Commit a106f553 authored by Andrew's avatar Andrew Committed by Andrew Bonventre

[release-branch.go1.12] all: base64-encode binaries that will cause Apple notarization to fail

Starting with macOS 10.15 (Catalina), Apple now requires all software
distributed outside of the App Store to be notarized. Any binaries we
distribute must abide by a strict set of requirements like code-signing
and having a minimum target SDK of 10.9 (amongst others).

Apple’s notarization service will recursively inspect archives looking to
find notarization candidate binaries. If it finds a binary that does not
meet the requirements or is unable to decompress an archive, it will
reject the entire distribution. From cursory testing, it seems that the
service uses content sniffing to determine file types, so changing
the file extension will not work.

There are some binaries and archives included in our distribution that
are being detected by Apple’s service as potential candidates for
notarization or decompression. As these are files used by tests and some
are intentionally invalid, we don’t intend to ever make them compliant.

As a workaround for this, we base64-encode any binaries or archives that
Apple’s notarization service issues a warning for, as these warnings will
become errors in January 2020.

Updates #34986
Updates #35747

Change-Id: I106fbb6227b61eb221755568f047ee11103c1680
Reviewed-on: https://go-review.googlesource.com/c/go/+/208118
Run-TryBot: Andrew Bonventre <andybons@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit 8bbfc51d)
Reviewed-on: https://go-review.googlesource.com/c/go/+/208220Reviewed-by: default avatarAlexander Rakoczy <alex@golang.org>
parent a8528068
......@@ -8,6 +8,7 @@ import (
"bytes"
"encoding/binary"
"encoding/hex"
"internal/obscuretestdata"
"io"
"io/ioutil"
"os"
......@@ -23,6 +24,7 @@ type ZipTest struct {
Source func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
Comment string
File []ZipTestFile
Obscured bool // needed for Apple notarization (golang.org/issue/34986)
Error error // the error that Opening this file should return
}
......@@ -189,8 +191,12 @@ var tests = []ZipTest{
},
{
// created by Go, before we wrote the "optional" data
// descriptor signatures (which are required by OS X)
Name: "go-no-datadesc-sig.zip",
// descriptor signatures (which are required by macOS).
// Use obscured file to avoid Apple’s notarization service
// rejecting the toolchain due to an inability to unzip this archive.
// See golang.org/issue/34986
Name: "go-no-datadesc-sig.zip.base64",
Obscured: true,
File: []ZipTestFile{
{
Name: "foo.txt",
......@@ -208,7 +214,7 @@ var tests = []ZipTest{
},
{
// created by Go, after we wrote the "optional" data
// descriptor signatures (which are required by OS X)
// descriptor signatures (which are required by macOS)
Name: "go-with-datadesc-sig.zip",
File: []ZipTestFile{
{
......@@ -496,8 +502,18 @@ func readTestZip(t *testing.T, zt ZipTest) {
rat, size := zt.Source()
z, err = NewReader(rat, size)
} else {
path := filepath.Join("testdata", zt.Name)
if zt.Obscured {
tf, err := obscuretestdata.DecodeToTempFile(path)
if err != nil {
t.Errorf("obscuretestdata.DecodeToTempFile(%s): %v", path, err)
return
}
defer os.Remove(tf)
path = tf
}
var rc *ReadCloser
rc, err = OpenReader(filepath.Join("testdata", zt.Name))
rc, err = OpenReader(path)
if err == nil {
defer rc.Close()
z = &rc.Reader
......
UEsDBBQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAZm9vLnR4dFVUBQAD3lVZT3V4CwABBPUBAAAEFAAAAGZvbwqoZTJ+BAAAAAQAAABQSwMEFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGABiYXIudHh0VVQFAAPgVVlPdXgLAAEE9QEAAAQUAAAAYmFyCumzogQEAAAABAAAAFBLAQIUAxQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAAAAAAAAAAACkgQAAAABmb28udHh0VVQFAAPeVVlPdXgLAAEE9QEAAAQUAAAAUEsBAhQDFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGAAAAAAAAAAAAKSBTQAAAGJhci50eHRVVAUAA+BVWU91eAsAAQT1AQAABBQAAABQSwUGAAAAAAIAAgCaAAAAmgAAAAAA
......@@ -7,6 +7,7 @@ package buildid
import (
"bytes"
"crypto/sha256"
"internal/obscuretestdata"
"io/ioutil"
"os"
"reflect"
......@@ -19,13 +20,6 @@ const (
)
func TestReadFile(t *testing.T) {
var files = []string{
"p.a",
"a.elf",
"a.macho",
"a.pe",
}
f, err := ioutil.TempFile("", "buildid-test-")
if err != nil {
t.Fatal(err)
......@@ -34,26 +28,43 @@ func TestReadFile(t *testing.T) {
defer os.Remove(tmp)
f.Close()
for _, f := range files {
id, err := ReadFile("testdata/" + f)
// Use obscured files to prevent Apple’s notarization service from
// mistaking them as candidates for notarization and rejecting the entire
// toolchain.
// See golang.org/issue/34986
var files = []string{
"p.a.base64",
"a.elf.base64",
"a.macho.base64",
"a.pe.base64",
}
for _, name := range files {
f, err := obscuretestdata.DecodeToTempFile("testdata/" + name)
if err != nil {
t.Errorf("obscuretestdata.DecodeToTempFile(testdata/%s): %v", name, err)
continue
}
defer os.Remove(f)
id, err := ReadFile(f)
if id != expectedID || err != nil {
t.Errorf("ReadFile(testdata/%s) = %q, %v, want %q, nil", f, id, err, expectedID)
}
old := readSize
readSize = 2048
id, err = ReadFile("testdata/" + f)
id, err = ReadFile(f)
readSize = old
if id != expectedID || err != nil {
t.Errorf("ReadFile(testdata/%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
t.Errorf("ReadFile(%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
}
data, err := ioutil.ReadFile("testdata/" + f)
data, err := ioutil.ReadFile(f)
if err != nil {
t.Fatal(err)
}
m, _, err := FindAndHash(bytes.NewReader(data), expectedID, 1024)
if err != nil {
t.Errorf("FindAndHash(testdata/%s): %v", f, err)
t.Errorf("FindAndHash(%s): %v", f, err)
continue
}
if err := ioutil.WriteFile(tmp, data, 0666); err != nil {
......@@ -68,7 +79,7 @@ func TestReadFile(t *testing.T) {
err = Rewrite(tf, m, newID)
err2 := tf.Close()
if err != nil {
t.Errorf("Rewrite(testdata/%s): %v", f, err)
t.Errorf("Rewrite(%s): %v", f, err)
continue
}
if err2 != nil {
......@@ -77,7 +88,7 @@ func TestReadFile(t *testing.T) {
id, err = ReadFile(tmp)
if id != newID || err != nil {
t.Errorf("ReadFile(testdata/%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
t.Errorf("ReadFile(%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
}
}
}
......
This diff is collapsed.
This diff is collapsed.
TVqQAAMABAAAAAAA//8AAIsAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYEAAAAAAAADAAAAAAAAPAAIwILAgMAAAIAAAACAAAAAAAAcBAAAAAQAAAAAEAAAAAAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAABQAAAABgAAAAAAAAMAAAAAACAAAAAAAADgHwAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAMAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAMYBAAAAEAAAAAIAAAAGAAAAAAAAAAAAAAAAAABgAABgLmRhdGEAAADgAQAAACAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAwC5pZGF0YQAAFAAAAAAwAAAAAgAAAAoAAAAAAAAAAAAAAAAAAEAAAMAuc3ltdGFiAAQAAAAAQAAAAAIAAAAMAAAAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yBHbyBidWlsZCBJRDogImFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6LjEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQiCiD/zMPMzMzMzMzMzMzMzMzMzMwBAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAEEAAAAAAAAAAAAAAAAAA+////wAAAQgCAAAAAAAAAAAQQAAAAAAAQAAAAAAAAABwEEAAAAAAAHgAAAAAAAAAcRBAAAAAAADIAAAAAAAAAAAQQAAAAAAAaAAAAAAAAABnRSMBAAAAAAAAAAAAAAAAAAAAAAAAAABnby5idWlsZGlkAAAAAAAAcBBAAAAAAACwAAAAAAAAAGdFIwG7AAAAvgAAAMEAAAAAAAAAAgAAAIAQQAAAAAAAgBBAAAAAAABtYWluLm1haW4AAAIBAAQBAAYBAAAAAAACAAAA0AAAAC9Vc2Vycy9yc2MvZ28vc3JjL2NtZC9pbnRlcm5hbC9idWlsZGlkL3Rlc3RkYXRhL3AuZ28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAQQAAAAAAABgEAAAAAAAAGAQAAAAAAANAQQAAAAAAAAwAAAAAAAAADAAAAAAAAAIgRQAAAAAAAAgAAAAAAAAACAAAAAAAAAIwQQAAAAAAAABBAAAAAAABxEEAAAAAAAAAQQAAAAAAAgBBAAAAAAAAAIEAAAAAAAOAhQAAAAAAA4CFAAAAAAADgIUAAAAAAAOAhQAAAAAAA4CFAAAAAAADgIUAAAAAAAOAhQAAAAAAA4CFAAAAAAACJEEAAAAAAAIgQQAAAAAAAgBBAAAAAAAC4EEAAAAAAAKAQQAAAAAAAAQAAAAAAAAABAAAAAAAAALgQQAAAAAAAAAAAAAAAAAAAAAAAAAAAALgQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
ITxhcmNoPgpfXy5QS0dERUYgICAgICAgMCAgICAgICAgICAgMCAgICAgMCAgICAgNjQ0ICAgICAzMzAgICAgICAgYApnbyBvYmplY3QgZGFyd2luIGFtZDY0IGRldmVsICszYjMzYWY1ZDY4IFRodSBPY3QgNSAxNjo1OTowMCAyMDE3IC0wNDAwIFg6ZnJhbWVwb2ludGVyCmJ1aWxkIGlkICJhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ei4xMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0IgotLS0tCgpidWlsZCBpZCAiYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXouMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNCIKCiQkQgp2ZXJzaW9uIDUKCgACAQFwAAsACwABAAokJApfZ29fLm8gICAgICAgICAgMCAgICAgICAgICAgMCAgICAgMCAgICAgNjQ0ICAgICAyMjMgICAgICAgYApnbyBvYmplY3QgZGFyd2luIGFtZDY0IGRldmVsICszYjMzYWY1ZDY4IFRodSBPY3QgNSAxNjo1OTowMCAyMDE3IC0wNDAwIFg6ZnJhbWVwb2ludGVyCmJ1aWxkIGlkICJhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ei4xMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0IgotLS0tCgoKIQoAAGdvMTlsZAEA/wAAAAAAAP//Z28xOWxkAA==
......@@ -6,6 +6,7 @@ package main
import (
"fmt"
"internal/obscuretestdata"
"internal/testenv"
"io/ioutil"
"os"
......@@ -57,8 +58,8 @@ func TestNonGoExecs(t *testing.T) {
testfiles := []string{
"debug/elf/testdata/gcc-386-freebsd-exec",
"debug/elf/testdata/gcc-amd64-linux-exec",
"debug/macho/testdata/gcc-386-darwin-exec",
"debug/macho/testdata/gcc-amd64-darwin-exec",
"debug/macho/testdata/gcc-386-darwin-exec.base64", // golang.org/issue/34986
"debug/macho/testdata/gcc-amd64-darwin-exec.base64", // golang.org/issue/34986
// "debug/pe/testdata/gcc-amd64-mingw-exec", // no symbols!
"debug/pe/testdata/gcc-386-mingw-exec",
"debug/plan9obj/testdata/amd64-plan9-exec",
......@@ -67,6 +68,16 @@ func TestNonGoExecs(t *testing.T) {
}
for _, f := range testfiles {
exepath := filepath.Join(runtime.GOROOT(), "src", f)
if strings.HasSuffix(f, ".base64") {
tf, err := obscuretestdata.DecodeToTempFile(exepath)
if err != nil {
t.Errorf("obscuretestdata.DecodeToTempFile(%s): %v", exepath, err)
continue
}
defer os.Remove(tf)
exepath = tf
}
cmd := exec.Command(testnmpath, exepath)
out, err := cmd.CombinedOutput()
if err != nil {
......
......@@ -7,6 +7,7 @@ package gzip
import (
"bytes"
"compress/flate"
"encoding/base64"
"io"
"io/ioutil"
"os"
......@@ -413,11 +414,16 @@ func TestDecompressor(t *testing.T) {
}
func TestIssue6550(t *testing.T) {
f, err := os.Open("testdata/issue6550.gz")
// Apple’s notarization service will recursively attempt to decompress
// files in order to find binaries to notarize. Since the service is
// unable to decompress this file, it may reject the entire toolchain. Use a
// base64-encoded version to avoid this.
// See golang.org/issue/34986
f, err := os.Open("testdata/issue6550.gz.base64")
if err != nil {
t.Fatal(err)
}
gzip, err := NewReader(f)
gzip, err := NewReader(base64.NewDecoder(base64.StdEncoding, f))
if err != nil {
t.Fatalf("NewReader(testdata/issue6550.gz): %v", err)
}
......
This diff is collapsed.
......@@ -5,6 +5,9 @@
package macho
import (
"bytes"
"internal/obscuretestdata"
"io"
"reflect"
"testing"
)
......@@ -19,7 +22,7 @@ type fileTest struct {
var fileTests = []fileTest{
{
"testdata/gcc-386-darwin-exec",
"testdata/gcc-386-darwin-exec.base64",
FileHeader{0xfeedface, Cpu386, 0x3, 0x2, 0xc, 0x3c0, 0x85},
[]interface{}{
&SegmentHeader{LoadCmdSegment, 0x38, "__PAGEZERO", 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
......@@ -45,7 +48,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/gcc-amd64-darwin-exec",
"testdata/gcc-amd64-darwin-exec.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x80000003, 0x2, 0xb, 0x568, 0x85},
[]interface{}{
&SegmentHeader{LoadCmdSegment64, 0x48, "__PAGEZERO", 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
......@@ -73,7 +76,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/gcc-amd64-darwin-exec-debug",
"testdata/gcc-amd64-darwin-exec-debug.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x80000003, 0xa, 0x4, 0x5a0, 0},
[]interface{}{
nil, // LC_UUID
......@@ -101,7 +104,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/clang-386-darwin-exec-with-rpath",
"testdata/clang-386-darwin-exec-with-rpath.base64",
FileHeader{0xfeedface, Cpu386, 0x3, 0x2, 0x10, 0x42c, 0x1200085},
[]interface{}{
nil, // LC_SEGMENT
......@@ -125,7 +128,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/clang-amd64-darwin-exec-with-rpath",
"testdata/clang-amd64-darwin-exec-with-rpath.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x80000003, 0x2, 0x10, 0x4c8, 0x200085},
[]interface{}{
nil, // LC_SEGMENT
......@@ -149,7 +152,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/clang-386-darwin.obj",
"testdata/clang-386-darwin.obj.base64",
FileHeader{0xfeedface, Cpu386, 0x3, 0x1, 0x4, 0x138, 0x2000},
nil,
nil,
......@@ -184,7 +187,7 @@ var fileTests = []fileTest{
},
},
{
"testdata/clang-amd64-darwin.obj",
"testdata/clang-amd64-darwin.obj.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x3, 0x1, 0x4, 0x200, 0x2000},
nil,
nil,
......@@ -221,11 +224,47 @@ var fileTests = []fileTest{
},
}
func readerAtFromObscured(name string) (io.ReaderAt, error) {
b, err := obscuretestdata.ReadFile(name)
if err != nil {
return nil, err
}
return bytes.NewReader(b), nil
}
func openObscured(name string) (*File, error) {
ra, err := readerAtFromObscured(name)
if err != nil {
return nil, err
}
ff, err := NewFile(ra)
if err != nil {
return nil, err
}
return ff, nil
}
func openFatObscured(name string) (*FatFile, error) {
ra, err := readerAtFromObscured(name)
if err != nil {
return nil, err
}
ff, err := NewFatFile(ra)
if err != nil {
return nil, err
}
return ff, nil
}
func TestOpen(t *testing.T) {
for i := range fileTests {
tt := &fileTests[i]
f, err := Open(tt.file)
// Use obscured files to prevent Apple’s notarization service from
// mistaking them as candidates for notarization and rejecting the entire
// toolchain.
// See golang.org/issue/34986
f, err := openObscured(tt.file)
if err != nil {
t.Error(err)
continue
......@@ -318,7 +357,7 @@ func TestOpenFailure(t *testing.T) {
}
func TestOpenFat(t *testing.T) {
ff, err := OpenFat("testdata/fat-gcc-386-amd64-darwin-exec")
ff, err := openFatObscured("testdata/fat-gcc-386-amd64-darwin-exec.base64")
if err != nil {
t.Fatal(err)
}
......@@ -350,8 +389,8 @@ func TestOpenFatFailure(t *testing.T) {
t.Errorf("OpenFat %s: succeeded unexpectedly", filename)
}
filename = "testdata/gcc-386-darwin-exec" // not a fat Mach-O
ff, err := OpenFat(filename)
filename = "testdata/gcc-386-darwin-exec.base64" // not a fat Mach-O
ff, err := openFatObscured(filename)
if err != ErrNotFat {
t.Errorf("OpenFat %s: got %v, want ErrNotFat", filename, err)
}
......
zvrt/gcAAAADAAAAAQAAAAQAAAA4AQAAACAAAAEAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7AAAAVAEAADsAAAAHAAAABwAAAAIAAAAAAAAAX190ZXh0AAAAAAAAAAAAAF9fVEVYVAAAAAAAAAAAAAAAAAAALQAAAFQBAAAEAAAAkAEAAAMAAAAABACAAAAAAAAAAABfX2NzdHJpbmcAAAAAAAAAX19URVhUAAAAAAAAAAAAAC0AAAAOAAAAgQEAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAACQAAAAQAAAAAAwKAAAAAAACAAAAGAAAAKgBAAACAAAAwAEAABAAAAALAAAAUAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFWJ5YPsGOgAAAAAWI2AIgAAAMdF/AAAAACJBCTo3////zHJiUX4iciDxBhdw2hlbGxvLCB3b3JsZAoAAB0AAAABAAANDgAApC0AAAAAAAChCwAAAAEAAAAPAQAAAAAAAAcAAAABAAAAAAAAAABfbWFpbgBfcHJpbnRmAAA=
z/rt/gcAAAEDAAAAAQAAAAQAAAAAAgAAACAAAAAAAAAZAAAAiAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgAAAAAAAAAIAIAAAAAAACYAAAAAAAAAAcAAAAHAAAABAAAAAAAAABfX3RleHQAAAAAAAAAAAAAX19URVhUAAAAAAAAAAAAAAAAAAAAAAAAKgAAAAAAAAAgAgAABAAAALgCAAACAAAAAAQAgAAAAAAAAAAAAAAAAF9fY3N0cmluZwAAAAAAAABfX1RFWFQAAAAAAAAAAAAAKgAAAAAAAAAOAAAAAAAAAEoCAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAX19jb21wYWN0X3Vud2luZF9fTEQAAAAAAAAAAAAAAAA4AAAAAAAAACAAAAAAAAAAWAIAAAMAAADIAgAAAQAAAAAAAAIAAAAAAAAAAAAAAABfX2VoX2ZyYW1lAAAAAAAAX19URVhUAAAAAAAAAAAAAFgAAAAAAAAAQAAAAAAAAAB4AgAAAwAAAAAAAAAAAAAACwAAaAAAAAAAAAAAAAAAACQAAAAQAAAAAAwKAAAAAAACAAAAGAAAANACAAACAAAA8AIAABAAAAALAAAAUAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVIieVIg+wQSI09GwAAAMdF/AAAAACwAOgAAAAAMcmJRfiJyEiDxBBdw2hlbGxvLCB3b3JsZAoAAAAAAAAAAAAqAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAAF6UgABeBABEAwHCJABAAAkAAAAHAAAAIj/////////KgAAAAAAAAAAQQ4QhgJDDQYAAAAAAAAAGQAAAAEAAC0LAAAAAgAAFQAAAAABAAAGAQAAAA8BAAAAAAAAAAAAAAcAAAABAAAAAAAAAAAAAAAAX21haW4AX3ByaW50ZgAA
This diff is collapsed.
This diff is collapsed.
z/rt/gcAAAEDAACACgAAAAQAAACgBQAAAAAAAAAAAAAbAAAAGAAAACIO+tkFWYMH+V6fhzclOW8ZAAAA2AEAAF9fVEVYVAAAAAAAAAAAAAAAAAAAAQAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAAAAFAAAABQAAAAAAAABfX3RleHQAAAAAAAAAAAAAX19URVhUAAAAAAAAAAAAABQPAAABAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAF9fc3ltYm9sX3N0dWIxAABfX1RFWFQAAAAAAAAAAAAAgQ8AAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBACAAAAAAAYAAAAAAAAAX19zdHViX2hlbHBlcgAAAF9fVEVYVAAAAAAAAAAAAACQDwAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX2NzdHJpbmcAAAAAAAAAX19URVhUAAAAAAAAAAAAAKgPAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAF9fZWhfZnJhbWUAAAAAAABfX1RFWFQAAAAAAAAAAAAAuA8AAAEAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAALAABgAAAAAAAAAAAAAAAAGQAAADgBAABfX0RBVEEAAAAAAAAAAAAAABAAAAEAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAAwAAAAMAAAAAAAAAX19kYXRhAAAAAAAAAAAAAF9fREFUQQAAAAAAAAAAAAAAEAAAAQAAAAAAAAAAAAAAAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX2R5bGQAAAAAAAAAAAAAX19EQVRBAAAAAAAAAAAAACAQAAABAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9fbGFfc3ltYm9sX3B0cgBfX0RBVEEAAAAAAAAAAAAAWBAAAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAHAAAAAgAAAAAAAAAAAAAAGQAAAHgCAABfX0RXQVJGAAAAAAAAAAAAACAAAAEAAAAAEAAAAAAAAAAQAAAAAAAAvAEAAAAAAAAHAAAAAwAAAAcAAAAAAAAAX19kZWJ1Z19hYmJyZXYAAF9fRFdBUkYAAAAAAAAAAAAAIAAAAQAAADYAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX2RlYnVnX2FyYW5nZXMAX19EV0FSRgAAAAAAAAAAADYgAAABAAAAMAAAAAAAAAA2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9fZGVidWdfZnJhbWUAAABfX0RXQVJGAAAAAAAAAAAAZiAAAAEAAABAAAAAAAAAAGYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX19kZWJ1Z19pbmZvAAAAAF9fRFdBUkYAAAAAAAAAAACmIAAAAQAAAFQAAAAAAAAAphAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX2RlYnVnX2xpbmUAAAAAX19EV0FSRgAAAAAAAAAAAPogAAABAAAARwAAAAAAAAD6EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9fZGVidWdfcHVibmFtZXNfX0RXQVJGAAAAAAAAAAAAQSEAAAEAAAAbAAAAAAAAAEERAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX19kZWJ1Z19zdHIAAAAAAF9fRFdBUkYAAAAAAAAAAABcIQAAAQAAAGAAAAAAAAAAXBEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAERASUOEwsDDhsOEQESARAGAAACJAALCz4LAw4AAAMuAD8MAw46CzsLJwxJExEBEgFACgAAACwAAAACAAAAAAAIAAAAAABqDwAAAQAAABcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAD/////AQABeBAMBwiQAQAAAAAAACQAAAAAAAAAag8AAAEAAAAXAAAAAAAAAAQBAAAADhCGAgQDAAAADQZQAAAAAgAAAAAACAEBAAAAASUAAAAtAAAAag8AAAEAAACBDwAAAQAAAAAAAAACBAVXAAAAAwFbAAAAAQMBLQAAAGoPAAABAAAAgQ8AAAEAAAABVgBDAAAAAgAbAAAAAQH29QoAAQEBAQAAAAEAaGVsbG8uYwAAAAAAAAkCag8AAAEAAAADAhQDAQIEAQMBAgwBAwECBQECAgABARcAAAACAAAAAABUAAAANAAAAG1haW4AAAAAAABHTlUgQyA0LjAuMSAoQXBwbGUgSW5jLiBidWlsZCA1NDg0KQBoZWxsby5jAC9ob21lL3JzYy9nby9zcmMvcGtnL2RlYnVnL21hY2hvL3Rlc3RkYXRhAGludABtYWluAA==
This diff is collapsed.
......@@ -194,6 +194,7 @@ var pkgDeps = map[string][]string{
"testing": {"L2", "flag", "fmt", "internal/race", "os", "runtime/debug", "runtime/pprof", "runtime/trace", "time"},
"testing/iotest": {"L2", "log"},
"internal/obscuretestdata": {"L2", "OS", "encoding/base64"},
"testing/quick": {"L2", "flag", "fmt", "reflect", "time"},
"internal/testenv": {"L2", "OS", "flag", "testing", "syscall"},
......
// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package obscuretestdata contains functionality used by tests to more easily
// work with testdata that must be obscured primarily due to
// golang.org/issue/34986.
package obscuretestdata
import (
"encoding/base64"
"io"
"io/ioutil"
"os"
)
// DecodeToTempFile decodes the named file to a temporary location.
// If successful, it returns the path of the decoded file.
// The caller is responsible for ensuring that the temporary file is removed.
func DecodeToTempFile(name string) (path string, err error) {
f, err := os.Open(name)
if err != nil {
return "", err
}
defer f.Close()
tmp, err := ioutil.TempFile("", "obscuretestdata-decoded-")
if err != nil {
return "", err
}
if _, err := io.Copy(tmp, base64.NewDecoder(base64.StdEncoding, f)); err != nil {
tmp.Close()
os.Remove(tmp.Name())
return "", err
}
if err := tmp.Close(); err != nil {
os.Remove(tmp.Name())
return "", err
}
return tmp.Name(), nil
}
// ReadFile reads the named file and returns its decoded contents.
func ReadFile(name string) ([]byte, error) {
f, err := os.Open(name)
if err != nil {
return nil, err
}
defer f.Close()
return ioutil.ReadAll(base64.NewDecoder(base64.StdEncoding, f))
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment