On Mon, Oct 15, 2018 at 6:29 AM, Austin S. Hemmelgarn <ahferro...@gmail.com> wrote: > On 2018-10-13 18:28, Chris Murphy wrote:
>> The end result is creating two Btrfs volumes would yield image files >> with matching hashes. > > So in other words, you care about matching the block layout _exactly_. Only because that's the easiest way to verify reproducibility without any ambiguity. If someone's compromised a build system such that everyone is getting the malicious payload, but they can hide it behind a subvolume or reflink that's not used by default, could someone plausibly cause selective use of their malicious payload? I dunno I leave that for more crafty people. But even if it's a tiny bit of ambiguity, it's non-zero. Hashing a file that contains the entire file system is unambiguous. I think populating the image with --rootdir at mkfs time should be pretty deterministic. One stream in and out. No generations, no snapshot, no delayed allocation. It'd be quite similar to mksquashfs. I guess I'd have to try it a few times, and see if really the only differences are uuids and times, and not allocation related things. -- Chris Murphy
