Skip to content

Commit 1533fb6

Browse files
simongdaviesCopilot
andcommitted
fix(code-validator): embed analysis runtime from OUT_DIR to keep hash in sync
The host build script recorded ANALYSIS_RUNTIME_SHA256 from the runtime binary it built, but embedded the bytes via include_bytes! pointed at the live build-target binary. include_bytes! is expanded by rustc at host-crate compile time, after build.rs runs. When the runtime binary was rebuilt between the hash being recorded and a later host relink (e.g. the extra clippy + build cycle in the Lint & Test CI job, where the guest is built three times), the embedded bytes and the recorded hash desynced, causing the load-time integrity check to fail (Expected <a>, got <b>). Stage the runtime bytes into OUT_DIR and embed that copy. The staged file is written in lock-step with the hash and is only ever touched by this build script, so the embedded bytes and integrity hash can never diverge. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>
1 parent 1e17809 commit 1533fb6

1 file changed

Lines changed: 17 additions & 2 deletions

File tree

src/code-validator/guest/host/build.rs

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -174,9 +174,24 @@ fn bundle_runtime() {
174174
let hash_hex = hex::encode(hash);
175175

176176
let out_dir = env::var_os("OUT_DIR").unwrap();
177-
let dest_path = Path::new(&out_dir).join("host_resource.rs");
177+
let out_dir = Path::new(&out_dir);
178+
179+
// Stage the runtime binary into OUT_DIR and embed that copy rather than the
180+
// live build-target binary. `include_bytes!` is expanded by rustc when the
181+
// host crate is compiled, which happens after this build script runs. If we
182+
// pointed `include_bytes!` at the mutable target-dir binary, a later rebuild
183+
// of the runtime (e.g. by clippy or a subsequent `cargo build` that does not
184+
// re-trigger this script) could change those bytes while the recorded
185+
// ANALYSIS_RUNTIME_SHA256 stays stale, producing a `.node` whose embedded
186+
// bytes and integrity hash disagree. The OUT_DIR copy is written here, in
187+
// lock-step with the hash, and is only ever touched by this build script, so
188+
// the embedded bytes and hash can never desync.
189+
let embedded_path = out_dir.join("analysis-runtime.bin");
190+
fs::write(&embedded_path, &runtime_bytes).expect("Failed to stage runtime binary in OUT_DIR");
191+
192+
let dest_path = out_dir.join("host_resource.rs");
178193
let contents = format!(
179-
r#"pub(crate) static ANALYSIS_RUNTIME: &[u8] = include_bytes!({runtime_resource:?});
194+
r#"pub(crate) static ANALYSIS_RUNTIME: &[u8] = include_bytes!({embedded_path:?});
180195
pub(crate) const ANALYSIS_RUNTIME_SHA256: &str = "{hash_hex}";"#
181196
);
182197

0 commit comments

Comments
 (0)