garble/testdata/scripts/ldflags.txt

env GOGARBLE=*

# Note the proper domain, since the dot adds an edge case.
env LDFLAGS='-X=main.unexportedVersion=v1.22.33 -X=main.replacedWithEmpty= -X=domain.test/main/imported.ExportedUnset=garble_replaced -X=domain.test/missing/path.missingVar=value'

garble build -ldflags=${LDFLAGS}
exec ./main
cmp stdout main.stdout
! binsubstr main$exe 'unexportedVersion' 'ExportedUnset'

[short] stop # no need to verify this with -short

garble -tiny -literals -seed=0002deadbeef build -ldflags=${LDFLAGS}
exec ./main
cmp stdout main.stdout
! binsubstr main$exe 'unexportedVersion' 'ExportedUnset'
binsubstr main$exe 'v1.22.33' 'garble_replaced' # TODO: obfuscate injected strings too
binsubstr main$exe 'kept_before' 'kept_after' # TODO: obfuscate strings near ldflags vars

go build -ldflags=${LDFLAGS}
exec ./main
cmp stdout main.stdout
binsubstr main$exe 'unexportedVersion' 'ExportedUnset' 'v1.22.33' 'garble_replaced'

-- go.mod --
module domain.test/main

go 1.17
-- main.go --
package main

import (
	"fmt"

	"domain.test/main/imported"
)

var unexportedVersion = "unknown"

var notReplacedBefore, replacedWithEmpty, notReplacedAfter = "kept_before", "original", "kept_after"

func main() {
	fmt.Printf("version: %q\n", unexportedVersion)
	fmt.Printf("becomes empty: %q\n", replacedWithEmpty)
	fmt.Printf("should be kept: %q, %q\n", notReplacedBefore, notReplacedAfter)
	fmt.Printf("no longer unset: %q\n", imported.ExportedUnset)
}
-- imported/imported.go --
package imported

var (
	ExportedUnset, AnotherUnset string

	otherVar int
)
-- main.stdout --
version: "v1.22.33"
becomes empty: ""
should be kept: "kept_before", "kept_after"
no longer unset: "garble_replaced"
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`env GOGARBLE=*`
testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'. 5 years ago
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`# Note the proper domain, since the dot adds an edge case.`
			`env LDFLAGS='-X=main.unexportedVersion=v1.22.33 -X=main.replacedWithEmpty= -X=domain.test/main/imported.ExportedUnset=garble_replaced -X=domain.test/missing/path.missingVar=value'`
ignore -ldflags=-X flags mentioning unknown packages That would panic, since the *listedPackage would be nil for a package path we aren't aware of: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x126b57d] goroutine 1 [running]: main.transformLink.func1(0x7ffeefbff28b, 0x5d) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1260 +0x17d main.flagValueIter(0xc0000a8e20, 0x2f, 0x2f, 0x12e278e, 0x2, 0xc000129e28) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1410 +0x1e9 main.transformLink(0xc0000a8e20, 0x30, 0x36, 0x4, 0xc000114648, 0x23, 0x12dfd60, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1241 +0x1b9 main.mainErr(0xc0000a8e10, 0x31, 0x37, 0x37, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:287 +0x389 main.main1(0xc000096058) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:150 +0xe7 main.main() mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:83 +0x25 The linker ignores such unknown references, so we should too. Fixes #259. 5 years ago
			`garble build -ldflags=${LDFLAGS}`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`exec ./main`
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`cmp stdout main.stdout`
			`! binsubstr main$exe 'unexportedVersion' 'ExportedUnset'`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago
			`[short] stop # no need to verify this with -short`

avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`garble -tiny -literals -seed=0002deadbeef build -ldflags=${LDFLAGS}`
Rewrite renaming logic for private names and reduce length of public names (#135) 1. Now private names are obfuscated based on the counter in scope of the package. 2. The length of public names is reduced to 4 bytes. 5 years ago			`exec ./main`
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`cmp stdout main.stdout`
			`! binsubstr main$exe 'unexportedVersion' 'ExportedUnset'`
			`binsubstr main$exe 'v1.22.33' 'garble_replaced' # TODO: obfuscate injected strings too`
			`binsubstr main$exe 'kept_before' 'kept_after' # TODO: obfuscate strings near ldflags vars`
Rewrite renaming logic for private names and reduce length of public names (#135) 1. Now private names are obfuscated based on the counter in scope of the package. 2. The length of public names is reduced to 4 bytes. 5 years ago
testdata: remove some unnecessary execs (#267) Our use of go-internal's gotooltest.Setup means that "go" is set up as a top-level command in the scripts, so we can simply "go build" instead of having to "exec go build". The result is practically the same, but the scripts are simpler. While at it, I had left an "exec cat" behind; remove it. 5 years ago			`go build -ldflags=${LDFLAGS}`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`exec ./main`
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`cmp stdout main.stdout`
			`binsubstr main$exe 'unexportedVersion' 'ExportedUnset' 'v1.22.33' 'garble_replaced'`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago
			`-- go.mod --`
add a regression test for #82 The test case we had didn't have a realistic-looking module path with a dot, so we hadn't noticed the bug with IndexByte. Fix that. We verified that the new test fails if we undo the fix. 5 years ago			`module domain.test/main`
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well. 5 years ago
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me> 4 years ago			`go 1.17`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`-- main.go --`
			`package main`

			`import (`
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`"fmt"`

add a regression test for #82 The test case we had didn't have a realistic-looking module path with a dot, so we hadn't noticed the bug with IndexByte. Fix that. We verified that the new test fails if we undo the fix. 5 years ago			`"domain.test/main/imported"`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`)`

			`var unexportedVersion = "unknown"`

avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`var notReplacedBefore, replacedWithEmpty, notReplacedAfter = "kept_before", "original", "kept_after"`

support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`func main() {`
avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`fmt.Printf("version: %q\n", unexportedVersion)`
			`fmt.Printf("becomes empty: %q\n", replacedWithEmpty)`
			`fmt.Printf("should be kept: %q, %q\n", notReplacedBefore, notReplacedAfter)`
			`fmt.Printf("no longer unset: %q\n", imported.ExportedUnset)`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`}`
			`-- imported/imported.go --`
			`package imported`

avoid obfuscating literals set via -ldflags=-X The -X linker flag sets a string variable to a given value, which is often used to inject strings such as versions. The way garble's literal obfuscation works, we replace string literals with anonymous functions which, when evaluated, result in the original string. Both of these features work fine separately, but when intersecting, they break. For example, given: var myVar = "original" [...] -ldflags=-X=main.myVar=replaced The -X flag effectively replaces the initial value, and -literals adds code to be run at init time: var myVar = "replaced" func init() { myVar = func() string { ... } } Since the init func runs later, -literals breaks -X. To avoid that problem, don't obfuscate literals whose variables are set via -ldflags=-X. We also leave TODOs about obfuscating those in the future, but we're also leaving regression tests to ensure we get it right. Fixes #323. 4 years ago			`var (`
			`ExportedUnset, AnotherUnset string`

			`otherVar int`
			`)`
			`-- main.stdout --`
			`version: "v1.22.33"`
			`becomes empty: ""`
			`should be kept: "kept_before", "kept_after"`
			`no longer unset: "garble_replaced"`