Checksum mismatch from static files hosted at download.docker.com #47495
-
|
Last week I downloaded docker-25.0.3.tgz from https://download.docker.com/linux/static/stable/x86_64/ and computed the sha256 checksum: Today, I downloaded the same file from the same url, and the checksum had changed: I noticed that the docker-25.0.3.tgz file was modified on 2024-02-27, however the release for 25.0.3 was on 2024-02-06 (https://github.com/moby/moby/releases/tag/v25.0.3). I have a few questions:
Essentially I'm just looking for a way to verify the provenance of files downloaded from download.docker.com. |
Beta Was this translation helpful? Give feedback.
Answered by
neersighted
Mar 2, 2024
Replies: 2 comments 2 replies
-
|
I'm not involved in the release/build process (to be clear), but I was very curious (and would also love checksums for those artifacts 😄). My best guess is that this was a harmless rebuild, but a little paranoia in things like this is not un-warranted IMO. 🙈 I happened to have an older copy of the tarball that matches the checksum you've shown, so I downloaded the new one so I could diff them: $ sha256sum before.tgz after.tgz
df4068cf8228abfb7cf349ce0b2b943f8ed00ad5b523626431777e25efd3277a before.tgz
fa56a890c16ca83715d7e62b351ff0528fcb92f70100129caf6382a8945b95fb after.tgzDiff:$ docker run -it --rm --mount type=bind,src="$PWD/before.tgz",dst=/before.tgz,ro --mount type=bind,src="$PWD/after.tgz",dst=/after.tgz,ro tianon/diffoscope diffoscope /before.tgz /after.tgz
--- /before.tgz
+++ /after.tgz
│ --- before.tgz-content
├── +++ after.tgz-content
│ ├── file list
│ │ @@ -1,9 +1,9 @@
│ │ -drwxrwxr-x 0 ubuntu (1000) ubuntu (1000) 0 2024-02-06 21:13:43.000000 docker/
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 12390400 2024-02-06 21:13:43.000000 docker/containerd-shim-runc-v2
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 35640968 2024-02-06 21:13:43.000000 docker/docker
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 708448 2024-02-06 21:13:43.000000 docker/docker-init
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 15271456 2024-02-06 21:13:43.000000 docker/runc
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 1979942 2024-02-06 21:13:43.000000 docker/docker-proxy
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 39059456 2024-02-06 21:13:43.000000 docker/containerd
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 19247104 2024-02-06 21:13:43.000000 docker/ctr
│ │ --rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 67754600 2024-02-06 21:13:43.000000 docker/dockerd
│ │ +drwxrwxr-x 0 ubuntu (1000) ubuntu (1000) 0 2024-02-23 02:40:28.000000 docker/
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 708448 2024-02-23 02:40:28.000000 docker/docker-init
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 1979942 2024-02-23 02:40:28.000000 docker/docker-proxy
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 35640968 2024-02-23 02:40:28.000000 docker/docker
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 12390400 2024-02-23 02:40:28.000000 docker/containerd-shim-runc-v2
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 15271456 2024-02-23 02:40:28.000000 docker/runc
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 19247104 2024-02-23 02:40:28.000000 docker/ctr
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 67754600 2024-02-23 02:40:28.000000 docker/dockerd
│ │ +-rwxr-xr-x 0 ubuntu (1000) ubuntu (1000) 39059456 2024-02-23 02:40:28.000000 docker/containerd
│ ├── docker/docker
│ │ ├── readelf --wide --notes {}
│ │ │ @@ -1,8 +1,8 @@
│ │ │
│ │ │ Displaying notes found in: .note.go.buildid
│ │ │ Owner Data size Description
│ │ │ - Go 0x00000053 Unknown note type: (0x00000004) description data: 54 4e 6d 56 45 5a 44 79 37 75 6a 37 38 4a 4a 4a 56 44 34 61 2f 33 51 4c 36 6c 70 47 34 41 4a 2d 64 73 7a 47 49 33 49 51 4a 2f 53 33 5a 43 31 6d 36 7a 42 44 79 4c 57 70 2d 4b 2d 48 41 46 2f 4a 77 41 54 4d 33 72 6f 63 66 63 4d 47 7a 51 62 78 46 46 36
│ │ │ + Go 0x00000053 Unknown note type: (0x00000004) description data: 2d 6c 70 68 57 6d 64 4c 35 38 64 70 72 56 76 36 79 54 47 36 2f 65 57 50 62 41 6c 62 37 78 32 33 6a 71 37 77 4d 65 73 6c 67 2f 53 33 5a 43 31 6d 36 7a 42 44 79 4c 57 70 2d 4b 2d 48 41 46 2f 77 62 4d 62 71 64 5a 41 56 72 53 52 7a 5a 38 57 65 4e 74 6b
│ │ │
│ │ │ Displaying notes found in: .note.gnu.build-id
│ │ │ Owner Data size Description
│ │ │ - GNU 0x00000008 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: b5b4bcbed9b21d3e
│ │ │ + GNU 0x00000008 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 124ba9999a05c18c
│ │ ├── strings --all --bytes=8 {}
│ │ │ @@ -1,8 +1,8 @@
│ │ │ -TNmVEZDy7uj78JJJVD4a/3QL6lpG4AJ-dszGI3IQJ/S3ZC1m6zBDyLWp-K-HAF/JwATM3rocfcMGzQbxFF6
│ │ │ +-lphWmdL58dprVv6yTG6/eWPbAlb7x23jq7wMeslg/S3ZC1m6zBDyLWp-K-HAF/wbMbqdZAVrSRzZ8WeNtk
│ │ │ /0|h`wq^puoY: |0|1 (%s%q
│ │ │ __; --, gteqi))(tvrRuUeEaAlLsS01bBoOxX+-nNiIfFpP25\a\f\n\r\t[]%X+1%f%dip0xup??53]:->._./
│ │ │ [("")) )
│ │ │ @s Pn=][}
│ │ │ +000sTZnsusmsLlLtLuMnCcCfCoCsLmLoMcMeNdNlNoPcPdPePfPiPoPsScSkSmSoZlZpZsYi])..{}": %vid/vrm.:)?)*v1v2 '%%jsorgeleltne""V7 ,h2te80%T">OK%x}}NSMXIDpstonocaos1012Os"
│ │ │ \E:]/i\d\D\s\S\w\Wiv-l-p<>kBMBGBTBPBEBZBYB0b0X0ozZ{{*/if\\\"To?=A4V1V6V2V3V5A3IOxz-d-c-q/.v8v7v6V0,
│ │ │ `!!<<onOnONNO=#OUCNST.*&;* goOk
│ │ │ @@ -9076,21 +9076,21 @@
│ │ │ @@@@@@@@@@@@@@@@
│ │ │
│ │ │ @@@@@@@@@@@@@@@@a
│ │ │ go1.21.6
│ │ │ panicnil=1
│ │ │ /usr/local/go
│ │ │ call frame too large
│ │ │ -2024-02-06T21:13:00Z
│ │ │ +2024-02-23T02:37:27Z
│ │ │ expand 32-byte kexpand 32-byte k
│ │ │ (*+,-./0123<FGPVZdmnopqrstx
│ │ │ path github.com/docker/cli/cmd/docker
│ │ │ build -buildmode=pie
│ │ │ build -compiler=gc
│ │ │ -build -ldflags=" -X \"github.com/docker/cli/cli/version.GitCommit=4debf41\" -X \"github.com/docker/cli/cli/version.BuildTime=2024-02-06T21:13:00Z\" -X \"github.com/docker/cli/cli/version.Version=25.0.3\" -extldflags -static"
│ │ │ +build -ldflags=" -X \"github.com/docker/cli/cli/version.GitCommit=4debf41\" -X \"github.com/docker/cli/cli/version.BuildTime=2024-02-23T02:37:27Z\" -X \"github.com/docker/cli/cli/version.Version=25.0.3\" -extldflags -static"
│ │ │ build -tags=osusergo,pkcs11
│ │ │ build DefaultGODEBUG=panicnil=1
│ │ │ build CGO_ENABLED=1
│ │ │ build CGO_CFLAGS=
│ │ │ build CGO_CPPFLAGS=
│ │ │ build CGO_CXXFLAGS=
│ │ │ build CGO_LDFLAGS=
│ │ │ @@ -65559,15 +65559,15 @@
│ │ │ 423}6%5b8%7
│ │ │ =L@%?ZB%A
│ │ │ Go buildinf:
│ │ │ go1.21.6
│ │ │ path github.com/docker/cli/cmd/docker
│ │ │ build -buildmode=pie
│ │ │ build -compiler=gc
│ │ │ -build -ldflags=" -X \"github.com/docker/cli/cli/version.GitCommit=4debf41\" -X \"github.com/docker/cli/cli/version.BuildTime=2024-02-06T21:13:00Z\" -X \"github.com/docker/cli/cli/version.Version=25.0.3\" -extldflags -static"
│ │ │ +build -ldflags=" -X \"github.com/docker/cli/cli/version.GitCommit=4debf41\" -X \"github.com/docker/cli/cli/version.BuildTime=2024-02-23T02:37:27Z\" -X \"github.com/docker/cli/cli/version.Version=25.0.3\" -extldflags -static"
│ │ │ build -tags=osusergo,pkcs11
│ │ │ build DefaultGODEBUG=panicnil=1
│ │ │ build CGO_ENABLED=1
│ │ │ build CGO_CFLAGS=
│ │ │ build CGO_CPPFLAGS=
│ │ │ build CGO_CXXFLAGS=
│ │ │ build CGO_LDFLAGS=
│ │ ├── readelf --wide --decompress --string-dump=.rodata {}
│ │ │ @@ -98542,15 +98542,15 @@
│ │ │ [1d4570] panicnil=1
│ │ │ [1d4580] /usr/local/go
│ │ │ [1d4591] +DT^A
│ │ │ [1d45a3] u^A
│ │ │ [1d45b0] A^Fq�^A
│ │ │ [1d45b8] A^V^A�^A
│ │ │ [1d4600] call frame too large
│ │ │ - [1d4620] 2024-02-06T21:13:00Z
│ │ │ + [1d4620] 2024-02-23T02:37:27Z
│ │ │ [1d4720] expand 32-byte kexpand 32-byte k^B^C
│ │ │ [1d47e0] Q%c����^W������������
│ │ │ [1d4826] (*+,-./0123<FGPVZdmnopqrstx
│ │ │ [1d490c] /
│ │ │ [1d490e] 5
│ │ │ [1d4922] /�+�0�,�
│ │ │ [1d492b] V<
│ │ │ @@ -98657,15 +98657,15 @@
│ │ │ [1d6b48] =
│ │ │ [1d6b50] >
│ │ │ [1d6b58] ?
│ │ │ [1d6b60] @
│ │ │ [1d6d80] 0w�^L�t^H^BA��^G��^X�path^Igithub.com/docker/cli/cmd/docker\n
│ │ │ build^I-buildmode=pie\n
│ │ │ build^I-compiler=gc\n
│ │ │ - build^I-ldflags=" -X \"github.com/docker/cli/cli/version.GitCommit=4debf41\" -X \"github.com/docker/cli/cli/version.BuildTime=2024-02-06T21:13:00Z\" -X \"github.com/docker/cli/cli/version.Version=25.0.3\" -extldflags -static"\n
│ │ │ + build^I-ldflags=" -X \"github.com/docker/cli/cli/version.GitCommit=4debf41\" -X \"github.com/docker/cli/cli/version.BuildTime=2024-02-23T02:37:27Z\" -X \"github.com/docker/cli/cli/version.Version=25.0.3\" -extldflags -static"\n
│ │ │ build^I-tags=osusergo,pkcs11\n
│ │ │ build^IDefaultGODEBUG=panicnil=1\n
│ │ │ build^ICGO_ENABLED=1\n
│ │ │ build^ICGO_CFLAGS=\n
│ │ │ build^ICGO_CPPFLAGS=\n
│ │ │ build^ICGO_CXXFLAGS=\n
│ │ │ build^ICGO_LDFLAGS=\n
│ │ ├── readelf --wide --decompress --hex-dump=.go.buildinfo {}
│ │ │ @@ -12,16 +12,16 @@
│ │ │ 0x018a0eb0 6c64666c 6167733d 22202d58 205c2267 ldflags=" -X \"g
│ │ │ 0x018a0ec0 69746875 622e636f 6d2f646f 636b6572 ithub.com/docker
│ │ │ 0x018a0ed0 2f636c69 2f636c69 2f766572 73696f6e /cli/cli/version
│ │ │ 0x018a0ee0 2e476974 436f6d6d 69743d34 64656266 .GitCommit=4debf
│ │ │ 0x018a0ef0 34315c22 202d5820 5c226769 74687562 41\" -X \"github
│ │ │ 0x018a0f00 2e636f6d 2f646f63 6b65722f 636c692f .com/docker/cli/
│ │ │ 0x018a0f10 636c692f 76657273 696f6e2e 4275696c cli/version.Buil
│ │ │ - 0x018a0f20 6454696d 653d3230 32342d30 322d3036 dTime=2024-02-06
│ │ │ - 0x018a0f30 5432313a 31333a30 305a5c22 202d5820 T21:13:00Z\" -X
│ │ │ + 0x018a0f20 6454696d 653d3230 32342d30 322d3233 dTime=2024-02-23
│ │ │ + 0x018a0f30 5430323a 33373a32 375a5c22 202d5820 T02:37:27Z\" -X
│ │ │ 0x018a0f40 5c226769 74687562 2e636f6d 2f646f63 \"github.com/doc
│ │ │ 0x018a0f50 6b65722f 636c692f 636c692f 76657273 ker/cli/cli/vers
│ │ │ 0x018a0f60 696f6e2e 56657273 696f6e3d 32352e30 ion.Version=25.0
│ │ │ 0x018a0f70 2e335c22 202d6578 746c6466 6c616773 .3\" -extldflags
│ │ │ 0x018a0f80 202d7374 61746963 220a6275 696c6409 -static".build.
│ │ │ 0x018a0f90 2d746167 733d6f73 75736572 676f2c70 -tags=osusergo,p
│ │ │ 0x018a0fa0 6b637331 310a6275 696c6409 44656661 kcs11.build.Defa
│ ├── docker/docker-proxy
│ │ ├── readelf --wide --notes {}
│ │ │ @@ -1,4 +1,4 @@
│ │ │
│ │ │ Displaying notes found in: .note.go.buildid
│ │ │ Owner Data size Description
│ │ │ - Go 0x00000053 Unknown note type: (0x00000004) description data: 32 64 70 35 52 7a 65 55 69 38 77 73 41 6b 55 6c 6d 48 6f 6e 2f 4a 4b 4b 64 54 79 4c 4a 37 78 53 73 76 52 64 42 50 61 44 47 2f 57 4c 6a 6a 43 64 33 64 63 4f 68 65 6e 69 72 34 75 6b 34 2d 2f 54 79 43 6e 59 47 50 41 75 5a 38 59 39 79 6c 4d 64 43 46 4d
│ │ │ + Go 0x00000053 Unknown note type: (0x00000004) description data: 75 7a 53 71 65 36 43 4d 42 71 67 37 68 78 57 58 31 64 30 33 2f 64 35 41 59 66 57 44 6c 56 78 64 2d 63 6f 52 32 36 32 45 62 2f 57 4c 6a 6a 43 64 33 64 63 4f 68 65 6e 69 72 34 75 6b 34 2d 2f 6a 50 5f 38 69 50 4f 57 46 42 43 52 77 49 70 5f 35 44 37 61
│ │ ├── strings --all --bytes=8 {}
│ │ │ @@ -1,8 +1,8 @@
│ │ │ -2dp5RzeUi8wsAkUlmHon/JKKdTyLJ7xSsvRdBPaDG/WLjjCd3dcOhenir4uk4-/TyCnYGPAuZ8Y9ylMdCFM
│ │ │ +uzSqe6CMBqg7hxWX1d03/d5AYfWDlVxd-coR262Eb/WLjjCd3dcOhenir4uk4-/jP_8iPOWFBCRwIp_5D7a
│ │ │ l$ M9,$u
│ │ │ UUUUUUUUH!
│ │ │ 33333333H!
│ │ │ D$pH9P@w
│ │ │ debugCal
│ │ │ debugCal
│ │ │ debugCalH9
│ │ │ @@ -1718,15 +1718,15 @@
│ │ │ mod github.com/docker/docker (devel)
│ │ │ dep github.com/containerd/log v0.1.0
│ │ │ dep github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2
│ │ │ dep github.com/sirupsen/logrus v1.9.3
│ │ │ dep golang.org/x/sys v0.16.0
│ │ │ build -buildmode=exe
│ │ │ build -compiler=gc
│ │ │ -build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-06T21:13:08.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ +build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-23T02:38:33.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ build -tags=netgo,osusergo,static_build,journald
│ │ │ build DefaultGODEBUG=panicnil=1
│ │ │ build CGO_ENABLED=0
│ │ │ build GOARCH=amd64
│ │ │ build GOOS=linux
│ │ │ build GOAMD64=v1
│ │ │ .noptrdata
│ │ │ @@ -5398,15 +5398,15 @@
│ │ │ mod github.com/docker/docker (devel)
│ │ │ dep github.com/containerd/log v0.1.0
│ │ │ dep github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2
│ │ │ dep github.com/sirupsen/logrus v1.9.3
│ │ │ dep golang.org/x/sys v0.16.0
│ │ │ build -buildmode=exe
│ │ │ build -compiler=gc
│ │ │ -build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-06T21:13:08.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ +build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-23T02:38:33.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ build -tags=netgo,osusergo,static_build,journald
│ │ │ build DefaultGODEBUG=panicnil=1
│ │ │ build CGO_ENABLED=0
│ │ │ build GOARCH=amd64
│ │ │ build GOOS=linux
│ │ │ build GOAMD64=v1
│ │ │ /dev/urandom
│ │ ├── readelf --wide --decompress --hex-dump=.rodata {}
│ │ │ @@ -22740,16 +22740,16 @@
│ │ │ 0x00520d10 5c226769 74687562 2e636f6d 2f646f63 \"github.com/doc
│ │ │ 0x00520d20 6b65722f 646f636b 65722f64 6f636b65 ker/docker/docke
│ │ │ 0x00520d30 72766572 73696f6e 2e476974 436f6d6d rversion.GitComm
│ │ │ 0x00520d40 69743d66 34313734 33355c22 202d5820 it=f417435\" -X
│ │ │ 0x00520d50 5c226769 74687562 2e636f6d 2f646f63 \"github.com/doc
│ │ │ 0x00520d60 6b65722f 646f636b 65722f64 6f636b65 ker/docker/docke
│ │ │ 0x00520d70 72766572 73696f6e 2e427569 6c645469 rversion.BuildTi
│ │ │ - 0x00520d80 6d653d32 3032342d 30322d30 36543231 me=2024-02-06T21
│ │ │ - 0x00520d90 3a31333a 30382e30 30303030 30303030 :13:08.000000000
│ │ │ + 0x00520d80 6d653d32 3032342d 30322d32 33543032 me=2024-02-23T02
│ │ │ + 0x00520d90 3a33383a 33332e30 30303030 30303030 :38:33.000000000
│ │ │ 0x00520da0 2b30303a 30305c22 202d5820 5c226769 +00:00\" -X \"gi
│ │ │ 0x00520db0 74687562 2e636f6d 2f646f63 6b65722f thub.com/docker/
│ │ │ 0x00520dc0 646f636b 65722f64 6f636b65 72766572 docker/dockerver
│ │ │ 0x00520dd0 73696f6e 2e506c61 74666f72 6d4e616d sion.PlatformNam
│ │ │ 0x00520de0 653d446f 636b6572 20456e67 696e6520 e=Docker Engine
│ │ │ 0x00520df0 2d20436f 6d6d756e 6974795c 22202d58 - Community\" -X
│ │ │ 0x00520e00 205c2267 69746875 622e636f 6d2f646f \"github.com/do
│ │ ├── readelf --wide --decompress --hex-dump=.go.buildinfo {}
│ │ │ @@ -31,16 +31,16 @@
│ │ │ 0x005b51c0 6875622e 636f6d2f 646f636b 65722f64 hub.com/docker/d
│ │ │ 0x005b51d0 6f636b65 722f646f 636b6572 76657273 ocker/dockervers
│ │ │ 0x005b51e0 696f6e2e 47697443 6f6d6d69 743d6634 ion.GitCommit=f4
│ │ │ 0x005b51f0 31373433 355c2220 2d58205c 22676974 17435\" -X \"git
│ │ │ 0x005b5200 6875622e 636f6d2f 646f636b 65722f64 hub.com/docker/d
│ │ │ 0x005b5210 6f636b65 722f646f 636b6572 76657273 ocker/dockervers
│ │ │ 0x005b5220 696f6e2e 4275696c 6454696d 653d3230 ion.BuildTime=20
│ │ │ - 0x005b5230 32342d30 322d3036 5432313a 31333a30 24-02-06T21:13:0
│ │ │ - 0x005b5240 382e3030 30303030 3030302b 30303a30 8.000000000+00:0
│ │ │ + 0x005b5230 32342d30 322d3233 5430323a 33383a33 24-02-23T02:38:3
│ │ │ + 0x005b5240 332e3030 30303030 3030302b 30303a30 3.000000000+00:0
│ │ │ 0x005b5250 305c2220 2d58205c 22676974 6875622e 0\" -X \"github.
│ │ │ 0x005b5260 636f6d2f 646f636b 65722f64 6f636b65 com/docker/docke
│ │ │ 0x005b5270 722f646f 636b6572 76657273 696f6e2e r/dockerversion.
│ │ │ 0x005b5280 506c6174 666f726d 4e616d65 3d446f63 PlatformName=Doc
│ │ │ 0x005b5290 6b657220 456e6769 6e65202d 20436f6d ker Engine - Com
│ │ │ 0x005b52a0 6d756e69 74795c22 202d5820 5c226769 munity\" -X \"gi
│ │ │ 0x005b52b0 74687562 2e636f6d 2f646f63 6b65722f thub.com/docker/
│ ├── docker/dockerd
│ │ ├── readelf --wide --notes {}
│ │ │ @@ -1,12 +1,12 @@
│ │ │
│ │ │ Displaying notes found in: .note.ABI-tag
│ │ │ Owner Data size Description
│ │ │ GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag) OS: Linux, ABI: 3.2.0
│ │ │
│ │ │ Displaying notes found in: .note.go.buildid
│ │ │ Owner Data size Description
│ │ │ - Go 0x00000053 Unknown note type: (0x00000004) description data: 39 32 34 68 4e 6c 57 7a 79 6d 73 75 73 32 39 47 38 38 4c 42 2f 69 4d 62 57 46 37 50 43 6b 74 6e 53 6b 45 51 5a 34 64 4e 4d 2f 48 62 54 33 72 69 38 47 64 42 58 4c 57 43 61 48 50 37 35 6c 2f 61 42 74 4b 4a 5a 55 4a 4e 55 5a 65 36 79 73 36 5a 6a 79 70
│ │ │ + Go 0x00000053 Unknown note type: (0x00000004) description data: 35 70 68 4c 33 74 30 78 59 37 5f 58 58 51 5a 71 61 78 35 4e 2f 6d 33 39 77 58 47 4f 33 4f 64 53 54 50 54 55 63 76 31 45 6d 2f 48 62 54 33 72 69 38 47 64 42 58 4c 57 43 61 48 50 37 35 6c 2f 67 48 66 50 6c 68 31 4d 54 30 31 47 6f 75 67 34 78 44 44 36
│ │ │
│ │ │ Displaying notes found in: .note.gnu.build-id
│ │ │ Owner Data size Description
│ │ │ - GNU 0x00000008 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 958db1cb38c20d5a
│ │ │ + GNU 0x00000008 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: a1090e07e4d2f7dc
│ │ ├── strings --all --bytes=8 {}
│ │ │ @@ -1,8 +1,8 @@
│ │ │ -924hNlWzymsus29G88LB/iMbWF7PCktnSkEQZ4dNM/HbT3ri8GdBXLWCaHP75l/aBtKJZUJNUZe6ys6Zjyp
│ │ │ +5phL3t0xY7_XXQZqax5N/m39wXGO3OdSTPTUcv1Em/HbT3ri8GdBXLWCaHP75l/gHfPlh1MT01Goug4xDD6
│ │ │ regexp 0
│ │ │ Update`,7
│ │ │ Offset`X6
│ │ │ Inject@0
│ │ │ Assign p
│ │ │ Noctty@1
│ │ │ config`IF
│ │ │ @@ -50265,15 +50265,15 @@
│ │ │ /usr/local/go
│ │ │ Community Engine
│ │ │ call frame too large
│ │ │ Docker Engine - Community
│ │ │ expand 32-byte kexpand 32-byte k
│ │ │ expand 32-byte kexpand 32-byte k
│ │ │ (*+,-./0123<FGPVZdmnopqrstx
│ │ │ -2024-02-06T21:13:08.000000000+00:00
│ │ │ +2024-02-23T02:38:33.000000000+00:00
│ │ │ path github.com/docker/docker/cmd/dockerd
│ │ │ mod github.com/docker/docker (devel)
│ │ │ dep cloud.google.com/go/compute/metadata v0.2.3
│ │ │ dep cloud.google.com/go/logging v1.7.0
│ │ │ dep cloud.google.com/go/longrunning v0.5.1
│ │ │ dep code.cloudfoundry.org/clock v1.1.0
│ │ │ dep dario.cat/mergo v1.0.0
│ │ │ @@ -50461,15 +50461,15 @@
│ │ │ dep k8s.io/klog/v2 v2.90.1
│ │ │ dep resenje.org/singleflight v0.4.1
│ │ │ dep sigs.k8s.io/yaml v1.3.0
│ │ │ dep tags.cncf.io/container-device-interface v0.6.2
│ │ │ dep tags.cncf.io/container-device-interface/specs-go v0.6.0
│ │ │ build -buildmode=exe
│ │ │ build -compiler=gc
│ │ │ -build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-06T21:13:08.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ +build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-23T02:38:33.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ build -tags=netgo,osusergo,static_build,journald
│ │ │ build DefaultGODEBUG=panicnil=1
│ │ │ build CGO_ENABLED=1
│ │ │ build CGO_CFLAGS=
│ │ │ build CGO_CPPFLAGS=
│ │ │ build CGO_CXXFLAGS=
│ │ │ build CGO_LDFLAGS=
│ │ │ @@ -147563,15 +147563,15 @@
│ │ │ dep k8s.io/klog/v2 v2.90.1
│ │ │ dep resenje.org/singleflight v0.4.1
│ │ │ dep sigs.k8s.io/yaml v1.3.0
│ │ │ dep tags.cncf.io/container-device-interface v0.6.2
│ │ │ dep tags.cncf.io/container-device-interface/specs-go v0.6.0
│ │ │ build -buildmode=exe
│ │ │ build -compiler=gc
│ │ │ -build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-06T21:13:08.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ +build -ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-23T02:38:33.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "
│ │ │ build -tags=netgo,osusergo,static_build,journald
│ │ │ build DefaultGODEBUG=panicnil=1
│ │ │ build CGO_ENABLED=1
│ │ │ build CGO_CFLAGS=
│ │ │ build CGO_CPPFLAGS=
│ │ │ build CGO_CXXFLAGS=
│ │ │ build CGO_LDFLAGS=
│ │ ├── readelf --wide --decompress --string-dump=.rodata {}
│ │ │ @@ -644045,15 +644045,15 @@
│ │ │ [a77fd1] ~1�
│ │ │ [a77fd8] `�`^C
│ │ │ [a77fe0] `�K
│ │ │ [a77fea] D
│ │ │ [a77ff2] {�
│ │ │ [a77ff8] `|`^C
│ │ │ [a78006] (*+,-./0123<FGPVZdmnopqrstx
│ │ │ - [a78040] 2024-02-06T21:13:08.000000000+00:00
│ │ │ + [a78040] 2024-02-23T02:38:33.000000000+00:00
│ │ │ [a78092] O
│ │ │ [a78099] KH
│ │ │ [a780a2] ,t
│ │ │ [a780a9] 2�^A
│ │ │ [a780b1] 2�^A
│ │ │ [a780ba] O
│ │ │ [a780c2] ]
│ │ │ @@ -672434,15 +672434,15 @@
│ │ │ dep^Ik8s.io/klog/v2^Iv2.90.1^I\n
│ │ │ dep^Iresenje.org/singleflight^Iv0.4.1^I\n
│ │ │ dep^Isigs.k8s.io/yaml^Iv1.3.0^I\n
│ │ │ dep^Itags.cncf.io/container-device-interface^Iv0.6.2^I\n
│ │ │ dep^Itags.cncf.io/container-device-interface/specs-go^Iv0.6.0^I\n
│ │ │ build^I-buildmode=exe\n
│ │ │ build^I-compiler=gc\n
│ │ │ - build^I-ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-06T21:13:08.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "\n
│ │ │ + build^I-ldflags="-w -X \"github.com/docker/docker/dockerversion.Version=25.0.3\" -X \"github.com/docker/docker/dockerversion.GitCommit=f417435\" -X \"github.com/docker/docker/dockerversion.BuildTime=2024-02-23T02:38:33.000000000+00:00\" -X \"github.com/docker/docker/dockerversion.PlatformName=Docker Engine - Community\" -X \"github.com/docker/docker/dockerversion.ProductName=\" -X \"github.com/docker/docker/dockerversion.DefaultProductLicense=Community Engine\" -extldflags -static "\n
│ │ │ build^I-tags=netgo,osusergo,static_build,journald\n
│ │ │ build^IDefaultGODEBUG=panicnil=1\n
│ │ │ build^ICGO_ENABLED=1\n
│ │ │ build^ICGO_CFLAGS=\n
│ │ │ build^ICGO_CPPFLAGS=\n
│ │ │ build^ICGO_CXXFLAGS=\n
│ │ │ build^ICGO_LDFLAGS=\n
│ │ ├── readelf --wide --decompress --hex-dump=.go.buildinfo {}
│ │ │ @@ -586,16 +586,16 @@
│ │ │ 0x03a3d800 67697468 75622e63 6f6d2f64 6f636b65 github.com/docke
│ │ │ 0x03a3d810 722f646f 636b6572 2f646f63 6b657276 r/docker/dockerv
│ │ │ 0x03a3d820 65727369 6f6e2e47 6974436f 6d6d6974 ersion.GitCommit
│ │ │ 0x03a3d830 3d663431 37343335 5c22202d 58205c22 =f417435\" -X \"
│ │ │ 0x03a3d840 67697468 75622e63 6f6d2f64 6f636b65 github.com/docke
│ │ │ 0x03a3d850 722f646f 636b6572 2f646f63 6b657276 r/docker/dockerv
│ │ │ 0x03a3d860 65727369 6f6e2e42 75696c64 54696d65 ersion.BuildTime
│ │ │ - 0x03a3d870 3d323032 342d3032 2d303654 32313a31 =2024-02-06T21:1
│ │ │ - 0x03a3d880 333a3038 2e303030 30303030 30302b30 3:08.000000000+0
│ │ │ + 0x03a3d870 3d323032 342d3032 2d323354 30323a33 =2024-02-23T02:3
│ │ │ + 0x03a3d880 383a3333 2e303030 30303030 30302b30 8:33.000000000+0
│ │ │ 0x03a3d890 303a3030 5c22202d 58205c22 67697468 0:00\" -X \"gith
│ │ │ 0x03a3d8a0 75622e63 6f6d2f64 6f636b65 722f646f ub.com/docker/do
│ │ │ 0x03a3d8b0 636b6572 2f646f63 6b657276 65727369 cker/dockerversi
│ │ │ 0x03a3d8c0 6f6e2e50 6c617466 6f726d4e 616d653d on.PlatformName=
│ │ │ 0x03a3d8d0 446f636b 65722045 6e67696e 65202d20 Docker Engine -
│ │ │ 0x03a3d8e0 436f6d6d 756e6974 795c2220 2d58205c Community\" -X \
│ │ │ 0x03a3d8f0 22676974 6875622e 636f6d2f 646f636b "github.com/dock(all of that looks pretty harmless to me -- only really different because it was rebuilt and has a newer build timestamp now) |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you for digging into this and providing reassurance! 😅 I appreciate your time! I hadn't seen diffoscope before - it looks super handy. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, thanks for asking! I can verify that both checksums represent official builds performed by Docker Inc. We uploaded some additional packages during this patch cycle after the first build, and I overlooked the fact that we do not ensure that we avoid clobbering any of the static binary files when performing a re-upload. I assume that my predecessors thought that unnecessary as there is no index file in the repository that represents those files -- however, clearly (and quite reasonably) that is a silly assumption, as consumers of those files may very well want to verify them. For now, you should not see any repeats of this incident, both as backfilling new packages is very rare (and only when a new platform needs to be enabled early), and because I am teaching the pipeline to avoid replacing static binary archives as well. I also have added an item to the internal backlog for public checksums -- it would be nice to have a GPG-signed (or another signing mechanism, such as minisign) checksum file for each and every static binary archive (or at the very least, going forward on new additions to the archive). No promises as to timing, but we're currently reviewing improvements to download.docker.com and this fits right in. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks for the background information! I'll keep an eye out for checksum files in the future, exciting stuff! |
Beta Was this translation helpful? Give feedback.
Answer selected by
mhazegh
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, thanks for asking!
I can verify that both checksums represent official builds performed by Docker Inc. We uploaded some additional packages during this patch cycle after the first build, and I overlooked the fact that we do not ensure that we avoid clobbering any of the static binary files when performing a re-upload.
I assume that my predecessors thought that unnecessary as there is no index file in the repository that represents those files -- however, clearly (and quite reasonably) that is a silly assumption, as consumers of those files may very well want to verify them.
For now, you should not see any repeats of this incident, both as backfilling new packages is very rare (and onl…