diff options
| author | Erick Tryzelaar <etryzelaar@google.com> | 2025-06-07 03:24:35 +0000 |
|---|---|---|
| committer | Mark Rousskov <mark.simulacrum@gmail.com> | 2025-09-27 08:43:22 -0400 |
| commit | d42acf522ff234e187aef2de8c6903bc94efe444 (patch) | |
| tree | ac7047be0a5cf646cfc41961c7e8f7f8931d1478 /Cargo.lock | |
| parent | ade84871f718ea20a6460d28e82290353b4bf3d2 (diff) | |
| download | rust-d42acf522ff234e187aef2de8c6903bc94efe444.tar.gz rust-d42acf522ff234e187aef2de8c6903bc94efe444.zip | |
Include additional hashes in src/stage0
This patch changes `bump-stage0` to include: * The sha256 hash of the channel manifest used to create `src/stage0`. * The rust and rustfmt git commit in `src/stage0`. * Hashes of all the artifacts, like the source tarball, in `src/stage0`. Combined this will allow for: * Projects that bootstrap their own compiler, such as Fuchsia, or users of [bootstrap], to build their compilers offline without needing to communicate with static.rust-lang.org. * Auditors to detect if the channel manifest, and all the artifacts inside the manifest, were modified after it was used to generate `src/stage0`. Furthermore, if they did find modified artifacts, they could determine if the Rust Signing Key was compromised by checking if any modified file was signed properly. Finally, it allows regeneration of `src/stage0` when specifying both the day of the build for rust, and the day of the build for rustfmt, which can allow a maintainer to regenerate `src/stage0` to verify nothing changed. [bootstrap]: https://github.com/dtolnay/bootstrap [mrustc]: https://github.com/thepowersgang/mrustc
Diffstat (limited to 'Cargo.lock')
| -rw-r--r-- | Cargo.lock | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Cargo.lock b/Cargo.lock index 3d4a1bf6a78..715d580e051 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -334,8 +334,10 @@ dependencies = [ "anyhow", "build_helper", "curl", + "hex", "indexmap", "serde", + "sha2", "toml 0.8.23", ] |