[Reproducible-builds] Reproducible patches for libisoburn and libisofs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Aug 12 22:14:31 UTC 2016


On Fri 2016-08-12 15:27:40 -0400, Thomas Schmitt wrote:
> Although grub-mkrescue probably can live with poor GPT GUIDs, i meanwhile
> found a use case in xorriso where user defined modification-date does not
> express the desire for reproducibile GUIDs: xorriso command
> -boot_image "any" "replay".
> If xorriso modifies a bootable ISO made by grub-mkrescue, then it has
> to maintain the modification date so that GRUB2 after waking up finds
> the ISO. It is then inappropriate to keep GPT GUIDs, because the ISOs
> are nevertheless not meant to be identical.
>
> So the default of new option --gpt_disk_guid is old behavior "random".

Would it possible to generate the GPT GUID based on a digest of the
contents of the ISO itself?  I don't understand well enough how GPT
interacts with ISOs to be able to sketch out the details, but if there
is a way to look at the rest of the generated filesystem *aside* from
the GUID, then you could push all that data through a simple hash
function, and then deterministically derive the GUID from the hash
function.

(what hash function to use?  it probably doesn't even need to be
cryptographically secure, but sha256 is cheap these days and it avoids
any risk that someone could come up with a plausible attack based on
forcing GUID collisions)

That would give you identical GUIDs for identical ISOs, and distinct
GUIDs for ISOs that vary in any way, without having to include any
randomness or asking the user to do the work to select a non-random GUID
(which they're probably not likely to do responsibly).

Thanks for your work on this, Thomas!  Let me know if this idea doesn't
make sense for some reason, like if there are other bits in the ISO that
themselves depend on the GUID.  I'd be happy to brainstorm other
approaches.

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160812/04081318/attachment.sig>


More information about the Reproducible-builds mailing list