justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
ci-test
literalRecheck
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fceb19f6da'
${ noResults }
garble/testdata/scripts/gogarble.txt

69 lines
2.0 KiB
Plaintext
Raw Normal View History Unescape Escape

deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
4 years ago
# Ensure that "does not match any packages" works with GOPRIVATE and GOGARBLE.
env GOGARBLE=match-absolutely/nothing
! garble build -o=out ./standalone
stderr '^GOGARBLE="match-absolutely/nothing" does not match any packages to be built$'
env GOGARBLE=
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
env GOPRIVATE=match-absolutely/nothing
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
5 years ago
! garble build -o=out ./standalone
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
4 years ago
stderr '^GOGARBLE="match-absolutely/nothing" does not match any packages to be built$'
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
5 years ago
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
4 years ago
env GOGARBLE=test/main/imported
Obfuscate more packages of the standard library (#312) Also update linkname directives of public packages, to allow the package where something is linknamed to to be obfuscated regardless. Public packages can now depend on private packages.
4 years ago
garble build ./importer
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
keep importmap entries in the right direction For packages that we alter, we parse and modify the importcfg file. Parsing is necessary so we can locate obfuscated object files, which we use to remember what identifiers were obfuscated. Modifying the files is necessary when we obfuscate import paths, and those import paths have entries in an importcfg file. However, we made one crucial mistake when writing the code. When handling importmap entries such as: importmap golang.org/x/net/idna=vendor/golang.org/x/net/idna we would name the two sides beforePath and afterPath, respectively. They were added to importMap with afterPath as the key, but when we iterated over the map to write a modified importcfg file, we would then assume the key is beforepath. All in all, we would end up writing the opposite direction: importmap vendor/golang.org/x/net/idna=golang.org/x/net/idna This would ultimately result in the importmap never being useful, and some rather confusing error messages such as: cannot find package golang.org/x/net/idna (using -importcfg) Add a test case that reproduces this error, and fix the code so it always uses beforePath as the key. Note that we were also updating importCfgEntries with such entries. I could not reproduce any failure when just removing that code, nor could I explain why it was added there in the first place. As such, remove that bit of code as well. Finally, a reasonable question might be why we never noticed the bug. In practice, such "importmap"s, represented as ImportMap by "go list", only currently appear for packages vendored into the standard library. Until very recently, we didn't support obfuscating most of std, so we would usually not alter the affected importcfg files. Now that we do parse and modify them, the bug surfaced. Fixes #408.
4 years ago
# Obfuscated packages which import non-obfuscated std packages.
# Some of the imported std packages use "import maps" due to vendoring,
# and a past bug made this case fail for "garble build".
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
4 years ago
env GOGARBLE=test/main
keep importmap entries in the right direction For packages that we alter, we parse and modify the importcfg file. Parsing is necessary so we can locate obfuscated object files, which we use to remember what identifiers were obfuscated. Modifying the files is necessary when we obfuscate import paths, and those import paths have entries in an importcfg file. However, we made one crucial mistake when writing the code. When handling importmap entries such as: importmap golang.org/x/net/idna=vendor/golang.org/x/net/idna we would name the two sides beforePath and afterPath, respectively. They were added to importMap with afterPath as the key, but when we iterated over the map to write a modified importcfg file, we would then assume the key is beforepath. All in all, we would end up writing the opposite direction: importmap vendor/golang.org/x/net/idna=golang.org/x/net/idna This would ultimately result in the importmap never being useful, and some rather confusing error messages such as: cannot find package golang.org/x/net/idna (using -importcfg) Add a test case that reproduces this error, and fix the code so it always uses beforePath as the key. Note that we were also updating importCfgEntries with such entries. I could not reproduce any failure when just removing that code, nor could I explain why it was added there in the first place. As such, remove that bit of code as well. Finally, a reasonable question might be why we never noticed the bug. In practice, such "importmap"s, represented as ImportMap by "go list", only currently appear for packages vendored into the standard library. Until very recently, we didn't support obfuscating most of std, so we would usually not alter the affected importcfg files. Now that we do parse and modify them, the bug surfaced. Fixes #408.
4 years ago
garble build -o=out ./stdimporter
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
4 years ago
[short] stop # rebuilding std is slow
deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
4 years ago
env GOGARBLE='*'
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
obfuscate fewer std packages (#196) Previously, we were never obfuscating runtime and its direct dependencies. Unfortunately, due to linkname, the runtime package is actually closely related to dozens of other std packages as well. Until we can obfuscate the runtime and properly support go:linkname directives, obfuscating fewer std packages is a better outcome than breaking and not producing any obfuscated code at all. The added test case is building runtime/pprof, which used to cause failures: # runtime/pprof /go/src/runtime/pprof/label.go:27:21: undefined: context.Context /go/src/runtime/pprof/label.go:59:21: undefined: context.Context /go/src/runtime/pprof/label.go:93:16: undefined: context.Context /go/src/runtime/pprof/label.go:101:20: undefined: context.Context The net package was also very close to obfuscating properly thanks to this change, so its test is now run as well. The only other remaining fix was to not obfuscate fields on cgo types, since those aren't obfuscated at the moment. The map is pretty long, but it's only a temporary solution and the command to obtain the list again is included. Never obfuscating the entire std library is also an option, but it's a bit unnecessary. Fixes #134.
5 years ago
# Try garbling all of std, given some std packages.
# No need for a main package here; building the std packages directly works the
# same, and is faster as we don't need to link a binary.
support typechecking all of std (#236) There was one bug keeping the command below from working: GOPRIVATE='*' garble build std The bug is rather obscure; I'm still working on a minimal reproducer that I can submit upstream, and I'm not yet convinced about where the bug lives and how it can be fixed. In short, the command would fail with: typecheck error: /go/src/crypto/ecdsa/ecdsa.go:122:12: cannot use asn1.SEQUENCE (constant 48 of type asn1.Tag) as asn1.Tag value in argument to b.AddASN1 Note that the error is ambiguous; there are two asn1 packages, but they are actually mismatching. We can see that by manually adding debug prints to go/types: constant: asn1.SEQUENCE (constant 48 of type golang.org/x/crypto/cryptobyte/asn1.Tag) argument type: vendor/golang.org/x/crypto/cryptobyte/asn1.Tag It's clear that, for some reason, go/types ends up confused and loading a vendored and non-vendored version of asn1. There also seems to be no way to work around this with our lookup function, as it just receives an import path as a parameter, and returns an object file reader. For now, work around the issue by *not* using a custom lookup function in this rare edge case involving vendored dependencies in std packages. The added code has a lengthy comment explaining the reasoning. I still intend to investigate this further, but there's no reason to keep garble failing if we can work around the bug. Fixes #223.
4 years ago
# This used to cause multiple errors, mainly since std vendors some external
# packages so we must properly support ImportMap.
# Plus, some packages like net make heavy use of complex features like Cgo.
# Note that we won't obfuscate a few std packages just yet, mainly those around runtime.
garble build std
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
4 years ago
# Link a binary importing net/http, which will catch whether or not we
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
4 years ago
# support ImportMap when linking.
garble build -o=out ./stdimporter
avoid reproducibility issues with full rebuilds We were using temporary filenames for modified Go and assembly files. For example, an obfuscated "encoding/json/encode.go" would end up as: /tmp/garble-shared123/encode.go.456.go where "123" and "456" are random numbers, usually longer. This was usually fine for two reasons: 1) We would add "/tmp/garble-shared123/" to -trimpath, so the temporary directory and its random number would be invisible. 2) We would add "//line" directives to the source files, replacing the filename with obfuscated versions excluding any random number. Unfortunately, this broke in multiple ways. Most notably, assembly files do not have any line directives, and it's not clear that there's any support for them. So the random number in their basename could end up in the binary, breaking reproducibility. Another issue is that the -trimpath addition described above was only done for cmd/compile, not cmd/asm, so assembly filenames included the randomized temporary directory. To fix the issues above, the same "encoding/json/encode.go" would now end up as: /tmp/garble-shared123/encoding/json/encode.go Such a path is still unique even though the "456" random number is gone, as import paths are unique within a single build. This fixes issues with the base name of each file, so we no longer rely on line directives as the only way to remove the second original random number. We still rely on -trimpath to get rid of the temporary directory in filenames. To fix its problem with assembly files, also amend the -trimpath flag when running the assembler tool. Finally, add a test that reproducible builds still work when a full rebuild is done. We choose goprivate.txt for such a test as its stdimporter package imports a number of std packages, including uses of assembly and cgo. For the time being, we don't use such a "full rebuild" reproducibility test in other test scripts, as this step is expensive, rebuilding many packages from scratch. This issue went unnoticed for over a year because such random numbers "123" and "456" were created when a package was obfuscated, and that only happened once per package version as long as the build cache was kept intact. When clearing the build cache, or forcing a rebuild with -a, one gets new random numbers, and thus a different binary resulting from the same build input. That's not something that most users would do regularly, and our tests did not cover that edge case either, until now. Fixes #328.
4 years ago
# Also check that a full rebuild is reproducible,
# with -a to rebuild all packages.
# This is slow, but necessary to uncover bugs hidden by the build cache.
garble build -o=out_rebuild -a ./stdimporter
bincmp out_rebuild out
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
-- go.mod --
module test/main
testdata: don't let tests rely on rewriting mod files In Go 1.15, if a dependency is required but not listed in go.mod/go.sum, it's resolved and added automatically. This is changing in 1.16. From that release, one will have to explicitly update the mod files via 'go mod tidy' or 'go get'. To get ahead of the curve, start using -mod=readonly to get the same behavior in 1.15, and fix all existing tests. The only tests that failed were imports.txt and syntax.txt, the only ones to require other modules. But since we're here, let's add the 'go' line to all go.mod files as well.
5 years ago
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me>
4 years ago
go 1.17
complain when GOPRIVATE matches no packages This is important, because it would mean that we would obfuscate nothing. At best, it would be confusing; at worst, it could mislead the user into thinking the binary is obfuscated. Fixes #20. Updates #108.
5 years ago
-- standalone/main.go --
package main
func main() {}
warn when a public package imports a private package (#182) That is, a package that is built without obfuscation imports an obfuscated package. This will result in confusing compilation error messages, because the importer can't find the exported names from the imported package by their non-obfuscated names: > ! garble build ./importer [stderr] # test/main/importer importer/importer.go:5:9: undefined: imported.Name exit status 2 Instead, detect this bad input case and provide a nice error: public package "test/main/importer" can't depend on obfuscated package "test/main/imported" (matched via GOPRIVATE="test/main/imported") For now, this is by design. It also makes little sense for a public package to import an obfuscated package in general, because the public package would have to leak details about the private package's API and behavior. While at it, fix a quirk where we thought the unsafe package could be private. It can't be, because the runtime package is always public and it imports the runtime package: public package "internal/bytealg" can't depend on obfuscated package "unsafe" (matched via GOPRIVATE="*") Instead of trying to obfuscate "unsafe" and doing nothing, simply add it to the neverPrivate list, which is also a better name than "privateBlacklist" (for #169). Fixes #164. Co-authored-by: lu4p <lu4p@pm.me>
5 years ago
-- importer/importer.go --
package importer
import "test/main/imported"
var _ = imported.Name
-- imported/imported.go --
package imported
var Name = "value"
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
4 years ago
-- stdimporter/main.go --
package main
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
4 years ago
import "net/http"
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
4 years ago
func main() {
obfuscate asm function names as well (#273) Historically, it was impossible to rename those funcs as the implementation was in assembly files, and we only transformed Go code. Now that transformAsm exists, it's only about fifty lines to do some very basic parsing and rewriting of assembly files. This fixes the obfuscated builds of multiple std packages, including a few dependencies of net/http, since they included assembly funcs which called pure Go functions. Those pure Go functions had their names obfuscated, breaking the call sites in assembly. Fixes #258. Fixes #261.
4 years ago
http.ListenAndServe("", nil)
fix link errors when importing crypto/ecdsa (#262) First, we had some link errors such as: cannot find package J6OzO8GN (using -importcfg) This was caused by the code that writes an updated importcfg, which did not handle import maps well. That code is now fixed, and we also add an obfuscatedImportPath method for clarity. Once fixed, we ran into other link errors: Pw3g97ww.addVW: relocation target Pw3g97ww.addVWlarge not defined After some digging, the cause of those is assembly code that we do not yet support obfuscating. #261 tracks that. Meanwhile, to fix "GOPRIVATE=* garble build" and to be able to have a test for the original import path bug, we add the packages which use that form of assembly code to runtimeRelated - math/big and crypto/sha512. There might be more, but these were the ones found by trying to link crypto/tls, a fairly common dependency. Fixes #256.
4 years ago
}