siriushq/gow
============

A cross-platform, single-binary Go wrapper that provides a simple way of
distributing the Go build tools, locking to a specific version.

The single binary is intended to be runnable on Linux, macOS, Windows,
FreeBSD, OpenBSD and NetBSD on both amd64 and arm64, out-of-the-box.

This uses APE (Actually Portable Executable) as provided by the Cosmpolitan
libc project <https://www.cosmo.zip> under ISC.

It depends on `curl` + `tar`, or `powershell` on Windows systems.

It will invoke `pledge` from Cosmpolitan libc to further lock down your
build system, which may cause issues if `go` expects more than is permitted
by default. This uses `pledge` on OpenBSD and SECCOMP BPF on Linux 2.6.23+,
and if the system is unsupported it will not lock down.

building & using
================

Add the latest `gow.com` release to your repository.

Alternatively, build it yourself on an amd64 Linux machine (which can
cross compile for all others supported) as follows:

	# Download the `cosmocc` compiler
	$ curl -LO https://cosmo.zip/pub/cosmocc/cosmocc.zip
	$ unzip cosmocc.zip

	# Invoke `make` providing `CC`
	$ make CC=./cosmocc/bin/cosmocc

	# Invoke it to test (uses latest Go)
	$ ./gow.com version

You can lock down to a specific Go version with a directive comment
at the very top of your `go.mod` (which must be stored beside the `gow.com`
executable binary, to be located), precisely as follows:

	go.mod ==================
	//gow 1.19
	package example.com/hello
	=========================

security
========

Usage within a project mandates including a binary blob into your repository.

While this may appear less transparent than other approaches (such as shell
scripts with accompanying Windows scripts), these wrapper scripts all fetch
the distribution from an untrusted remote source regardless.

The source code of this wrapper is extremely auditable (except for auditing
of the chosen compiler) and easy to build. 

contributing
============

Contributions are accepted as long as they fall within implied project scope.

All commits must contain at least `Signed-off-by` to identify the author of the
contribution, and may contain `Co-authored-by` to attach any number of other
authors (this can be added automatically with `git commit ... -s ...`).

(furthermore, commits from people with repository write access are to be signed
with a verified GPG, SSH or S/MIME signature attached to your GitHub account).

By submitting a contribution, you certify that you and other authors are making
your contribution available under the license of the project, and that you have
the rights to submit it.

licensing
=========

This project is licensed under the 3-Clause BSD.
This is being done at our loss. Consider starring this repository and/or buying
our products to support the development and future of this project.

support
=======

If commercial support is required, it can be granted for users/organizations by
request. Responses will be provided within 24 hours.

This can be obtained by emailing `gow@mechite.com` with the following
(* for required; please fill all fields using "N/A" for empty optionals):

	example.eml ==============================
	To: <gow@mechite.com>
	Subject: siriushq/gow commercial support
	Content-Type: text/plain; charset="UTF-8"

	Name *
	Organization
	Role

	Minimum duration commitment required
	Earliest required start date
	==========================================