On Fri, Nov 13, 2015 at 7:29 AM Richard Hartmann < [email protected]> wrote:
> On Thu, Nov 12, 2015 at 8:14 PM, Bastian Blank <[email protected]> wrote: > > > While SHA2 is relatively cheep, it still takes a lot of time on the > > given image sizes of 30GiB, somewhat between four and six minutes. > > This does not have to be part of the _build_ process, it can be part > of the _publishing_ process. > > Out of interest: If you run the same build ten times, will you always > have the same binary output? > > > > Also I'm not really sure what you want to check with this checksums. > > The intention is to constrain images as much as possible to be able to > tell if they have been tampered with, intentionally or otherwise. If > we want to reproduce a certain scenario X time later for whatever > reason, checksums help. > > > > The image uploaded to the Azure infrastructure gets modified with an > > additional header, so you can't directly compare the checksum. > > Is it possible to remove the header for checksumming purposes? Does > said header enable any direct or indirect modifications? > > > Thanks, > RIchard > > > Out of interest: If you run the same build ten times, will you always have the same binary output? You got last modified timestamps on files etc., so no :-) -- Anders Ingemann
