On Wed, Nov 27, 2019 at 7:17 AM Pablo Greco <pablo@xxxxxxxxxxxxxxxx> wrote: > > I'm starting to work on a project to make Fedora fully reproducible and bootstrappable from scratch. > I know it is a long term plan and still working on the steps, but it would be good to know the current status, if there is an internal interest in this, if someone is already working (or planning to). One small cog in the wheel that affects reproducibility in images is file systems. There are currently two parts to this when creating Fedora images: the rootfs is on ext4, and ext4 creation and writes are non-deterministic; that ext4 is then nested into a squashfs image using xz. Parallelized xz is non-deterministic, where parallelize zstd is reproducible, as I understand it. But that should be confirmed. The order of work needed: A. Upstream squashfs needs zstd support merged. There's patches Fedora's squashfs-tools are carrying that add this support. But it's probably fair to say this is for testing purposes, because upstream squashfs may have a different implementation in mind. I'm not sure of the status of this. B. Koji needs to learn about existing support for plain squashfs images in Lorax https://pagure.io/koji/issue/1622 C. Releng needs to update build scripts to create plain squashfs images https://pagure.io/releng/issue/8646 D. Releng needs to decide whether to use zstd instead of xz, and then koji needs to support it, but before that A. above must happen. https://pagure.io/releng/issue/8581 I floated this idea to the Btrfs list. The discussion explores Btrfs and alternatives. A Btrfs approach is more work and coordination, flat out. But also offers more features for free: always on metadata and data checksumming could obviate the slow monolithic md5 ISO media checker; simple, consistent, transparent overlay for LiveOS (either transient in-memory, or persistent on-drive), seed/sprout fast replication option. All of that support is in-kernel so you don't need a sophisticated initramfs to do such assembly on the client, or complicated build system to create such images. There is a lot of *other* work to get there, but then I think it's a lot saner, less fragile, and a lot more consumable across distributions. Could that be mimicked with plain squashfs on dm-verity? Sure. And that's also mentioned in this thread. https://lore.kernel.org/linux-btrfs/CAJCQCtTPwQnzwkpk=4ZsZXfWTC7HymYETxp-9xUU_tsvOTW0ZQ@xxxxxxxxxxxxxx/ -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
