cmd/go: no way to omit package information from binary

[denimyftiu]

What version of Go are you using (go version)?

go version go1.17.5 linux/amd64

Does this issue reproduce with the latest release?

After compiling and striping a binary it still has inside package information like:

• Full system paths of packages.
• Package versions.
• Data structure information.

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/d3ni/.cache/go-build"
GOENV="/home/d3ni/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/d3ni/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/d3ni/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17.5"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/d3ni/go/src/github.com/denimyftiu/lilurl/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build258303585=/tmp/go-build -gno-record-gcc-switches"
GOROOT/bin/go version: go version go1.17.5 linux/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.5
uname -sr: Linux 5.10.0-1053-oem
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.3 LTS
Release:	20.04
Codename:	focal
/lib/x86_64-linux-gnu/libc.so.6: GNU C Library (Ubuntu GLIBC 2.31-0ubuntu9.2) stable release version 2.31.
gdb --version: GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2

What did you do?

• I tried to compile https://github.com/denimyftiu/lilurl .
• Command: go build -ldflags="-w -s" ./cmd/shortner.
• The binary functions fine but still has some information that i might not want inside it. And could lead to later problems if it falls into the wrong hands.
• When i run strings shortner i can read the following strings left inside the binary:

// Go modules compiled inside the binary
github.com/jackc/pgconn
github.com/jackc/pgtype
github.com/jackc/pgx/v4
github.com/jackc/puddle
golang.org/x/text/cases
golang.org/x/text/runes
golang.org/x/text/width

// My github repo which might be a problem if my repo is private (maybe a problem)
github.com/denimyftiu/lilurl/pkg/config

// And all my go.mod info
path    github.com/denimyftiu/lilurl/cmd/shortner                               
mod github.com/denimyftiu/lilurl    (devel)                                     
dep github.com/cespare/xxhash/v2    v2.1.2  h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
dep github.com/dgryski/go-rendezvous    v0.0.0-20200823014737-9f7001d12a5f  h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
dep github.com/go-redis/redis/v8    v8.11.4 h1:kHoYkfZP6+pe04aFTnhDH6GDROa5yJdHJVNxV3F46Tg=
dep github.com/gorilla/mux  v1.8.0  h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
dep github.com/jackc/chunkreader/v2 v2.0.1  h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=
dep github.com/jackc/pgconn v1.10.1 h1:DzdIHIjG1AxGwoEEqS+mGsURyjt4enSmqzACXvVzOT8=
dep github.com/jackc/pgio   v1.0.0  h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=
dep github.com/jackc/pgpassfile v1.0.0  h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
dep github.com/jackc/pgproto3/v2    v2.2.0  h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns=
dep github.com/jackc/pgservicefile  v0.0.0-20200714003250-2b9c44734f2b  h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg=
dep github.com/jackc/pgtype v1.9.1  h1:MJc2s0MFS8C3ok1wQTdQxWuXQcB6+HwAm5x1CzW7mf0=
dep github.com/jackc/pgx/v4 v4.14.1 h1:71oo1KAGI6mXhLiTMn6iDFcp3e7+zon/capWjl2OEFU=
dep github.com/jackc/puddle v1.2.0  h1:DNDKdn/pDrWvDWyT2FYvpZVE81OAhWrjCv19I9n108Q=
dep github.com/teris-io/shortid v0.0.0-20201117134242-e59966efd125  h1:3SNcvBmEPE1YlB1JpVZouslJpI3GBNoiqW7+wb0Rz7w=
dep golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97  h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
dep golang.org/x/text   v0.3.6  h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= 

• All of these are not static/constant strings i have used inside my binary.

What did you expect to see?

• I wanted to just have compiled code inside the binary and not additional information.
• This information i guess is there for debugging and profiling reasons.
• Is there a compiler flag for this??

What did you see instead?

• Additional information that i don't want someone else with access to the binary to read.

[ianlancetaylor]

At least on tip that information does seem to be there even when using -buildinfo=false -buildvcs=false. Perhaps I'm misunderstanding something, but my reading of #37475 is that there is supposed to be a way to not emit this information.

CC @bcmills @matloob @rsc

[denimyftiu]

I still can not figure out where to position these arguments in the go/build command.
And i think everything here #37475 is about adding that information to the binary.

[ianlancetaylor]

go build -buildinfo=false -buildvcs-false PACKAGE

[denimyftiu]

I don't think -buildinfo=false -buildvcs=false are flags that go build supports in go 1.17.5 .

[denimyftiu]

Mmmm these flags maybe added in go 1.18.
https://tip.golang.org/doc/go1.18#go-command

[seankhliao]

-buildinfo and -buildvcs affects this part (added in 1.18)

	build	-compiler=gc
	build	CGO_ENABLED=1
	build	CGO_CFLAGS=
	build	CGO_CPPFLAGS=
	build	CGO_CXXFLAGS=
	build	CGO_LDFLAGS=
	build	GOARCH=amd64
	build	GOOS=linux
	build	GOAMD64=v1
	build	vcs=git
	build	vcs.revision=7295d66255e394de962154f806066c611c7b9b87
	build	vcs.time=2022-01-04T22:01:22Z
	build	vcs.modified=true

afaik module dependency information can't be stripped.

As a note, requiring the package/module names to not be present in the final executable seems unreasonable as it would break things like reflect and stacktraces.

[denimyftiu]

I understand. Thank you @seankhliao and @ianlancetaylor.

[bcmills]

I think the only thing that is a release-blocker here is a decision about whether the new -buildinfo=false flag should also strip module version information.

(Setting -buildinfo=false at tip today gives the same behavior as go1.17.6 without flags, so this is not really a regression so much as a usability/documentation issue for the new flag.)

$ go1.17.6 build -o a.out .

$ go1.17.6 version -m a.out
a.out: go1.17.6
        path    example
        mod     example (devel)

$ gotip build -o a.out -buildinfo=false .

$ gotip version -m a.out
a.out: devel go1.18-11b28e7e9 Fri Jan 7 06:34:04 2022 +0000
        path    example
        mod     example (devel)