deprecate using GOPRIVATE in favor of GOGARBLE (#427)
Piggybacking off of GOPRIVATE is great for a number of reasons:
* People tend to obfuscate private code, whose package paths will
generally be in GOPRIVATE already
* Its meaning and syntax are well understood
* It allows all the flexibility we need without adding our own env var
or config option
However, using GOPRIVATE directly has one main drawback.
It's fairly common to also want to obfuscate public dependencies,
to make the code in private packages even harder to follow.
However, using "GOPRIVATE=*" will result in two main downsides:
* GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled.
Downloading modules, such as when adding or updating dependencies,
or when the local cache is cold, can be less reliable.
* GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled.
Adding entries to go.sum, such as when adding or updating dependencies,
can be less secure.
We will continue to consume GOPRIVATE as a fallback,
but we now expect users to set GOGARBLE instead.
The new logic is documented in the README.
While here, rewrite some uses of "private" with "to obfuscate",
to make the code easier to follow and harder to misunderstand.
Fixes #276.
3 years ago
|
|
|
env GOGARBLE=test/main
|
|
|
|
|
|
|
|
# Tiny mode
|
|
|
|
garble -tiny build
|
testdata: use longer Go filenames for binsubstr
Every now and then, a CI run would fail:
FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main
These were rare, and very hard to reproduce or debug.
My best guess is that, since "main.go" is a short string and we use
random eight-character obfuscated filenames ending with ".go", it was
possible that the random filename happened to end in "main" in some
cases.
Given the base64 encoding, the chances of a single suffix collision are
about 0.000006%. Note, however, that a single obfuscated build will most
likely obfuscate many filenames, especially for the tests obfuscating
multiple packages. For a single CI run with many tests across three OSs,
the chances of any collision are likely very low, but realistic.
All this has a simple fix: use longer filenames to match with. We choose
"garble_main.go" since it's long enough, but also because it's still
clear it's a "main" Go file, and it's very unlikely to cause conflicts
with filenames in upstream Go given the "garble_" prefix.
3 years ago
|
|
|
! binsubstr main$exe 'garble_main.go' 'fmt/print.go'
|
|
|
|
env GODEBUG='allocfreetrace=1,gcpacertrace=1,gctrace=1,inittrace=1,scavenge=1,scavtrace=1,scheddetail=1,schedtrace=10'
|
|
|
|
! exec ./main$exe
|
|
|
|
env GODEBUG='' # Ensure further commands don't have weirdness due to GODEBUG.
|
|
|
|
stderr '^\(0x[\d\w]{4,8},0x[\d\w]{4,8}\)' # interfaces/pointers print correctly
|
|
|
|
# With -tiny, all line numbers are reset to 1.
|
|
|
|
# Unfortunately, line comment directives don't allow erasing line numbers entirely.
|
|
|
|
stderr '^caller: \?\? 1$' # position info is removed
|
|
|
|
stderr '^recovered: ya like jazz?'
|
|
|
|
! stderr '^init runtime' # GODEBUG prints are hidden, like inittrace=1
|
|
|
|
! stderr 'panic: oh noes' # panics are hidden
|
|
|
|
|
|
|
|
|
|
|
|
[short] stop # no need to verify this with -short
|
|
|
|
|
|
|
|
# Default mode
|
|
|
|
garble build
|
|
|
|
! exec ./main$exe
|
|
|
|
stderr '^caller: [0-9a-zA-Z_]+\.go [1-9]'
|
|
|
|
stderr '^recovered: ya like jazz?'
|
|
|
|
stderr 'panic: oh noes'
|
|
|
|
|
|
|
|
-- go.mod --
|
|
|
|
module test/main
|
|
|
|
|
|
|
|
go 1.18
|
testdata: use longer Go filenames for binsubstr
Every now and then, a CI run would fail:
FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main
These were rare, and very hard to reproduce or debug.
My best guess is that, since "main.go" is a short string and we use
random eight-character obfuscated filenames ending with ".go", it was
possible that the random filename happened to end in "main" in some
cases.
Given the base64 encoding, the chances of a single suffix collision are
about 0.000006%. Note, however, that a single obfuscated build will most
likely obfuscate many filenames, especially for the tests obfuscating
multiple packages. For a single CI run with many tests across three OSs,
the chances of any collision are likely very low, but realistic.
All this has a simple fix: use longer filenames to match with. We choose
"garble_main.go" since it's long enough, but also because it's still
clear it's a "main" Go file, and it's very unlikely to cause conflicts
with filenames in upstream Go given the "garble_" prefix.
3 years ago
|
|
|
-- garble_main.go --
|
|
|
|
package main
|
|
|
|
|
|
|
|
import "runtime"
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
var v any = "tada"
|
|
|
|
println(v)
|
|
|
|
|
|
|
|
defer func() {
|
|
|
|
if r := recover(); r != nil {
|
|
|
|
println("recovered:", r.(string))
|
|
|
|
panic("oh noes")
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
_, file, line, _ := runtime.Caller(0)
|
|
|
|
println("caller:", file, line)
|
|
|
|
|
|
|
|
panic("ya like jazz?")
|
|
|
|
}
|