Pitfall of using shortened git hashes compiled into code
richard.purdie at linuxfoundation.org
Sun Sep 17 13:43:40 UTC 2023
We recently noticed igt-gpu-tools failed our reproducibility tests with
seemingly no changes made to it.
The change was the string g2b29e8ac becoming g2b29e8ac0:
Investigating showed this comes from VCS_TAG.
What appears to have happened is we pulled new revisions into the git
tree and even though we didn't use them, "g2b29e8ac" was no longer
unique so the hash was lengthened. This resulted in significant changes
to the binary output.
I'm not sure if there is a general recommendation on not using short
hashes but if not, there should be!
More information about the rb-general