Re: ar "zero" flag

To: tech-toolchain%netbsd.org@localhost
Subject: Re: ar "zero" flag
From: "Perry E. Metzger" <perry%piermont.com@localhost>
Date: Tue, 05 Aug 2008 09:34:19 -0400

Joerg Sonnenberger <joerg%britannica.bec.de@localhost> writes:
> On Mon, Aug 04, 2008 at 07:30:11PM -0400, Perry E. Metzger wrote:
>> Several people, including cgd, have independently suggested that a
>> flag to ar that said "zeroize the time, uid, etc., on packing" would
>> be appropriate.
>
> I don't like it as it removes any knowledge when a file was build.

We have almost no such knowledge for any other files. Why do we have a
greater need for .a files to know when they were built?

For /bin/ls I can't tell you when it was built, only what the date on
the installed file is. The same is true of a .a file.

So, why is it more important for .a files than for ordinary binaries?

> I still believe just special casing ar(1)chives and compare the content
> is better. This has the additional advantage of not depending on the
> order of files in it. Given that the object files are sorted
> topological, this is not really as strict as would be assumed by this.

If the topological sort changes, some of the content has changed and a
simple patch system is going to replace the whole .a file anyway.

Ultimately, it would be desirable to be able to publish a detached
signature for a release and have someone build the whole thing from
scratch and have the SHA1s match even if they did the build 10 years
later. Our cross build methodology makes this possible *except* for .a
files. They're the last obstacle at the moment.

Perry

References:
- ar "zero" flag
  - From: Perry E. Metzger
- Re: ar "zero" flag
  - From: Joerg Sonnenberger

Prev by Date: Re: ar "zero" flag
Next by Date: Re: ar "zero" flag
Previous by Thread: Re: ar "zero" flag
Next by Thread: Re: ar "zero" flag
Indexes:

Home | Main Index | Thread Index | Old Index