[rb-general] Reproducible system images

Lars Wirzenius liw at liw.fi
Sun Dec 15 08:12:49 UTC 2019


One of my hobby projects is vmdb2 (https://vmdb2.liw.fi/), which
creates disk images with Debian installed. I was wondering whether it
would be possible to generate system images reproducibly.

A quick experiment with debootstrap, which creates the initial
directory tree from with my software produces the disk image, isn't
reproducible. The main difference is the etc/machine-id file is
generates, which contains randomly generated content. The other
differences are log files, cache files, and file mtime timestamps. All
of those would be possible to work on to make them reproducible.

vmdb2 could make machine-id be all zeroes, which would mean a new id
gets generated upon first boot, and written to the file. I'm not
entirely sure of the security and other implications this has.

What do others on the list think? Is reproducible system images a goal
worth pursuing?

I want to build worthwhile things that might last. --joeyh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20191215/1bc70317/attachment.sig>

More information about the rb-general mailing list