On Fri, Feb 04, 2022 at 10:49:43AM +0000, Simon McVittie wrote: > CMake removes the RUNPATH > just before installation, so it doesn't become a security problem, > but that's too late to stop it from affecting the build-ID - and the > *length* of the build directory can also affect the contents of the > binary, because when RUNPATHs are removed, it is done by overwriting > them with zeroes in-place, leaving a run of zeroes with the same length > as the removed RUNPATH.
Aha! This was the piece I was missing. I hadn't figured out that cmake was resetting the RUNPATHs along the way, which explains why I didn't spot any /nonexistant/whatever/... strings in any of my checks. Excellent explanation as usual. Thanks
signature.asc
Description: PGP signature
