From nobody Wed May 24 18:16:27 2023 X-Original-To: virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QRKBw2ymtz4TLxq; Wed, 24 May 2023 18:16:40 +0000 (UTC) (envelope-from gusev.vitaliy@gmail.com) Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QRKBw0xLyz4MkC; Wed, 24 May 2023 18:16:40 +0000 (UTC) (envelope-from gusev.vitaliy@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-4f3b337e842so1278211e87.3; Wed, 24 May 2023 11:16:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684952198; x=1687544198; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=c97IKDb8B7IJ+wq3pHrDHqdGy0JjQu5fvMbgBY5XtaI=; b=k7/X4IUHNBSQqWTA6u73OAQKngCrTtF51iJpVh1gkeYu8XpUw5EPBBAX0Sc8HoXaAl cqLsbGCeXvgDiiWIlkp7pMEa92awqngyLqeZDOjXyaVbgKLZlzz0ecb8ITcO1xmtvWSW C6qHk44wrvFyXGtOPw7ZUdyYRT6sB2rWbi+QjZwVKRmw7jTTTGhFiYfdF1QEYy2JgJTQ ntLPoILxcJbXxq9JCSU2k4hCdMNaa+uM9wb6VuqGTrDqUYoIeVmIxkDFBwaEWo26SlHp v0222ZJ0FuUQ/tGJxDNffWto9Qyx8ox1KO0mEyldHj3BNv2Ry1Z/yQ1s6Pyxb472t0Vk ab/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684952198; x=1687544198; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c97IKDb8B7IJ+wq3pHrDHqdGy0JjQu5fvMbgBY5XtaI=; b=YoBtffFHx3lb6VMSmEnD0IvewCqMU+kbQQ/9W3jK/Ge6gppxfVtJvv6LMgsV2IzWD9 F5SnS730FH7KLxCUxEYlS4O20IyYyppmQU6VleEeEmawqM0fqeLdVXy+BRehqfsDQOTQ FlVJEA+jH74nsueR8O+qTQ2Ppzz+t90jeMft0LQg9mu3NqlLx0ERoLUXldoTak1PTDO7 TOh96hdvL7gQ8zYcWk2ro27A/b3XGT25KZ7wFMgZentS9BmY0ovsGQThWVzX33yNME// KH2CNgWBZNkgjdiFnHvOTht+URg2oftFp6ZP0hKfGpiniBBHt+L3hoGMPLaRRvoAP8l9 uiAA== X-Gm-Message-State: AC+VfDzxXGn9rB2mGcOu+rmIjajxVvVn8xT9cxjUB/eJEYsV/4oUWd9E FBzM7QOt5trCx9+yhRT+s/U= X-Google-Smtp-Source: ACHHUZ7Bj4CXEDY6e7q6r7inG7OG1Y5EHg0SzQRw/F/OUXrsXBjbZkkSpQT3Ji8hu8KV+IcAlOUDxw== X-Received: by 2002:ac2:5298:0:b0:4ef:f725:ae2f with SMTP id q24-20020ac25298000000b004eff725ae2fmr5625196lfm.37.1684952198299; Wed, 24 May 2023 11:16:38 -0700 (PDT) Received: from smtpclient.apple ([188.187.60.230]) by smtp.gmail.com with ESMTPSA id u22-20020ac243d6000000b004f021ce4c68sm1815719lfl.80.2023.05.24.11.16.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 May 2023 11:16:37 -0700 (PDT) From: Vitaliy Gusev Message-Id: <91DBA80E-C6DD-4394-B69B-3B6BB63BE726@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80" List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\)) Subject: Re: BHYVE SNAPSHOT image format proposal Date: Wed, 24 May 2023 21:16:27 +0300 In-Reply-To: Cc: virtualization@freebsd.org, freebsd-hackers@freebsd.org To: Miroslav Lachman <000.fbsd@quip.cz> References: <67FDC8A8-86A6-4AE4-85F0-FF7BEF9F2F06@gmail.com> X-Mailer: Apple Mail (2.3731.500.231) X-Rspamd-Queue-Id: 4QRKBw0xLyz4MkC X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi,=20 > On 24 May 2023, at 20:46, Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > On 24/05/2023 17:10, Vitaliy Gusev wrote: >=20 >>>> Current snapshot implementation has disadvantages: >>>> 3 files per snapshot: .meta, .kern, vram >>>=20 >>> No problem, unless new single file will be protected against >>> corruption (filesystem, transfer, application crash) and possible to >>> be easily and cheaply modified in place? >> Current snapshot implementation doesn=E2=80=99t have it. I would say = more, current >> pkg implementation doesn=E2=80=99t track/notify if some of files are = changed. Binary files on a >> system can be changed, for example ELF files, without any = notification. >=20 > pkg stores checksums for installed files. You can check them with pkg = check -s -a or pkg check --checksums -a. Changes are reported by daily = periodic script. Yep, my fault. However, I found it doesn=E2=80=99t track sticky bit = setting: # chmod u+t /usr/local/bin/vim # pkg check -s vim Checking vim: 100% My point was that if snapshot image needs checksum verification it could = be done by another program, because there are many purposes (plain integrity, security, etc) and = having it in place in snapshot image could be doing double of work. And additionally note, that NVLIST Header can be widen to have a = checksum for Section data. Thanks, Vitaliy Gusev > Kind regards > Miroslav Lachman >=20 --Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi, 

On 24 May 2023, at 20:46, Miroslav Lachman = <000.fbsd@quip.cz> wrote:

On 24/05/2023 17:10, = Vitaliy Gusev wrote:

Current snapshot implementation = has disadvantages:
3 files per snapshot: .meta, .kern, = vram

No problem, unless new single file will be = protected against
corruption (filesystem, transfer, application = crash) and possible to
be easily and cheaply modified in = place?
Current snapshot implementation doesn=E2=80=99t = have it. I would say more, current
pkg implementation doesn=E2=80=99t = track/notify if some of files are changed.   Binary files on = a
system can be changed, for example ELF files, without any = notification.

pkg stores checksums for installed = files. You can check them with pkg check -s -a or pkg check --checksums = -a. Changes are reported by daily periodic = script.


Yep, = my fault. However, I found it doesn=E2=80=99t track sticky bit = setting:

# = chmod u+t /usr/local/bin/vim


# pkg = check -s vim

Checking vim: = 100%


My point was that if snapshot = image needs checksum verification it could be done by another = program,
because there are many purposes (plain integrity, = security, etc) and having it in place in snapshot image
could = be doing double of work.

And additionally note, = that NVLIST Header can be widen to have a  checksum for Section = data.

Thanks,
Vitaliy = Gusev

Kind regards
Miroslav = Lachman


= --Apple-Mail=_5729E1B5-200B-4960-B4A9-D1B168D9AB80--