diff options
| author | Matthias Krüger <476013+matthiaskrgr@users.noreply.github.com> | 2025-09-28 09:15:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-09-28 09:15:22 +0200 |
| commit | 4e9cfc726c885adae6b2f7f06f3d0c2784c3c38c (patch) | |
| tree | 9cc0583caaad5eed337468381b6d58ec7ddef377 /compiler | |
| parent | c7f6aa2869acdbf014d094c6e427e554e160b6db (diff) | |
| parent | 76bb0d1870b0023d6184ee4b714e2cf4ad1d96d4 (diff) | |
| download | rust-4e9cfc726c885adae6b2f7f06f3d0c2784c3c38c.tar.gz rust-4e9cfc726c885adae6b2f7f06f3d0c2784c3c38c.zip | |
Rollup merge of #142139 - erickt:include-hashes, r=Mark-Simulacrum
Include additional hashes in src/stage0 This patch changes `bump-stage0` to include: * The sha256 hash of the channel manifest used to create `src/stage0`. * The rust and rustfmt git commit in `src/stage0`. * Hashes of all the artifacts, like the source tarball, in `src/stage0`. Combined this will allow for: * Projects that bootstrap their own compiler, such as Fuchsia, or users of [bootstrap], to build their compilers offline without needing to communicate with static.rust-lang.org. * Auditors to detect if the channel manifest, and all the artifacts inside the manifest, were modified after it was used to generate `src/stage0`. Furthermore, if they did find modified artifacts, they could determine if the Rust Signing Key was compromised by checking if any modified file was signed properly. finally, it allows regeneration of `src/stage0` when specifying both the day of the build for rust, and the day of the build for rustfmt, which can allow a maintainer to regenerate `src/stage0` to verify nothing changed. [bootstrap]: https://github.com/dtolnay/bootstrap [mrustc]: https://github.com/thepowersgang/mrustc
Diffstat (limited to 'compiler')
0 files changed, 0 insertions, 0 deletions