[Interest] Qt Resource Compiler - why does it randomize the order of items?
Thiago Macieira
thiago.macieira at intel.com
Tue May 20 02:01:57 CEST 2014
Em seg 19 maio 2014, às 23:10:10, André Pönitz escreveu:
> > It's due to the hash randomisation. This was done to avoid DoS attacks
> > that
> > can be performed by tweaking data to ensure it always falls into the same
> > hash bucket.
>
> Do we think this is useful to have for the specific case of rcc, or,
> rather, that this outweighs the benefits of reproducible build results?
I'd say that reproducible builds are more important. There's no hashing left
in the generated code; this is only something that rcc does on its own.
I'd recommend then that we reset the hash seed in rcc.
See: https://codereview.qt-project.org/85806
After the change:
$ /home/thiago/obj/qt/qt5/qtbase/bin/rcc -name qstyle
/home/thiago/src/qt/qt5/qtbase/src/widgets/styles/qstyle.qrc | sha1sum
fde09ce9e45616e34cd96831277eb90b06a2e4d7 -
$ /home/thiago/obj/qt/qt5/qtbase/bin/rcc -name qstyle
/home/thiago/src/qt/qt5/qtbase/src/widgets/styles/qstyle.qrc | sha1sum
fde09ce9e45616e34cd96831277eb90b06a2e4d7 -
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Interest
mailing list