justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release-v0.12
ci-test
literalRecheck
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '66b61406c1'
${ noResults }
garble/testdata/script/gogarble.txtar

93 lines
3.0 KiB
Plaintext
Raw Blame History

# Ensure that "does not match any packages" works.
env GOGARBLE=match-absolutely/nothing
! exec garble build -o=out ./standalone
stderr '^GOGARBLE="match-absolutely/nothing" does not match any packages to be built$'
# A build where just some packages are obfuscated.
env GOGARBLE=test/main/imported
exec garble -literals build -o=out ./importer
! binsubstr out 'some long string to obfuscate'
binsubstr out 'some long string to not obfuscate'
# Obfuscated packages which import non-obfuscated std packages.
# Some of the imported std packages use "import maps" due to vendoring,
# and a past bug made this case fail for "garble build".
env GOGARBLE=test/main
exec garble build -o=out ./stdimporter
[short] stop # rebuilding std is slow
# Go back to the default of obfuscating all packages.
env GOGARBLE='*'
# Try garbling all of std, given some std packages.
# No need for a main package here; building the std packages directly works the
# same, and is faster as we don't need to link a binary.
# This used to cause multiple errors, mainly since std vendors some external
# packages so we must properly support ImportMap.
# Plus, some packages like net make heavy use of complex features like Cgo.
# Note that we won't obfuscate a few std packages just yet, mainly those around runtime.
exec garble build std
! stderr . # no warnings
# Link a binary importing net/http, which will catch whether or not we
# support ImportMap when linking.
# Also ensure we are obfuscating low-level std packages.
exec garble build -o=out ./stdimporter
! stderr . # no warnings
! binsubstr out 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' 'syscall.Listen'
# The same low-level std packages appear in plain sight in regular builds.
go build -o=out_regular ./stdimporter
binsubstr out_regular 'http.ListenAndServe' 'debug.WriteHeapDump' 'time.Now' 'syscall.Listen'
# Also check that a full rebuild is reproducible, via a new GOCACHE.
# This is slow, but necessary to uncover bugs hidden by the build cache.
# We also forcibly rebuild runtime on its own, given it used to be non-reproducible
# due to its use of linknames pointing at std packages it doesn't depend upon.
[darwin] skip 'see https://github.com/burrowers/garble/issues/609'
env GOCACHE=${WORK}/gocache-empty
exec garble build -a runtime
exec garble build -o=out_rebuild ./stdimporter
bincmp out_rebuild out
-- go.mod --
module test/main
go 1.22
-- standalone/main.go --
package main
func main() {}
-- importer/importer.go --
package main
import "test/main/imported"
func main() {
println(imported.LongString)
println("some long string to not obfuscate")
}
-- imported/imported.go --
package imported
var LongString = "some long string to obfuscate"
-- stdimporter/main.go --
package main
import (
"net/http"
"runtime/debug"
"time"
"syscall"
)
func main() {
http.ListenAndServe("", nil)
// debug.WriteHeapDump is particularly interesting,
// as it is implemented by runtime via a linkname.
debug.WriteHeapDump(1)
time.Now()
syscall.Listen(0, 1)
}
Reference in New Issue View Git Blame Copy Permalink