-
-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
change GOGARBLE default to obfuscate all packages #594
Comments
This mode is well tested, and may soon become the default, but it wasn't properly documented yet. For burrowers#594.
This mode is well tested, and may soon become the default, but it wasn't properly documented yet. For #594.
I don't get build errors, but I do get this issue #604 |
We can drop the code that kicked in when GOGARBLE was empty. We can also add the value in addGarbleToHash unconditionally, as we never allow it to be empty. In the tests, remove all GOGARBLE lines where it just meant "obfuscate everything" or "obfuscate the entire main module". cgo.txtar had "obfuscate everything" as a separate step, so remove it entirely. linkname.txtar started failing because the imported package did not import strings, so listPackage errored out. This wasn't a problem when strings itself wasn't obfuscated, as transformLinkname silently left strings.IndexByte untouched. It is a problem when IndexByte does get obfuscated. Make that kind of listPackage error visible, and fix it. reflect.txtar started failing with "unreachable method" runtime throws. It's not clear to me why; it appears that GOGARBLE=* makes the linker think that ExportedMethodName is suddenly unreachable. Work around the problem by making the method explicitly reachable, and leave a TODO as a reminder to investigate. Finally, gogarble.txtar no longer needs to test for GOPRIVATE. The rest of the test is left the same, as we still want the various values for GOGARBLE to continue to work just like before. Fixes burrowers#594.
We can drop the code that kicked in when GOGARBLE was empty. We can also add the value in addGarbleToHash unconditionally, as we never allow it to be empty. In the tests, remove all GOGARBLE lines where it just meant "obfuscate everything" or "obfuscate the entire main module". cgo.txtar had "obfuscate everything" as a separate step, so remove it entirely. linkname.txtar started failing because the imported package did not import strings, so listPackage errored out. This wasn't a problem when strings itself wasn't obfuscated, as transformLinkname silently left strings.IndexByte untouched. It is a problem when IndexByte does get obfuscated. Make that kind of listPackage error visible, and fix it. reflect.txtar started failing with "unreachable method" runtime throws. It's not clear to me why; it appears that GOGARBLE=* makes the linker think that ExportedMethodName is suddenly unreachable. Work around the problem by making the method explicitly reachable, and leave a TODO as a reminder to investigate. Finally, gogarble.txtar no longer needs to test for GOPRIVATE. The rest of the test is left the same, as we still want the various values for GOGARBLE to continue to work just like before. Fixes #594.
I think I'm getting errors caused by this change. https://github.com/s77rt/rdpcloud How can we set GOGARBLE to this module only? (at least to check if it's the root cause) |
You can get the old behavior by setting If you're getting new errors or regressions, though, please file them as new issues. We want to fix them, because ideally we should be able to obfuscate all the packages. |
Thanks for the quick response, I'm not sure but I think i'm still getting the same error, I will be using 0.7.2 version for now. |
Well, until you raise a new issue with details about that "same error", I don't have enough information to help, I'm afraid. |
I don't have much info either Maybe this has something to do with the use of ldflags. |
Thanks, I can reproduce. It's #600 (comment). |
In the past, garble struggled to obfuscate some Go packages due to bugs, and it also couldn't obfuscate a good portion of the standard library. For those reasons,
GOGARBLE
defaulted to just obfuscating the current module.However, it's gotten better. And, in general, obfuscating more packages is often a good thing - even when obfuscating public packages, it helps that the obfuscated private packages aren't making unobfuscated API calls to the public packages.
We should switch the default to be
GOGARBLE=*
. The only worry being that this might result in a regression if some garble users start seeing build errors.So, this is where I would like some input. Does anyone get a failure if they use
GOGARBLE=*
on theirgarble build
?The text was updated successfully, but these errors were encountered: