为什么重复进行Go Windows构建会导致不同的校验和?

huangapple go评论78阅读模式
英文:

Why do Repeated Go Windows builds result in different checksums?

问题

在使用Go语言在Mac上构建项目时,重复构建的二进制文件具有一致的md5sum。然而,当我在Windows上进行交叉编译或本地构建时,每次都会得到不同的校验和。

这是什么原因导致的?

[kbrandt@glade: ~/] GOOS=windows go build
[kbrandt@glade: ~/] md5 -r tcollector.exe
f66dbec001eb0e02da261b4bc70d8072 tcollector.exe
[kbrandt@glade: ~/] GOOS=windows go build
[kbrandt@glade: ~/] md5 -r tcollector.exe
630e89fa4907b6811a3d19c99dbac2dc tcollector.exe
[kbrandt@glade: ~/] go build
[kbrandt@glade: ~/] md5 -r tcollector
0353160b4b000c7ba9d5331a72265291 tcollector
[kbrandt@glade: ~/] go build
[kbrandt@glade: ~/] md5 -r tcollector
0353160b4b000c7ba9d5331a72265291 tcollector

英文:

When I build something with Go on my Mac, the binary has a consistent md5sum for repeated builds. However, when I cross compile for Windows, or build on Windows natively, I get a different checksum each time.

What is happening that causes this?

[kbrandt@glade: ~/] GOOS=windows go build
[kbrandt@glade: ~/] md5 -r tcollector.exe
f66dbec001eb0e02da261b4bc70d8072 tcollector.exe
[kbrandt@glade: ~/] GOOS=windows go build
[kbrandt@glade: ~/] md5 -r tcollector.exe
630e89fa4907b6811a3d19c99dbac2dc tcollector.exe
[kbrandt@glade: ~/] go build             
[kbrandt@glade: ~/] md5 -r tcollector    
0353160b4b000c7ba9d5331a72265291 tcollector
[kbrandt@glade: ~/] go build         
[kbrandt@glade: ~/] md5 -r tcollector
0353160b4b000c7ba9d5331a72265291 tcollector

答案1

得分: 3

Windows PE文件包含编译时间戳,所以这是可以预期的——即使是相隔一秒钟编译的二进制文件也会嵌入不同的时间戳,从而具有不同的哈希值。

有一些工具/方法可以忽略时间戳字段和PE文件的其他非功能部分,以便可以有意义地比较在不同时间编译的二进制文件。例如,可以参考这篇关于TrueCrypt二进制文件的分析:https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

英文:

Windows PE files include a compilation timestamp, so this is expected - binaries compiled even one second apart will have a different timestamp embedded and thus a different hash.

Tools/procedures are available to ignore the timestamp field and other non-functional parts of the PE file so that binaries compiled at different times can be meaningfully compared. See, for example, this analysis of the TrueCrypt binaries: https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

答案2

得分: 0

Windows输出的某些内容取决于随机性或时间。

我不知道更多细节(比如它使用了什么来进行变化),但这并不重要。

编译器生成的输出(即使是同一编译器的不同版本)也会有所不同,哈希函数的设计目的是使相似的输入不会产生相似的输出。

校验和就是这样一种东西,你可以用它来检查文件是否正确且完整。

这个回答可能有点空洞,但你所看到的情况在技术上没有问题。

英文:

Something in the output for windows depends on randomness or the time.

I don't know more than that (like what it is using that changes) but it doesn't matter

The output generated by compilers (even different versions of the same compiler) will vary and hashes are designed so similar things don't produce similar outputs.

A checksum is just that, something you can use to check you have the file and it is correct.

A bit of a null answer but there's no technical problem with what you are seeing happening.

huangapple
  • 本文由 发表于 2013年12月12日 00:26:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/20524549.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定