justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release-v0.12
ci-test
literalRecheck
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5af68cd80'
${ noResults }
garble/testdata/script/imports.txtar

204 lines
5.2 KiB
Plaintext
Raw Normal View History Unescape Escape

default to GOGARBLE=*, stop using GOPRIVATE We can drop the code that kicked in when GOGARBLE was empty. We can also add the value in addGarbleToHash unconditionally, as we never allow it to be empty. In the tests, remove all GOGARBLE lines where it just meant "obfuscate everything" or "obfuscate the entire main module". cgo.txtar had "obfuscate everything" as a separate step, so remove it entirely. linkname.txtar started failing because the imported package did not import strings, so listPackage errored out. This wasn't a problem when strings itself wasn't obfuscated, as transformLinkname silently left strings.IndexByte untouched. It is a problem when IndexByte does get obfuscated. Make that kind of listPackage error visible, and fix it. reflect.txtar started failing with "unreachable method" runtime throws. It's not clear to me why; it appears that GOGARBLE=* makes the linker think that ExportedMethodName is suddenly unreachable. Work around the problem by making the method explicitly reachable, and leave a TODO as a reminder to investigate. Finally, gogarble.txtar no longer needs to test for GOPRIVATE. The rest of the test is left the same, as we still want the various values for GOGARBLE to continue to work just like before. Fixes #594.
2 years ago
# Since this is the only test using "real" external modules fetched via GOPROXY,
# go.mod and go.sum should declare the dependencies.
testdata: set GOPRIVATE in all but two tests (#104) basic.txt just builds main.go without a module. Similarly, we leave imports.txt without a GOPRIVATE, to test the 'go list -m' fallback. For all other tests, explicitly set GOPRIVATE, to avoid two exec calls - both 'go env GOPRIVATE' as well as 'go list -m'. Each of those calls takes in the order of 10ms, so saving ~26 exec calls should easily add to 200-300ms saved from 'go test -short'.
4 years ago
testdata: avoid messing with the host's mod cache (#198) It turns out that the modules we include in testdata/mod via txtar-addmod don't result in the same h1 hash that one gets when using proxy.golang.org. As proof: $ go clean -modcache && go get -d rsc.io/quote@v1.5.2 && go test -short [...] --- FAIL: TestScripts/imports (0.06s) > garble build -tags buildtag go list error: exit status 1: verifying rsc.io/quote@v1.5.2: checksum mismatch downloaded: h1:w5fcysjrx7yqtD/aO+QwRjYZOKnaM9Uh2b40tElTs3Y= go.sum: h1:3fEykkD9k7lYzXqCYrwGAf7iNhbk4yCjHmKBN9td4L0= The added comment explains the situation in detail. For now, simply work around the issue by not sharing GOMODCACHE with the host.
4 years ago
# For now, use a throwaway module download cache instead of the host machine's.
# Usually it would be fine to reuse the host's, since we expose exact copies of
# some external modules in a local proxy, allowing 'go test' to work offline.
# However, for some reason, we end up with different hashes of the code for
# modules like rsc.io/quote, and it's unclear why. It might be a txtar-addmod bug.
# In any case, not worth our time to investigate right now, and "downloading"
# modules is instant since we just copy a handful of files.
#
# To reproduce the issue, remove the env line and run:
#
# go clean -modcache && go get -d rsc.io/quote@v1.5.2 && go test -short
env GOMODCACHE=$WORK/modcache
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble build -tags buildtag
garbling imported packages starts being supported
5 years ago
exec ./main
support std imports
5 years ago
cmp stdout main.stdout
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
3 years ago
! binsubstr main$exe 'ImportedVar' 'ImportedConst' 'ImportedFunc' 'garble_main.go' 'test/main' 'importedpkg.' 'NormalStruct' 'normalUnexportedField'
garbling imported packages starts being supported
5 years ago
shorten 'go test -short' run time Down from ~11s to ~7s, as we can skip some extra checks. While at it, avoid duplicate 'go test' builds in test.txt.
5 years ago
[short] stop # checking that the build is reproducible is slow
make output binaries deterministic We were leaking temporary file paths, which is no longer the case.
5 years ago
# Also check that the binary is reproducible when many imports are involved.
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
4 years ago
# No packages should be rebuilt either, thanks to the build cache.
make the tool work on Windows, enable tests The tests required a few last tweaks to work on Windows.
5 years ago
cp main$exe main_old$exe
rm main$exe
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble build -tags buildtag -v
initial support for build caching (#142) As per the discussion in https://github.com/golang/go/issues/41145, it turns out that we don't need special support for build caching in -toolexec. We can simply modify the behavior of "[...]/compile -V=full" and "[...]/link -V=full" so that they include garble's own version and options in the printed build ID. The part of the build ID that matters is the last, since it's the "content ID" which is used to work out whether there is a need to redo the action (build) or not. Since cmd/go parses the last word in the output as "buildID=...", we simply add "+garble buildID=_/_/_/${hash}". The slashes let us imitate a full binary build ID, but we assume that the other components such as the action ID are not necessary, since the only reader here is cmd/go and it only consumes the content ID. The reported content ID includes the tool's original content ID, garble's own content ID from the built binary, and the garble options which modify how we obfuscate code. If any of the three changes, we should use a different build cache key. GOPRIVATE also affects caching, since a different GOPRIVATE value means that we might have to garble a different set of packages. Include tests, which mainly check that 'garble build -v' prints package lines when we expect to always need to rebuild packages, and that it prints nothing when we should be reusing the build cache even when the built binary is missing. After this change, 'go test' on Go 1.15.2 stabilizes at about 8s on my machine, whereas it used to be at around 25s before.
4 years ago
! stderr .
make the tool work on Windows, enable tests The tests required a few last tweaks to work on Windows.
5 years ago
bincmp main$exe main_old$exe
make output binaries deterministic We were leaking temporary file paths, which is no longer the case.
5 years ago
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
go build -tags buildtag
don't remove "//go:" compile directives For example, this broke cgo, since it uses go:linkname. Updates #12.
4 years ago
exec ./main
cmp stdout main.stdout
Fix reflect detection if -literals is passed. Fixes #93. The second typecheck lead to the creation of different type objects, which didn't match the types in the blacklist anymore. It turns out we don't need the second typecheck, therfore it is now removed.
4 years ago
handle --long build flags properly cmd/go treats "--foo=bar" juts like "-foo=bar", just like any other program using the flag package. However, we didn't support this longer form in filterForwardBuildFlags. Because of it, "garble build -tags=foo" worked, but "garble build --tags=foo" did not, as we wouldn't forward "--tags=foo" as a build flag for "go list". Fixes #429.
3 years ago
# Check that -literals doesn't break anything.
# Also check that a different form of -tags still works.
set testscript's RequireExplicitExec and RequireUniqueNames The first makes our test scripts more consistent, as all external program executions happen via "exec" and are not as easily confused with custom builtin commands like our "generate-literals". The second catches mistakes if any of our txtar files have duplicate files, where all but one of the contents would be ignored before.
1 year ago
exec garble -literals build --tags=buildtag
Fix reflect detection if -literals is passed. Fixes #93. The second typecheck lead to the creation of different type objects, which didn't match the types in the blacklist anymore. It turns out we don't need the second typecheck, therfore it is now removed.
4 years ago
exec ./main
cmp stdout main.stdout
garbling imported packages starts being supported
5 years ago
-- go.mod --
make selection of packages configurable via GOPRIVATE Carefully select a default that will do the right thing when inside a module, as well as when building ad-hoc packages. This means we no longer need to look at the compiler's -std flag, which is nice. Also replace foo.com/ with test/, as per golang/go#37641. Fixes #7.
4 years ago
module test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
drop support for Go 1.19 Now that we're done with garble v0.9.x, v0.10 will only support Go 1.20 as a minimum version.
1 year ago
go 1.20
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
require (
gopkg.in/garbletest.v2 v2.999.0
Fix removing named imports and fix removing imports with init() methods
2 years ago
gopkg.in/garbletestconst.v2 v2.999.0
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me>
3 years ago
rsc.io/quote v1.5.2
)
require (
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c // indirect
rsc.io/sampler v1.3.0 // indirect
rsc.io/testonly v1.0.0 // indirect
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
)
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
-- go.sum --
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c h1:pvCbr/wm8HzDD3fVywevekufpn6tCGPY3spdHeZJEsw=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
work around a build cache regression in the previous commit The added comment in main.go explains the situation in detail. The added test is a minimization of the scenario, which failed: > cd mod1 > garble -seed=${SEED1} build -v gopkg.in/garbletest.v2 > cd ../mod2 > garble -seed=${SEED1} build -v [stderr] test/main/mod2 # test/main/mod2 cannot load garble export file for gopkg.in/garbletest.v2: open […]/go-build/ed/[…]-garble-ZV[…]-d: no such file or directory To work around the problem, we'll always add each package's GarbleActionID to its build artifact, even when not using -seed. This will get us the previous behavior with regards to the build cache, meaning that we fix the recent regression. The added variable doesn't make it to the final binary either. While here, improve the cached file loading error's context, and add an extra sanity check for duplicates on ListedPackages.
2 years ago
gopkg.in/garbletest.v2 v2.999.0 h1:XHlBQi3MAcJL2fjNiEPAPAilkzc7hAv4vyyjY5w+IUY=
gopkg.in/garbletest.v2 v2.999.0/go.mod h1:MI9QqKJD8i8oL8mW/bR0qq19/VuezEdJbVvl2B8Pa40=
Fix removing named imports and fix removing imports with init() methods
2 years ago
gopkg.in/garbletestconst.v2 v2.999.0 h1:VABqc63EJolbOSh1+WlSSQmX8ZT7VIs53mKCGxECTH8=
gopkg.in/garbletestconst.v2 v2.999.0/go.mod h1:QA2FI8zGZhhsdLJGUrq78ah+ohEZo9ZDw3ex+C2WVEc=
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
rsc.io/quote v1.5.2 h1:3fEykkD9k7lYzXqCYrwGAf7iNhbk4yCjHmKBN9td4L0=
rsc.io/quote v1.5.2/go.mod h1:LzX7hefJvL54yjefDEDHNONDjII0t9xZLPXsUe+TKr0=
work around a build cache regression in the previous commit The added comment in main.go explains the situation in detail. The added test is a minimization of the scenario, which failed: > cd mod1 > garble -seed=${SEED1} build -v gopkg.in/garbletest.v2 > cd ../mod2 > garble -seed=${SEED1} build -v [stderr] test/main/mod2 # test/main/mod2 cannot load garble export file for gopkg.in/garbletest.v2: open […]/go-build/ed/[…]-garble-ZV[…]-d: no such file or directory To work around the problem, we'll always add each package's GarbleActionID to its build artifact, even when not using -seed. This will get us the previous behavior with regards to the build cache, meaning that we fix the recent regression. The added variable doesn't make it to the final binary either. While here, improve the cached file loading error's context, and add an extra sanity check for duplicates on ListedPackages.
2 years ago
rsc.io/sampler v1.3.0 h1:+lXbM7nYGGOYhnMEiMtjCwcUfjn4sajeMm15HMT6SnU=
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
4 years ago
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me>
3 years ago
rsc.io/testonly v1.0.0 h1:K/VWHdO+Jv7woUXG0GzVNx1czBXUt3Ib1deaMn+xk64=
rsc.io/testonly v1.0.0/go.mod h1:OqmGbIFOcF+XrFReLOGZ6BhMM7uMBiQwZsyNmh74SzY=
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
3 years ago
-- garble_main.go --
garbling imported packages starts being supported
5 years ago
package main
support std imports
5 years ago
import (
"fmt"
Fix removing named imports and fix removing imports with init() methods
2 years ago
"database/sql"
support building modules which require other modules We use 'go list -json -export' to locate required modules. This works fine to locate direct module dependencies; since we're building in the current module, we run 'go list' in the correct directory. However, if we're building one of those module dependencies, and it has other module dependencies of its own, we would fail with cryptic errors like: typecheck error: [...] go list error: updates to go.sum needed, disabled by -mod=readonly This is because we would try to run 'go list' outside of the main module, probably inside the module cache. Instead, use a $GARBLE_DIR env var from the top-level 'garble build' call to always run 'go list' in the original directory. We add a few small modules to properly test this. Updates #9.
4 years ago
reimplement import path obfuscation without goobj2 (#242) We used to rely on a parallel implementation of an object file parser and writer to be able to obfuscate import paths. After compiling each package, we would parse the object file, replace the import paths, and write the updated object file in-place. That worked well, in most cases. Unfortunately, it had some flaws: * Complexity. Even when most of the code is maintained in a separate module, the import_obfuscation.go file was still close to a thousand lines of code. * Go compatibility. The object file format changes between Go releases, so we were supporting Go 1.15, but not 1.16. Fixing the object file package to work with 1.16 would probably break 1.15 support. * Bugs. For example, we recently had to add a workaround for #224, since import paths containing dots after the domain would end up escaped. Another example is #190, which seems to be caused by the object file parser or writer corrupting the compiled code and causing segfaults in some rare edge cases. Instead, let's drop that method entirely, and force the compiler and linker to do the work for us. The steps necessary when compiling a package to obfuscate are: 1) Replace its "package foo" lines with the obfuscated package path. No need to separate the package path and name, since the obfuscated path does not contain slashes. 2) Replace the "-p pkg/foo" flag with the obfuscated path. 3) Replace the "import" spec lines with the obfuscated package paths, for those dependencies which were obfuscated. 4) Replace the "-importcfg [...]" file with a version that uses the obfuscated paths instead. The linker also needs that last step, since it also uses an importcfg file to find object files. There are three noteworthy drawbacks to this new method: 1) Since we no longer write object files, we can't use them to store data to be cached. As such, the -debugdir flag goes back to using the "-a" build flag to always rebuild all packages. On the plus side, that caching didn't work very well; see #176. 2) The package name "main" remains in all declarations under it, not just "func main", since we can only rename entire packages. This seems fine, as it gives little information to the end user. 3) The -tiny mode no longer sets all lines to 0, since it did that by modifying object files. As a temporary measure, we instead set all top-level declarations to be on line 1. A TODO is added to hopefully improve this again in the near future. The upside is that we get rid of all the issues mentioned before. Plus, garble now nearly works with Go 1.16, with the exception of two very minor bugs that look fixable. A follow-up PR will take care of that and start testing on 1.16. Fixes #176. Fixes #190.
3 years ago
"test/main/importedpkg"
support building modules which require other modules We use 'go list -json -export' to locate required modules. This works fine to locate direct module dependencies; since we're building in the current module, we run 'go list' in the correct directory. However, if we're building one of those module dependencies, and it has other module dependencies of its own, we would fail with cryptic errors like: typecheck error: [...] go list error: updates to go.sum needed, disabled by -mod=readonly This is because we would try to run 'go list' outside of the main module, probably inside the module cache. Instead, use a $GARBLE_DIR env var from the top-level 'garble build' call to always run 'go list' in the original directory. We add a few small modules to properly test this. Updates #9.
4 years ago
"rsc.io/quote"
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
garbletest "gopkg.in/garbletest.v2"
Fix removing named imports and fix removing imports with init() methods
2 years ago
garbletestconst "gopkg.in/garbletestconst.v2"
support std imports
5 years ago
)
garbling imported packages starts being supported
5 years ago
func main() {
reimplement import path obfuscation without goobj2 (#242) We used to rely on a parallel implementation of an object file parser and writer to be able to obfuscate import paths. After compiling each package, we would parse the object file, replace the import paths, and write the updated object file in-place. That worked well, in most cases. Unfortunately, it had some flaws: * Complexity. Even when most of the code is maintained in a separate module, the import_obfuscation.go file was still close to a thousand lines of code. * Go compatibility. The object file format changes between Go releases, so we were supporting Go 1.15, but not 1.16. Fixing the object file package to work with 1.16 would probably break 1.15 support. * Bugs. For example, we recently had to add a workaround for #224, since import paths containing dots after the domain would end up escaped. Another example is #190, which seems to be caused by the object file parser or writer corrupting the compiled code and causing segfaults in some rare edge cases. Instead, let's drop that method entirely, and force the compiler and linker to do the work for us. The steps necessary when compiling a package to obfuscate are: 1) Replace its "package foo" lines with the obfuscated package path. No need to separate the package path and name, since the obfuscated path does not contain slashes. 2) Replace the "-p pkg/foo" flag with the obfuscated path. 3) Replace the "import" spec lines with the obfuscated package paths, for those dependencies which were obfuscated. 4) Replace the "-importcfg [...]" file with a version that uses the obfuscated paths instead. The linker also needs that last step, since it also uses an importcfg file to find object files. There are three noteworthy drawbacks to this new method: 1) Since we no longer write object files, we can't use them to store data to be cached. As such, the -debugdir flag goes back to using the "-a" build flag to always rebuild all packages. On the plus side, that caching didn't work very well; see #176. 2) The package name "main" remains in all declarations under it, not just "func main", since we can only rename entire packages. This seems fine, as it gives little information to the end user. 3) The -tiny mode no longer sets all lines to 0, since it did that by modifying object files. As a temporary measure, we instead set all top-level declarations to be on line 1. A TODO is added to hopefully improve this again in the near future. The upside is that we get rid of all the issues mentioned before. Plus, garble now nearly works with Go 1.16, with the exception of two very minor bugs that look fixable. A follow-up PR will take care of that and start testing on 1.16. Fixes #176. Fixes #190.
3 years ago
fmt.Println(importedpkg.ImportedVar)
fmt.Println(importedpkg.ImportedConst)
fmt.Println(importedpkg.ImportedFunc('x'))
normal := importedpkg.NormalStruct{SharedName: 3}
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
normal.IndirectStruct.Field = 23
fmt.Println(normal)
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
support building modules which require other modules We use 'go list -json -export' to locate required modules. This works fine to locate direct module dependencies; since we're building in the current module, we run 'go list' in the correct directory. However, if we're building one of those module dependencies, and it has other module dependencies of its own, we would fail with cryptic errors like: typecheck error: [...] go list error: updates to go.sum needed, disabled by -mod=readonly This is because we would try to run 'go list' outside of the main module, probably inside the module cache. Instead, use a $GARBLE_DIR env var from the top-level 'garble build' call to always run 'go list' in the original directory. We add a few small modules to properly test this. Updates #9.
4 years ago
fmt.Println(quote.Go())
make the handling of import paths more robust First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.
3 years ago
garbletest.Test()
Fix removing named imports and fix removing imports with init() methods
2 years ago
fmt.Println(garbletestconst.StrConst)
fmt.Println(sql.Drivers()[0])
garbling imported packages starts being supported
5 years ago
}
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
-- notag_fail.go --
use go:build in script/imports.txtar This form has been preferred over +build since Go 1.17.
1 year ago
//go:build !buildtag
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
package main
var foo int = "should be omitted by -tags"
-- withtag_success.go --
use go:build in script/imports.txtar This form has been preferred over +build since Go 1.17.
1 year ago
//go:build buildtag
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
package main
import "fmt"
func init() { fmt.Println("buildtag init func") }
properly fix obfuscated imports with their package names (#245) The TODO I left there didn't take long to surface as a bug. If the package path ends with a word containing a hyphen, that's not a valid identifier, so we end up with invalid Go syntax. Add that test case, as well as one where an import was already named. To fix the issue, we just need to use the package name we got from 'go list -json'. Fixes #243.
3 years ago
-- differentpkg_unnamed.go --
package main
support import paths ending with ".go" When splitFlagsFromFiles saw "-p foo/bar.go", it thought that was the first Go file, when in fact it's not. We didn't notice because such import paths are pretty rare, but they do exist, like github.com/nats-io/nats.go. Before the fix, the added test case fails as expected: > garble build -tags buildtag [stderr] # test/main/goextension.go open test/main/goextension.go: no such file or directory We could go through the trouble of teaching splitFlagsFromFiles about all of the flags understood by the compiler and linker, but that feels like far more code than the small alternative we went with. And I'm pretty sure the alternative will work pretty reliably for now. Fixes #539.
2 years ago
import (
"test/main/different-pkg-name"
"test/main/goextension.go"
)
properly fix obfuscated imports with their package names (#245) The TODO I left there didn't take long to surface as a bug. If the package path ends with a word containing a hyphen, that's not a valid identifier, so we end up with invalid Go syntax. Add that test case, as well as one where an import was already named. To fix the issue, we just need to use the package name we got from 'go list -json'. Fixes #243.
3 years ago
var _ = actualpkgname.Noop
support import paths ending with ".go" When splitFlagsFromFiles saw "-p foo/bar.go", it thought that was the first Go file, when in fact it's not. We didn't notice because such import paths are pretty rare, but they do exist, like github.com/nats-io/nats.go. Before the fix, the added test case fails as expected: > garble build -tags buildtag [stderr] # test/main/goextension.go open test/main/goextension.go: no such file or directory We could go through the trouble of teaching splitFlagsFromFiles about all of the flags understood by the compiler and linker, but that feels like far more code than the small alternative we went with. And I'm pretty sure the alternative will work pretty reliably for now. Fixes #539.
2 years ago
var _ = goextension.Noop
properly fix obfuscated imports with their package names (#245) The TODO I left there didn't take long to surface as a bug. If the package path ends with a word containing a hyphen, that's not a valid identifier, so we end up with invalid Go syntax. Add that test case, as well as one where an import was already named. To fix the issue, we just need to use the package name we got from 'go list -json'. Fixes #243.
3 years ago
-- differentpkg_named.go --
package main
import named "test/main/different-pkg-name"
var _ = named.Noop
reimplement import path obfuscation without goobj2 (#242) We used to rely on a parallel implementation of an object file parser and writer to be able to obfuscate import paths. After compiling each package, we would parse the object file, replace the import paths, and write the updated object file in-place. That worked well, in most cases. Unfortunately, it had some flaws: * Complexity. Even when most of the code is maintained in a separate module, the import_obfuscation.go file was still close to a thousand lines of code. * Go compatibility. The object file format changes between Go releases, so we were supporting Go 1.15, but not 1.16. Fixing the object file package to work with 1.16 would probably break 1.15 support. * Bugs. For example, we recently had to add a workaround for #224, since import paths containing dots after the domain would end up escaped. Another example is #190, which seems to be caused by the object file parser or writer corrupting the compiled code and causing segfaults in some rare edge cases. Instead, let's drop that method entirely, and force the compiler and linker to do the work for us. The steps necessary when compiling a package to obfuscate are: 1) Replace its "package foo" lines with the obfuscated package path. No need to separate the package path and name, since the obfuscated path does not contain slashes. 2) Replace the "-p pkg/foo" flag with the obfuscated path. 3) Replace the "import" spec lines with the obfuscated package paths, for those dependencies which were obfuscated. 4) Replace the "-importcfg [...]" file with a version that uses the obfuscated paths instead. The linker also needs that last step, since it also uses an importcfg file to find object files. There are three noteworthy drawbacks to this new method: 1) Since we no longer write object files, we can't use them to store data to be cached. As such, the -debugdir flag goes back to using the "-a" build flag to always rebuild all packages. On the plus side, that caching didn't work very well; see #176. 2) The package name "main" remains in all declarations under it, not just "func main", since we can only rename entire packages. This seems fine, as it gives little information to the end user. 3) The -tiny mode no longer sets all lines to 0, since it did that by modifying object files. As a temporary measure, we instead set all top-level declarations to be on line 1. A TODO is added to hopefully improve this again in the near future. The upside is that we get rid of all the issues mentioned before. Plus, garble now nearly works with Go 1.16, with the exception of two very minor bugs that look fixable. A follow-up PR will take care of that and start testing on 1.16. Fixes #176. Fixes #190.
3 years ago
-- importedpkg/imported.go --
package importedpkg
garbling imported packages starts being supported
5 years ago
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
import (
reimplement import path obfuscation without goobj2 (#242) We used to rely on a parallel implementation of an object file parser and writer to be able to obfuscate import paths. After compiling each package, we would parse the object file, replace the import paths, and write the updated object file in-place. That worked well, in most cases. Unfortunately, it had some flaws: * Complexity. Even when most of the code is maintained in a separate module, the import_obfuscation.go file was still close to a thousand lines of code. * Go compatibility. The object file format changes between Go releases, so we were supporting Go 1.15, but not 1.16. Fixing the object file package to work with 1.16 would probably break 1.15 support. * Bugs. For example, we recently had to add a workaround for #224, since import paths containing dots after the domain would end up escaped. Another example is #190, which seems to be caused by the object file parser or writer corrupting the compiled code and causing segfaults in some rare edge cases. Instead, let's drop that method entirely, and force the compiler and linker to do the work for us. The steps necessary when compiling a package to obfuscate are: 1) Replace its "package foo" lines with the obfuscated package path. No need to separate the package path and name, since the obfuscated path does not contain slashes. 2) Replace the "-p pkg/foo" flag with the obfuscated path. 3) Replace the "import" spec lines with the obfuscated package paths, for those dependencies which were obfuscated. 4) Replace the "-importcfg [...]" file with a version that uses the obfuscated paths instead. The linker also needs that last step, since it also uses an importcfg file to find object files. There are three noteworthy drawbacks to this new method: 1) Since we no longer write object files, we can't use them to store data to be cached. As such, the -debugdir flag goes back to using the "-a" build flag to always rebuild all packages. On the plus side, that caching didn't work very well; see #176. 2) The package name "main" remains in all declarations under it, not just "func main", since we can only rename entire packages. This seems fine, as it gives little information to the end user. 3) The -tiny mode no longer sets all lines to 0, since it did that by modifying object files. As a temporary measure, we instead set all top-level declarations to be on line 1. A TODO is added to hopefully improve this again in the near future. The upside is that we get rid of all the issues mentioned before. Plus, garble now nearly works with Go 1.16, with the exception of two very minor bugs that look fixable. A follow-up PR will take care of that and start testing on 1.16. Fixes #176. Fixes #190.
3 years ago
"test/main/importedpkg/indirect"
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
)
exclude identifiers used via reflection If reflect.TypeOf or reflect.ValueOf are used on a type declared in the same package, don't garble that type name or any of its fields. Fixes #15.
4 years ago
garbling imported packages starts being supported
5 years ago
var ImportedVar = "imported var value"
const ImportedConst = "imported const value"
support std imports
5 years ago
func ImportedFunc(param rune) string {
return string(param)
}
Fix bug where structs would get garbled in some packages but not in others (#161) * fix bug where structs would get garbled in some packages but not in others * only check if struct/field was not defined in current package * fix a related bug when two objects share the same name in the same package and one is garbled but the other one is not * renamed parameter for clarity
4 years ago
const SharedName = 2
Allow struct fields to be garbled, fixes #48 (#159) * Allow struct fields to be garbled, fixes #48 * fix syntax test script * simplified code according to review
4 years ago
type NormalStruct struct {
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
SharedName int
IndirectStruct indirect.Indirect
Allow struct fields to be garbled, fixes #48 (#159) * Allow struct fields to be garbled, fixes #48 * fix syntax test script * simplified code according to review
4 years ago
normalUnexportedField int
}
avoid go/printer from breaking imports We obfuscate import paths in import declarations like: "domain.com/somepkg" by replacing them with the obfuscated package path: somepkg "HPS4Mskq" Note how we add a name to the import if there wasn't one, so that references like somepkg.Foo keep working in the code. This could break in some edge cases involving comments between imports in the Go code, because go/printer is somewhat brittle with positions: > garble build -tags buildtag [stderr] # test/main/importedpkg :16: syntax error: missing import path exit status 2 exit status 2 To prevent that, ensure the name has a reasonable position. This was preventing github.com/gorilla/websocket from being obufscated. It is a fairly popular library in Go, but we don't add it to scripts/check-third-party.sh for now as wireguard already gives us coverage over networking and cryptography.
2 years ago
-- importedpkg/commented_imports.go --
package importedpkg
// The import group below used to trigger a bug in go/printer
// where a named import could end up across two lines:
//
// indirect
// "HPS4Mskq"
//
// resulting in a subsequent parsing failure:
//
// syntax error: missing import path
import (
// first comment
"test/main/importedpkg/another"
// second comment
"test/main/importedpkg/indirect"
)
var _ indirect.Indirect
var _ = another.Blank
-- importedpkg/another/pkg.go --
package another
const Blank = 3
reimplement import path obfuscation without goobj2 (#242) We used to rely on a parallel implementation of an object file parser and writer to be able to obfuscate import paths. After compiling each package, we would parse the object file, replace the import paths, and write the updated object file in-place. That worked well, in most cases. Unfortunately, it had some flaws: * Complexity. Even when most of the code is maintained in a separate module, the import_obfuscation.go file was still close to a thousand lines of code. * Go compatibility. The object file format changes between Go releases, so we were supporting Go 1.15, but not 1.16. Fixing the object file package to work with 1.16 would probably break 1.15 support. * Bugs. For example, we recently had to add a workaround for #224, since import paths containing dots after the domain would end up escaped. Another example is #190, which seems to be caused by the object file parser or writer corrupting the compiled code and causing segfaults in some rare edge cases. Instead, let's drop that method entirely, and force the compiler and linker to do the work for us. The steps necessary when compiling a package to obfuscate are: 1) Replace its "package foo" lines with the obfuscated package path. No need to separate the package path and name, since the obfuscated path does not contain slashes. 2) Replace the "-p pkg/foo" flag with the obfuscated path. 3) Replace the "import" spec lines with the obfuscated package paths, for those dependencies which were obfuscated. 4) Replace the "-importcfg [...]" file with a version that uses the obfuscated paths instead. The linker also needs that last step, since it also uses an importcfg file to find object files. There are three noteworthy drawbacks to this new method: 1) Since we no longer write object files, we can't use them to store data to be cached. As such, the -debugdir flag goes back to using the "-a" build flag to always rebuild all packages. On the plus side, that caching didn't work very well; see #176. 2) The package name "main" remains in all declarations under it, not just "func main", since we can only rename entire packages. This seems fine, as it gives little information to the end user. 3) The -tiny mode no longer sets all lines to 0, since it did that by modifying object files. As a temporary measure, we instead set all top-level declarations to be on line 1. A TODO is added to hopefully improve this again in the near future. The upside is that we get rid of all the issues mentioned before. Plus, garble now nearly works with Go 1.16, with the exception of two very minor bugs that look fixable. A follow-up PR will take care of that and start testing on 1.16. Fixes #176. Fixes #190.
3 years ago
-- importedpkg/indirect/indirect.go --
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
package indirect
type Indirect struct {
Field int
}
properly fix obfuscated imports with their package names (#245) The TODO I left there didn't take long to surface as a bug. If the package path ends with a word containing a hyphen, that's not a valid identifier, so we end up with invalid Go syntax. Add that test case, as well as one where an import was already named. To fix the issue, we just need to use the package name we got from 'go list -json'. Fixes #243.
3 years ago
-- different-pkg-name/pkg.go --
package actualpkgname
var Noop int
support import paths ending with ".go" When splitFlagsFromFiles saw "-p foo/bar.go", it thought that was the first Go file, when in fact it's not. We didn't notice because such import paths are pretty rare, but they do exist, like github.com/nats-io/nats.go. Before the fix, the added test case fails as expected: > garble build -tags buildtag [stderr] # test/main/goextension.go open test/main/goextension.go: no such file or directory We could go through the trouble of teaching splitFlagsFromFiles about all of the flags understood by the compiler and linker, but that feels like far more code than the small alternative we went with. And I'm pretty sure the alternative will work pretty reliably for now. Fixes #539.
2 years ago
-- goextension.go/ext.go --
package goextension
var Noop int
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
-- main.stdout --
keep build flags when calling 'go list' Otherwise any build flags like -tags won't be used, and we might easily end up with errors or incorrect packages. The common case with -tags is covered by one of the integration test scripts. On top of that, we add a table-driven unit test to cover all edge cases, since there are many we can do quickly in a unit test. Fixes #82.
4 years ago
buildtag init func
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
imported var value
imported const value
blacklist struct fields with reflection too In the added test, the unexported field used to be garbled. Reflection can only reach exported methods, exported fields, and unexported fields. Exported methods and fields are currently never garbled, so unexported fields was the only missing piece.
4 years ago
x
fix garbling names belonging to indirect imports (#203) main.go includes a lengthy comment that documents this edge case, why it happened, and how we are fixing it. To summarize, we should no longer error with a build error in those cases. Read the comment for details. A few other minor changes were done to allow writing this patch. First, the actionID and contentID funcs were renamed, since they started to collide with variable names. Second, the logging has been improved a bit, which allowed me to debug the issue. Third, the "cache" global shared by all garble sub-processes now includes the necessary parameters to run "go list -toolexec", including the path to garble and the build flags being used. Thanks to lu4p for writing a test case, which also applied gofmt to that testdata Go file. Fixes #180. Closes #181, since it includes its test case.
4 years ago
{3 {23} 0}
make detection of reflect more robust It now works with variables and composite type expressions too.
4 years ago
Don't communicate by sharing memory, share memory by communicating.
Fix removing named imports and fix removing imports with init() methods
2 years ago
42
support import paths ending with ".go" When splitFlagsFromFiles saw "-p foo/bar.go", it thought that was the first Go file, when in fact it's not. We didn't notice because such import paths are pretty rare, but they do exist, like github.com/nats-io/nats.go. Before the fix, the added test case fails as expected: > garble build -tags buildtag [stderr] # test/main/goextension.go open test/main/goextension.go: no such file or directory We could go through the trouble of teaching splitFlagsFromFiles about all of the flags understood by the compiler and linker, but that feels like far more code than the small alternative we went with. And I'm pretty sure the alternative will work pretty reliably for now. Fixes #539.
2 years ago
dummy