When I build something with Go on my Mac, the binary has a consistent md5sum for repeated builds. However, when I cross compile for Windows, or build on Windows natively, I get a different checksum each time.
What is happening that causes this?
[kbrandt@glade: ~/] GOOS=windows go build
[kbrandt@glade: ~/] md5 -r tcollector.exe
f66dbec001eb0e02da261b4bc70d8072 tcollector.exe
[kbrandt@glade: ~/] GOOS=windows go build
[kbrandt@glade: ~/] md5 -r tcollector.exe
630e89fa4907b6811a3d19c99dbac2dc tcollector.exe
[kbrandt@glade: ~/] go build
[kbrandt@glade: ~/] md5 -r tcollector
0353160b4b000c7ba9d5331a72265291 tcollector
[kbrandt@glade: ~/] go build
[kbrandt@glade: ~/] md5 -r tcollector
0353160b4b000c7ba9d5331a72265291 tcollector
Something in the output for windows depends on randomness or the time.
I don't know more than that (like what it is using that changes) but it doesn't matter
The output generated by compilers (even different versions of the same compiler) will vary and hashes are designed so similar things don't produce similar outputs.
A checksum is just that, something you can use to check you have the file and it is correct.
A bit of a null answer but there's no technical problem with what you are seeing happening.
Windows PE files include a compilation timestamp, so this is expected - binaries compiled even one second apart will have a different timestamp embedded and thus a different hash.
Tools/procedures are available to ignore the timestamp field and other non-functional parts of the PE file so that binaries compiled at different times can be meaningfully compared. See, for example, this analysis of the TrueCrypt binaries: https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/