On Wed, Nov 27, 2019 at 2:12 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > On Wed, Nov 27, 2019 at 7:17 AM Pablo Greco <pablo@xxxxxxxxxxxxxxxx> wrote: > > > > I'm starting to work on a project to make Fedora fully reproducible and bootstrappable from scratch. > > I know it is a long term plan and still working on the steps, but it would be good to know the current status, if there is an internal interest in this, if someone is already working (or planning to). > > One small cog in the wheel that affects reproducibility in images is > file systems. There are currently two parts to this when creating > Fedora images: the rootfs is on ext4, and ext4 creation and writes are > non-deterministic; that ext4 is then nested into a squashfs image > using xz. Parallelized xz is non-deterministic, where parallelize zstd > is reproducible, as I understand it. But that should be confirmed. > > The order of work needed: > A. Upstream squashfs needs zstd support merged. There's patches > Fedora's squashfs-tools are carrying that add this support. But it's > probably fair to say this is for testing purposes, because upstream > squashfs may have a different implementation in mind. I'm not sure of > the status of this. squashfs-tools v4.4 has it included. The project moved to GitHub last year: https://github.com/plougher/squashfs-tools > B. Koji needs to learn about existing support for plain squashfs images in Lorax > https://pagure.io/koji/issue/1622 > C. Releng needs to update build scripts to create plain squashfs images > https://pagure.io/releng/issue/8646 livecd-tools probably needs that too... > D. Releng needs to decide whether to use zstd instead of xz, and then > koji needs to support it, but before that A. above must happen. > https://pagure.io/releng/issue/8581 > > I floated this idea to the Btrfs list. The discussion explores Btrfs > and alternatives. A Btrfs approach is more work and coordination, flat > out. But also offers more features for free: always on metadata and > data checksumming could obviate the slow monolithic md5 ISO media > checker; simple, consistent, transparent overlay for LiveOS (either > transient in-memory, or persistent on-drive), seed/sprout fast > replication option. All of that support is in-kernel so you don't need > a sophisticated initramfs to do such assembly on the client, or > complicated build system to create such images. There is a lot of > *other* work to get there, but then I think it's a lot saner, less > fragile, and a lot more consumable across distributions. Could that be > mimicked with plain squashfs on dm-verity? Sure. And that's also > mentioned in this thread. > https://lore.kernel.org/linux-btrfs/CAJCQCtTPwQnzwkpk=4ZsZXfWTC7HymYETxp-9xUU_tsvOTW0ZQ@xxxxxxxxxxxxxx/ > I'd love to explore using Btrfs for doing it. I have no idea how to get started with that... -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
