justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
formatTests
defaultSeed
test
string-pattern-fix
ci-test
literalRecheck
v0.15.0
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '993c5fbbe8'
${ noResults }
garble/testdata/scripts/goprivate.txt

58 lines
1.6 KiB
Plaintext
Raw Normal View History Unescape Escape

complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
env GOPRIVATE=match-absolutely/nothing
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
5 years ago
! garble build -o=out ./standalone
stderr '^GOPRIVATE="match-absolutely/nothing" does not match any packages to be built$'
env GOPRIVATE=test/main/imported
! garble build ./importer
stderr '^public package "test/main/importer" can''t depend on obfuscated package "test/main/imported" \(matched via GOPRIVATE="test/main/imported"\)$'
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
5 years ago
[short] stop # rebuilding std is slow
env GOPRIVATE='*'
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
obfuscate fewer std packages (#196) Previously, we were never obfuscating runtime and its direct dependencies. Unfortunately, due to linkname, the runtime package is actually closely related to dozens of other std packages as well. Until we can obfuscate the runtime and properly support go:linkname directives, obfuscating fewer std packages is a better outcome than breaking and not producing any obfuscated code at all. The added test case is building runtime/pprof, which used to cause failures: # runtime/pprof /go/src/runtime/pprof/label.go:27:21: undefined: context.Context /go/src/runtime/pprof/label.go:59:21: undefined: context.Context /go/src/runtime/pprof/label.go:93:16: undefined: context.Context /go/src/runtime/pprof/label.go:101:20: undefined: context.Context The net package was also very close to obfuscating properly thanks to this change, so its test is now run as well. The only other remaining fix was to not obfuscate fields on cgo types, since those aren't obfuscated at the moment. The map is pretty long, but it's only a temporary solution and the command to obtain the list again is included. Never obfuscating the entire std library is also an option, but it's a bit unnecessary. Fixes #134.
5 years ago
# Try garbling all of std, given some std packages.
# No need for a main package here; building the std packages directly works the
# same, and is faster as we don't need to link a binary.
support typechecking all of std (#236) There was one bug keeping the command below from working: GOPRIVATE='*' garble build std The bug is rather obscure; I'm still working on a minimal reproducer that I can submit upstream, and I'm not yet convinced about where the bug lives and how it can be fixed. In short, the command would fail with: typecheck error: /go/src/crypto/ecdsa/ecdsa.go:122:12: cannot use asn1.SEQUENCE (constant 48 of type asn1.Tag) as asn1.Tag value in argument to b.AddASN1 Note that the error is ambiguous; there are two asn1 packages, but they are actually mismatching. We can see that by manually adding debug prints to go/types: constant: asn1.SEQUENCE (constant 48 of type golang.org/x/crypto/cryptobyte/asn1.Tag) argument type: vendor/golang.org/x/crypto/cryptobyte/asn1.Tag It's clear that, for some reason, go/types ends up confused and loading a vendored and non-vendored version of asn1. There also seems to be no way to work around this with our lookup function, as it just receives an import path as a parameter, and returns an object file reader. For now, work around the issue by *not* using a custom lookup function in this rare edge case involving vendored dependencies in std packages. The added code has a lengthy comment explaining the reasoning. I still intend to investigate this further, but there's no reason to keep garble failing if we can work around the bug. Fixes #223.
5 years ago
# This used to cause multiple errors, mainly since std vendors some external
# packages so we must properly support ImportMap.
# Plus, some packages like net make heavy use of complex features like Cgo.
# Note that we won't obfuscate a few std packages just yet, mainly those around runtime.
garble build std
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
5 years ago
# Link a binary importing net/http, which will catch whether or not we
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
5 years ago
# support ImportMap when linking.
garble build -o=out ./stdimporter
avoid reproducibility issues with full rebuilds We were using temporary filenames for modified Go and assembly files. For example, an obfuscated "encoding/json/encode.go" would end up as: /tmp/garble-shared123/encode.go.456.go where "123" and "456" are random numbers, usually longer. This was usually fine for two reasons: 1) We would add "/tmp/garble-shared123/" to -trimpath, so the temporary directory and its random number would be invisible. 2) We would add "//line" directives to the source files, replacing the filename with obfuscated versions excluding any random number. Unfortunately, this broke in multiple ways. Most notably, assembly files do not have any line directives, and it's not clear that there's any support for them. So the random number in their basename could end up in the binary, breaking reproducibility. Another issue is that the -trimpath addition described above was only done for cmd/compile, not cmd/asm, so assembly filenames included the randomized temporary directory. To fix the issues above, the same "encoding/json/encode.go" would now end up as: /tmp/garble-shared123/encoding/json/encode.go Such a path is still unique even though the "456" random number is gone, as import paths are unique within a single build. This fixes issues with the base name of each file, so we no longer rely on line directives as the only way to remove the second original random number. We still rely on -trimpath to get rid of the temporary directory in filenames. To fix its problem with assembly files, also amend the -trimpath flag when running the assembler tool. Finally, add a test that reproducible builds still work when a full rebuild is done. We choose goprivate.txt for such a test as its stdimporter package imports a number of std packages, including uses of assembly and cgo. For the time being, we don't use such a "full rebuild" reproducibility test in other test scripts, as this step is expensive, rebuilding many packages from scratch. This issue went unnoticed for over a year because such random numbers "123" and "456" were created when a package was obfuscated, and that only happened once per package version as long as the build cache was kept intact. When clearing the build cache, or forcing a rebuild with -a, one gets new random numbers, and thus a different binary resulting from the same build input. That's not something that most users would do regularly, and our tests did not cover that edge case either, until now. Fixes #328.
5 years ago
# Also check that a full rebuild is reproducible,
# with -a to rebuild all packages.
# This is slow, but necessary to uncover bugs hidden by the build cache.
garble build -o=out_rebuild -a ./stdimporter
bincmp out_rebuild out
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
-- go.mod --
module test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
5 years ago
all: drop support for Go 1.15.x (#265) This mainly cleans up the few bits of code where we explicitly kept support for Go 1.15.x. With v0.1.0 released, we can drop support now, since the next v0.2.0 release will only support Go 1.16.x. Also updates all modules, including test ones, to 'go 1.16'. Note that the TOOLEXEC_IMPORTPATH refactor is not done here, despite all the TODOs about doing so when we drop 1.15 support. This is because that refactor needs to be done carefully and might have side effects, so it's best to keep it to a separate commit. Finally, update the deps.
5 years ago
go 1.16
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
-- standalone/main.go --
package main
func main() {}
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
5 years ago
-- importer/importer.go --
package importer
import "test/main/imported"
var _ = imported.Name
-- imported/imported.go --
package imported
var Name = "value"
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
5 years ago
-- stdimporter/main.go --
package main
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
5 years ago
import "net/http"
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
5 years ago
func main() {
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
5 years ago
http.ListenAndServe("", nil)
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
5 years ago
}