Skip to content

debug/buildinfo/testdata: test binaries should be more reproducible #71734

New issue
New issue
Open
Open
debug/buildinfo/testdata: test binaries should be more reproducible#71734
Assignees
prattmic
Labels
NeedsFixThe path to resolution is known, but the work has not been done.OtherNone of the above.
@yosifkit

Description

@yosifkit
yosifkit
opened on Feb 13, 2025

The binaries added in 28aed40 and part of the go 1.24.0 release artifacts are not reproducible without knowing the GOPATH (/usr/local/google/home/mpratt/go) and source path (/tmp/old/main.go) that were used to build them. And even that isn't enough, you have to also know that main.go was formatted with gofmt. Can the source files and more accurate build instructions used to generate them be more than a comment and instead be separate files that could be used to verify that the provided binary is an accurate representation of its source?

This is not enough to generate the given go117 binary:

// main.go:
//
// package main
// func main() {}
//
// GOTOOLCHAIN=go1.17 go mod init example.com/go117
// GOTOOLCHAIN=go1.17 go build

This is what it takes to reproduce it:

set -eux; \
	mkdir -p /usr/local/google/home/mpratt/go; \
	export GOPATH=/usr/local/google/home/mpratt/go; \
	mkdir -p /tmp/old; \
	cd /tmp/old; \
	{ \
		echo 'package main'; \
		echo 'func main() {}'; \
	} > main.go; \
	gofmt -w main.go; \
	cat main.go; \
	GOTOOLCHAIN=go1.17 go mod init example.com/go117; \
	GOTOOLCHAIN=go1.17 go build

# verification:
	sha256sum go117; \
	sha256sum /usr/local/go/src/debug/buildinfo/testdata/go117

And the abbreviated output:

+ cat main.go
package main

func main() {}
+ go build
+ sha256sum go117
95da139e18904482b2c4f94981cd30a54d6c76e6773d2b0366786ef34afbf763  go117
+ sha256sum /usr/local/go/src/debug/buildinfo/testdata/go117
95da139e18904482b2c4f94981cd30a54d6c76e6773d2b0366786ef34afbf763  /usr/local/go/src/debug/buildinfo/testdata/go117

For easier verification, can go117 also be built with -trimpath?

The above is mostly about reproducing the go117 binary, but the notgo C binary should be reproducible as well.

attempted `notgo` reproduction 
echo 'int main(void) { return 0; }' > main.c
cc -o notgo main.c
sha256sum notgo
sha256sum /usr/local/go/src/debug/buildinfo/testdata/notgo
diffoscope notgo /usr/local/go/src/debug/buildinfo/testdata/notgo
+ sha256sum notgo
25aeb0102fa3aae6f58b595be0d12d6770e3bada68d1fa375f58b7b066544be0  notgo
+ sha256sum /usr/local/go/src/debug/buildinfo/testdata/notgo
9adbf130f3710480b54f28a1243208931d94ea19a21d4676a40078948ce80d04  /usr/local/go/src/debug/buildinfo/testdata/notgo
+ diffoscope notgo /usr/local/go/src/debug/buildinfo/testdata/notgo
--- notgo
+++ /usr/local/go/src/debug/buildinfo/testdata/notgo
│┄ File has been modified after NT_GNU_BUILD_ID has been applied.
├── readelf --wide --notes {}
│ @@ -1,12 +1,12 @@
│
│  Displaying notes found in: .note.gnu.property
│    Owner                Data size     Description
│    GNU                  0x00000010    NT_GNU_PROPERTY_TYPE_0        Properties: x86 ISA needed: x86-64-baseline
│
│  Displaying notes found in: .note.gnu.build-id
│    Owner                Data size     Description
│ -  GNU                  0x00000014    NT_GNU_BUILD_ID (unique build ID bitstring)         Build ID: db62bee0401069db6abcf17e53640fc2bc5d44dc
│ +  GNU                  0x00000014    NT_GNU_BUILD_ID (unique build ID bitstring)         Build ID: c9b33e0b5754e44e971e8fe413e2a8d5e8466dcd
│
│  Displaying notes found in: .note.ABI-tag
│    Owner                Data size     Description
│    GNU                  0x00000010    NT_GNU_ABI_TAG (ABI version tag)            OS: Linux, ABI: 3.2.0
├── strings --all --bytes=8 {}
│ @@ -1,17 +1,17 @@
│  /lib64/ld-linux-x86-64.so.2
│ -__libc_start_main
│  __cxa_finalize
│ +__libc_start_main
│  libc.so.6
│  GLIBC_2.2.5
│  GLIBC_2.34
│  _ITM_deregisterTMCloneTable
│  __gmon_start__
│  _ITM_registerTMCloneTable
│ -GCC: (Debian 12.2.0-14) 12.2.0
│ +GCC: (Debian 13.2.0-13) 13.2.0
│  __abi_tag
│  crtstuff.c
│  deregister_tm_clones
│  __do_global_dtors_aux
│  completed.0
│  __do_global_dtors_aux_fini_array_entry
│  frame_dummy
├── readelf --wide --decompress --hex-dump=.dynstr {}
│ @@ -1,12 +1,12 @@
│
│  Hex dump of section '.dynstr':
│ -  0x00000458 005f5f6c 6962635f 73746172 745f6d61 .__libc_start_ma
│ -  0x00000468 696e005f 5f637861 5f66696e 616c697a in.__cxa_finaliz
│ -  0x00000478 65006c69 62632e73 6f2e3600 474c4942 e.libc.so.6.GLIB
│ +  0x00000458 005f5f63 78615f66 696e616c 697a6500 .__cxa_finalize.
│ +  0x00000468 5f5f6c69 62635f73 74617274 5f6d6169 __libc_start_mai
│ +  0x00000478 6e006c69 62632e73 6f2e3600 474c4942 n.libc.so.6.GLIB
│    0x00000488 435f322e 322e3500 474c4942 435f322e C_2.2.5.GLIBC_2.
│    0x00000498 3334005f 49544d5f 64657265 67697374 34._ITM_deregist
│    0x000004a8 6572544d 436c6f6e 65546162 6c65005f erTMCloneTable._
│    0x000004b8 5f676d6f 6e5f7374 6172745f 5f005f49 _gmon_start__._I
│    0x000004c8 544d5f72 65676973 74657254 4d436c6f TM_registerTMClo
│    0x000004d8 6e655461 626c6500                   neTable.
├── readelf --wide --decompress --string-dump=.comment {}
│ @@ -1,4 +1,4 @@
│
│  String dump of section '.comment':
│ -  [     0]  GCC: (Debian 12.2.0-14) 12.2.0
│ +  [     0]  GCC: (Debian 13.2.0-13) 13.2.0

Metadata

Metadata

Assignees

Labels

NeedsFixThe path to resolution is known, but the work has not been done.OtherNone of the above.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions