Timestamps in static libraries
Erik Cederstrand
erik at cederstrand.dk
Wed Oct 6 09:58:01 UTC 2010
Den 06/10/2010 kl. 10.06 skrev perryh at pluto.rain.com:
> Erik Cederstrand <erik at cederstrand.dk> wrote:
>
>> It seems I can at least normalize the .a files using something
>> like the following to weed out timestamps and uid/gid:
>>
>> % ar -x /usr/lib/libfetch.a
>> % chown 0:0 *
>> % touch -t 197001010000 *
>> % ar -r libfetch.a `ar -t /usr/lib/libfetch.a`
>>
>> ... Unfortunately it seems there's still a creation time of the
>> archive itself that I cant alter using the above, so the md5 sums
>> still don't match:
>>
>> % diff mod.strings orig.strings
>> 2c2
>> < / 1286312209 0 0 0 958 `
>> ---
>>> / 1269146263 0 0 0 958 `
>
> Any particular reason to recollect them into an archive, if the
> point is just to check md5 signatures? I'm pretty sure collecting
> them with tar instead will avoid this problem.
That's of course another option. I could unpack the archive and be satisfied if all contained files have matching md5's.
I guess the perfectionist in me is protesting. If I build FreeBSD twice from the same source code, the result should be exactly the same. It would be useful in a number of cases, e.g. IDS. ccache also relies on the assumption that checksums will match on identical source code and compiler version, although I know that's a level beneath where ar operates.
Thanks,
Erik
More information about the freebsd-hackers
mailing list