Hi, i am discussing with Chris Lamb on reproducible-bui...@lists.alioth.debian.org how to make production of bootable ISOs reproducible. The last (yet known) obstacle are the pseudo-random GUIDs of the GPT which is produced for EFI bootability.
Up to this obstacle it turned out that it will suffice to use the same input file tree and the same overall timestamp with xorriso -as mkisofs option --modification-date=YYYYMMDDhhmmsscc which was originally introduced for grub-mkrescue to match in grub.cfg search --fs-uuid --set YYYY-MM-DD-hh-mm-ss-cc I am now wondering whether it would be ok for grub-mkrescue if the GUIDs of the GPT would be derived reproducibly from this timestamp by default. (Currently they stem from /dev/urandom.) These GUIDs will of course be unique inside the GPT. But their entropy will be low and collisions with other ISOs could happen systematically because of nearly identical production times. Well, this can happen to the ISO 9660 --fs-uuid string under the same circumstances. So my question: Is there any reason known why the GPT GUID needs to have better randomness than the "search --fs-uuid" string ? Have a nice day :) Thomas _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
