Title: v0.17.0.1: Different EXE hashes in ZIP versus setup Post by: jnano on November 20, 2018, 12:05:31 AM Core's ZIP and signed setup hold different EXE files.
The hashes of all contained EXE are different. Shouldn't they be the same? In bitcoin-0.17.0.1-win64-setup.exe: Code: b6654d2434bfef6e8f81ff3bc549539374c940a844dcaf9469415132711a449b bitcoin-qt.exe In bitcoin-0.17.0.1-win64.zip: Code: cf3a82120ff04a5aee448e689a1dbb0e481c641c48492da4d664097fd330a0ac bitcoin-qt.exe Title: Re: v0.17.0.1: Different EXE hashes in ZIP versus setup Post by: cellard on November 20, 2018, 06:10:58 PM I haven't double checked this but interesting if true.
Yes, they should be the same, just because it's compressed it shouldn't change... luckily I haven't updated yet but now that you mention this im worried. Please somebody confirm what's going on here. Edit: I extracted bitcoin-qt.exe from the .exe installer and extracted bitcoin-qt.exe from the .zip and it's indeed different, im very confused now. Have you tried this with other versions? Title: Re: v0.17.0.1: Different EXE hashes in ZIP versus setup Post by: Pmalek on November 20, 2018, 08:41:24 PM Quote when you add the file into the zip, you add the metadata (file modificacion datetime) to the zip. So, the zip is different, so are the chechsums. source: https://stackoverflow.com/questions/19523063/zip-utility-giving-me-different-md5sum-every-time-in-linuxA similar topic can be found here with some suggestions how to bypass this: https://unix.stackexchange.com/questions/31008/why-does-the-gzip-version-of-files-produce-a-different-md5-checksum Title: Re: v0.17.0.1: Different EXE hashes in ZIP versus setup Post by: achow101 on November 20, 2018, 09:05:51 PM I'm pretty sure this is expected behavior. Other versions exhibit the same behavior.
Title: Re: v0.17.0.1: Different EXE hashes in ZIP versus setup Post by: jnano on November 21, 2018, 02:41:19 PM It might be the expected behavior currently, but it makes more sense for it to be uniform, especially with the whole deterministic build idea. It's not exactly the same build, though the differences are small. If I recall correctly, stuff like timestamps in the header, and some changes at the end of the EXEs in the non-code areas.
And by the way, why not include in the gitian sigs also hashes for the compiled binaries, not just the total packages? These are the files people use daily. Pmalek: I'm not talking about the ZIP or the setup EXE. The actual binaries inside are different. |