lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <21C92625-5A8E-430C-8359-A07CE698DE42@dilger.ca>
Date: Wed, 19 Feb 2025 12:58:57 -0700
From: Andreas Dilger <adilger@...ger.ca>
To: Adithya.Balakumar@...hiba-tsip.com
Cc: linux-ext4@...r.kernel.org,
 Shivanand.Kunijadar@...hiba-tsip.com,
 dinesh.kumar@...hiba-tsip.com,
 kazuhiro3.hayashi@...hiba.co.jp,
 nobuhiro1.iwamatsu@...hiba.co.jp
Subject: Re: Is it possible to make ext4 images reproducible even after
 filesystem operations ?

On Jan 21, 2025, at 5:29 AM, Adithya.Balakumar@...hiba-tsip.com wrote:
> I am working towards reproducible builds for a project that I am involved in. We use a few ext4 partitions in our disk images and I am trying to make the ext4 filesystems reproducible.
> 
> I understand that from e2fsprogs v1.47.1 onwards we can create a reproducible ext4 filesystem image. We can indeed create a reproducible ext4 filesystem image when we use the "-d" option in "mke2fs" command to pass the contents of the filesystem at the time of creation of the filesystem itself. I understand that there are a few other parameters that needs to passed to the "mke2fs" command like a deterministic UUID and hash_seed values to make the filesystem image reproducible.
> 
> In the project that I am working on, there are some mount operations done on the filesystem to copy certain files into the file system. This updates the "Last mount" and "Last write" timestamps in the filesystem metadata (confirmed this with dumpe2fs) thereby making the images generated not reproducible.
> 
> I would like to understand if its possible to make the ext4 images reproducible even after filesystem operations like mounting and unmounting the filesystem ?

It should be possible to use debugfs commands to change the timestamps (and other
fields) in the superblock to an arbitrary value, something like:

    {
        echo "ssv wtime 123456789"
        echo "ssv mtime 123456789"
    } | debugfs -w -F /dev/stdin $IMAGE_FILE

Depending on what changes are being made while the filesystem is mounted, you
may also need to modify the inode timestamps directly as well:

    {
        echo "sif $PATHNAME ctime 123456789"
        echo "sif $PATHNAME2 ctime 123456789"
        :
    } | debugfs -w -F /dev/stdin $IMAGE_FILE

The debugfs commands could all be combined into a single debugfs invocation,
and are just shown here as separate commands for clarity.  If the commands
are always the same, they could also be written into a command file instead
of read from stdin each time:

    debugfs -w -f $COMMANDS $IMAGE_FILE

but for scripting purposes it can be convenient to generate debugfs commands
on the fly (e.g. with looping, etc.) and pipe it to debugfs via stdin, and
this is not obvious, so I thought it would be good to show an example.

Cheers, Andreas






Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ