Collaborative Working Sessions - Images, filesystems and containers


  • ext4 reproducibility mkfs.ext4 is not reproducible (because allocation of the inodes is undefined) make_ext4fs works, but is unmaintained
  • ext4 creation time ends up in headers
  • UUIDs need to be seeded
  • there is patches on rb ML + setting the env up allows making ext4 reproducible (with mkfs.ext4?)
  • read-only filesystems (squashfs, erofs)
  • btrfs?

How to reproduce a full image

  • need a snapshot service (containing package versions)
  • need to record sufficient information every single package (in the correct version) config, version for tools used, generate manifest or read from original images
  • order of packages in dpkg database apparently there is a flag to tell apt to (re)order
  • same kernel

Random problems/ideas

  • Upgrading a single package on a given image (using a ro FS) can scramble the image quiet a bit (probably time stamp issues?)
  • initrd (timestamps or ordering issues) dracut: more likely to work with SDE mkinitcpio/mkinitramfs: ?
  • website: mention “magic” variables
  • package installation needs to be reproducible
    • exim4 postinst puts hostnames into some config
  • Packages.xz get cached (and rebuilt on Debian)
  • /etc/apt/sources.list would be different when using a snapshot service)
  • /etc/passwd /etc/shadow order
  • dependency on host kernel through /proc, /dev, FS code, (fs related) kernel config options may need to built images in a VM with a fixed kernel ?!
  • mkfs.* can introduce dependency on the host system
  • pycache differences (*.pyc files) Debian does not ship bytecode, other distros do and stripping them down would slow things down
  • Priority: important/optional ?! this actually comes from the source package (so no idea how/why this could change)
  • diffoscope can be told to exclude timestamps


container images are just tarballs (something something OSI image) (note: we didn’t talk about container images too much)