oven-sh/bun

compiling `bun_shim_impl.exe` is not reproducible / can triggers anti-virus

Open

#12 738 ouverte le 23 juil. 2024

Voir sur GitHub
 (2 commentaires) (0 réactions) (0 assignés)Rust (4 486 forks)batch import
choregood first issue

Métriques du dépôt

Stars
 (90 348 stars)
Métriques de merge PR
 (Merge moyen 1j 17h) (357 PRs mergées en 30 j)

Description

dumpbin /all .\zig-out\bun_shim_impl.exe > out2.txt

Dump of file .\zig-out\bun_shim_impl.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
            8664 machine (x64)
               3 number of sections
        6674BAC3 time date stamp Thu Jun 20 16:26:59 2024
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
              22 characteristics
                   Executable
                   Application can handle large (>2GB) addresses

That is a timestamp embedded in the file. ......... yeah unfortunate.

I know that the Zig compiler has tests that make sure that compiling itself is reproducible, so this has to be possible.

Then, once bun_shim_impl.exe has a static hash, we should add an assertion that the hash continues to stay the same.

After all of that is done, this binary will have a stable hash and can be properly added to anti-virus exclusion lists. It's been brought to my attention that this executable trips a Malwarebytes heuristic. We cannot possibly fix that if each build of Bun from CI changes this file.

For the rest of us, AV seems pretty friendly to this exe, as I have not seen anything flag it yet.

Guide contributeur