Skip to content

Commit

Permalink
[release-branch.go1.13] all: base64-encode binaries that will cause A…
Browse files Browse the repository at this point in the history 
…pple notarization to fail

Starting with macOS 10.15 (Catalina), Apple now requires all software
distributed outside of the App Store to be notarized. Any binaries we
distribute must abide by a strict set of requirements like code-signing
and having a minimum target SDK of 10.9 (amongst others).

Apple’s notarization service will recursively inspect archives looking to
find notarization candidate binaries. If it finds a binary that does not
meet the requirements or is unable to decompress an archive, it will
reject the entire distribution. From cursory testing, it seems that the
service uses content sniffing to determine file types, so changing
the file extension will not work.

There are some binaries and archives included in our distribution that
are being detected by Apple’s service as potential candidates for
notarization or decompression. As these are files used by tests and some
are intentionally invalid, we don’t intend to ever make them compliant.

As a workaround for this, we base64-encode any binaries or archives that
Apple’s notarization service issues a warning for, as these warnings will
become errors in January 2020.

Updates #34986
Fixes #35748

Change-Id: I106fbb6227b61eb221755568f047ee11103c1680
Reviewed-on: https://go-review.googlesource.com/c/go/+/208118
Run-TryBot: Andrew Bonventre <andybons@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit 8bbfc51)
Reviewed-on: https://go-review.googlesource.com/c/go/+/208219
Reviewed-by: Alexander Rakoczy <alex@golang.org>
  • Loading branch information
@andybons
andybons committed Nov 21, 2019
1 parent 6219b48 commit abfbc05
Show file tree
Hide file tree
Showing 35 changed files with 194 additions and 45 deletions.
34 changes: 25 additions & 9 deletions src/archive/zip/reader_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"bytes"
"encoding/binary"
"encoding/hex"
"internal/obscuretestdata"
"io"
"io/ioutil"
"os"
Expand All @@ -19,11 +20,12 @@ import (
)

type ZipTest struct {
Name string
Source func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
Comment string
File []ZipTestFile
Error error // the error that Opening this file should return
Name string
Source func() (r io.ReaderAt, size int64) // if non-nil, used instead of testdata/<Name> file
Comment string
File []ZipTestFile
Obscured bool // needed for Apple notarization (golang.org/issue/34986)
Error error // the error that Opening this file should return
}

type ZipTestFile struct {
Expand Down Expand Up @@ -189,8 +191,12 @@ var tests = []ZipTest{
},
{
// created by Go, before we wrote the "optional" data
// descriptor signatures (which are required by OS X)
Name: "go-no-datadesc-sig.zip",
// descriptor signatures (which are required by macOS).
// Use obscured file to avoid Apple’s notarization service
// rejecting the toolchain due to an inability to unzip this archive.
// See golang.org/issue/34986
Name: "go-no-datadesc-sig.zip.base64",
Obscured: true,
File: []ZipTestFile{
{
Name: "foo.txt",
Expand All @@ -208,7 +214,7 @@ var tests = []ZipTest{
},
{
// created by Go, after we wrote the "optional" data
// descriptor signatures (which are required by OS X)
// descriptor signatures (which are required by macOS)
Name: "go-with-datadesc-sig.zip",
File: []ZipTestFile{
{
Expand Down Expand Up @@ -496,8 +502,18 @@ func readTestZip(t *testing.T, zt ZipTest) {
rat, size := zt.Source()
z, err = NewReader(rat, size)
} else {
path := filepath.Join("testdata", zt.Name)
if zt.Obscured {
tf, err := obscuretestdata.DecodeToTempFile(path)
if err != nil {
t.Errorf("obscuretestdata.DecodeToTempFile(%s): %v", path, err)
return
}
defer os.Remove(tf)
path = tf
}
var rc *ReadCloser
rc, err = OpenReader(filepath.Join("testdata", zt.Name))
rc, err = OpenReader(path)
if err == nil {
defer rc.Close()
z = &rc.Reader
Expand Down
Binary file removed src/archive/zip/testdata/go-no-datadesc-sig.zip
View file
Binary file not shown.
1 change: 1 addition & 0 deletions src/archive/zip/testdata/go-no-datadesc-sig.zip.base64
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
UEsDBBQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAZm9vLnR4dFVUBQAD3lVZT3V4CwABBPUBAAAEFAAAAGZvbwqoZTJ+BAAAAAQAAABQSwMEFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGABiYXIudHh0VVQFAAPgVVlPdXgLAAEE9QEAAAQUAAAAYmFyCumzogQEAAAABAAAAFBLAQIUAxQACAAAAGWHaECoZTJ+BAAAAAQAAAAHABgAAAAAAAAAAACkgQAAAABmb28udHh0VVQFAAPeVVlPdXgLAAEE9QEAAAQUAAAAUEsBAhQDFAAIAAAAZodoQOmzogQEAAAABAAAAAcAGAAAAAAAAAAAAKSBTQAAAGJhci50eHRVVAUAA+BVWU91eAsAAQT1AQAABBQAAABQSwUGAAAAAAIAAgCaAAAAmgAAAAAA
41 changes: 26 additions & 15 deletions src/cmd/internal/buildid/buildid_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package buildid
import (
"bytes"
"crypto/sha256"
"internal/obscuretestdata"
"io/ioutil"
"os"
"reflect"
Expand All @@ -19,13 +20,6 @@ const (
)

func TestReadFile(t *testing.T) {
var files = []string{
"p.a",
"a.elf",
"a.macho",
"a.pe",
}

f, err := ioutil.TempFile("", "buildid-test-")
if err != nil {
t.Fatal(err)
Expand All @@ -34,26 +28,43 @@ func TestReadFile(t *testing.T) {
defer os.Remove(tmp)
f.Close()

for _, f := range files {
id, err := ReadFile("testdata/" + f)
// Use obscured files to prevent Apple’s notarization service from
// mistaking them as candidates for notarization and rejecting the entire
// toolchain.
// See golang.org/issue/34986
var files = []string{
"p.a.base64",
"a.elf.base64",
"a.macho.base64",
"a.pe.base64",
}

for _, name := range files {
f, err := obscuretestdata.DecodeToTempFile("testdata/" + name)
if err != nil {
t.Errorf("obscuretestdata.DecodeToTempFile(testdata/%s): %v", name, err)
continue
}
defer os.Remove(f)
id, err := ReadFile(f)
if id != expectedID || err != nil {
t.Errorf("ReadFile(testdata/%s) = %q, %v, want %q, nil", f, id, err, expectedID)
}
old := readSize
readSize = 2048
id, err = ReadFile("testdata/" + f)
id, err = ReadFile(f)
readSize = old
if id != expectedID || err != nil {
t.Errorf("ReadFile(testdata/%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
t.Errorf("ReadFile(%s) [readSize=2k] = %q, %v, want %q, nil", f, id, err, expectedID)
}

data, err := ioutil.ReadFile("testdata/" + f)
data, err := ioutil.ReadFile(f)
if err != nil {
t.Fatal(err)
}
m, _, err := FindAndHash(bytes.NewReader(data), expectedID, 1024)
if err != nil {
t.Errorf("FindAndHash(testdata/%s): %v", f, err)
t.Errorf("FindAndHash(%s): %v", f, err)
continue
}
if err := ioutil.WriteFile(tmp, data, 0666); err != nil {
Expand All @@ -68,7 +79,7 @@ func TestReadFile(t *testing.T) {
err = Rewrite(tf, m, newID)
err2 := tf.Close()
if err != nil {
t.Errorf("Rewrite(testdata/%s): %v", f, err)
t.Errorf("Rewrite(%s): %v", f, err)
continue
}
if err2 != nil {
Expand All @@ -77,7 +88,7 @@ func TestReadFile(t *testing.T) {

id, err = ReadFile(tmp)
if id != newID || err != nil {
t.Errorf("ReadFile(testdata/%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
t.Errorf("ReadFile(%s after Rewrite) = %q, %v, want %q, nil", f, id, err, newID)
}
}
}
Expand Down
Binary file removed src/cmd/internal/buildid/testdata/a.elf
View file
Binary file not shown.
1 change: 1 addition & 0 deletions src/cmd/internal/buildid/testdata/a.elf.base64
View file

Large diffs are not rendered by default.

Binary file removed src/cmd/internal/buildid/testdata/a.macho
View file
Binary file not shown.
1 change: 1 addition & 0 deletions src/cmd/internal/buildid/testdata/a.macho.base64
View file

Large diffs are not rendered by default.

Binary file removed src/cmd/internal/buildid/testdata/a.pe
View file
Binary file not shown.
1 change: 1 addition & 0 deletions src/cmd/internal/buildid/testdata/a.pe.base64
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
TVqQAAMABAAAAAAA//8AAIsAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYEAAAAAAAADAAAAAAAAPAAIwILAgMAAAIAAAACAAAAAAAAcBAAAAAQAAAAAEAAAAAAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAABQAAAABgAAAAAAAAMAAAAAACAAAAAAAADgHwAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAMAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAMYBAAAAEAAAAAIAAAAGAAAAAAAAAAAAAAAAAABgAABgLmRhdGEAAADgAQAAACAAAAACAAAACAAAAAAAAAAAAAAAAAAAQAAAwC5pZGF0YQAAFAAAAAAwAAAAAgAAAAoAAAAAAAAAAAAAAAAAAEAAAMAuc3ltdGFiAAQAAAAAQAAAAAIAAAAMAAAAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yBHbyBidWlsZCBJRDogImFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6LjEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQiCiD/zMPMzMzMzMzMzMzMzMzMzMwBAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAEEAAAAAAAAAAAAAAAAAA+////wAAAQgCAAAAAAAAAAAQQAAAAAAAQAAAAAAAAABwEEAAAAAAAHgAAAAAAAAAcRBAAAAAAADIAAAAAAAAAAAQQAAAAAAAaAAAAAAAAABnRSMBAAAAAAAAAAAAAAAAAAAAAAAAAABnby5idWlsZGlkAAAAAAAAcBBAAAAAAACwAAAAAAAAAGdFIwG7AAAAvgAAAMEAAAAAAAAAAgAAAIAQQAAAAAAAgBBAAAAAAABtYWluLm1haW4AAAIBAAQBAAYBAAAAAAACAAAA0AAAAC9Vc2Vycy9yc2MvZ28vc3JjL2NtZC9pbnRlcm5hbC9idWlsZGlkL3Rlc3RkYXRhL3AuZ28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAQQAAAAAAABgEAAAAAAAAGAQAAAAAAANAQQAAAAAAAAwAAAAAAAAADAAAAAAAAAIgRQAAAAAAAAgAAAAAAAAACAAAAAAAAAIwQQAAAAAAAABBAAAAAAABxEEAAAAAAAAAQQAAAAAAAgBBAAAAAAAAAIEAAAAAAAOAhQAAAAAAA4CFAAAAAAADgIUAAAAAAAOAhQAAAAAAA4CFAAAAAAADgIUAAAAAAAOAhQAAAAAAA4CFAAAAAAACJEEAAAAAAAIgQQAAAAAAAgBBAAAAAAAC4EEAAAAAAAKAQQAAAAAAAAQAAAAAAAAABAAAAAAAAALgQQAAAAAAAAAAAAAAAAAAAAAAAAAAAALgQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
Binary file removed src/cmd/internal/buildid/testdata/p.a
View file
Binary file not shown.
1 change: 1 addition & 0 deletions src/cmd/internal/buildid/testdata/p.a.base64
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ITxhcmNoPgpfXy5QS0dERUYgICAgICAgMCAgICAgICAgICAgMCAgICAgMCAgICAgNjQ0ICAgICAzMzAgICAgICAgYApnbyBvYmplY3QgZGFyd2luIGFtZDY0IGRldmVsICszYjMzYWY1ZDY4IFRodSBPY3QgNSAxNjo1OTowMCAyMDE3IC0wNDAwIFg6ZnJhbWVwb2ludGVyCmJ1aWxkIGlkICJhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ei4xMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0IgotLS0tCgpidWlsZCBpZCAiYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXouMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNCIKCiQkQgp2ZXJzaW9uIDUKCgACAQFwAAsACwABAAokJApfZ29fLm8gICAgICAgICAgMCAgICAgICAgICAgMCAgICAgMCAgICAgNjQ0ICAgICAyMjMgICAgICAgYApnbyBvYmplY3QgZGFyd2luIGFtZDY0IGRldmVsICszYjMzYWY1ZDY4IFRodSBPY3QgNSAxNjo1OTowMCAyMDE3IC0wNDAwIFg6ZnJhbWVwb2ludGVyCmJ1aWxkIGlkICJhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ei4xMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0IgotLS0tCgoKIQoAAGdvMTlsZAEA/wAAAAAAAP//Z28xOWxkAA==
15 changes: 13 additions & 2 deletions src/cmd/nm/nm_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package main

import (
"fmt"
"internal/obscuretestdata"
"internal/testenv"
"io/ioutil"
"os"
Expand Down Expand Up @@ -57,8 +58,8 @@ func TestNonGoExecs(t *testing.T) {
testfiles := []string{
"debug/elf/testdata/gcc-386-freebsd-exec",
"debug/elf/testdata/gcc-amd64-linux-exec",
"debug/macho/testdata/gcc-386-darwin-exec",
"debug/macho/testdata/gcc-amd64-darwin-exec",
"debug/macho/testdata/gcc-386-darwin-exec.base64", // golang.org/issue/34986
"debug/macho/testdata/gcc-amd64-darwin-exec.base64", // golang.org/issue/34986
// "debug/pe/testdata/gcc-amd64-mingw-exec", // no symbols!
"debug/pe/testdata/gcc-386-mingw-exec",
"debug/plan9obj/testdata/amd64-plan9-exec",
Expand All @@ -67,6 +68,16 @@ func TestNonGoExecs(t *testing.T) {
}
for _, f := range testfiles {
exepath := filepath.Join(runtime.GOROOT(), "src", f)
if strings.HasSuffix(f, ".base64") {
tf, err := obscuretestdata.DecodeToTempFile(exepath)
if err != nil {
t.Errorf("obscuretestdata.DecodeToTempFile(%s): %v", exepath, err)
continue
}
defer os.Remove(tf)
exepath = tf
}

cmd := exec.Command(testnmpath, exepath)
out, err := cmd.CombinedOutput()
if err != nil {
Expand Down
10 changes: 8 additions & 2 deletions src/compress/gzip/gunzip_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package gzip
import (
"bytes"
"compress/flate"
"encoding/base64"
"io"
"io/ioutil"
"os"
Expand Down Expand Up @@ -413,11 +414,16 @@ func TestDecompressor(t *testing.T) {
}

func TestIssue6550(t *testing.T) {
f, err := os.Open("testdata/issue6550.gz")
// Apple’s notarization service will recursively attempt to decompress
// files in order to find binaries to notarize. Since the service is
// unable to decompress this file, it may reject the entire toolchain. Use a
// base64-encoded version to avoid this.
// See golang.org/issue/34986
f, err := os.Open("testdata/issue6550.gz.base64")
if err != nil {
t.Fatal(err)
}
gzip, err := NewReader(f)
gzip, err := NewReader(base64.NewDecoder(base64.StdEncoding, f))
if err != nil {
t.Fatalf("NewReader(testdata/issue6550.gz): %v", err)
}
Expand Down
Binary file removed src/compress/gzip/testdata/issue6550.gz
View file
Binary file not shown.
1 change: 1 addition & 0 deletions src/compress/gzip/testdata/issue6550.gz.base64
View file

Large diffs are not rendered by default.

61 changes: 50 additions & 11 deletions src/debug/macho/file_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
package macho

import (
"bytes"
"internal/obscuretestdata"
"io"
"reflect"
"testing"
)
Expand All @@ -19,7 +22,7 @@ type fileTest struct {

var fileTests = []fileTest{
{
"testdata/gcc-386-darwin-exec",
"testdata/gcc-386-darwin-exec.base64",
FileHeader{0xfeedface, Cpu386, 0x3, 0x2, 0xc, 0x3c0, 0x85},
[]interface{}{
&SegmentHeader{LoadCmdSegment, 0x38, "__PAGEZERO", 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
Expand All @@ -45,7 +48,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/gcc-amd64-darwin-exec",
"testdata/gcc-amd64-darwin-exec.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x80000003, 0x2, 0xb, 0x568, 0x85},
[]interface{}{
&SegmentHeader{LoadCmdSegment64, 0x48, "__PAGEZERO", 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
Expand Down Expand Up @@ -73,7 +76,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/gcc-amd64-darwin-exec-debug",
"testdata/gcc-amd64-darwin-exec-debug.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x80000003, 0xa, 0x4, 0x5a0, 0},
[]interface{}{
nil, // LC_UUID
Expand Down Expand Up @@ -101,7 +104,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/clang-386-darwin-exec-with-rpath",
"testdata/clang-386-darwin-exec-with-rpath.base64",
FileHeader{0xfeedface, Cpu386, 0x3, 0x2, 0x10, 0x42c, 0x1200085},
[]interface{}{
nil, // LC_SEGMENT
Expand All @@ -125,7 +128,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/clang-amd64-darwin-exec-with-rpath",
"testdata/clang-amd64-darwin-exec-with-rpath.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x80000003, 0x2, 0x10, 0x4c8, 0x200085},
[]interface{}{
nil, // LC_SEGMENT
Expand All @@ -149,7 +152,7 @@ var fileTests = []fileTest{
nil,
},
{
"testdata/clang-386-darwin.obj",
"testdata/clang-386-darwin.obj.base64",
FileHeader{0xfeedface, Cpu386, 0x3, 0x1, 0x4, 0x138, 0x2000},
nil,
nil,
Expand Down Expand Up @@ -184,7 +187,7 @@ var fileTests = []fileTest{
},
},
{
"testdata/clang-amd64-darwin.obj",
"testdata/clang-amd64-darwin.obj.base64",
FileHeader{0xfeedfacf, CpuAmd64, 0x3, 0x1, 0x4, 0x200, 0x2000},
nil,
nil,
Expand Down Expand Up @@ -221,11 +224,47 @@ var fileTests = []fileTest{
},
}

func readerAtFromObscured(name string) (io.ReaderAt, error) {
b, err := obscuretestdata.ReadFile(name)
if err != nil {
return nil, err
}
return bytes.NewReader(b), nil
}

func openObscured(name string) (*File, error) {
ra, err := readerAtFromObscured(name)
if err != nil {
return nil, err
}
ff, err := NewFile(ra)
if err != nil {
return nil, err
}
return ff, nil
}

func openFatObscured(name string) (*FatFile, error) {
ra, err := readerAtFromObscured(name)
if err != nil {
return nil, err
}
ff, err := NewFatFile(ra)
if err != nil {
return nil, err
}
return ff, nil
}

func TestOpen(t *testing.T) {
for i := range fileTests {
tt := &fileTests[i]

f, err := Open(tt.file)
// Use obscured files to prevent Apple’s notarization service from
// mistaking them as candidates for notarization and rejecting the entire
// toolchain.
// See golang.org/issue/34986
f, err := openObscured(tt.file)
if err != nil {
t.Error(err)
continue
Expand Down Expand Up @@ -318,7 +357,7 @@ func TestOpenFailure(t *testing.T) {
}

func TestOpenFat(t *testing.T) {
ff, err := OpenFat("testdata/fat-gcc-386-amd64-darwin-exec")
ff, err := openFatObscured("testdata/fat-gcc-386-amd64-darwin-exec.base64")
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -350,8 +389,8 @@ func TestOpenFatFailure(t *testing.T) {
t.Errorf("OpenFat %s: succeeded unexpectedly", filename)
}

filename = "testdata/gcc-386-darwin-exec" // not a fat Mach-O
ff, err := OpenFat(filename)
filename = "testdata/gcc-386-darwin-exec.base64" // not a fat Mach-O
ff, err := openFatObscured(filename)
if err != ErrNotFat {
t.Errorf("OpenFat %s: got %v, want ErrNotFat", filename, err)
}
Expand Down
Binary file removed src/debug/macho/testdata/clang-386-darwin-exec-with-rpath
View file
Binary file not shown.
Loading

0 comments on commit abfbc05

Please sign in to comment.