5

The problem:

I am trying to create a function that creates a hash code of the source code of my asp.net web application backend.

As long as nothing gets changed, this hash code needs to be identical. Even if I rebuild my project.

Does someone know, how I can do that?

What I tried:

The only working solution I found is to concat all important files to a big string and create a hash code out of it.

The problem of this solution is, that I have to add all the source files to the output directory, what shouldn't be done for security reasons.

Hope someone has a great idea =)

Thanks in advance!

Update:

I could solve my problem by enabling deterministic build as Renat suggested.

Just added the deterministic flag to my .csproj file as follows:

<Deterministic>True</Deterministic>
Tobias Etter
  • 744
  • 1
  • 6
  • 19
  • Could you generate a file hash for all the binaries in the output directory? https://stackoverflow.com/questions/50928253/calculate-hash-of-binary-file-containing-certain-bytes – Matt Evans May 15 '19 at 06:23
  • 2
    May I ask *why* you're doing this? – Lasse V. Karlsen May 15 '19 at 06:25
  • @LasseVågsætherKarlsen Our software will be certified. We have to make sure that nothing gets changes in the source files. otherwise we have to certify the software again. – Tobias Etter May 15 '19 at 06:28
  • @MatthewEvans The binaries in the output directory are different on every build, because of the meta data. – Tobias Etter May 15 '19 at 06:29
  • @MatthewEvans you've found very low quality suggestion to compute hash of file... Something like https://stackoverflow.com/questions/38474362/get-a-file-sha256-hash-code-and-checksum would be mor reasonable – Alexei Levenkov May 15 '19 at 06:29
  • It's not clear why you need to put all source files into the output folder. – Dmytro Mukalov May 15 '19 at 06:35
  • @DmytroMukalov How else can I read the content of my code files? – Tobias Etter May 15 '19 at 07:53
  • It depends on when you are going to read. The msbuild tasks for example can have access to source files and you can write a custom msbuild task. But again you didn't provide details of entire flow so I can only guess what you're going to do. – Dmytro Mukalov May 15 '19 at 07:59

1 Answers1

4

Even if I rebuild my project

You may use Deterministic Build, then it will produce the same binaries in each build being made out of same source codes. Then you may get the hash of binaries.

Renat
  • 7,718
  • 2
  • 20
  • 34
  • Thanks for your suggestion. I will try that. – Tobias Etter May 15 '19 at 06:32
  • Thank you. I could get it working by adding the deterministic flag =) – Tobias Etter May 15 '19 at 09:24
  • 1
    [Deterministic](https://github.com/dotnet/roslyn/blob/56f605c41915317ccdb925f66974ee52282609e7/docs/compilers/Deterministic%20Inputs.md) depends on far away to many variables, so not sure if I will recommend this option. The most easiest to fix probably will be the PathMap, but then you depends of specific versions of the compiler, libpath, etc. So building the same csproj in multiple setups, might still provide the wrong [MVID](https://learn.microsoft.com/en-us/dotnet/api/system.reflection.module.moduleversionid?view=net-5.0) – HellBaby Aug 23 '21 at 18:33