work, I’d love to learn more about your use case!