Feature request: improved build-id generation
Andy Lutomirski
luto@amacapital.net
Wed Mar 14 23:40:00 GMT 2018
> On Mar 14, 2018, at 4:27 PM, Alan Modra <amodra@gmail.com> wrote:
>
>> On Wed, Mar 14, 2018 at 10:36:26PM +0000, Andy Lutomirski wrote:
>> --build-id=md5, sha1: MD5 and SHA1 are deprecated.
>
> You're confusing security with identification. The use of these
> hashes for identification is fine. If not, stop using git and rsync.
I realize that the security issue here is barely relevant, but git’s use of SHA1 is *not* okay, and git is migrating away for a reason.
I wouldn’t suggest that ld change its hash for its own sake, but if a new build-id format is being used anyway, the hash should be improved.
>
>> --build-id=0xhexstring: avoiding accidental collisions is unpleasant,
>> and how is anyone supposed to come up with an intelligent choice for
>> 0xhexstring?
>
> By inserting the output of your hashing algorithm of choice. For
> example
> --build-id=0x`sha256sum <file> | sed -e 's, .*,,'`
>
I thought of that. I think that, if you try this, you’ll find that there is no useful thing that can be inserted where you have <file>. One could perhaps run ld *twice*, but that would be slow and disgusting. In the context of, say, rpm building a Linux kernel, I think the resulting mess would be unworkable. Hence the feature request.
More information about the Binutils
mailing list