justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
ci-test
literalRecheck
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '481e3a1f09'
${ noResults }
garble/testdata/script/seed.txtar

223 lines
5.9 KiB
Plaintext
Raw Normal View History Unescape Escape

make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
# Note that in this test we use "! bincmp" on plaintext output files,
# as a workaround for "cmp" not supporting "! cmp".
work around a build cache regression in the previous commit The added comment in main.go explains the situation in detail. The added test is a minimization of the scenario, which failed: > cd mod1 > garble -seed=${SEED1} build -v gopkg.in/garbletest.v2 > cd ../mod2 > garble -seed=${SEED1} build -v [stderr] test/main/mod2 # test/main/mod2 cannot load garble export file for gopkg.in/garbletest.v2: open […]/go-build/ed/[…]-garble-ZV[…]-d: no such file or directory To work around the problem, we'll always add each package's GarbleActionID to its build artifact, even when not using -seed. This will get us the previous behavior with regards to the build cache, meaning that we fix the recent regression. The added variable doesn't make it to the final binary either. While here, improve the cached file loading error's context, and add an extra sanity check for duplicates on ListedPackages.
3 years ago
# TODO: now that obfuscation with -seed is deterministic,
# can we just rely on the regular "cmp" with fixed output files?
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
work around a build cache regression in the previous commit The added comment in main.go explains the situation in detail. The added test is a minimization of the scenario, which failed: > cd mod1 > garble -seed=${SEED1} build -v gopkg.in/garbletest.v2 > cd ../mod2 > garble -seed=${SEED1} build -v [stderr] test/main/mod2 # test/main/mod2 cannot load garble export file for gopkg.in/garbletest.v2: open […]/go-build/ed/[…]-garble-ZV[…]-d: no such file or directory To work around the problem, we'll always add each package's GarbleActionID to its build artifact, even when not using -seed. This will get us the previous behavior with regards to the build cache, meaning that we fix the recent regression. The added variable doesn't make it to the final binary either. While here, improve the cached file loading error's context, and add an extra sanity check for duplicates on ListedPackages.
3 years ago
# TODO: consider setting these seeds globally,
# so we can reuse them across tests and make better use of the shared build cache.
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
env SEED1=OQg9kACEECQ
env SEED2=NruiDmVz6/s
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
# Check the binary with a given base64 encoded seed.
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
garble -seed=${SEED1} build
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
exec ./main$exe
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
cmp stderr main.stderr
binsubstr main$exe 'teststring' 'imported var value'
work around a build cache regression in the previous commit The added comment in main.go explains the situation in detail. The added test is a minimization of the scenario, which failed: > cd mod1 > garble -seed=${SEED1} build -v gopkg.in/garbletest.v2 > cd ../mod2 > garble -seed=${SEED1} build -v [stderr] test/main/mod2 # test/main/mod2 cannot load garble export file for gopkg.in/garbletest.v2: open […]/go-build/ed/[…]-garble-ZV[…]-d: no such file or directory To work around the problem, we'll always add each package's GarbleActionID to its build artifact, even when not using -seed. This will get us the previous behavior with regards to the build cache, meaning that we fix the recent regression. The added variable doesn't make it to the final binary either. While here, improve the cached file loading error's context, and add an extra sanity check for duplicates on ListedPackages.
3 years ago
! binsubstr main$exe 'ImportedVar' ${SEED1}
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
[short] stop # the extra checks are relatively expensive
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
exec ./main$exe test/main/imported
cp stderr importedpkg-seed-static-1
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
# Also check that the binary is reproducible.
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
5 years ago
# No packages should be rebuilt either, thanks to the build cache.
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
cp main$exe main_seed1$exe
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
rm main$exe
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
garble -seed=${SEED1}= build -v
work around a build cache regression in the previous commit The added comment in main.go explains the situation in detail. The added test is a minimization of the scenario, which failed: > cd mod1 > garble -seed=${SEED1} build -v gopkg.in/garbletest.v2 > cd ../mod2 > garble -seed=${SEED1} build -v [stderr] test/main/mod2 # test/main/mod2 cannot load garble export file for gopkg.in/garbletest.v2: open […]/go-build/ed/[…]-garble-ZV[…]-d: no such file or directory To work around the problem, we'll always add each package's GarbleActionID to its build artifact, even when not using -seed. This will get us the previous behavior with regards to the build cache, meaning that we fix the recent regression. The added variable doesn't make it to the final binary either. While here, improve the cached file loading error's context, and add an extra sanity check for duplicates on ListedPackages.
3 years ago
! stderr .
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
bincmp main$exe main_seed1$exe
exec ./main$exe test/main/imported
cmp stderr importedpkg-seed-static-1
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
# Even if we use the same seed, the same names in a different package
# should still be obfuscated in a different way.
exec ./main$exe test/main
cp stderr mainpkg-seed-static-1
! bincmp mainpkg-seed-static-1 importedpkg-seed-static-1
# Using different flags which affect the build, such as -literals or -tiny,
# should result in the same obfuscation as long as the seed is constant.
# TODO: also test that changing non-garble build parameters,
# such as GOARCH or -tags, still results in the same hashing via the seed.
garble -seed=${SEED1} -literals build
exec ./main$exe test/main/imported
cmp stderr importedpkg-seed-static-1
garble -seed=${SEED1} -tiny build
exec ./main$exe test/main/imported
cmp stderr importedpkg-seed-static-1
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
5 years ago
# Also check that a different seed leads to a different binary.
# We can't know if caching happens here, because of previous test runs.
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
cp main$exe main_seed2$exe
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
rm main$exe
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
garble -seed=${SEED2} build
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
! bincmp main$exe main_seed2$exe
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
exec ./main$exe test/main/imported
cp stderr importedpkg-seed-static-2
! bincmp importedpkg-seed-static-2 importedpkg-seed-static-1
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
5 years ago
# Use a random seed, which should always trigger a full build.
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
garble -seed=random build -v
stderr -count=1 '^runtime$'
stderr -count=1 '^test/main$'
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
exec ./main$exe
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
cmp stderr main.stderr
binsubstr main$exe 'teststring' 'imported var value'
! binsubstr main$exe 'ImportedVar'
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
exec ./main$exe test/main/imported
cp stderr importedpkg-seed-random-1
! bincmp importedpkg-seed-random-1 importedpkg-seed-static-1
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
# Also check that the random binary is not reproducible.
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
cp main$exe main_random$exe
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
rm main$exe
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
garble -seed=random build -v
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
5 years ago
stderr .
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
! bincmp main$exe main_random$exe
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
exec ./main$exe test/main/imported
cp stderr importedpkg-seed-random-2
! bincmp importedpkg-seed-random-2 importedpkg-seed-random-1
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
# Finally, ensure that our runtime and reflect test code does what we think.
go build
exec ./main$exe
cmp stderr main.stderr
exec ./main$exe test/main
cmp stderr mainpkg.stderr
exec ./main$exe test/main/imported
cmp stderr importedpkg.stderr
make -seed=random use the same random seed for all packages Otherwise, a different random seed per package will break imported names.
5 years ago
-- go.mod --
module test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
drop support for Go 1.18.x With Go 1.19 having been out for two months, and Go 1.20's first beta coming out in two months, it is now time to move forward again.
3 years ago
go 1.19
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
-- main.go --
package main
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
import (
"os"
"test/main/imported"
)
make -seed=random use the same random seed for all packages Otherwise, a different random seed per package will break imported names.
5 years ago
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
var teststringVar = "teststring"
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
func main() { mainFunc() }
func mainFunc() {
if len(os.Args) > 1 {
switch os.Args[1] {
case "test/main":
imported.PrintNames(NamedTypeValue, NamedFunc)
case "test/main/imported":
imported.PrintNames(imported.NamedType{}, imported.NamedFunc)
default:
panic("unknown package")
}
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
} else {
println(teststringVar)
println(imported.ImportedVar)
immprove how hashWithCustomSalt comes up with its random lengths The last change made it so that hashWithCustomSalt does not always end up with 8 base64 characters, which is a good change for the sake of avoiding easy patterns in obfuscated code. However, the docs weren't updated accordingly, and it wasn't particularly clear that the byte giving us randomness wasn't part of the resulting base64-encoded name. First, refactor the code to only feed as many checksum bytes to the base64 encoder as necessary, which is 12. This shrinks b64NameBuffer and saves us some base64 encoding work. Second, use the first checksum byte that we don't use, the 13th, as the source of the randomness. Note how before we used a base64-encoded byte for the randomness, which isn't great as that byte was only one of 63 characters, whereas a checksum byte is one of 256. Third, update the docs so that the code is as clear as possible. This is particularly important given that we have no tests. With debug prints in the gogarble.txt test, we can see that the randomness in hash lengths is working as intended: # test/main/stdimporter hashLength = 13 hashLength = 8 hashLength = 12 hashLength = 15 hashLength = 10 hashLength = 15 hashLength = 9 hashLength = 8 hashLength = 15 hashLength = 15 hashLength = 12 hashLength = 10 hashLength = 13 hashLength = 13 hashLength = 8 hashLength = 15 hashLength = 11 Finally, add a regression test that will complain if we end up with hashed names that reuse the same length too often. Out of eight hashed names, the test will fail if six end up with the same length, as that is incredibly unlikely given that each should pick one of eight lengths with a fair distribution.
2 years ago
// When we're obfuscating, check that the obfuscated name lengths vary.
// With eight hashed names, and a range between 8 and 15,
// the chances of six repeats are (1 / 8) ** 6, or about 0.00038%.
// If that happens, then our randomness is clearly broken.
if hashedNames[0] != "main.hashed0" {
var count [16]int
for _, name := range hashedNames {
name = name[len("main."):]
if len(name) < 8 {
panic("ended up with a hashed name that's too short: "+name)
}
if len(name) > 15 {
panic("ended up with a hashed name that's too long: "+name)
}
count[len(name)]++
if count[len(name)] >= 6 {
for _, name := range hashedNames {
println(name)
}
panic("six or more hashed names with the same length")
}
}
}
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
}
}
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
// A workaround to fool garble's reflect detection,
// because we want it to show us the obfuscated NamedType.
all: drop support for Go 1.17 Now that we've released v0.6.0, that will be the last feature release to feature support for Go 1.17. The upcoming v0.7.0 will be Go 1.18+. Code-wise, the cleanup here isn't super noticeable, but it will be easier to work on features like VCS-aware version information and generics support without worrying about Go 1.17. Plus, now CI is back to being much faster. Note how "go 1.18" in go.mod makes "go mod tidy" more aggressive.
3 years ago
var NamedTypeValue any = NamedType{}
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
type NamedType struct {
NamedField int
}
func NamedFunc() string {
return imported.CallerFuncName()
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
}
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
immprove how hashWithCustomSalt comes up with its random lengths The last change made it so that hashWithCustomSalt does not always end up with 8 base64 characters, which is a good change for the sake of avoiding easy patterns in obfuscated code. However, the docs weren't updated accordingly, and it wasn't particularly clear that the byte giving us randomness wasn't part of the resulting base64-encoded name. First, refactor the code to only feed as many checksum bytes to the base64 encoder as necessary, which is 12. This shrinks b64NameBuffer and saves us some base64 encoding work. Second, use the first checksum byte that we don't use, the 13th, as the source of the randomness. Note how before we used a base64-encoded byte for the randomness, which isn't great as that byte was only one of 63 characters, whereas a checksum byte is one of 256. Third, update the docs so that the code is as clear as possible. This is particularly important given that we have no tests. With debug prints in the gogarble.txt test, we can see that the randomness in hash lengths is working as intended: # test/main/stdimporter hashLength = 13 hashLength = 8 hashLength = 12 hashLength = 15 hashLength = 10 hashLength = 15 hashLength = 9 hashLength = 8 hashLength = 15 hashLength = 15 hashLength = 12 hashLength = 10 hashLength = 13 hashLength = 13 hashLength = 8 hashLength = 15 hashLength = 11 Finally, add a regression test that will complain if we end up with hashed names that reuse the same length too often. Out of eight hashed names, the test will fail if six end up with the same length, as that is incredibly unlikely given that each should pick one of eight lengths with a fair distribution.
2 years ago
var hashedNames = []string{
hashed0(), hashed1(), hashed2(), hashed3(),
hashed4(), hashed5(), hashed6(), hashed7(),
}
func hashed0() string { return imported.CallerFuncName() }
func hashed1() string { return imported.CallerFuncName() }
func hashed2() string { return imported.CallerFuncName() }
func hashed3() string { return imported.CallerFuncName() }
func hashed4() string { return imported.CallerFuncName() }
func hashed5() string { return imported.CallerFuncName() }
func hashed6() string { return imported.CallerFuncName() }
func hashed7() string { return imported.CallerFuncName() }
make -seed=random use the same random seed for all packages Otherwise, a different random seed per package will break imported names.
5 years ago
-- imported/imported.go --
package imported
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
import (
"reflect"
"runtime"
)
make -seed=random use the same random seed for all packages Otherwise, a different random seed per package will break imported names.
5 years ago
var ImportedVar = "imported var value"
add seed flag to control how builds are reproducible Fixes #26.
5 years ago
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
type NamedType struct {
NamedField int
}
func NamedFunc() string {
return CallerFuncName()
}
all: drop support for Go 1.17 Now that we've released v0.6.0, that will be the last feature release to feature support for Go 1.17. The upcoming v0.7.0 will be Go 1.18+. Code-wise, the cleanup here isn't super noticeable, but it will be easier to work on features like VCS-aware version information and generics support without worrying about Go 1.17. Plus, now CI is back to being much faster. Note how "go 1.18" in go.mod makes "go mod tidy" more aggressive.
3 years ago
func PrintNames(v any, fn func() string) {
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
typ := reflect.TypeOf(v)
println("path:", typ.PkgPath())
println("type:", typ.Name())
println("field:", typ.Field(0).Name)
println("func: ", fn())
}
func CallerFuncName() string {
pc, _, _, _ := runtime.Caller(1)
fn := runtime.FuncForPC(pc)
return fn.Name()
}
make flags like -literals and GOPRIVATE affect hashing (#288) In 6898d61637, we switched from using action IDs from "go list -toolexec=garble" to those from the original "go list". We still wanted the obfuscation and hashing to change if the version of garble changes, so we hashed that "original action ID" with garble's own content ID, and called the new hash "garble action ID". While working on a different patch, I noticed something weird: with the new mechanism, adding or removing flags like -literals did not alter those hashes, unlike the old method. This is because the old method used ownContentID, which includes such bits of information, but the new method does not. Change that, and add a test that locks in the behavior we want. In seed.txt, we check that a single function name gets hashed in particular ways in different scenarios. Note that we use a mix of "cmp" and "! bincmp", since the former has no negated form. While at it, the seed.txt test is revamped a bit. Now, we only run with -literals once, as this test is mainly about -seed. We also declare seed strings once, as environment variables, which makes it easier to track what each step is doing.
4 years ago
-- main.stderr --
make -seed=random use the same random seed for all packages Otherwise, a different random seed per package will break imported names.
5 years ago
teststring
various minor cleanups and fixes (#99) Error strings should never be capitalized. A binsubstr line in one of the tests was duplicate and thus useless. Remove duplicate or trailing spaces in test scripts. Finally, add a TODO for an optimization I just spotted.
5 years ago
imported var value
make obfuscation fully deterministic with -seed The default behavior of garble is to seed via the build inputs, including the build IDs of the entire Go build of each package. This works well as a default, and does give us determinism, but it means that building for different platforms will result in different obfuscation per platform. Instead, when -seed is provided, don't use any other hash seed or salt. This means that a particular Go name will be obfuscated the same way as long as the seed, package path, and name itself remain constant. In other words, when the user supplies a custom -seed, we assume they know what they're doing in terms of storage and rotation. Expand the README docs with more examples and detail. Fixes #449.
3 years ago
-- mainpkg.stderr --
path: main
type: NamedType
field: NamedField
func: main.NamedFunc
-- importedpkg.stderr --
path: test/main/imported
type: NamedType
field: NamedField
func: test/main/imported.NamedFunc