[rb-general] Reproducible system images

Bernhard M. Wiedemann bernhardout at lsmod.de
Mon Dec 16 08:53:46 UTC 2019

On 15/12/2019 09.12, Lars Wirzenius wrote:
> Hi,
> One of my hobby projects is vmdb2 (https://vmdb2.liw.fi/), which
> creates disk images with Debian installed. I was wondering whether it
> would be possible to generate system images reproducibly.
> A quick experiment with debootstrap, which creates the initial
> directory tree from with my software produces the disk image, isn't
> reproducible. The main difference is the etc/machine-id file is
> generates, which contains randomly generated content. The other
> differences are log files, cache files, and file mtime timestamps. All
> of those would be possible to work on to make them reproducible.
> vmdb2 could make machine-id be all zeroes, which would mean a new id
> gets generated upon first boot, and written to the file. I'm not
> entirely sure of the security and other implications this has.
> What do others on the list think? Is reproducible system images a goal
> worth pursuing?

Others worked on this before:


and I looked into openSUSE's installation-images package, that has
similar problems.
There were also several post-install scripts creating files in
unreproducible ways. For normal packages that is not a problem, but for
images it is.


and various acceleration caches.

More information about the rb-general mailing list