You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.4 KiB
1.4 KiB
garble
Obfuscate a Go build.
garble build [build flags] [packages]
which is equivalent to the longer:
go build -a -trimpath -toolexec=garble [build flags] [packages]
Purpose
Produce a binary that works as well as a regular build, but that has as little information about the original source code as possible.
The tool is designed to be:
- Coupled with
cmd/go
, to support bothGOPATH
and modules with ease - Deterministic, though the output is not yet reproducible
- eversible
Mechanism
The tool wraps calls to the Go compiler to transform the Go source code, in order to:
- Replace as many useful identifiers as possible with short base64 hashes
- Remove module build information
- Remove comments and empty lines, to make position info less useful
It also wraps calls to the linker in order to:
- Enforce the
-s
flag, to not include the symbol table - Enforce the
-w
flag, to not include DWARF debugging data
Finally, the tool requires the use of the -trimpath
build flag, to ensure the
binary doesn't include paths from the current filesystem.
Caveats
The -a
flag for go build
is required, since -toolexec
doesn't work well
with the build cache; see #27628.
Since no caching at all can take place right now (see the link above), builds
will be slower than go build
- especially for large projects.