garble: fix build

[Bot-wxt1221]

Description of changes

Fix build

ZHF: #352882

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[GaetanLepage]

Does this program provides an executable ?
If so, please add its name to meta.mainProgram.

Also, in this case, you could add versionCheckHook to nativeCheckInputs (along with versionCheckProgramArg = [ "--version" ];.

[Bot-wxt1221]

@GaetanLepage Done.

[GaetanLepage]

Also, in this case, you could add versionCheckHook to nativeCheckInputs (along with versionCheckProgramArg = [ "--version" ];.

Could you try to add this too please ?

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 345252

---

x86_64-linux

❌ 1 package failed to build:

• garble

---

aarch64-linux

❌ 1 package failed to build:

• garble

---

x86_64-darwin

❌ 1 package failed to build:

• garble

---

aarch64-darwin

❌ 1 package failed to build:

• garble

[GaetanLepage]

On darwin:

Building subPackage ./scripts
package mvdan.cc/garble/scripts: build constraints exclude all Go files in /private/tmp/nix-build-garble-0.13.0.drv-1/source/scripts
Running phase: checkPhase
panic: cannot start proxy: cannot listen on "localhost:0": listen tcp: lookup localhost: no such host

goroutine 1 [running]:
mvdan.cc/garble.garbleMain.Run({0x1400016fcc8?})
        /private/tmp/nix-build-garble-0.13.0.drv-1/source/main_test.go:59 +0xc8
github.com/rogpeppe/go-internal/testscript.RunMain({0x105730d80, 0x140001f4460}, 0x1400016fe68)
        /private/tmp/nix-build-garble-0.13.0.drv-1/source/vendor/github.com/rogpeppe/go-internal/testscript/exe.go:100 +0x5e8
mvdan.cc/garble.TestMain(0x140001f4460)
        /private/tmp/nix-build-garble-0.13.0.drv-1/source/main_test.go:46 +0x114
main.main()
        _testmain.go:55 +0x98
FAIL    mvdan.cc/garble 0.238s
FAIL

Try to add __darwinAllowLocalNetworking = true;.

[GaetanLepage]

In linux:

Building subPackage ./scripts
package mvdan.cc/garble/scripts: build constraints exclude all Go files in /build/source/scripts
Running phase: checkPhase
--- FAIL: TestScript (0.04s)
    --- FAIL: TestScript/gogarble (53.94s)
        testscript.go:558: # Ensure that "does not match any packages" works. (0.192s)
            # A build where just some packages are obfuscated. (13.973s)
            # Obfuscated packages which import non-obfuscated std packages.
            # Some of the imported std packages use "import maps" due to vendoring,
            # and a past bug made this case fail for "garble build". (14.863s)
            # Go back to the default of obfuscating all packages. (0.000s)
            # Try garbling all of std, given some std packages.
            # No need for a main package here; building the std packages directly works the
            # same, and is faster as we don't need to link a binary.
            # This used to cause multiple errors, mainly since std vendors some external
            # packages so we must properly support ImportMap.
            # Plus, some packages like net make heavy use of complex features like Cgo.
            # Note that we won't obfuscate a few std packages just yet, mainly those around runtime. (7.383s)
            # Link a binary importing net/http, which will catch whether or not we
            # support ImportMap when linking.
            # Also ensure we are obfuscating low-level std packages. (0.892s)
            # The same low-level std packages appear in plain sight in regular builds. (0.411s)
            # Also check that a full rebuild is reproducible, via a new GOCACHE.
            # This is slow, but necessary to uncover bugs hidden by the build cache.
            # We also forcibly rebuild runtime on its own, given it used to be non-reproducible
            # due to its use of linknames pointing at std packages it doesn't depend upon. (16.092s)
            > [darwin] skip 'see https://github.com/burrowers/garble/issues/609'
            > env GOCACHE=${WORK}/gocache-empty
            > exec garble build -a runtime
            > exec garble build -o=out_rebuild ./stdimporter
            > bincmp out_rebuild out
            diffoscope not found; skipping
            wrote files to bincmp_output/file1-3828505660 and bincmp_output/file2-1548964675
            FAIL: testdata/script/gogarble.txtar:53: out_rebuild and out differ; diffoscope above, size diff: -4096

FAIL
FAIL    mvdan.cc/garble 53.995s
FAIL

[Bot-wxt1221]

@GaetanLepage Try this.

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 345252

---

x86_64-linux

✅ 1 package built:

• garble

---

aarch64-linux

✅ 1 package built:

• garble

---

x86_64-darwin

❌ 1 package failed to build:

• garble

---

aarch64-darwin

❌ 1 package failed to build:

• garble

[GaetanLepage]

Darwin fails with:

Running phase: checkPhase
--- FAIL: TestScript (0.16s)
    --- FAIL: TestScript/reverse (36.38s)
        testscript.go:558: # Unknown build flags should result in errors. (33.947s)
            # Ensure that the garbled panic output looks correct.
            # This output is not reproducible between 'go test' runs,
            # so we can't use a static golden file. (0.000s)
            # Note that ExportedLibMethod isn't obfuscated.
            # Note that we use long names like "long_lib.go",
            # because an obfuscated filename could realistically end with "lib". (2.426s)
            # Ensure that we cleaned up the temporary files.
            # Note that we rely on the unix-like TMPDIR env var name. (0.000s)
            > [!windows] ! grepfiles ${TMPDIR} 'garble|importcfg|cache\.gob|\.go'
            FAIL: testdata/script/reverse.txtar:24: "$WORK/.tmp" matches "garble|importcfg|cache\\.gob|\\.go"

    --- FAIL: TestScript/goenv (5.94s)
        testscript.go:558: # Ensure that we support temporary directories with spaces and quotes. (0.000s)
            # Unfortunately, due to https://go.dev/issue/22315, cp + exec is racy.
            # Since we run multiple test scripts in parallel as goroutines,
            # if one thread performs a cp while another is forking, the other may keep the
            # file open slightly longer than we think, causing the fork to fail due to the
            # file still being open for writing.
            # Until the root problem is fixed, add a sleep to try to make that narrow window
            # of time less likely to cause problems.
            # TODO(mvdan): remove the sleeps once cp + exec isn't racy anymore. (0.000s)
            # We need to properly quote the path to garble for toolexec.
            # If we don't, characters like spaces or quotes will result in errors.
            # EXEC_PATH is the test binary's os.Executable.
            # Copying it to a path with basename "garble" makes testscript run our main func.
            # Note that double quotes are not allowed in Windows filenames. (5.941s)
            # Ensure that we cleaned up the temporary files. (0.000s)
            > ! grepfiles ${TMPDIR} 'garble|importcfg|cache\.gob|\.go'
            FAIL: testdata/script/goenv.txtar:27: "$WORK/.temp 'quotes' and spaces" matches "garble|importcfg|cache\\.gob|\\.go"

FAIL
FAIL    mvdan.cc/garble 144.124s
FAIL

Try adding

preBuild = ''
  export TMPDIR=$(mktemp -d)
'';

[Bot-wxt1221]

@ofborg build garble

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 345252

---

x86_64-linux

✅ 1 package built:

• garble

---

aarch64-linux

❌ 1 package failed to build:

• garble

---

x86_64-darwin

❌ 1 package failed to build:

• garble

---

aarch64-darwin

❌ 1 package failed to build:

• garble

[Bot-wxt1221]

@GaetanLepage According to ofborg. aarch64-linux can be built. darwin still fails.

[Bot-wxt1221]

@ofborg build garble

[Bot-wxt1221]

@ofborg build garble

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 345252

---

x86_64-linux

✅ 1 package built:

• garble

---

aarch64-linux

❌ 1 package failed to build:

• garble

---

x86_64-darwin

❌ 1 package failed to build:

• garble

---

aarch64-darwin

❌ 1 package failed to build:

• garble

[GaetanLepage]

Running phase: checkPhase
--- FAIL: TestScript (0.08s)
    --- FAIL: TestScript/reverse (33.95s)
        testscript.go:558: # Unknown build flags should result in errors. (31.944s)
            # Ensure that the garbled panic output looks correct.
            # This output is not reproducible between 'go test' runs,
            # so we can't use a static golden file. (0.000s)
            # Note that ExportedLibMethod isn't obfuscated.
            # Note that we use long names like "long_lib.go",
            # because an obfuscated filename could realistically end with "lib". (1.995s)
            # Ensure that we cleaned up the temporary files.
            # Note that we rely on the unix-like TMPDIR env var name. (0.000s)
            > [!windows] ! grepfiles ${TMPDIR} 'garble|importcfg|cache\.gob|\.go'
            FAIL: testdata/script/reverse.txtar:24: "$WORK/.tmp" matches "garble|importcfg|cache\\.gob|\\.go"

    --- FAIL: TestScript/goenv (3.00s)
        testscript.go:558: # Ensure that we support temporary directories with spaces and quotes. (0.000s)
            # Unfortunately, due to https://go.dev/issue/22315, cp + exec is racy.
            # Since we run multiple test scripts in parallel as goroutines,
            # if one thread performs a cp while another is forking, the other may keep the
            # file open slightly longer than we think, causing the fork to fail due to the
            # file still being open for writing.
            # Until the root problem is fixed, add a sleep to try to make that narrow window
            # of time less likely to cause problems.
            # TODO(mvdan): remove the sleeps once cp + exec isn't racy anymore. (0.000s)
            # We need to properly quote the path to garble for toolexec.
            # If we don't, characters like spaces or quotes will result in errors.
            # EXEC_PATH is the test binary's os.Executable.
            # Copying it to a path with basename "garble" makes testscript run our main func.
            # Note that double quotes are not allowed in Windows filenames. (2.990s)
            # Ensure that we cleaned up the temporary files. (0.000s)
            > ! grepfiles ${TMPDIR} 'garble|importcfg|cache\.gob|\.go'
            FAIL: testdata/script/goenv.txtar:27: "$WORK/.temp 'quotes' and spaces" matches "garble|importcfg|cache\\.gob|\\.go"

FAIL
FAIL    mvdan.cc/garble 132.495s
FAIL

[Bot-wxt1221]

@GaetanLepage I need help for fixing darwin because I can't test it. Anyway, could you please tell me why aarch64-linux fails for you. Ofbord build successfully.

[GaetanLepage]

garble version does not return the version:

❮ ./result/bin/garble version
mvdan.cc/garble (devel)

Build settings:
      -buildmode exe
       -compiler gc
       -trimpath true
  DefaultGODEBUG asynctimerchan=1,gotypesalias=0,httpservecontentkeepheaders=1,tls3des=1,tlskyber=0,x509keypairleaf=0,x509negativeserial=1
     CGO_ENABLED 1
          GOARCH amd64
            GOOS linux
         GOAMD64 v1

I guess that there is some thing to do at compile time to indicate the version.

[Bot-wxt1221]

@GaetanLepage It detect version by debug.ReadBuildInfo() and I only see it was used when exec garble version. So I just patch it. Anyway, I find that it actually test if garble version works well in patchPhase.

[GaetanLepage]

So I just patch it.

Haven't you forgotten to push it ? ;)

[Bot-wxt1221]

@GaetanLepage Oh,no. 🤭

[Bot-wxt1221]

@ofborg build garble

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 345252

---

x86_64-linux

✅ 1 package built:

• garble

---

aarch64-linux

✅ 1 package built:

• garble

---

x86_64-darwin

✅ 1 package built:

• garble

---

aarch64-darwin

✅ 1 package built:

• garble

[GaetanLepage]

Seems good, thanks