fix: inject version via -ldflags so releases stop drifting (#1081)#1124
Open
ChrisJr404 wants to merge 732 commits into
Open
fix: inject version via -ldflags so releases stop drifting (#1081)#1124ChrisJr404 wants to merge 732 commits into
ChrisJr404 wants to merge 732 commits into
Conversation
- Add processing of config.ProvidedNames in makeAssets() to convert them into FQDN assets - Add blacklist field to Scope struct with mutex for thread safety - Process config.Scope.Blacklist entries in CreateFromConfigScope() - Add AddBlacklist() and IsBlacklisted() methods with subdomain matching support - Modify IsAssetInScope() to check blacklist before processing - Add unit tests for blacklist and ProvidedNames functionality Fixes owasp-amass#1086
…lf-flags fix: process ProvidedNames and Blacklist flags (-nf, -blf)
…ss#1081) The hard-coded `Version = "v5.1.1"` const in `internal/afmt/print.go` relies on every release remembering to bump the string by hand. v5.0.1 was tagged with the constant still set to v5.0.0 (the issue's report), so the binary self-identified as v5.0.0 at runtime. Convert `Version` from `const` to `var` (so the linker can rewrite it) and add a -ldflags injection in `.goreleaser.yaml` that sets it to the actual git tag at release time: -X github.com/owasp-amass/amass/v5/internal/afmt.Version=v{{ .Version }} The source-level value is kept (still `v5.1.1` for now) as the fallback for `go install`-style builds that don't go through goreleaser. The other afmt constants (Author, Description, DiscordInvitation) remain `const` since they don't drift between releases. Closes owasp-amass#1081.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1081.
Background
The Amass version string is hard-coded as a
constininternal/afmt/print.go:This relies on every release remembering to bump the constant by hand. Per @lc's report on #1081, v5.0.1 was tagged with the constant still set to
"v5.0.0", so the binary self-identified as v5.0.0 at runtime. That's a release-process bug rather than a code bug, but a tiny code change makes it impossible for it to recur.Change
Convert
Versionfromconsttovarso the linker can rewrite it. The other afmt constants (Author,Description,DiscordInvitation) stayconstsince they don't drift between releases.Add an
-ldflagsinjection in.goreleaser.yamlthat setsVersionto the actual git tag at release time:Keep the source-level value as the fallback for
go install-style builds that don't go through goreleaser.Verification
The
-s -wflags strip the symbol/debug tables (standard for release binaries — saves ~25% of the binary size for amass) and are conventional alongside-X. Happy to drop them if that's a stylistic preference.Notes
+10 / -3lines across two files.{{ .Version }}is the tag with thevprefix stripped, so I prependvin the-Xflag — that matches the existing"v5.1.1"style and what users see at runtime today.