Hi, On 15/12/2019 09:12, Lars Wirzenius wrote: > One of my hobby projects is vmdb2 (https://vmdb2.liw.fi/), which > creates disk images with Debian installed. I was wondering whether it > would be possible to generate system images reproducibly. > > A quick experiment with debootstrap, which creates the initial > directory tree from with my software produces the disk image, isn't > reproducible. The main difference is the etc/machine-id file is > generates, which contains randomly generated content. The other > differences are log files, cache files, and file mtime timestamps. All > of those would be possible to work on to make them reproducible. > > vmdb2 could make machine-id be all zeroes, which would mean a new id > gets generated upon first boot, and written to the file. I'm not > entirely sure of the security and other implications this has. > > What do others on the list think? Is reproducible system images a goal > worth pursuing?
Are you familiar with this project? https://github.com/debuerreotype/debuerreotype Incidentally, their take on machine-id: https://github.com/debuerreotype/debuerreotype/blob/6b722a49935a94a9f718f07616f0863db6267023/scripts/debuerreotype-init#L176 Cheers! Sylvain _______________________________________________ [email protected] mailing list To change your subscription options, visit https://lists.reproducible-builds.org/listinfo/rb-general. To unsubscribe, send an email to [email protected].
