-
-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Go plugins #87
Comments
Can you share the precise steps that you followed? It doesn't matter if the code is private, I mainly want to see the commands you ran. We already have a test using the plugin package here, so in principle it should work. |
i think the issue is there when both the loader and the plugin use a same local import for instance : myproject/cmd/loader/main.go if both main.go import tools then it fails with plugin was built with a different version of package myproject/common/tools |
Can you share the exact commands that you ran, please? |
Im using rev c9bc7ba as im facing #82 too but the issue triggers just with garble -literals main.go and garble -literals --buildmode=plugin plugin/main.go i think. It fails at this place in the runtime : https://github.com/golang/go/blob/master/src/runtime/plugin.go#L52 changing the hashWith function like this allows me to load the plugin :
A real fix would require a new flag/parameter i think to provide a custom salt so i dont know if it will be included just for this specific case. Also not related but im personally dropping the use of plugins in my project as it leads to more issue then benefit so far. A quick fix could be also to not use the salt if the seed as been provided |
#82 is fixed now, so please try master again.
Sorry, but that isn't enough for me to reproduce the issue. I tried to modify our existing plugin test as follows, but couldn't get the build or execution to fail: diff --git a/testdata/scripts/plugin.txt b/testdata/scripts/plugin.txt
index 9271f48..631a6d2 100644
--- a/testdata/scripts/plugin.txt
+++ b/testdata/scripts/plugin.txt
@@ -1,14 +1,12 @@
[windows] skip 'Go plugins are not supported on Windows'
-garble build -buildmode=plugin ./plugin
+garble -literals build -buildmode=plugin ./plugin
binsubstr plugin.so 'PublicVar' 'PublicFunc'
! binsubstr plugin.so 'privateFunc'
-# Note that we need -trimpath; see the caveat section in the README.
-go build -trimpath
+garble -literals build
exec ./main
cmp stderr main.stderr
-binsubstr main$exe 'PublicVar' 'PublicFunc'
! binsubstr plugin.so 'privateFunc'
[short] stop # no need to verify this with -short Perhaps provide a small self-contained git repository where we can run a tiny script to reproduce the error, assuming that your source code isn't open source. |
Err, if I run the test as of master with an empty build cache (thus forcing everything to build from scratch), I do get an error:
Why did I not see this error before? I'm confused. |
We've simply dropped support for Go plugins for the time being; it seems like they require quite a bit more work, and they're kind of low priority for our use cases right now. |
When the main binary is loading the plugin there is a check between all imports main binary hash and plugin hash. if one of the hash is different then you get that error : plugin was built with a different version of package In garble case we get the error because hashwith function generate different name on each build. One easy fix would be to disable io.WriteString(d, salt) within hashwith when a seed is provided. If you agree i can provide a PR |
I don't get this. Each garble build should be entirely reproducible, so a specific package should always be built exactly the same and with the same salt. Unless you specify different
This would be a bad idea in general, because hashing without a salt would be pretty easy to reverse engineer. |
Maybe something in readBuildIDs end up outputing different salt when compiling a standard binary or a plugin.
One could always randomize the seed value between build in the make file or whatever but keep it the same between plugin and loading binary during same build. |
Could be. I personally didn't spend all that much time trying to get plugins to work properly.
You could do that, but the hashing would be significantly weaker still. Right now we have a Removing either of those loses us the respective property. If we remove |
Currently exported names in the main package are not hashed, because they might be a Go plugin API. We don't currently support Go plugins though, so hash them anyway. Updates burrowers#87.
Currently exported names in the main package are not hashed, because they might be a Go plugin API. We don't currently support Go plugins though, so hash them anyway. Updates #87.
hi plugins are working actually almost out of the box,
|
Obfuscation of the standard library has vastly improved in the past two years, so it's not surprising that we are getting closer.
I'm surprised this is the case; what fails without the underscore import?
That one shouldn't be too hard to fix, if we add 474a919 back when the build mode is "plugin". |
i had a small test case for a while with that line added and a comment it was needed, sorry i just tested yesterday quickly as im not using plugin since some times. i tested without and it works out of the box , so only the //export part is needed at this point. Didnt check exported variable however |
When a main go binary and a plugin are build through gradle with a common private import, i end up having an error message when loading the plugin :
plugin was built with a different version of package xxx.
Is it possible somehow to reuse previous build or im doing something wrong ?
The text was updated successfully, but these errors were encountered: