Re: [Tails-dev] Why Tails partition is non-deterministic?

Delete this message

Reply to this message
Author: segfault
Date:  
To: The Tails public development discussion list
CC: joanna
Subject: Re: [Tails-dev] Why Tails partition is non-deterministic?
Hi,

somehow I missed this thread, just noticed it right now.

intrigeri:
> Hi,
>
> thanks Joanna for raising this topic!
>
> I've just thought about it a little bit and I see no technical reason
> that prevents us from resetting all timestamps in the filesystem to
> some fixed value that depends only (if at all) on the version of Tails
> being installed/upgraded, during some late stage of the
> installation process.


I think you're right. I did not test if the modification date is indeed
the only thing that differs, but I think Joanna is right, I don't see
anything else that should differ. This would also make tails-verifier
less complex, because we wouldn't have to look at each file but can
check the whole partition at once, like Joanna suggested (although the
file verification is not the complex part).

>
> And it would be nice if tails-verifier looked at filesystem metadata
> as well as files content, if it doesn't yet. I bet it's cheaper to add
> this check than to prove that it's not needed :)


I can't find a source which explicitely states this, but I'm pretty sure
the modification date is the only file metadata available in unix' vfat
(beside the size, which is also checked with the hash sum). See for
example the full list of attributes in the FAT32 directory table [1] and
this short paragraph in wikipedia about unix' vfat driver [2].

[1]
https://en.wikipedia.org/wiki/Design_of_the_FAT_file_system#Directory_entry
[2] https://en.wikipedia.org/wiki/FAT_filesystem_and_Linux#vfat

Currently I don't compare the dates, because they differ from the ones
on the ISO, so the verification would fail.

Cheers