oven-sh/bun

compiling `bun_shim_impl.exe` is not reproducible / can triggers anti-virus

Open

#12.738 geöffnet am 23. Juli 2024

Auf GitHub ansehen
 (2 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)Rust (4.486 Forks)batch import
choregood first issue

Repository-Metriken

Stars
 (90.348 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 1T 17h) (357 gemergte PRs in 30 T)

Beschreibung

dumpbin /all .\zig-out\bun_shim_impl.exe > out2.txt

Dump of file .\zig-out\bun_shim_impl.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
            8664 machine (x64)
               3 number of sections
        6674BAC3 time date stamp Thu Jun 20 16:26:59 2024
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
              22 characteristics
                   Executable
                   Application can handle large (>2GB) addresses

That is a timestamp embedded in the file. ......... yeah unfortunate.

I know that the Zig compiler has tests that make sure that compiling itself is reproducible, so this has to be possible.

Then, once bun_shim_impl.exe has a static hash, we should add an assertion that the hash continues to stay the same.

After all of that is done, this binary will have a stable hash and can be properly added to anti-virus exclusion lists. It's been brought to my attention that this executable trips a Malwarebytes heuristic. We cannot possibly fix that if each build of Bun from CI changes this file.

For the rest of us, AV seems pretty friendly to this exe, as I have not seen anything flag it yet.

Contributor Guide