On Wed, Dec 16, 2020 at 2:28 PM Chris Murphy wrote:
>
> On Tue, Dec 15, 2020 at 12:14 PM Brian C. Lane wrote:
> >
> > On Mon, Dec 14, 2020 at 11:03:03PM -0700, Chris Murphy wrote:
> > > Right. The two I've previously suggested: btrfs seed and dm-verity.
> > > Every read is verified, the user can'
On 12/17/20 10:04 AM, Marius Schwarz wrote:
Am 17.12.20 um 14:35 schrieb Stephen John Smoogen:
Right, but it's not automatic, and requires an existing known-good
system, which is the actual 'root of trust' here. This cannot be
assumed about a flash drive, which is why the automatic image check
Am 17.12.20 um 14:35 schrieb Stephen John Smoogen:
Right, but it's not automatic, and requires an existing known-good
system, which is the actual 'root of trust' here. This cannot be
assumed about a flash drive, which is why the automatic image check is
hard.
Speaking from Security pov, it's
On Thu, 17 Dec 2020 at 00:29, przemek klosowski via devel <
devel@lists.fedoraproject.org> wrote:
>
> On 12/16/20 5:38 PM, Kevin Fenzi wrote:
>
> On Wed, Dec 16, 2020 at 04:28:49PM -0500, przemek klosowski via devel wrote:
>
> I was trying to make a point that we don't have a way to check the init
On Wed, Dec 16, 2020 at 10:29 PM przemek klosowski via devel
wrote:
>
>
> On 12/16/20 5:38 PM, Kevin Fenzi wrote:
>
> On Wed, Dec 16, 2020 at 04:28:49PM -0500, przemek klosowski via devel wrote:
>
> I was trying to make a point that we don't have a way to check the initial
> image: it could be alt
On 12/16/20 5:38 PM, Kevin Fenzi wrote:
On Wed, Dec 16, 2020 at 04:28:49PM -0500, przemek klosowski via devel wrote:
I was trying to make a point that we don't have a way to check the initial
image: it could be altered to falsely claim to be signed by fedoraproject.
well, we do: https://getfed
On Wed, Dec 16, 2020 at 04:28:49PM -0500, przemek klosowski via devel wrote:
>
> On 12/16/20 2:23 PM, Kevin Fenzi wrote:
> > Yeah, there has to be an anchor for your trust. Right now that is "I
> > trust the certificate authority that issued fedoraproject.org's cert".
>
> I was trying to make a p
On Tue, Dec 15, 2020 at 12:14 PM Brian C. Lane wrote:
>
> On Mon, Dec 14, 2020 at 11:03:03PM -0700, Chris Murphy wrote:
> > Right. The two I've previously suggested: btrfs seed and dm-verity.
> > Every read is verified, the user can't opt out, and they are more
> > performant than checkisomd5. Upo
On 12/16/20 2:23 PM, Kevin Fenzi wrote:
Yeah, there has to be an anchor for your trust. Right now that is "I
trust the certificate authority that issued fedoraproject.org's cert".
I was trying to make a point that we don't have a way to check the
initial image: it could be altered to falsely
On Tue, Dec 15, 2020 at 01:24:58AM -0500, przemek klosowski via devel wrote:
>
...snip...
>
> I see the need to self-validate against known-good images/repos, either by
> checking online, or by leveraging the secure boot, somehow, Unfortunately I
> can't think of a foolproof and transparent way o
On Mon, Dec 14, 2020 at 11:03:03PM -0700, Chris Murphy wrote:
> Right. The two I've previously suggested: btrfs seed and dm-verity.
> Every read is verified, the user can't opt out, and they are more
> performant than checkisomd5. Upon detecting error, both emit EIO which
> is handled at the applic
On Tue, Dec 15, 2020 at 8:36 AM Matthew Miller wrote:
>
> On Mon, Dec 14, 2020 at 11:35:12PM -0700, Chris Murphy wrote:
> > But also, we're not using unsquashfs for boot or installation. The
> > squashfs image is loop mounted and treated as a random access file
> > system. Decompression of blocks
On Mon, Dec 14, 2020 at 11:35:12PM -0700, Chris Murphy wrote:
> Squashfs doesn't have error detection for its metadata or the data
> contained in it. I'm not sure why you're having such a high success
> rate. Whether lossy or lossless compression algorithms in images, my
> experience it is only som
On Mon, Dec 14, 2020 at 11:35:12PM -0700, Chris Murphy wrote:
> But also, we're not using unsquashfs for boot or installation. The
> squashfs image is loop mounted and treated as a random access file
> system. Decompression of blocks is on demand.
Well, maybe we should? It makes a pretty fast test
On Mon, Dec 14, 2020 at 9:20 PM Matthew Miller wrote:
>
> On Mon, Dec 14, 2020 at 03:32:57PM -0800, Brian C. Lane wrote:
> > The problem I see with dropping it is that without it you do not know if
> > there are errors in the packages you are installing. With non-live
> > installs you can depend o
On 12/11/20 1:07 PM, Matthew Miller wrote:
Right now, when you start Fedora live media to install Workstation or KDE or
etc., you get an ugly text prompt which defaults to doing a media test
...
the most likely failure modes are like this:
1) Doesn't even write properly.
2) Doesn't boot after
On Mon, Dec 14, 2020 at 4:33 PM Brian C. Lane wrote:
>
> On Sat, Dec 12, 2020 at 01:08:47PM -0700, Chris Murphy wrote:
> > On Sat, Dec 12, 2020 at 10:43 AM Matthew Miller
> > wrote:
> > >
> > > On Sat, Dec 12, 2020 at 08:19:18AM -0500, Mauricio Tavares wrote:
> > > > > I gave those reasons in
On Mon, Dec 14, 2020 at 03:32:57PM -0800, Brian C. Lane wrote:
> The problem I see with dropping it is that without it you do not know if
> there are errors in the packages you are installing. With non-live
> installs you can depend on rpm to detect that, but not with live since
> we're just copyin
On Sat, Dec 12, 2020 at 01:08:47PM -0700, Chris Murphy wrote:
> On Sat, Dec 12, 2020 at 10:43 AM Matthew Miller
> wrote:
> >
> > On Sat, Dec 12, 2020 at 08:19:18AM -0500, Mauricio Tavares wrote:
> > > > I gave those reasons in my initial message? Have you experienced a
> > > > specific case wh
On Fri, Dec 11, 2020 at 06:45:26PM -0500, Matthew Miller wrote:
> On Fri, Dec 11, 2020 at 06:21:50PM -0500, Neal Gompa wrote:
> > > In the interest of me being lazy more successfully, can I glom my "change
> > > the menu" proposal onto this new Change you are spearheading? :) :) :)
> > Oi, oi! I ha
Am 13.12.20 um 21:08 schrieb Chris Murphy:
This happens on
macOS for the HFS+ volume on the stick and GNOME Shell mounts the
large FAT partition. Poof, the media checker now fails.
(using cinnamon) Which renders the media test useless. The best argument
to remove it entirely.
The thing with th
On Sun, Dec 13, 2020 at 1:08 PM Chris Murphy wrote:
>
> Something is writing to the media before the media checker.
before the media checker ^runs the check. The media checker doesn't
write to the media...
--
Chris Murphy
___
devel mailing list -- d
On Sun, Dec 13, 2020 at 10:57 AM Marius Schwarz wrote:
>
> Am 12.12.20 um 19:47 schrieb Chris Murphy:
> >
> >> Ack. Over the last year, none of the media tests worked proper, but any
> >> usb stick and/or CD, it failed on, worked.
> > Could you elaborate on this? I've not heard of this coming at
Am 12.12.20 um 19:47 schrieb Chris Murphy:
Ack. Over the last year, none of the media tests worked proper, but any
usb stick and/or CD, it failed on, worked.
Could you elaborate on this? I've not heard of this coming at all in
QA. There is a testcase for this. It's certainly expected to work.
On Sat, Dec 12, 2020 at 10:43 AM Matthew Miller
wrote:
>
> On Sat, Dec 12, 2020 at 08:19:18AM -0500, Mauricio Tavares wrote:
> > > I gave those reasons in my initial message? Have you experienced a
> > > specific case where bad USB media caused a corrupt install?
> > If by corrupt instal
On Sat, Dec 12, 2020 at 4:59 AM Marius Schwarz wrote:
>
> Am 11.12.20 um 19:07 schrieb Matthew Miller:
> >
> > The test media option doesn't actually help with any of these except maybe
> > making #3 happen slightly sooner. With #4, it actually means that in some
> > cases you'd be fine just doing
On Sat, Dec 12, 2020 at 08:19:18AM -0500, Mauricio Tavares wrote:
> > I gave those reasons in my initial message? Have you experienced a
> > specific case where bad USB media caused a corrupt install?
> If by corrupt install you mean the fedora install froze after
> USB booted and before
On Fri, Dec 11, 2020 at 5:20 PM Matthew Miller wrote:
>
> On Sat, Dec 12, 2020 at 12:15:07AM +0200, Nikolay Nikolov wrote:
> > there's even less reason to skip it. Which really begs the question,
> > why do we even assume the media test is only useful for DVD and not
> > for USB flash?
>
> I g
Am 11.12.20 um 19:07 schrieb Matthew Miller:
The test media option doesn't actually help with any of these except maybe
making #3 happen slightly sooner. With #4, it actually means that in some
cases you'd be fine just doing the install and the test fails.
Let's just go ahead and get people sta
On Fri, Dec 11, 2020 at 11:08 AM Matthew Miller
wrote:
>
> Right now, when you start Fedora live media to install Workstation or KDE or
> etc., you get an ugly text prompt which defaults to doing a media test
> (although it's not actually even clear from the highlighting that that's the
> default)
On Fri, Dec 11, 2020 at 06:21:50PM -0500, Neal Gompa wrote:
> > In the interest of me being lazy more successfully, can I glom my "change
> > the menu" proposal onto this new Change you are spearheading? :) :) :)
> Oi, oi! I have enough changes for this cycle. If you want to spearhead
> this, I can
On Fri, Dec 11, 2020 at 3:09 PM Matthew Miller wrote:
>
> On Fri, Dec 11, 2020 at 02:22:28PM -0500, Neal Gompa wrote:
> > > I'm not horribly opposed. I just don't want scope creep to mean we can't
> > > make a pretty easy change.
> > Well, we have to change it in both places anyway. :)
> > Droppin
On Sat, Dec 12, 2020 at 12:40:15AM +0200, Nikolay Nikolov wrote:
> So, how can I experience a corrupt install, due to media failure,
> since I specifically run the media check to ensure this doesn't
> happen, before I attempt an install? Just because I haven't
> experienced it, since I always run t
On 12/12/20 12:20 AM, Matthew Miller wrote:
On Sat, Dec 12, 2020 at 12:15:07AM +0200, Nikolay Nikolov wrote:
there's even less reason to skip it. Which really begs the question,
why do we even assume the media test is only useful for DVD and not
for USB flash?
I gave those reasons in my in
On Sat, Dec 12, 2020 at 12:15:07AM +0200, Nikolay Nikolov wrote:
> there's even less reason to skip it. Which really begs the question,
> why do we even assume the media test is only useful for DVD and not
> for USB flash?
I gave those reasons in my initial message? Have you experienced a
spec
On 12/11/20 8:55 PM, Vitaly Zaitsev via devel wrote:
On 11.12.2020 19:07, Matthew Miller wrote:
I think since burning spinning optical media is no longer the normal
way to
do this, we should drop this and just go straight to booting (unless of
course a key is hit to stop things and enter boot
On Fri, Dec 11, 2020 at 02:22:28PM -0500, Neal Gompa wrote:
> > I'm not horribly opposed. I just don't want scope creep to mean we can't
> > make a pretty easy change.
> Well, we have to change it in both places anyway. :)
> Dropping isolinux just means we have one less menu to maintain.
In the in
On 11.12.2020 20:18, Neal Gompa wrote:
This would probably be easier if we dropped isolinux and used grub2
for BIOS ISO boot just like we do for UEFI ISO boot.
+1 for this.
--
Sincerely,
Vitaly Zaitsev (vit...@easycoding.org)
___
devel mailing list
On Fri, Dec 11, 2020 at 2:21 PM Matthew Miller wrote:
>
> On Fri, Dec 11, 2020 at 02:18:38PM -0500, Neal Gompa wrote:
> > This would probably be easier if we dropped isolinux and used grub2
> > for BIOS ISO boot just like we do for UEFI ISO boot.
>
> I'm not horribly opposed. I just don't want sco
On Fri, Dec 11, 2020 at 02:18:38PM -0500, Neal Gompa wrote:
> This would probably be easier if we dropped isolinux and used grub2
> for BIOS ISO boot just like we do for UEFI ISO boot.
I'm not horribly opposed. I just don't want scope creep to mean we can't
make a pretty easy change.
--
Matthew
On Fri, Dec 11, 2020 at 2:06 PM Matthew Miller wrote:
>
> On Fri, Dec 11, 2020 at 10:37:01AM -0800, Adam Williamson wrote:
> > > Let's just go ahead and get people started faster.
> >
> > Could we maybe just bump it down to the 'troubleshooting' menu or
> > whatever it's labelled there and have it
On Fri, Dec 11, 2020 at 10:37:01AM -0800, Adam Williamson wrote:
> > Let's just go ahead and get people started faster.
>
> Could we maybe just bump it down to the 'troubleshooting' menu or
> whatever it's labelled there and have it not be the default, rather
> than remove it entirely?
Sure, that
On 11.12.2020 19:07, Matthew Miller wrote:
I think since burning spinning optical media is no longer the normal way to
do this, we should drop this and just go straight to booting (unless of
course a key is hit to stop things and enter boot parameters).
USB flash drive can be broken too. I sugg
On Fri, 2020-12-11 at 13:07 -0500, Matthew Miller wrote:
> Right now, when you start Fedora live media to install Workstation or KDE or
> etc., you get an ugly text prompt which defaults to doing a media test
> (although it's not actually even clear from the highlighting that that's the
> default).
On Fri, Dec 11, 2020 at 01:12:05PM -0500, Mauricio Tavares wrote:
> I thought you could either bypass or cancel the installation media test.
You can, but:
1) it's the default
2) skipping it isn't clearly obvious, especially if you've never used a
pre-VGA DOS appliation (*)
3) just having the
On Fri, Dec 11, 2020 at 1:08 PM Matthew Miller wrote:
>
> Right now, when you start Fedora live media to install Workstation or KDE or
> etc., you get an ugly text prompt which defaults to doing a media test
> (although it's not actually even clear from the highlighting that that's the
> default).
Right now, when you start Fedora live media to install Workstation or KDE or
etc., you get an ugly text prompt which defaults to doing a media test
(although it's not actually even clear from the highlighting that that's the
default).
I think since burning spinning optical media is no longer the n
47 matches
Mail list logo
