From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1a8skp-0006i6-NT
	for mharc-grub-devel@gnu.org; Tue, 15 Dec 2015 11:47:11 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50631)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <scdbackup@gmx.net>) id 1a8skn-0006di-3z
	for grub-devel@gnu.org; Tue, 15 Dec 2015 11:47:10 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <scdbackup@gmx.net>) id 1a8skh-00034d-N1
	for grub-devel@gnu.org; Tue, 15 Dec 2015 11:47:08 -0500
Received: from mout.gmx.net ([212.227.15.15]:63573)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <scdbackup@gmx.net>) id 1a8skh-00034S-5H
	for grub-devel@gnu.org; Tue, 15 Dec 2015 11:47:03 -0500
Received: from scdbackup.webframe.org ([91.63.109.29]) by mail.gmx.com
	(mrgmx003) with ESMTPSA (Nemesis) id 0LxPNC-1aGADH2s0o-0170SE for
	<grub-devel@gnu.org>; Tue, 15 Dec 2015 17:47:01 +0100
Date: Tue, 15 Dec 2015 17:48:33 +0100
From: "Thomas Schmitt" <scdbackup@gmx.net>
To: grub-devel@gnu.org
Subject: Re: [PATCH v3 2/3] mkrescue: add argument --fixed-time to get
	reproducible uuids
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
References: <567035BB.7050204@gmail.com>
In-Reply-To: <567035BB.7050204@gmail.com>
Message-Id: <28882584413021611678@scdbackup.webframe.org>
X-Provags-ID: V03:K0:IT9+m6fxQIagO9Buo1Zh0o8epiOmuEYXD6ONHpARY6wkndDL3Lg
	fDZjsXf+JSVKe/XiWy9WtzgmOR1uPQq+j3Mfj6TE7y1w44mYgWxwBwBfD9qCWW3FuUcIVRt
	Bnp+8lOXL+O9/m7vMWcdHL+g2/lE6HXAOZl2Buu117QwY4GfErahma6N2Vypg5iXX3cyhfS
	yuWZNG1ug3rIAfVzRSmjw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:uzXYSRzGWLA=:IH9wU+TyidOP2fZhBNDrfM
	cZ7tBp66rvsIWIxe3cn9MDlD53ed9NWU0hKuxnuosqnmZMxt+yvEByLT52n9IFBxF+g4Yt5QF
	iZXIzJtmW4x1GxA4bxGawJIs/YaHxQbpaJjxuLrJTeT5OqYXK46CxdwNf79Ay6gcOfhWUdPCl
	ZbMVfXa24o+cgCOrgKlqKePAsTKvE5/To2i4E6SYujTzk2LN9gvqdRD1fM2hayji+JRV9eiR+
	MmWjt1SbRp+t2UU+xsfDx8Eezb55M2iemTDQNkHNoI/A+7IqOrDNoIP5S1mfo11n8UzlZ3tO5
	1QXXroGy3FubGqPDHHjUuHNW/Q3Ty7SP4Z/U0MpPoSjZMbhVSe2RKlqpbnkmxiiqgRNtNAFPi
	tZNBkXY3eo96jmabKQh5+Z4pimcrt21cbxMxtPuYkXkMGNxMoiXseagOyzvEPGPiGLndJJcPC
	+mhEu65nACA3D+C/QCzZ5M0E/ih9yrKb4onF3aii9+W+6Zjk1F8gB5eKbWqwI42IVTh+YjPs/
	YiAzJJgaa3PdG9U1vyWE/JBXiHccWqkSFSTpRPdmrjv05K6Up8DI8rp2i9cIVnS7eSl3eR5wI
	wgMZQmR6yz7AloGr1f5niLPLCUAegk5pTeEDuw2mEkGWdAPYPGIGU7Llnc4VAwsffi8umGCjN
	Je+1wlSUGLUyOQNF5FLeeSztoKWnmfwBbS5HnssYOPyW6M+Af+P2yrS+alsn6hz3UDMljeYJ8
	hfpp61G/vQjGZ0C6/J0MmqVqE1CJMM8vgNju4S7VyQjeVbRSbDum8FAvtpIjozb5NPginc01D
	B7Jr/wU
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 212.227.15.15
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 16:47:10 -0000

Hi,

Andrei Borzenkov wrote:
> I am not sure we should stretch reproducible builds that far. ISO
> image created by grub-mkrescue is not binary.

I was approached by Debian's reproducible-builds project because
they wanted to be able to create reproducible test ISOs.
  http://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20150601/001693.html


Vladimir Serbinenko wrote:
> > We need to find a way to reliably find boot
> > disk without depending on current time.

Andrei Borzenkov wrote:
> Well, UUID of isofs used by GRUB is not unique in any sense,

I understand that we rely on the improbability that two
competing ISOs got created in the same second.
So an explicitely chosen "UUID" must be sufficiently random
on the first production to distinguish non-identical images.
Re-productions should then use the same "UUID".

The "UUID" is stored in the ISO as timestamp string of form
YYYYMMDDhhmmsscc with decimal digits. E.g. 2015121517395800
"cc" means centi-seconds, which would be usable to expand the
"UUID" space by a factor of 100.
It cannot be forwarded as time_t, though.
One would need finer time granularity or a second integer variable
which would bring the "cc" part down to the composition of the
xorriso command. (xorrisofs option --modification-date, i assume)


> so it is not really much worse than it was before.
> Having reliable way to identify boot device imply some unique property
> of boot device which automatically conflict with idea of identical images.

Yep. Having identical images would mean that they are the same
in any aspect. So here we should have no problem, i think.
(Adventurous testers could now try what happens if they present
 their machine two copies of the same ISO on two devices.)


Have a nice day :)

Thomas