Date: Wed, 24 May 2023 21:16:27 +0300 From: Vitaliy Gusev <gusev.vitaliy@gmail.com> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: virtualization@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: BHYVE SNAPSHOT image format proposal Message-ID: <91DBA80E-C6DD-4394-B69B-3B6BB63BE726@gmail.com> In-Reply-To: <fbc49e54-181c-f57f-c1eb-431c32f1da20@quip.cz> References: <67FDC8A8-86A6-4AE4-85F0-FF7BEF9F2F06@gmail.com> <CAFYkXjng1LWy5wVyTnSo0xrEWOy%2BOx9ZjLcmFqQs5EVpT8J_uA@mail.gmail.com> <AF34E648-2D8A-46C7-82A5-B88006BBB8F6@gmail.com> <fbc49e54-181c-f57f-c1eb-431c32f1da20@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi,=20 > On 24 May 2023, at 20:46, Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > On 24/05/2023 17:10, Vitaliy Gusev wrote: >=20 >>>> Current snapshot implementation has disadvantages: >>>> 3 files per snapshot: .meta, .kern, vram >>>=20 >>> No problem, unless new single file will be protected against >>> corruption (filesystem, transfer, application crash) and possible to >>> be easily and cheaply modified in place? >> Current snapshot implementation doesn=E2=80=99t have it. I would say = more, current >> pkg implementation doesn=E2=80=99t track/notify if some of files are = changed. Binary files on a >> system can be changed, for example ELF files, without any = notification. >=20 > pkg stores checksums for installed files. You can check them with pkg = check -s -a or pkg check --checksums -a. Changes are reported by daily = periodic script. Yep, my fault. However, I found it doesn=E2=80=99t track sticky bit = setting: # chmod u+t /usr/local/bin/vim # pkg check -s vim Checking vim: 100% My point was that if snapshot image needs checksum verification it could = be done by another program, because there are many purposes (plain integrity, security, etc) and = having it in place in snapshot image could be doing double of work. And additionally note, that NVLIST Header can be widen to have a = checksum for Section data. Thanks, Vitaliy Gusev > Kind regards > Miroslav Lachman >=20 --Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"content-type" content=3D"text/html; = charset=3Dutf-8"></head><body style=3D"overflow-wrap: break-word; = -webkit-nbsp-mode: space; line-break: = after-white-space;">Hi, <br><div><br><blockquote = type=3D"cite"><div>On 24 May 2023, at 20:46, Miroslav Lachman = <000.fbsd@quip.cz> wrote:</div><br = class=3D"Apple-interchange-newline"><div><div>On 24/05/2023 17:10, = Vitaliy Gusev wrote:<br><br><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite">Current snapshot implementation = has disadvantages:<br>3 files per snapshot: .meta, .kern, = vram<br></blockquote><br>No problem, unless new single file will be = protected against<br>corruption (filesystem, transfer, application = crash) and possible to<br>be easily and cheaply modified in = place?<br></blockquote>Current snapshot implementation doesn=E2=80=99t = have it. I would say more, current<br>pkg implementation doesn=E2=80=99t = track/notify if some of files are changed. Binary files on = a<br>system can be changed, for example ELF files, without any = notification.<br></blockquote><br>pkg stores checksums for installed = files. You can check them with pkg check -s -a or pkg check --checksums = -a. Changes are reported by daily periodic = script.<br></div></div></blockquote><div><br></div><div><br></div>Yep, = my fault. However, I found it doesn=E2=80=99t track sticky bit = setting:</div><div><br></div><blockquote style=3D"margin: 0 0 0 40px; = border: none; padding: 0px;"><div><p style=3D"margin: 0px; font-style: = normal; font-variant-caps: normal; font-stretch: normal; font-size: = 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; = font-kerning: auto; font-variant-alternates: normal; = font-variant-ligatures: normal; font-variant-numeric: normal; = font-variant-east-asian: normal; font-variant-position: normal; = font-feature-settings: normal; font-optical-sizing: auto; = font-variation-settings: normal; background-color: rgb(231, 238, = 238);"><span style=3D"font-variant-ligatures: no-common-ligatures"># = chmod u+t /usr/local/bin/vim</span></p></div><div><p style=3D"margin: = 0px; font-style: normal; font-variant-caps: normal; font-stretch: = normal; font-size: 12px; line-height: normal; font-family: Menlo; = font-size-adjust: none; font-kerning: auto; font-variant-alternates: = normal; font-variant-ligatures: normal; font-variant-numeric: normal; = font-variant-east-asian: normal; font-variant-position: normal; = font-feature-settings: normal; font-optical-sizing: auto; = font-variation-settings: normal; background-color: rgb(231, 238, = 238);"><span style=3D"font-variant-ligatures: = no-common-ligatures"><br></span></p></div><div><p style=3D"margin: 0px; = font-style: normal; font-variant-caps: normal; font-stretch: normal; = font-size: 12px; line-height: normal; font-family: Menlo; = font-size-adjust: none; font-kerning: auto; font-variant-alternates: = normal; font-variant-ligatures: normal; font-variant-numeric: normal; = font-variant-east-asian: normal; font-variant-position: normal; = font-feature-settings: normal; font-optical-sizing: auto; = font-variation-settings: normal; background-color: rgb(231, 238, = 238);"><span style=3D"font-variant-ligatures: no-common-ligatures"># pkg = check -s vim</span></p></div><div><p style=3D"margin: 0px; font-style: = normal; font-variant-caps: normal; font-stretch: normal; font-size: = 12px; line-height: normal; font-family: Menlo; font-size-adjust: none; = font-kerning: auto; font-variant-alternates: normal; = font-variant-ligatures: normal; font-variant-numeric: normal; = font-variant-east-asian: normal; font-variant-position: normal; = font-feature-settings: normal; font-optical-sizing: auto; = font-variation-settings: normal; background-color: rgb(231, 238, = 238);"><span style=3D"font-variant-ligatures: = no-common-ligatures">Checking vim: = 100%</span></p></div></blockquote><div><p style=3D"margin: 0px; = font-stretch: normal; font-size: 12px; line-height: normal; font-family: = Menlo; font-size-adjust: none; font-kerning: auto; = font-variant-alternates: normal; font-variant-ligatures: normal; = font-variant-numeric: normal; font-variant-east-asian: normal; = font-variant-position: normal; font-feature-settings: normal; = font-optical-sizing: auto; font-variation-settings: normal; = background-color: rgb(231, 238, 238);"><span = style=3D"font-variant-ligatures: no-common-ligatures"> </span></p><div><span style=3D"font-variant-ligatures: = no-common-ligatures"><br></span></div><div>My point was that if snapshot = image needs checksum verification it could be done by another = program,</div><div>because there are many purposes (plain integrity, = security, etc) and having it in place in snapshot image</div><div>could = be doing double of work.</div><div><br></div><div>And additionally note, = that NVLIST Header can be widen to have a checksum for Section = data.</div><div><br></div><div>Thanks,</div><div>Vitaliy = Gusev</div><div><br></div></div><div><blockquote = type=3D"cite"><div><div>Kind regards<br>Miroslav = Lachman<br><br></div></div></blockquote></div><br></body></html>= --Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91DBA80E-C6DD-4394-B69B-3B6BB63BE726>