feat: add garble obfuscation to build process for enhanced binary protection

- Add garble installation to release workflow - Configure goreleaser to use garble gobinary - Set garble build flags for literals obfuscation - Enable tiny mode for reduced binary size - Add random seed for build reproducibility - Update VSCode dictionary with garble terms
2026-01-10 06:48:04 -05:00 · 2025-09-14 16:20:44 -07:00
parent 0cbca8bd6a
commit f9b2c650aa
4 changed files with 19 additions and 0 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,6 +44,8 @@ jobs:
        uses: actions/setup-go@v5
        with:
          go-version-file: ./go.mod
+      - name: Install garble
+        run: go install mvdan.cc/garble@latest
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -19,6 +19,14 @@ builds:
      - darwin
    main: ./cmd/fabric
    binary: fabric
+    gobinary: garble
+    # From https://github.com/eyevanovich/garble-goreleaser-example/blob/main/.goreleaser.yaml
+    # command is a single string.
+    # garble's 'build' needs the -literals and -tiny args before it, so we
+    # trick goreleaser into using -literals as command, and pass -tiny and
+    # build as flags.
+    command: "-literals"
+    flags: [ "-tiny", "-seed=random", "build" ]

 archives:
  - formats: [tar.gz]
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -58,6 +58,7 @@
 		"githelper",
 		"gjson",
 		"GOARCH",
+		"gobinary",
 		"GODEBUG",
 		"godotenv",
 		"GOEXPERIMENT",
@@ -117,6 +118,7 @@
 		"modeline",
 		"modelines",
 		"mpga",
+		"mvdan",
 		"nicksnyder",
 		"nixpkgs",
 		"nometa",
--- a/cmd/generate_changelog/incoming/1770.txt
+++ b/cmd/generate_changelog/incoming/1770.txt
@@ -0,0 +1,7 @@
+### PR [#1770](https://github.com/danielmiessler/Fabric/pull/1770) by [ksylvan](https://github.com/ksylvan): Use Garble to get around false positive Microsoft Defender virus detection
+
+- Add garble obfuscation to build process for enhanced binary protection against false positive virus detection
+- Configure goreleaser to use garble gobinary with literals obfuscation
+- Enable tiny mode for reduced binary size with random seed for build reproducibility
+- Add garble installation to release workflow
+- Update VSCode dictionary with garble-related terms