Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I spent some time trying to prove two go binaries were the same in the name of reproducible builds but couldn’t figure out if it was possible, even though I had built both myself and knew they were in effect the exact same. Go binaries have some sort of randomness (timestamp? Map entry? No idea) that I couldn’t pin down. Sometimes the hash of the binaries were the same and sometimes they weren’t. Short of cataloguing and hashing every file that went into the build I couldn’t figure it out and gave up.


It is possible to make Go builds reproducible. The first step might be to inspect two binaries with the diffoscope (https://diffoscope.org).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: