zishuo/garble
1
0
Fork 0
mirror of https://github.com/burrowers/garble.git synced 2025-12-24 12:58:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
da5ddfa45d137744d23f23c61a4eec2e546c66a8
garble/testdata/script/gogarble.txtar
Daniel Martí da5ddfa45d avoid go:linkname warnings when building on tip 
Packages like os and sync have started using go:linknames pointing to
packages outside their dependency tree, much like runtime already did.
This started causing warnings to be printed while obfuscsating std:

    > exec garble build -o=out_rebuild ./stdimporter
    [stderr]
    # sync
    //go:linkname refers to syscall.hasWaitingReaders - add `import _ "syscall"` for garble to find the package
    # os
    //go:linkname refers to net.newUnixFile - add `import _ "net"` for garble to find the package
    > bincmp out_rebuild out
    PASS

Relax the restriction in listPackage so that any package in std
is now allowed to list packages in runtimeLinknamed,
which makes the warnings and any potential problems go away.
Also make these std test cases check that no warnings are printed,
since I only happened to notice this problem by chance.
2023-06-03 11:42:46 +01:00

92 lines
2.9 KiB
Plaintext
Raw Blame History

# Ensure that "does not match any packages" works.
env GOGARBLE=match-absolutely/nothing
! exec garble build -o=out ./standalone
stderr '^GOGARBLE="match-absolutely/nothing" does not match any packages to be built$'
# A build where just some packages are obfuscated.
env GOGARBLE=test/main/imported
exec garble -literals build -o=out ./importer
! binsubstr out 'some long string to obfuscate'
binsubstr out 'some long string to not obfuscate'
# Obfuscated packages which import non-obfuscated std packages.
# Some of the imported std packages use "import maps" due to vendoring,
# and a past bug made this case fail for "garble build".
env GOGARBLE=test/main
exec garble build -o=out ./stdimporter
[short] stop # rebuilding std is slow
# Go back to the default of obfuscating all packages.
env GOGARBLE='*'
# Try garbling all of std, given some std packages.
# No need for a main package here; building the std packages directly works the
# same, and is faster as we don't need to link a binary.
# This used to cause multiple errors, mainly since std vendors some external
# packages so we must properly support ImportMap.
# Plus, some packages like net make heavy use of complex features like Cgo.
# Note that we won't obfuscate a few std packages just yet, mainly those around runtime.
exec garble build std
! stderr . # no warnings
# Link a binary importing net/http, which will catch whether or not we
# support ImportMap when linking.
# Also ensure we are obfuscating low-level std packages.
exec garble build -o=out ./stdimporter
! stderr . # no warnings
! binsubstr out 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' 'syscall.Listen'
# The same low-level std packages appear in plain sight in regular builds.
go build -o=out_regular ./stdimporter
binsubstr out_regular 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' 'syscall.Listen'
# Also check that a full rebuild is reproducible, via a new GOCACHE.
# This is slow, but necessary to uncover bugs hidden by the build cache.
# We also forcibly rebuild runtime on its own, given it used to be non-reproducible
# due to its use of linknames pointing at std packages it doesn't depend upon.
env GOCACHE=${WORK}/gocache-empty
exec garble build -a runtime
exec garble build -o=out_rebuild ./stdimporter
bincmp out_rebuild out
-- go.mod --
module test/main
go 1.20
-- standalone/main.go --
package main
func main() {}
-- importer/importer.go --
package main
import "test/main/imported"
func main() {
println(imported.LongString)
println("some long string to not obfuscate")
}
-- imported/imported.go --
package imported
var LongString = "some long string to obfuscate"
-- stdimporter/main.go --
package main
import (
"net/http"
"runtime/debug"
"time"
"syscall"
)
func main() {
http.ListenAndServe("", nil)
// debug.WriteHeapDump is particularly interesting,
// as it is implemented by runtime via a linkname.
debug.WriteHeapDump(1)
time.Now()
syscall.Listen(0, 1)
}
Reference in New Issue View Git Blame Copy Permalink