Commit 1533fb6
fix(code-validator): embed analysis runtime from OUT_DIR to keep hash in sync
The host build script recorded ANALYSIS_RUNTIME_SHA256 from the runtime
binary it built, but embedded the bytes via include_bytes! pointed at the
live build-target binary. include_bytes! is expanded by rustc at host-crate
compile time, after build.rs runs. When the runtime binary was rebuilt
between the hash being recorded and a later host relink (e.g. the extra
clippy + build cycle in the Lint & Test CI job, where the guest is built
three times), the embedded bytes and the recorded hash desynced, causing
the load-time integrity check to fail (Expected <a>, got <b>).
Stage the runtime bytes into OUT_DIR and embed that copy. The staged file
is written in lock-step with the hash and is only ever touched by this
build script, so the embedded bytes and integrity hash can never diverge.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>1 parent 1e17809 commit 1533fb6
1 file changed
Lines changed: 17 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
174 | 174 | | |
175 | 175 | | |
176 | 176 | | |
177 | | - | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
| 185 | + | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
| 192 | + | |
178 | 193 | | |
179 | | - | |
| 194 | + | |
180 | 195 | | |
181 | 196 | | |
182 | 197 | | |
| |||
0 commit comments