Re: BHYVE SNAPSHOT image format proposal

In reply to: Miroslav Lachman : "Re: BHYVE SNAPSHOT image format proposal"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Vitaliy Gusev <gusev.vitaliy_at_gmail.com>
Date: Wed, 24 May 2023 18:16:27 UTC

Hi, 

> On 24 May 2023, at 20:46, Miroslav Lachman <000.fbsd@quip.cz> wrote:
> 
> On 24/05/2023 17:10, Vitaliy Gusev wrote:
> 
>>>> Current snapshot implementation has disadvantages:
>>>> 3 files per snapshot: .meta, .kern, vram
>>> 
>>> No problem, unless new single file will be protected against
>>> corruption (filesystem, transfer, application crash) and possible to
>>> be easily and cheaply modified in place?
>> Current snapshot implementation doesn’t have it. I would say more, current
>> pkg implementation doesn’t track/notify if some of files are changed.   Binary files on a
>> system can be changed, for example ELF files, without any notification.
> 
> pkg stores checksums for installed files. You can check them with pkg check -s -a or pkg check --checksums -a. Changes are reported by daily periodic script.


Yep, my fault. However, I found it doesn’t track sticky bit setting:

# chmod u+t /usr/local/bin/vim

# pkg check -s vim
Checking vim: 100%

My point was that if snapshot image needs checksum verification it could be done by another program,
because there are many purposes (plain integrity, security, etc) and having it in place in snapshot image
could be doing double of work.

And additionally note, that NVLIST Header can be widen to have a  checksum for Section data.

Thanks,
Vitaliy Gusev

> Kind regards
> Miroslav Lachman
>