Source file src/cmd/link/internal/ld/macho_update_uuid.go
1 // Copyright 2024 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package ld 6 7 // This file provides helper functions for updating/rewriting the UUID 8 // load command within a Go go binary generated on Darwin using 9 // external linking. Why is it necessary to update the UUID load 10 // command? See issue #64947 for more detail, but the short answer is 11 // that newer versions of the Macos toolchain (the newer linker in 12 // particular) appear to compute the UUID based not just on the 13 // content of the object files being linked but also on things like 14 // the timestamps/paths of the objects; this makes it 15 // difficult/impossible to support reproducible builds. Since we try 16 // hard to maintain build reproducibility for Go, the APIs here 17 // compute a new UUID (based on the Go build ID) and write it to the 18 // final executable generated by the external linker. 19 20 import ( 21 "cmd/internal/hash" 22 imacho "cmd/internal/macho" 23 24 "debug/macho" 25 "io" 26 "os" 27 ) 28 29 // uuidFromGoBuildId hashes the Go build ID and returns a slice of 16 30 // bytes suitable for use as the payload in a Macho LC_UUID load 31 // command. 32 func uuidFromGoBuildId(buildID string) []byte { 33 if buildID == "" { 34 return make([]byte, 16) 35 } 36 hashedBuildID := hash.Sum32([]byte(buildID)) 37 rv := hashedBuildID[:16] 38 39 // RFC 4122 conformance (see RFC 4122 Sections 4.2.2, 4.1.3). We 40 // want the "version" of this UUID to appear as 'hashed' as opposed 41 // to random or time-based. This is something of a fiction since 42 // we're not actually hashing using MD5 or SHA1, but it seems better 43 // to use this UUID flavor than any of the others. This is similar 44 // to how other linkers handle this (for example this code in lld: 45 // https://github.com/llvm/llvm-project/blob/2a3a79ce4c2149d7787d56f9841b66cacc9061d0/lld/MachO/Writer.cpp#L524). 46 rv[6] &= 0x0f 47 rv[6] |= 0x30 48 rv[8] &= 0x3f 49 rv[8] |= 0xc0 50 51 return rv 52 } 53 54 // machoRewriteUuid copies over the contents of the Macho executable 55 // exef into the output file outexe, and in the process updates the 56 // LC_UUID command to a new value recomputed from the Go build id. 57 func machoRewriteUuid(ctxt *Link, exef *os.File, exem *macho.File, outexe string) error { 58 outf, err := os.OpenFile(outexe, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755) 59 if err != nil { 60 return err 61 } 62 defer outf.Close() 63 64 // Copy over the file. 65 if _, err := io.Copy(outf, exef); err != nil { 66 return err 67 } 68 69 // Locate the portion of the binary containing the load commands. 70 cmdOffset := imacho.FileHeaderSize(exem) 71 if _, err := outf.Seek(cmdOffset, 0); err != nil { 72 return err 73 } 74 75 // Read the load commands, looking for the LC_UUID cmd. If/when we 76 // locate it, overwrite it with a new value produced by 77 // uuidFromGoBuildId. 78 reader := imacho.NewLoadCmdUpdater(outf, exem.ByteOrder, cmdOffset) 79 for i := uint32(0); i < exem.Ncmd; i++ { 80 cmd, err := reader.Next() 81 if err != nil { 82 return err 83 } 84 if cmd.Cmd == imacho.LC_UUID { 85 var u uuidCmd 86 if err := reader.ReadAt(0, &u); err != nil { 87 return err 88 } 89 clear(u.Uuid[:]) 90 copy(u.Uuid[:], buildinfo) 91 if err := reader.WriteAt(0, &u); err != nil { 92 return err 93 } 94 break 95 } 96 } 97 98 // We're done 99 return nil 100 } 101