Browse Source

obfuscate net and runtime/debug

It appears that we already support obfuscating them,
and nothing seems to break when they are pulled in.

While here, add runtime/internal/syscall to runtimeAndDeps.
It first appeared in Go 1.18, but we missed adding it.
It seems like not having it there didn't cause any issues,
which makes sense given it's got almost zero Go code.

We also teach garble about the -work boolean build flag,
which has existed for multiple years but we forgot about.
It's likely that noone noticed as it's a rarely used flag.
Daniel Martí 1 month ago
parent
commit
d6afdd08bb
2 changed files with 19 additions and 23 deletions
  1. 2 1
      main.go
  2. 17 22
      shared.go

+ 2 - 1
main.go

@@ -1960,13 +1960,14 @@ var forwardBuildFlags = map[string]bool{
 	"-overlay":       true,
 }
 
-// booleanFlags is obtained from 'go help build' and 'go help testflag' as of Go 1.18beta1.
+// booleanFlags is obtained from 'go help build' and 'go help testflag' as of Go 1.19beta1.
 var booleanFlags = map[string]bool{
 	// Shared build flags.
 	"-a":          true,
 	"-i":          true,
 	"-n":          true,
 	"-v":          true,
+	"-work":       true,
 	"-x":          true,
 	"-race":       true,
 	"-msan":       true,

+ 17 - 22
shared.go

@@ -273,36 +273,31 @@ func appendListedPackages(packages []string, withDeps bool) error {
 //
 // TODO: investigate and resolve each one of these
 var cannotObfuscate = map[string]bool{
-	// some relocation failure
+	// "undefined reference" errors at link time
 	"time": true,
 
 	// all kinds of stuff breaks when obfuscating the runtime
 	"syscall": true,
 
-	// cgo breaks otherwise
+	// "unknown pc" crashes on windows in the cgo test otherwise
 	"runtime/cgo": true,
-
-	// garble reverse breaks otherwise
-	"runtime/debug": true,
-
-	// cgo heavy net doesn't like to be obfuscated
-	"net": true,
 }
 
-// Obtained from "go list -deps runtime" on Go 1.18beta1.
-// Note that the same command on Go 1.17 results in a subset of this list.
+// Obtained from "go list -deps runtime" on Go 1.19beta1.
+// Note that the same command on Go 1.18 results in the same list.
 var runtimeAndDeps = map[string]bool{
-	"internal/goarch":         true,
-	"unsafe":                  true,
-	"internal/abi":            true,
-	"internal/cpu":            true,
-	"internal/bytealg":        true,
-	"internal/goexperiment":   true,
-	"internal/goos":           true,
-	"runtime/internal/atomic": true,
-	"runtime/internal/math":   true,
-	"runtime/internal/sys":    true,
-	"runtime":                 true,
+	"internal/goarch":          true,
+	"unsafe":                   true,
+	"internal/abi":             true,
+	"internal/cpu":             true,
+	"internal/bytealg":         true,
+	"internal/goexperiment":    true,
+	"internal/goos":            true,
+	"runtime/internal/atomic":  true,
+	"runtime/internal/math":    true,
+	"runtime/internal/sys":     true,
+	"runtime/internal/syscall": true,
+	"runtime":                  true,
 }
 
 var listedRuntimeLinknamed = false
@@ -334,7 +329,7 @@ func listPackage(path string) (*listedPackage, error) {
 			panic(fmt.Sprintf("package %q still missing after go list call", path))
 		}
 		startTime := time.Now()
-		// Obtained via scripts/runtime-linknamed-nodeps.sh as of Go 1.18beta1.
+		// Obtained via scripts/runtime-linknamed-nodeps.sh as of Go 1.19beta1.
 		runtimeLinknamed := []string{
 			"crypto/internal/boring",
 			"crypto/internal/boring/fipstls",