On 31/08/2021 15.53, Chris Lamb wrote: > Indeed, needing to > extract parts of the ISO to recreate it is slightly sub-optimal, if > only because it would require someone to download it first before > attempting to recreate it (rather than just possessing the minuscule > .buildinfo file containing the inputs and output hashes).
There are ways to read files off a remote iso without downloading the whole thing: https://github.com/bmwiedemann/curlwwwfs + fuseiso or maybe https://github.com/higlass/simple-httpfs However, it would also be possible to place them as tarball next to it, but then you add other challenges in toolchains and workflows, if you think about the separate .buildinfo vs ArchLinux embeeded one. How do you find the right buildinfo? What if someone only fetches the binary?
OpenPGP_signature
Description: OpenPGP digital signature
