garble/testdata/scripts/ldflags.txt

# Note the proper domain, since the dot adds an edge case.
env GOGARBLE=domain.test/main

env LDFLAGS='-X=main.unexportedVersion=v1.0.0 -X=domain.test/main/imported.ExportedVar=replaced -X=domain.test/missing/path.missingVar=value'

garble build -ldflags=${LDFLAGS}
exec ./main
cmp stderr main.stderr
! binsubstr main$exe 'unexportedVersion'

[short] stop # no need to verify this with -short

garble -tiny build -ldflags=${LDFLAGS}
exec ./main
cmp stderr main.stderr
! binsubstr main$exe 'unexportedVersion'

go build -ldflags=${LDFLAGS}
exec ./main
cmp stderr main.stderr
binsubstr main$exe 'unexportedVersion'

-- go.mod --
module domain.test/main

go 1.17
-- main.go --
package main

import (
	"domain.test/main/imported"
)

var unexportedVersion = "unknown"

func main() {
	println("version:", unexportedVersion)
	println("var:", imported.ExportedVar)
}
-- imported/imported.go --
package imported

var ExportedVar = "original"
-- main.stderr --
version: v1.0.0
var: replaced
testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'. 5 years ago			`# Note the proper domain, since the dot adds an edge case.`
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=" will result in two main downsides: GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276. 4 years ago			`env GOGARBLE=domain.test/main`
testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'. 5 years ago
ignore -ldflags=-X flags mentioning unknown packages That would panic, since the *listedPackage would be nil for a package path we aren't aware of: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x126b57d] goroutine 1 [running]: main.transformLink.func1(0x7ffeefbff28b, 0x5d) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1260 +0x17d main.flagValueIter(0xc0000a8e20, 0x2f, 0x2f, 0x12e278e, 0x2, 0xc000129e28) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1410 +0x1e9 main.transformLink(0xc0000a8e20, 0x30, 0x36, 0x4, 0xc000114648, 0x23, 0x12dfd60, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1241 +0x1b9 main.mainErr(0xc0000a8e10, 0x31, 0x37, 0x37, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:287 +0x389 main.main1(0xc000096058) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:150 +0xe7 main.main() mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:83 +0x25 The linker ignores such unknown references, so we should too. Fixes #259. 5 years ago			`env LDFLAGS='-X=main.unexportedVersion=v1.0.0 -X=domain.test/main/imported.ExportedVar=replaced -X=domain.test/missing/path.missingVar=value'`

			`garble build -ldflags=${LDFLAGS}`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`exec ./main`
reduce unnecessary std imports in tests Since we have to recompile all dependencies, this reduces a substantial amount of work, reducing 'go test -short' time from ~16s to ~12s on my laptop. 5 years ago			`cmp stderr main.stderr`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`! binsubstr main$exe 'unexportedVersion'`

			`[short] stop # no need to verify this with -short`

ignore -ldflags=-X flags mentioning unknown packages That would panic, since the *listedPackage would be nil for a package path we aren't aware of: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x126b57d] goroutine 1 [running]: main.transformLink.func1(0x7ffeefbff28b, 0x5d) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1260 +0x17d main.flagValueIter(0xc0000a8e20, 0x2f, 0x2f, 0x12e278e, 0x2, 0xc000129e28) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1410 +0x1e9 main.transformLink(0xc0000a8e20, 0x30, 0x36, 0x4, 0xc000114648, 0x23, 0x12dfd60, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:1241 +0x1b9 main.mainErr(0xc0000a8e10, 0x31, 0x37, 0x37, 0x0) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:287 +0x389 main.main1(0xc000096058) mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:150 +0xe7 main.main() mvdan.cc/garble@v0.0.0-20210302140807-b03cd08c0946/main.go:83 +0x25 The linker ignores such unknown references, so we should too. Fixes #259. 5 years ago			`garble -tiny build -ldflags=${LDFLAGS}`
Rewrite renaming logic for private names and reduce length of public names (#135) 1. Now private names are obfuscated based on the counter in scope of the package. 2. The length of public names is reduced to 4 bytes. 5 years ago			`exec ./main`
			`cmp stderr main.stderr`
			`! binsubstr main$exe 'unexportedVersion'`

testdata: remove some unnecessary execs (#267) Our use of go-internal's gotooltest.Setup means that "go" is set up as a top-level command in the scripts, so we can simply "go build" instead of having to "exec go build". The result is practically the same, but the scripts are simpler. While at it, I had left an "exec cat" behind; remove it. 5 years ago			`go build -ldflags=${LDFLAGS}`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`exec ./main`
reduce unnecessary std imports in tests Since we have to recompile all dependencies, this reduces a substantial amount of work, reducing 'go test -short' time from ~16s to ~12s on my laptop. 5 years ago			`cmp stderr main.stderr`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`binsubstr main$exe 'unexportedVersion'`

			`-- go.mod --`
add a regression test for #82 The test case we had didn't have a realistic-looking module path with a dot, so we hadn't noticed the bug with IndexByte. Fix that. We verified that the new test fails if we undo the fix. 5 years ago			`module domain.test/main`
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well. 5 years ago
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me> 4 years ago			`go 1.17`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`-- main.go --`
			`package main`

			`import (`
add a regression test for #82 The test case we had didn't have a realistic-looking module path with a dot, so we hadn't noticed the bug with IndexByte. Fix that. We verified that the new test fails if we undo the fix. 5 years ago			`"domain.test/main/imported"`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`)`

			`var unexportedVersion = "unknown"`

			`func main() {`
reduce unnecessary std imports in tests Since we have to recompile all dependencies, this reduces a substantial amount of work, reducing 'go test -short' time from ~16s to ~12s on my laptop. 5 years ago			`println("version:", unexportedVersion)`
			`println("var:", imported.ExportedVar)`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`}`
			`-- imported/imported.go --`
			`package imported`

			`var ExportedVar = "original"`
reduce unnecessary std imports in tests Since we have to recompile all dependencies, this reduces a substantial amount of work, reducing 'go test -short' time from ~16s to ~12s on my laptop. 5 years ago			`-- main.stderr --`
support -ldflags=-X=pkg.name=str with garbled names Because the linker has access to all the build IDs, just like the compiler, we can support this transparently. Add a test too. Fixes #21. 5 years ago			`version: v1.0.0`
			`var: replaced`