Den 06/10/2010 kl. 10.06 skrev per...@pluto.rain.com: > Erik Cederstrand <e...@cederstrand.dk> wrote: > >> It seems I can at least normalize the .a files using something >> like the following to weed out timestamps and uid/gid: >> >> % ar -x /usr/lib/libfetch.a >> % chown 0:0 * >> % touch -t 197001010000 * >> % ar -r libfetch.a `ar -t /usr/lib/libfetch.a` >> >> ... Unfortunately it seems there's still a creation time of the >> archive itself that I cant alter using the above, so the md5 sums >> still don't match: >> >> % diff mod.strings orig.strings >> 2c2 >> < / 1286312209 0 0 0 958 ` >> --- >>> / 1269146263 0 0 0 958 ` > > Any particular reason to recollect them into an archive, if the > point is just to check md5 signatures? I'm pretty sure collecting > them with tar instead will avoid this problem.
That's of course another option. I could unpack the archive and be satisfied if all contained files have matching md5's. I guess the perfectionist in me is protesting. If I build FreeBSD twice from the same source code, the result should be exactly the same. It would be useful in a number of cases, e.g. IDS. ccache also relies on the assumption that checksums will match on identical source code and compiler version, although I know that's a level beneath where ar operates. Thanks, Erik
