On Mon, Dec 14, 2020 at 11:03:03PM -0700, Chris Murphy wrote: > Right. The two I've previously suggested: btrfs seed and dm-verity. > Every read is verified, the user can't opt out, and they are more > performant than checkisomd5. Upon detecting error, both emit EIO which > is handled at the application level, i.e. stop the installation and > notify the user. Those would require significant changes to how live works though. Simple is better. If squashfs has integrity checking it would be perfect :) It looks like zstd has support for checksums but it doesn't look like that's supported in any of the tools, or the kernel squashfs module. Another possibility is for lmc to add a sha256sum of the rootfs image that can be checked by dracut when booting, or anaconda before installing. Brian -- Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
