justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release-v0.12
ci-test
literalRecheck
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ad2ecc7f2f'
${ noResults }
garble/testdata/script/gogarble.txtar

91 lines
2.9 KiB
Plaintext
Raw Normal View History Unescape Escape

default to GOGARBLE=*, stop using GOPRIVATE We can drop the code that kicked in when GOGARBLE was empty. We can also add the value in addGarbleToHash unconditionally, as we never allow it to be empty. In the tests, remove all GOGARBLE lines where it just meant "obfuscate everything" or "obfuscate the entire main module". cgo.txtar had "obfuscate everything" as a separate step, so remove it entirely. linkname.txtar started failing because the imported package did not import strings, so listPackage errored out. This wasn't a problem when strings itself wasn't obfuscated, as transformLinkname silently left strings.IndexByte untouched. It is a problem when IndexByte does get obfuscated. Make that kind of listPackage error visible, and fix it. reflect.txtar started failing with "unreachable method" runtime throws. It's not clear to me why; it appears that GOGARBLE=* makes the linker think that ExportedMethodName is suddenly unreachable. Work around the problem by making the method explicitly reachable, and leave a TODO as a reminder to investigate. Finally, gogarble.txtar no longer needs to test for GOPRIVATE. The rest of the test is left the same, as we still want the various values for GOGARBLE to continue to work just like before. Fixes #594.
2 years ago
# Ensure that "does not match any packages" works.
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
3 years ago
env GOGARBLE=match-absolutely/nothing
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
! exec garble build -o=out ./standalone
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
3 years ago
stderr '^GOGARBLE="match-absolutely/nothing" does not match any packages to be built$'
only obfuscate literals in packages to obfuscate Add a regression test in gogarble.txt, as that test is already set up with packages to not obfuscate. This bug manifested in the form of a build failure for GOOS=plan9 with -literals turned on: [...]/os/file_plan9.go:151:12: invalid operation: cannot call non-function append (variable of type bool) In this case, the "os" package is not to be obfuscated, but we would still obfuscate its literals as per the bug. But, since the package's identifiers were not obfuscated, names like "append" were not replaced as per ea2e0bdf71, meaning that the shadowing would still affect us. Fixes #417.
3 years ago
# A build where just some packages are obfuscated.
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
3 years ago
env GOGARBLE=test/main/imported
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble -literals build -o=out ./importer
only obfuscate literals in packages to obfuscate Add a regression test in gogarble.txt, as that test is already set up with packages to not obfuscate. This bug manifested in the form of a build failure for GOOS=plan9 with -literals turned on: [...]/os/file_plan9.go:151:12: invalid operation: cannot call non-function append (variable of type bool) In this case, the "os" package is not to be obfuscated, but we would still obfuscate its literals as per the bug. But, since the package's identifiers were not obfuscated, names like "append" were not replaced as per ea2e0bdf71, meaning that the shadowing would still affect us. Fixes #417.
3 years ago
! binsubstr out 'some long string to obfuscate'
binsubstr out 'some long string to not obfuscate'
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
4 years ago
keep importmap entries in the right direction For packages that we alter, we parse and modify the importcfg file. Parsing is necessary so we can locate obfuscated object files, which we use to remember what identifiers were obfuscated. Modifying the files is necessary when we obfuscate import paths, and those import paths have entries in an importcfg file. However, we made one crucial mistake when writing the code. When handling importmap entries such as: importmap golang.org/x/net/idna=vendor/golang.org/x/net/idna we would name the two sides beforePath and afterPath, respectively. They were added to importMap with afterPath as the key, but when we iterated over the map to write a modified importcfg file, we would then assume the key is beforepath. All in all, we would end up writing the opposite direction: importmap vendor/golang.org/x/net/idna=golang.org/x/net/idna This would ultimately result in the importmap never being useful, and some rather confusing error messages such as: cannot find package golang.org/x/net/idna (using -importcfg) Add a test case that reproduces this error, and fix the code so it always uses beforePath as the key. Note that we were also updating importCfgEntries with such entries. I could not reproduce any failure when just removing that code, nor could I explain why it was added there in the first place. As such, remove that bit of code as well. Finally, a reasonable question might be why we never noticed the bug. In practice, such "importmap"s, represented as ImportMap by "go list", only currently appear for packages vendored into the standard library. Until very recently, we didn't support obfuscating most of std, so we would usually not alter the affected importcfg files. Now that we do parse and modify them, the bug surfaced. Fixes #408.
3 years ago
# Obfuscated packages which import non-obfuscated std packages.
# Some of the imported std packages use "import maps" due to vendoring,
# and a past bug made this case fail for "garble build".
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
3 years ago
env GOGARBLE=test/main
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble build -o=out ./stdimporter
keep importmap entries in the right direction For packages that we alter, we parse and modify the importcfg file. Parsing is necessary so we can locate obfuscated object files, which we use to remember what identifiers were obfuscated. Modifying the files is necessary when we obfuscate import paths, and those import paths have entries in an importcfg file. However, we made one crucial mistake when writing the code. When handling importmap entries such as: importmap golang.org/x/net/idna=vendor/golang.org/x/net/idna we would name the two sides beforePath and afterPath, respectively. They were added to importMap with afterPath as the key, but when we iterated over the map to write a modified importcfg file, we would then assume the key is beforepath. All in all, we would end up writing the opposite direction: importmap vendor/golang.org/x/net/idna=golang.org/x/net/idna This would ultimately result in the importmap never being useful, and some rather confusing error messages such as: cannot find package golang.org/x/net/idna (using -importcfg) Add a test case that reproduces this error, and fix the code so it always uses beforePath as the key. Note that we were also updating importCfgEntries with such entries. I could not reproduce any failure when just removing that code, nor could I explain why it was added there in the first place. As such, remove that bit of code as well. Finally, a reasonable question might be why we never noticed the bug. In practice, such "importmap"s, represented as ImportMap by "go list", only currently appear for packages vendored into the standard library. Until very recently, we didn't support obfuscating most of std, so we would usually not alter the affected importcfg files. Now that we do parse and modify them, the bug surfaced. Fixes #408.
3 years ago
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
3 years ago
[short] stop # rebuilding std is slow
default to GOGARBLE=*, stop using GOPRIVATE We can drop the code that kicked in when GOGARBLE was empty. We can also add the value in addGarbleToHash unconditionally, as we never allow it to be empty. In the tests, remove all GOGARBLE lines where it just meant "obfuscate everything" or "obfuscate the entire main module". cgo.txtar had "obfuscate everything" as a separate step, so remove it entirely. linkname.txtar started failing because the imported package did not import strings, so listPackage errored out. This wasn't a problem when strings itself wasn't obfuscated, as transformLinkname silently left strings.IndexByte untouched. It is a problem when IndexByte does get obfuscated. Make that kind of listPackage error visible, and fix it. reflect.txtar started failing with "unreachable method" runtime throws. It's not clear to me why; it appears that GOGARBLE=* makes the linker think that ExportedMethodName is suddenly unreachable. Work around the problem by making the method explicitly reachable, and leave a TODO as a reminder to investigate. Finally, gogarble.txtar no longer needs to test for GOPRIVATE. The rest of the test is left the same, as we still want the various values for GOGARBLE to continue to work just like before. Fixes #594.
2 years ago
# Go back to the default of obfuscating all packages.
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
3 years ago
env GOGARBLE='*'
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
4 years ago
obfuscate fewer std packages (#196) Previously, we were never obfuscating runtime and its direct dependencies. Unfortunately, due to linkname, the runtime package is actually closely related to dozens of other std packages as well. Until we can obfuscate the runtime and properly support go:linkname directives, obfuscating fewer std packages is a better outcome than breaking and not producing any obfuscated code at all. The added test case is building runtime/pprof, which used to cause failures: # runtime/pprof /go/src/runtime/pprof/label.go:27:21: undefined: context.Context /go/src/runtime/pprof/label.go:59:21: undefined: context.Context /go/src/runtime/pprof/label.go:93:16: undefined: context.Context /go/src/runtime/pprof/label.go:101:20: undefined: context.Context The net package was also very close to obfuscating properly thanks to this change, so its test is now run as well. The only other remaining fix was to not obfuscate fields on cgo types, since those aren't obfuscated at the moment. The map is pretty long, but it's only a temporary solution and the command to obtain the list again is included. Never obfuscating the entire std library is also an option, but it's a bit unnecessary. Fixes #134.
4 years ago
# Try garbling all of std, given some std packages.
# No need for a main package here; building the std packages directly works the
# same, and is faster as we don't need to link a binary.
support typechecking all of std (#236) There was one bug keeping the command below from working: GOPRIVATE='*' garble build std The bug is rather obscure; I'm still working on a minimal reproducer that I can submit upstream, and I'm not yet convinced about where the bug lives and how it can be fixed. In short, the command would fail with: typecheck error: /go/src/crypto/ecdsa/ecdsa.go:122:12: cannot use asn1.SEQUENCE (constant 48 of type asn1.Tag) as asn1.Tag value in argument to b.AddASN1 Note that the error is ambiguous; there are two asn1 packages, but they are actually mismatching. We can see that by manually adding debug prints to go/types: constant: asn1.SEQUENCE (constant 48 of type golang.org/x/crypto/cryptobyte/asn1.Tag) argument type: vendor/golang.org/x/crypto/cryptobyte/asn1.Tag It's clear that, for some reason, go/types ends up confused and loading a vendored and non-vendored version of asn1. There also seems to be no way to work around this with our lookup function, as it just receives an import path as a parameter, and returns an object file reader. For now, work around the issue by *not* using a custom lookup function in this rare edge case involving vendored dependencies in std packages. The added code has a lengthy comment explaining the reasoning. I still intend to investigate this further, but there's no reason to keep garble failing if we can work around the bug. Fixes #223.
3 years ago
# This used to cause multiple errors, mainly since std vendors some external
# packages so we must properly support ImportMap.
# Plus, some packages like net make heavy use of complex features like Cgo.
# Note that we won't obfuscate a few std packages just yet, mainly those around runtime.
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble build std
avoid go:linkname warnings when building on tip Packages like os and sync have started using go:linknames pointing to packages outside their dependency tree, much like runtime already did. This started causing warnings to be printed while obfuscsating std: > exec garble build -o=out_rebuild ./stdimporter [stderr] # sync //go:linkname refers to syscall.hasWaitingReaders - add `import _ "syscall"` for garble to find the package # os //go:linkname refers to net.newUnixFile - add `import _ "net"` for garble to find the package > bincmp out_rebuild out PASS Relax the restriction in listPackage so that any package in std is now allowed to list packages in runtimeLinknamed, which makes the warnings and any potential problems go away. Also make these std test cases check that no warnings are printed, since I only happened to notice this problem by chance.
1 year ago
! stderr . # no warnings
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
4 years ago
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
3 years ago
# Link a binary importing net/http, which will catch whether or not we
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
3 years ago
# support ImportMap when linking.
support obfuscating the syscall package One more package that further unblocks obfuscating the runtime. The issue was the TODO we already had about go:linkname directives with just one argument, which are used in the syscall package. While here, factor out the obfuscation of linkname directives into transformLinkname, as it was starting to get a bit complex. We now support debug logging as well, while still being able to use "early returns" for some cases where we bail out. We also need listPackage to treat all runtime sub-packages like it does runtime itself, as `runtime/internal/syscall` linknames into `syscall` without it being a dependency as well. Finally, add a regression test that, without the fix, properly spots that the syscall package was not obfuscated: FAIL: testdata/script/gogarble.txtar:41: unexpected match for ["syscall.RawSyscall6"] in out Updates #193.
2 years ago
# Also ensure we are obfuscating low-level std packages.
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble build -o=out ./stdimporter
avoid go:linkname warnings when building on tip Packages like os and sync have started using go:linknames pointing to packages outside their dependency tree, much like runtime already did. This started causing warnings to be printed while obfuscsating std: > exec garble build -o=out_rebuild ./stdimporter [stderr] # sync //go:linkname refers to syscall.hasWaitingReaders - add `import _ "syscall"` for garble to find the package # os //go:linkname refers to net.newUnixFile - add `import _ "net"` for garble to find the package > bincmp out_rebuild out PASS Relax the restriction in listPackage so that any package in std is now allowed to list packages in runtimeLinknamed, which makes the warnings and any potential problems go away. Also make these std test cases check that no warnings are printed, since I only happened to notice this problem by chance.
1 year ago
! stderr . # no warnings
fix building for GOOS=darwin on Go 1.22.0 It seems like building with Go 1.22.0 for GOOS=darwin started running into some issues with the syscall package's use of ABIInternal in assembly source code: > exec garble build [stderr] # syscall [...].s:16: ABI selector only permitted when compiling runtime, reference was to "runtime.entersyscall" The error can be reproduced from another platform like GOOS=linux as long as we have any test that cross-compiles std to GOOS=darwin. We had crossbuild.txtar which only ensured we covered GOOS=windows and GOOS=linux, so add a third case to ensure MacOS is covered too. This will slow down the tests a bit, but is important for the sake of ensuring that we catch these bugs early, even without MacOS on CI. In fact, we hadn't caught this earlier for Go 1.22 precisely because on CI we only tested on Go tip with GOOS=linux, for the sake of speed. Adding the rest of the package import paths from objabi.allowAsmABIPkgs to our runtimeAndDeps generated map solves this error.
5 months ago
! binsubstr out 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now'
support obfuscating the syscall package One more package that further unblocks obfuscating the runtime. The issue was the TODO we already had about go:linkname directives with just one argument, which are used in the syscall package. While here, factor out the obfuscation of linkname directives into transformLinkname, as it was starting to get a bit complex. We now support debug logging as well, while still being able to use "early returns" for some cases where we bail out. We also need listPackage to treat all runtime sub-packages like it does runtime itself, as `runtime/internal/syscall` linknames into `syscall` without it being a dependency as well. Finally, add a regression test that, without the fix, properly spots that the syscall package was not obfuscated: FAIL: testdata/script/gogarble.txtar:41: unexpected match for ["syscall.RawSyscall6"] in out Updates #193.
2 years ago
# The same low-level std packages appear in plain sight in regular builds.
go build -o=out_regular ./stdimporter
fix building for GOOS=darwin on Go 1.22.0 It seems like building with Go 1.22.0 for GOOS=darwin started running into some issues with the syscall package's use of ABIInternal in assembly source code: > exec garble build [stderr] # syscall [...].s:16: ABI selector only permitted when compiling runtime, reference was to "runtime.entersyscall" The error can be reproduced from another platform like GOOS=linux as long as we have any test that cross-compiles std to GOOS=darwin. We had crossbuild.txtar which only ensured we covered GOOS=windows and GOOS=linux, so add a third case to ensure MacOS is covered too. This will slow down the tests a bit, but is important for the sake of ensuring that we catch these bugs early, even without MacOS on CI. In fact, we hadn't caught this earlier for Go 1.22 precisely because on CI we only tested on Go tip with GOOS=linux, for the sake of speed. Adding the rest of the package import paths from objabi.allowAsmABIPkgs to our runtimeAndDeps generated map solves this error.
5 months ago
binsubstr out_regular 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now'
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
3 years ago
ensure the runtime is built in a reproducible way We went to great lengths to ensure garble builds are reproducible. This includes how the tool itself works, as its behavior should be the same given the same inputs. However, we made one crucial mistake with the runtime package. It has go:linkname directives pointing at other packages, and some of those pointed packages aren't its dependencies. Imagine two scenarios where garble builds the runtime package: 1) We run "garble build runtime". The way we handle linkname directives calls listPackage on the target package, to obfuscate the target's import path and object name. However, since we only obtained build info of runtime and its deps, calls for some linknames such as listPackage("sync/atomic") will fail. The linkname directive will leave its target untouched. 2) We run "garble build std". Unlike the first scenario, all listPackage calls issued by runtime's linkname directives will succeed, so its linkname directive targets will be obfuscated. At best, this can result in inconsistent builds, depending on how the runtime package was built. At worst, the mismatching object names can result in errors at link time, if the target packages are actually used. The modified test reproduces the worst case scenario reliably, when the fix is reverted: > env GOCACHE=${WORK}/gocache-empty > garble build -a runtime > garble build -o=out_rebuild ./stdimporter [stderr] # test/main/stdimporter JZzQivnl.NtQJu0H3: relocation target JZzQivnl.iioHinYT not defined JZzQivnl.NtQJu0H3.func9: relocation target JZzQivnl.yz5z0NaH not defined JZzQivnl.(*ypvqhKiQ).String: relocation target JZzQivnl.eVciBQeI not defined JZzQivnl.(*ypvqhKiQ).PkgPath: relocation target JZzQivnl.eVciBQeI not defined [...] The fix consists of two steps. First, if we're building the runtime and listPackage fails on a package, that means we ran into scenario 1 above. To avoid the inconsistency, we fill ListedPackages with "go list [...] std". This means we'll always build runtime as described in scenario 2 above. Second, when building packages other than the runtime, we only allow listPackage to succeed if we're listing a dependency of the current package. This ensures we won't run into similar reproducibility bugs in the future. Finally, re-enable test-gotip on CI since this was the last test flake.
3 years ago
# Also check that a full rebuild is reproducible, via a new GOCACHE.
avoid reproducibility issues with full rebuilds We were using temporary filenames for modified Go and assembly files. For example, an obfuscated "encoding/json/encode.go" would end up as: /tmp/garble-shared123/encode.go.456.go where "123" and "456" are random numbers, usually longer. This was usually fine for two reasons: 1) We would add "/tmp/garble-shared123/" to -trimpath, so the temporary directory and its random number would be invisible. 2) We would add "//line" directives to the source files, replacing the filename with obfuscated versions excluding any random number. Unfortunately, this broke in multiple ways. Most notably, assembly files do not have any line directives, and it's not clear that there's any support for them. So the random number in their basename could end up in the binary, breaking reproducibility. Another issue is that the -trimpath addition described above was only done for cmd/compile, not cmd/asm, so assembly filenames included the randomized temporary directory. To fix the issues above, the same "encoding/json/encode.go" would now end up as: /tmp/garble-shared123/encoding/json/encode.go Such a path is still unique even though the "456" random number is gone, as import paths are unique within a single build. This fixes issues with the base name of each file, so we no longer rely on line directives as the only way to remove the second original random number. We still rely on -trimpath to get rid of the temporary directory in filenames. To fix its problem with assembly files, also amend the -trimpath flag when running the assembler tool. Finally, add a test that reproducible builds still work when a full rebuild is done. We choose goprivate.txt for such a test as its stdimporter package imports a number of std packages, including uses of assembly and cgo. For the time being, we don't use such a "full rebuild" reproducibility test in other test scripts, as this step is expensive, rebuilding many packages from scratch. This issue went unnoticed for over a year because such random numbers "123" and "456" were created when a package was obfuscated, and that only happened once per package version as long as the build cache was kept intact. When clearing the build cache, or forcing a rebuild with -a, one gets new random numbers, and thus a different binary resulting from the same build input. That's not something that most users would do regularly, and our tests did not cover that edge case either, until now. Fixes #328.
3 years ago
# This is slow, but necessary to uncover bugs hidden by the build cache.
ensure the runtime is built in a reproducible way We went to great lengths to ensure garble builds are reproducible. This includes how the tool itself works, as its behavior should be the same given the same inputs. However, we made one crucial mistake with the runtime package. It has go:linkname directives pointing at other packages, and some of those pointed packages aren't its dependencies. Imagine two scenarios where garble builds the runtime package: 1) We run "garble build runtime". The way we handle linkname directives calls listPackage on the target package, to obfuscate the target's import path and object name. However, since we only obtained build info of runtime and its deps, calls for some linknames such as listPackage("sync/atomic") will fail. The linkname directive will leave its target untouched. 2) We run "garble build std". Unlike the first scenario, all listPackage calls issued by runtime's linkname directives will succeed, so its linkname directive targets will be obfuscated. At best, this can result in inconsistent builds, depending on how the runtime package was built. At worst, the mismatching object names can result in errors at link time, if the target packages are actually used. The modified test reproduces the worst case scenario reliably, when the fix is reverted: > env GOCACHE=${WORK}/gocache-empty > garble build -a runtime > garble build -o=out_rebuild ./stdimporter [stderr] # test/main/stdimporter JZzQivnl.NtQJu0H3: relocation target JZzQivnl.iioHinYT not defined JZzQivnl.NtQJu0H3.func9: relocation target JZzQivnl.yz5z0NaH not defined JZzQivnl.(*ypvqhKiQ).String: relocation target JZzQivnl.eVciBQeI not defined JZzQivnl.(*ypvqhKiQ).PkgPath: relocation target JZzQivnl.eVciBQeI not defined [...] The fix consists of two steps. First, if we're building the runtime and listPackage fails on a package, that means we ran into scenario 1 above. To avoid the inconsistency, we fill ListedPackages with "go list [...] std". This means we'll always build runtime as described in scenario 2 above. Second, when building packages other than the runtime, we only allow listPackage to succeed if we're listing a dependency of the current package. This ensures we won't run into similar reproducibility bugs in the future. Finally, re-enable test-gotip on CI since this was the last test flake.
3 years ago
# We also forcibly rebuild runtime on its own, given it used to be non-reproducible
# due to its use of linknames pointing at std packages it doesn't depend upon.
testdata: skip runtime rebuild test on darwin CI ran into the failure again; reopened #609 for now.
9 months ago
[darwin] skip 'see https://github.com/burrowers/garble/issues/609'
ensure the runtime is built in a reproducible way We went to great lengths to ensure garble builds are reproducible. This includes how the tool itself works, as its behavior should be the same given the same inputs. However, we made one crucial mistake with the runtime package. It has go:linkname directives pointing at other packages, and some of those pointed packages aren't its dependencies. Imagine two scenarios where garble builds the runtime package: 1) We run "garble build runtime". The way we handle linkname directives calls listPackage on the target package, to obfuscate the target's import path and object name. However, since we only obtained build info of runtime and its deps, calls for some linknames such as listPackage("sync/atomic") will fail. The linkname directive will leave its target untouched. 2) We run "garble build std". Unlike the first scenario, all listPackage calls issued by runtime's linkname directives will succeed, so its linkname directive targets will be obfuscated. At best, this can result in inconsistent builds, depending on how the runtime package was built. At worst, the mismatching object names can result in errors at link time, if the target packages are actually used. The modified test reproduces the worst case scenario reliably, when the fix is reverted: > env GOCACHE=${WORK}/gocache-empty > garble build -a runtime > garble build -o=out_rebuild ./stdimporter [stderr] # test/main/stdimporter JZzQivnl.NtQJu0H3: relocation target JZzQivnl.iioHinYT not defined JZzQivnl.NtQJu0H3.func9: relocation target JZzQivnl.yz5z0NaH not defined JZzQivnl.(*ypvqhKiQ).String: relocation target JZzQivnl.eVciBQeI not defined JZzQivnl.(*ypvqhKiQ).PkgPath: relocation target JZzQivnl.eVciBQeI not defined [...] The fix consists of two steps. First, if we're building the runtime and listPackage fails on a package, that means we ran into scenario 1 above. To avoid the inconsistency, we fill ListedPackages with "go list [...] std". This means we'll always build runtime as described in scenario 2 above. Second, when building packages other than the runtime, we only allow listPackage to succeed if we're listing a dependency of the current package. This ensures we won't run into similar reproducibility bugs in the future. Finally, re-enable test-gotip on CI since this was the last test flake.
3 years ago
env GOCACHE=${WORK}/gocache-empty
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble build -a runtime
exec garble build -o=out_rebuild ./stdimporter
avoid reproducibility issues with full rebuilds We were using temporary filenames for modified Go and assembly files. For example, an obfuscated "encoding/json/encode.go" would end up as: /tmp/garble-shared123/encode.go.456.go where "123" and "456" are random numbers, usually longer. This was usually fine for two reasons: 1) We would add "/tmp/garble-shared123/" to -trimpath, so the temporary directory and its random number would be invisible. 2) We would add "//line" directives to the source files, replacing the filename with obfuscated versions excluding any random number. Unfortunately, this broke in multiple ways. Most notably, assembly files do not have any line directives, and it's not clear that there's any support for them. So the random number in their basename could end up in the binary, breaking reproducibility. Another issue is that the -trimpath addition described above was only done for cmd/compile, not cmd/asm, so assembly filenames included the randomized temporary directory. To fix the issues above, the same "encoding/json/encode.go" would now end up as: /tmp/garble-shared123/encoding/json/encode.go Such a path is still unique even though the "456" random number is gone, as import paths are unique within a single build. This fixes issues with the base name of each file, so we no longer rely on line directives as the only way to remove the second original random number. We still rely on -trimpath to get rid of the temporary directory in filenames. To fix its problem with assembly files, also amend the -trimpath flag when running the assembler tool. Finally, add a test that reproducible builds still work when a full rebuild is done. We choose goprivate.txt for such a test as its stdimporter package imports a number of std packages, including uses of assembly and cgo. For the time being, we don't use such a "full rebuild" reproducibility test in other test scripts, as this step is expensive, rebuilding many packages from scratch. This issue went unnoticed for over a year because such random numbers "123" and "456" were created when a package was obfuscated, and that only happened once per package version as long as the build cache was kept intact. When clearing the build cache, or forcing a rebuild with -a, one gets new random numbers, and thus a different binary resulting from the same build input. That's not something that most users would do regularly, and our tests did not cover that edge case either, until now. Fixes #328.
3 years ago
bincmp out_rebuild out
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
4 years ago
-- go.mod --
module test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
drop Go 1.21 and start using go/version Needing to awkwardly treat Go versions as if they were semver is no longer necessary thanks to go/version being in Go 1.22.0 now.
5 months ago
go 1.22
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
4 years ago
-- standalone/main.go --
package main
func main() {}
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
4 years ago
-- importer/importer.go --
only obfuscate literals in packages to obfuscate Add a regression test in gogarble.txt, as that test is already set up with packages to not obfuscate. This bug manifested in the form of a build failure for GOOS=plan9 with -literals turned on: [...]/os/file_plan9.go:151:12: invalid operation: cannot call non-function append (variable of type bool) In this case, the "os" package is not to be obfuscated, but we would still obfuscate its literals as per the bug. But, since the package's identifiers were not obfuscated, names like "append" were not replaced as per ea2e0bdf71, meaning that the shadowing would still affect us. Fixes #417.
3 years ago
package main
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
4 years ago
import "test/main/imported"
only obfuscate literals in packages to obfuscate Add a regression test in gogarble.txt, as that test is already set up with packages to not obfuscate. This bug manifested in the form of a build failure for GOOS=plan9 with -literals turned on: [...]/os/file_plan9.go:151:12: invalid operation: cannot call non-function append (variable of type bool) In this case, the "os" package is not to be obfuscated, but we would still obfuscate its literals as per the bug. But, since the package's identifiers were not obfuscated, names like "append" were not replaced as per ea2e0bdf71, meaning that the shadowing would still affect us. Fixes #417.
3 years ago
func main() {
println(imported.LongString)
println("some long string to not obfuscate")
}
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
4 years ago
-- imported/imported.go --
package imported
only obfuscate literals in packages to obfuscate Add a regression test in gogarble.txt, as that test is already set up with packages to not obfuscate. This bug manifested in the form of a build failure for GOOS=plan9 with -literals turned on: [...]/os/file_plan9.go:151:12: invalid operation: cannot call non-function append (variable of type bool) In this case, the "os" package is not to be obfuscated, but we would still obfuscate its literals as per the bug. But, since the package's identifiers were not obfuscated, names like "append" were not replaced as per ea2e0bdf71, meaning that the shadowing would still affect us. Fixes #417.
3 years ago
var LongString = "some long string to obfuscate"
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
3 years ago
-- stdimporter/main.go --
package main
only list missing packages when obfuscating the runtime We were listing all of std, which certainly worked, but was quite slow at over 200 packages. In practice, we can only be missing up to 20-30 packages. It was a good change as it fixed a severe bug, but it also introduced a fairly noticeable slow-down. The numbers are clear; this change shaves off multiple seconds when obfuscating the runtime with a cold cache: name old time/op new time/op delta Build/NoCache-16 5.06s ± 1% 1.94s ± 1% -61.64% (p=0.008 n=5+5) name old bin-B new bin-B delta Build/NoCache-16 6.70M ± 0% 6.71M ± 0% +0.05% (p=0.008 n=5+5) name old sys-time/op new sys-time/op delta Build/NoCache-16 13.4s ± 2% 5.0s ± 2% -62.45% (p=0.008 n=5+5) name old user-time/op new user-time/op delta Build/NoCache-16 60.6s ± 1% 19.8s ± 1% -67.34% (p=0.008 n=5+5) Since we only want to call "go list" one extra time, instead of once for every package we find out we're missing, we want to know what packages we could be missing in advance. Resurrect a smarter version of the runtime-related script. Finally, remove the runtime-related.txt test script, as it has now been superseeded by the sanity checks in listPackage. That is, obfuscating the runtime package will now panic if we are missing any necessary package information. To double check that we get the runtime's linkname edge case right, make gogarble.txt use runtime/debug.WriteHeapDump, which is implemented via a direct runtime linkname. This ensures we don't lose test coverage from runtime-related.txt.
3 years ago
import (
"net/http"
"runtime/debug"
support obfuscating the syscall package One more package that further unblocks obfuscating the runtime. The issue was the TODO we already had about go:linkname directives with just one argument, which are used in the syscall package. While here, factor out the obfuscation of linkname directives into transformLinkname, as it was starting to get a bit complex. We now support debug logging as well, while still being able to use "early returns" for some cases where we bail out. We also need listPackage to treat all runtime sub-packages like it does runtime itself, as `runtime/internal/syscall` linknames into `syscall` without it being a dependency as well. Finally, add a regression test that, without the fix, properly spots that the syscall package was not obfuscated: FAIL: testdata/script/gogarble.txtar:41: unexpected match for ["syscall.RawSyscall6"] in out Updates #193.
2 years ago
"time"
only list missing packages when obfuscating the runtime We were listing all of std, which certainly worked, but was quite slow at over 200 packages. In practice, we can only be missing up to 20-30 packages. It was a good change as it fixed a severe bug, but it also introduced a fairly noticeable slow-down. The numbers are clear; this change shaves off multiple seconds when obfuscating the runtime with a cold cache: name old time/op new time/op delta Build/NoCache-16 5.06s ± 1% 1.94s ± 1% -61.64% (p=0.008 n=5+5) name old bin-B new bin-B delta Build/NoCache-16 6.70M ± 0% 6.71M ± 0% +0.05% (p=0.008 n=5+5) name old sys-time/op new sys-time/op delta Build/NoCache-16 13.4s ± 2% 5.0s ± 2% -62.45% (p=0.008 n=5+5) name old user-time/op new user-time/op delta Build/NoCache-16 60.6s ± 1% 19.8s ± 1% -67.34% (p=0.008 n=5+5) Since we only want to call "go list" one extra time, instead of once for every package we find out we're missing, we want to know what packages we could be missing in advance. Resurrect a smarter version of the runtime-related script. Finally, remove the runtime-related.txt test script, as it has now been superseeded by the sanity checks in listPackage. That is, obfuscating the runtime package will now panic if we are missing any necessary package information. To double check that we get the runtime's linkname edge case right, make gogarble.txt use runtime/debug.WriteHeapDump, which is implemented via a direct runtime linkname. This ensures we don't lose test coverage from runtime-related.txt.
3 years ago
)
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
3 years ago
func main() {
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
3 years ago
http.ListenAndServe("", nil)
only list missing packages when obfuscating the runtime We were listing all of std, which certainly worked, but was quite slow at over 200 packages. In practice, we can only be missing up to 20-30 packages. It was a good change as it fixed a severe bug, but it also introduced a fairly noticeable slow-down. The numbers are clear; this change shaves off multiple seconds when obfuscating the runtime with a cold cache: name old time/op new time/op delta Build/NoCache-16 5.06s ± 1% 1.94s ± 1% -61.64% (p=0.008 n=5+5) name old bin-B new bin-B delta Build/NoCache-16 6.70M ± 0% 6.71M ± 0% +0.05% (p=0.008 n=5+5) name old sys-time/op new sys-time/op delta Build/NoCache-16 13.4s ± 2% 5.0s ± 2% -62.45% (p=0.008 n=5+5) name old user-time/op new user-time/op delta Build/NoCache-16 60.6s ± 1% 19.8s ± 1% -67.34% (p=0.008 n=5+5) Since we only want to call "go list" one extra time, instead of once for every package we find out we're missing, we want to know what packages we could be missing in advance. Resurrect a smarter version of the runtime-related script. Finally, remove the runtime-related.txt test script, as it has now been superseeded by the sanity checks in listPackage. That is, obfuscating the runtime package will now panic if we are missing any necessary package information. To double check that we get the runtime's linkname edge case right, make gogarble.txt use runtime/debug.WriteHeapDump, which is implemented via a direct runtime linkname. This ensures we don't lose test coverage from runtime-related.txt.
3 years ago
// debug.WriteHeapDump is particularly interesting,
// as it is implemented by runtime via a linkname.
debug.WriteHeapDump(1)
support obfuscating the syscall package One more package that further unblocks obfuscating the runtime. The issue was the TODO we already had about go:linkname directives with just one argument, which are used in the syscall package. While here, factor out the obfuscation of linkname directives into transformLinkname, as it was starting to get a bit complex. We now support debug logging as well, while still being able to use "early returns" for some cases where we bail out. We also need listPackage to treat all runtime sub-packages like it does runtime itself, as `runtime/internal/syscall` linknames into `syscall` without it being a dependency as well. Finally, add a regression test that, without the fix, properly spots that the syscall package was not obfuscated: FAIL: testdata/script/gogarble.txtar:41: unexpected match for ["syscall.RawSyscall6"] in out Updates #193.
2 years ago
time.Now()
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
3 years ago
}