Site Navigation

Date:      Wed, 24 May 2023 21:16:27 +0300
From:      Vitaliy Gusev <gusev.vitaliy@gmail.com>
To:        Miroslav Lachman <000.fbsd@quip.cz>
Cc:        virtualization@freebsd.org, freebsd-hackers@freebsd.org
Subject:   Re: BHYVE SNAPSHOT image format proposal
Message-ID:  <91DBA80E-C6DD-4394-B69B-3B6BB63BE726@gmail.com>
In-Reply-To: <fbc49e54-181c-f57f-c1eb-431c32f1da20@quip.cz>
References:  <67FDC8A8-86A6-4AE4-85F0-FF7BEF9F2F06@gmail.com> <CAFYkXjng1LWy5wVyTnSo0xrEWOy%2BOx9ZjLcmFqQs5EVpT8J_uA@mail.gmail.com> <AF34E648-2D8A-46C7-82A5-B88006BBB8F6@gmail.com> <fbc49e54-181c-f57f-c1eb-431c32f1da20@quip.cz>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Hi, 

> On 24 May 2023, at 20:46, Miroslav Lachman <000.fbsd@quip.cz> wrote:
> 
> On 24/05/2023 17:10, Vitaliy Gusev wrote:
> 
>>>> Current snapshot implementation has disadvantages:
>>>> 3 files per snapshot: .meta, .kern, vram
>>> 
>>> No problem, unless new single file will be protected against
>>> corruption (filesystem, transfer, application crash) and possible to
>>> be easily and cheaply modified in place?
>> Current snapshot implementation doesn’t have it. I would say more, current
>> pkg implementation doesn’t track/notify if some of files are changed.   Binary files on a
>> system can be changed, for example ELF files, without any notification.
> 
> pkg stores checksums for installed files. You can check them with pkg check -s -a or pkg check --checksums -a. Changes are reported by daily periodic script.


Yep, my fault. However, I found it doesn’t track sticky bit setting:

# chmod u+t /usr/local/bin/vim

# pkg check -s vim
Checking vim: 100%

My point was that if snapshot image needs checksum verification it could be done by another program,
because there are many purposes (plain integrity, security, etc) and having it in place in snapshot image
could be doing double of work.

And additionally note, that NVLIST Header can be widen to have a  checksum for Section data.

Thanks,
Vitaliy Gusev

> Kind regards
> Miroslav Lachman
> 


[-- Attachment #2 --]
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Hi,&nbsp;<br><div><br><blockquote type="cite"><div>On 24 May 2023, at 20:46, Miroslav Lachman &lt;000.fbsd@quip.cz&gt; wrote:</div><br class="Apple-interchange-newline"><div><div>On 24/05/2023 17:10, Vitaliy Gusev wrote:<br><br><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Current snapshot implementation has disadvantages:<br>3 files per snapshot: .meta, .kern, vram<br></blockquote><br>No problem, unless new single file will be protected against<br>corruption (filesystem, transfer, application crash) and possible to<br>be easily and cheaply modified in place?<br></blockquote>Current snapshot implementation doesn’t have it. I would say more, current<br>pkg implementation doesn’t track/notify if some of files are changed. &nbsp;&nbsp;Binary files on a<br>system can be changed, for example ELF files, without any notification.<br></blockquote><br>pkg stores checksums for installed files. You can check them with pkg check -s -a or pkg check --checksums -a. Changes are reported by daily periodic script.<br></div></div></blockquote><div><br></div><div><br></div>Yep, my fault. However, I found it doesn’t track sticky bit setting:</div><div><br></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><p style="margin: 0px; font-style: normal; font-variant-caps: normal; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; font-kerning: auto; font-variant-alternates: normal; font-variant-ligatures: normal; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-position: normal; font-feature-settings: normal; font-optical-sizing: auto; font-variation-settings: normal; background-color: rgb(231, 238, 238);"><span style="font-variant-ligatures: no-common-ligatures"># chmod u+t /usr/local/bin/vim</span></p></div><div><p style="margin: 0px; font-style: normal; font-variant-caps: normal; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; font-kerning: auto; font-variant-alternates: normal; font-variant-ligatures: normal; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-position: normal; font-feature-settings: normal; font-optical-sizing: auto; font-variation-settings: normal; background-color: rgb(231, 238, 238);"><span style="font-variant-ligatures: no-common-ligatures"><br></span></p></div><div><p style="margin: 0px; font-style: normal; font-variant-caps: normal; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; font-kerning: auto; font-variant-alternates: normal; font-variant-ligatures: normal; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-position: normal; font-feature-settings: normal; font-optical-sizing: auto; font-variation-settings: normal; background-color: rgb(231, 238, 238);"><span style="font-variant-ligatures: no-common-ligatures"># pkg check -s vim</span></p></div><div><p style="margin: 0px; font-style: normal; font-variant-caps: normal; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; font-kerning: auto; font-variant-alternates: normal; font-variant-ligatures: normal; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-position: normal; font-feature-settings: normal; font-optical-sizing: auto; font-variation-settings: normal; background-color: rgb(231, 238, 238);"><span style="font-variant-ligatures: no-common-ligatures">Checking vim: 100%</span></p></div></blockquote><div><p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; font-kerning: auto; font-variant-alternates: normal; font-variant-ligatures: normal; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-position: normal; font-feature-settings: normal; font-optical-sizing: auto; font-variation-settings: normal; background-color: rgb(231, 238, 238);"><span style="font-variant-ligatures: no-common-ligatures">
</span></p><div><span style="font-variant-ligatures: no-common-ligatures"><br></span></div><div>My point was that if snapshot image needs checksum verification it could be done by another program,</div><div>because there are many purposes (plain integrity, security, etc) and having it in place in snapshot image</div><div>could be doing double of work.</div><div><br></div><div>And additionally note, that NVLIST Header can be widen to have a &nbsp;checksum for Section data.</div><div><br></div><div>Thanks,</div><div>Vitaliy Gusev</div><div><br></div></div><div><blockquote type="cite"><div><div>Kind regards<br>Miroslav Lachman<br><br></div></div></blockquote></div><br></body></html>

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91DBA80E-C6DD-4394-B69B-3B6BB63BE726>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact