Re: [Tails-dev] Why Tails partition is non-deterministic?

2016-08-10 Thread intrigeri 
Hi,

thanks Joanna for raising this topic!

I've just thought about it a little bit and I see no technical reason
that prevents us from resetting all timestamps in the filesystem to
some fixed value that depends only (if at all) on the version of Tails
being installed/upgraded, during some late stage of the
installation process.

And it would be nice if tails-verifier looked at filesystem metadata
as well as files content, if it doesn't yet. I bet it's cheaper to add
this check than to prove that it's not needed :)

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Why Tails partition is non-deterministic?

2016-08-10 Thread sajolida 
bertagaz:
> [ Ignoring some kind of private answer sent here although it doesn't
> belong to this list. ]
> 
> On Mon, Aug 08, 2016 at 09:32:17PM +0200, Joanna Rutkowska wrote:
>> Is there any special reason why the partition where Tails installs itself is
>> non-deterministic? It is thanks to differing timestamps on the filesystem.
>>
>> This posses a problem for a prudent user who would like to be able to verify
>> Tails integrity, e.g. by typing:
>>
>> dd if=/dev/sda1 | sha1sum
>>
>> This might be especially useful if one uses the stick on various computers 
>> and
>> would like to verify if her USB stick holding Tails installs hasn't been
>> modified (e.g. by a malicious BIOS). Yes, I'm aware that the first sector of 
>> the
>> disk (/dev/sda) would still differ thanks to different partition sizes.
> 
> Good question. Did you try and found out that only timestamps were
> different? If it is, good news, means it may not be so hard to fix.
> Would be nice if you could post your data on our bug tracker
> (https://labs.riseup.net/code/projects/tails).
> 
> So far we've been focusing on tails-verifier (ticket #7496, waiting for
> review...) for people to check their install, so I don't remember if we
> explored this.

Exactly. The technicalities of this are way over my head but I think
that segfault  already investigated all of this
while working on Tails Verifier [1] so he should be the one to talk to.

But if I remember correctly, he's super busy with other things right now
so maybe don't expect a quick answer (in the meantime, looking at the
code might help).

[1]: https://labs.riseup.net/code/issues/7496
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.