[lld] [ELF] Change build-id default to sha1. (PR #93943)

Tatsuyuki Ishi via llvm-commits llvm-commits at lists.llvm.org
Fri May 31 02:28:15 PDT 2024 

https://github.com/ishitatsuyuki created https://github.com/llvm/llvm-project/pull/93943

The current default, build-id=fast, is only 8 bytes due to the usage of 64-bit XXH3. This is incompatible with RPM packaging tools which requires >=16 bytes [1].

In Clang the ENABLE_LINKER_BUILD_ID define makes it pass --build-id without a specific hash type. When also defaulting to LLD, this provides a pretty broken default out-of-box.

Using XXH3 was a considerable performance advantage when build-id was first implemented, because sha1 was really sha1 and rather slow. Nowadays sha1 is just 160-bit BLAKE3 which is decently fast and not cryptographically broken, so it should be a good default.

Note that the default remains "fast" for wasm because sha1 for wasm is still real sha1.

Close https://github.com/llvm/llvm-project/issues/43483.

[1]: https://github.com/rpm-software-management/rpm/blob/b7d427728b8ba8734ba47d51849a5736bdd727cd/build/files.c#L1883

>From eeb798515e36a0913a21b1777f6d27aeb03ab8fc Mon Sep 17 00:00:00 2001
From: Tatsuyuki Ishi <ishitatsuyuki at google.com>
Date: Fri, 31 May 2024 18:27:13 +0900
Subject: [PATCH] [ELF] Change build-id default to sha1.

The current default, build-id=fast, is only 8 bytes due to the usage of
64-bit XXH3. This is incompatible with RPM packaging tools which
requires >=16 bytes [1].

In Clang the ENABLE_LINKER_BUILD_ID define makes it pass --build-id
without a specific hash type. When also defaulting to LLD, this provides
a pretty broken default out-of-box.

Using XXH3 was a considerable performance advantage when build-id was
first implemented, because sha1 was really sha1 and rather slow.
Nowadays sha1 is just 160-bit BLAKE3 which is decently fast and not
cryptographically broken, so it should be a good default.

Note that the default remains "fast" for wasm because sha1 for wasm is
still real sha1.

Close https://github.com/llvm/llvm-project/issues/43483.

[1]: https://github.com/rpm-software-management/rpm/blob/b7d427728b8ba8734ba47d51849a5736bdd727cd/build/files.c#L1883
---
 lld/ELF/Options.td | 2 +-
 lld/docs/ld.lld.1  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lld/ELF/Options.td b/lld/ELF/Options.td
index ff61a566f52f7..54c6f51b28f36 100644
--- a/lld/ELF/Options.td
+++ b/lld/ELF/Options.td
@@ -57,7 +57,7 @@ def Bstatic: F<"Bstatic">, HelpText<"Do not link against shared libraries">;
 
 def build_id: J<"build-id=">, HelpText<"Generate build ID note">,
   MetaVarName<"[fast,md5,sha1,uuid,0x<hexstring>]">;
-def : F<"build-id">, Alias<build_id>, AliasArgs<["fast"]>, HelpText<"Alias for --build-id=fast">;
+def : F<"build-id">, Alias<build_id>, AliasArgs<["sha1"]>, HelpText<"Alias for --build-id=sha1">;
 
 defm check_sections: B<"check-sections",
     "Check section addresses for overlaps (default)",
diff --git a/lld/docs/ld.lld.1 b/lld/docs/ld.lld.1
index da3b926d02a28..6121ebc924ad4 100644
--- a/lld/docs/ld.lld.1
+++ b/lld/docs/ld.lld.1
@@ -119,7 +119,7 @@ are calculated from the object contents.
 is not intended to be cryptographically secure.
 .It Fl -build-id
 Synonym for
-.Fl -build-id Ns = Ns Cm fast .
+.Fl -build-id Ns = Ns Cm sha1 .
 .It Fl -call-graph-profile-sort Ns = Ns Ar algorithm
 .Ar algorithm
 may be:

More information about the llvm-commits mailing list