couldn't we generate GUID's based on the current git revision? this way you reproduce the ISO without even looking at the timestamp.
I don't know anything about the entropy requirements though. Lets wait for a reply of the maintainers about that. Thanks Michael On Thu, Aug 11, 2016 at 9:55 PM, Thomas Schmitt <scdbac...@gmx.net> wrote: > Hi, > > i am discussing with Chris Lamb on reproducible-builds@lists. > alioth.debian.org > how to make production of bootable ISOs reproducible. The last (yet known) > obstacle are the pseudo-random GUIDs of the GPT which is produced for EFI > bootability. > > Up to this obstacle it turned out that it will suffice to use the same > input file tree and the same overall timestamp with xorriso -as mkisofs > option > --modification-date=YYYYMMDDhhmmsscc > which was originally introduced for grub-mkrescue to match in grub.cfg > search --fs-uuid --set YYYY-MM-DD-hh-mm-ss-cc > > I am now wondering whether it would be ok for grub-mkrescue if the GUIDs > of the GPT would be derived reproducibly from this timestamp by default. > (Currently they stem from /dev/urandom.) > > These GUIDs will of course be unique inside the GPT. But their entropy > will be low and collisions with other ISOs could happen systematically > because of nearly identical production times. > Well, this can happen to the ISO 9660 --fs-uuid string under the same > circumstances. > > > So my question: > Is there any reason known why the GPT GUID needs to have better randomness > than the "search --fs-uuid" string ? > > > Have a nice day :) > > Thomas > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
