Received: by 10.223.185.116 with SMTP id b49csp1153011wrg;
        Fri, 16 Feb 2018 13:26:52 -0800 (PST)
X-Google-Smtp-Source: AH8x225M0iOKecKBtMA3DD9biYBUEOkzdjqKtWXwmVefce4UvTf48r9Nir8DlUUZ8HE43YK2FlN0
X-Received: by 2002:a17:902:b610:: with SMTP id b16-v6mr7018518pls.132.1518816412354;
        Fri, 16 Feb 2018 13:26:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518816412; cv=none;
        d=google.com; s=arc-20160816;
        b=f8V7xgvF2tk8HV3cQQDTiXyhcYUcZnbcjeIAtSQlKIrHKdXejbvK1c/i21y7I33Xc8
         I664XdijEidMNpvPrOot2XoXM3F798b8C6NVijDfO7EUHZWEziocy8x9Vesn6TzZNp3g
         ikTKaBeYv9W3J5q0AThN+VdfwoKjjs4QTRReYdxBwFIo5XDeOvH5S4dFbTjXonGitjNU
         A2xjaBftcI4SXubyzRhQ2zcNUzG7cMikaSySckEVxVVTIrSRTpnH8E09NmFMVdFRJwJI
         1uxOvIx3sTzPcAU+9WJdLrF8ZH0KzlbXKshMUMGWmEX9ffp7KwxTrI1twNB5O1Xd1CJW
         76aQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature
         :arc-authentication-results;
        bh=Hr05Yrw7NhPVLNc2j5RI2loS1NWzCQzqESteGO5CPVo=;
        b=l0SBNGNBbDRStN3FHUvzXSrWyZaJaGvLv358ThN7MfRBSCm+t9gghvvDQQRjdZk2Kt
         0WDTMyqAWvXsmRaOsoSVw6SHXrRmCAD+4VKS1eTW06WqE9UDGn7lQE9XFPBoAYV/1C3o
         JQX35onsexbU+1qdfV0xIifMuOwzbZwMc68Z9fy5oKmJCoIIwx0xkReGnvGxYD6NhFE1
         HI6UbigXsedHYJWrt60uu/YI/i4FbwJa7mfY7kHebBMtF1PoZWKycmfb7a3QqpO6RvMy
         SEJY5wIojuMhpppJHVQzpIJGq2oHOqYfZnyP6+CzA0XOLdWvNx5JLCx961ZbtyB9DMha
         DsLg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=Gupeabcg;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d10-v6si1551719plm.539.2018.02.16.13.26.38;
        Fri, 16 Feb 2018 13:26:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=Gupeabcg;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1750946AbeBPVZP (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Fri, 16 Feb 2018 16:25:15 -0500
Received: from mail-io0-f196.google.com ([209.85.223.196]:38784 "EHLO
        mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750914AbeBPVZL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Feb 2018 16:25:11 -0500
Received: by mail-io0-f196.google.com with SMTP id d13so5525803iog.5
        for <linux-kernel@vger.kernel.org>; Fri, 16 Feb 2018 13:25:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=landley-net.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=Hr05Yrw7NhPVLNc2j5RI2loS1NWzCQzqESteGO5CPVo=;
        b=GupeabcgxUTAi7NLp4uq6kkpyzdUvmiv7Yy4plxL8uBQoWBKLJWW6X3EeQeWQ4ZBvV
         iGln1ma0SceeyY25DiTwpJHrnrpVeB9r7AHWqviRJajegP7ybyk63uNWjCyH4TGyKTVu
         qpuvloNJOoI4h1MN2kJlIn9kNKL4tX8XNZvLciKrhQPPMFSoMxfvX+0qhEA9R3uL93hs
         wW6x/kcmfV5jVUrrfMrFQIxOWExjIl6XLNq0IHvMx0JGchpXBpv+DI6aw2u+HX/haTGM
         51SPikZ5FJ8oLS93Dr7zEqSaKB37kGTZ40cp5oegOG01cyq14FY+bDVhkr1CvTy/vc+B
         LLCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=Hr05Yrw7NhPVLNc2j5RI2loS1NWzCQzqESteGO5CPVo=;
        b=edubj5lEcrdYOhIMmVMux3/S6F14puvbvcbo/i/ZTwOKsLwPOvYuNoLsPhyRkkwGkx
         wW7gbkjVDzfJDn1B3/C7n3Awjt2kBUt1eBE9h62CBlKd5m+7GP3i4qQv/lUPN9cf2pqc
         ya9Gy+5Gdq4qSAvKhjUI8fx8K32CtDvanf+gBXkbnpZvFmywrkFuifNyBoe/O4211zaw
         VBsK2vFTEHJLHDKxR8VRMItbdu0+L0sO9lNSkQr9SY2TAdijRV++f/+JfAryD6T1gxFk
         xOghrzXZw57P+VCH/sWP4wBQsdbLitSIOYAChNzkY8noAtYw9o7hUEH/XLq47338ylfY
         mcgQ==
X-Gm-Message-State: APf1xPA+/Ugrw0ESHwY4xvsiPXPn+7PQvZmgXKyug3wUOZttf4mGhpTm
        YuFhSaz1IxPWg+6METOA+PfygA==
X-Received: by 10.107.139.195 with SMTP id n186mr10255066iod.49.1518816310937;
        Fri, 16 Feb 2018 13:25:10 -0800 (PST)
Received: from [192.168.42.140] ([172.58.140.111])
        by smtp.googlemail.com with ESMTPSA id s70sm2621499itb.0.2018.02.16.13.25.09
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 16 Feb 2018 13:25:10 -0800 (PST)
Subject: Re: [PATCH v3 01/15] Documentation: add newcx initramfs format
 description
To:     "H. Peter Anvin" <hpa@zytor.com>,
        Taras Kondratiuk <takondra@cisco.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Arnd Bergmann <arnd@arndb.de>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Jonathan Corbet <corbet@lwn.net>,
        James McMechan <james.w.mcmechan@gmail.com>
Cc:     initramfs@vger.kernel.org, Victor Kamensky <kamensky@cisco.com>,
        linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org, xe-linux-external@cisco.com
References: <1518813234-5874-1-git-send-email-takondra@cisco.com>
 <1518813234-5874-2-git-send-email-takondra@cisco.com>
 <d69f329c-8365-bb0e-69ee-774cbea141b2@zytor.com>
From:   Rob Landley <rob@landley.net>
Message-ID: <72480de8-e6d6-5125-e647-08815eb9f6a7@landley.net>
Date:   Fri, 16 Feb 2018 15:25:07 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <d69f329c-8365-bb0e-69ee-774cbea141b2@zytor.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 02/16/2018 02:59 PM, H. Peter Anvin wrote:
> On 02/16/18 12:33, Taras Kondratiuk wrote:
>> Many of the Linux security/integrity features are dependent on file
>> metadata, stored as extended attributes (xattrs), for making decisions.
>> These features need to be initialized during initcall and enabled as
>> early as possible for complete security coverage.
>>
>> Initramfs (tmpfs) supports xattrs, but newc CPIO archive format does not
>> support including them into the archive.
>>
>> This patch describes "extended" newc format (newcx) that is based on
>> newc and has following changes:
>> - extended attributes support
>> - increased size of filesize to support files >4GB
>> - increased mtime field size to have 64 bits of seconds and added a
>>   field for nanoseconds
>> - removed unused checksum field
>>
> 
> If you are going to implement a new, non-backwards-compatible format,
> you shouldn't replicate the mistakes of the current format.  Specifically:

So rather than make minimal changes to the existing format and continue to
support the existing format (sharing as much code as possible), you recommend
gratuitous aesthetic changes?

> 1. The use of ASCII-encoded fixed-length numbers is an idiotic legacy
> from an era before there were any portable way of dealing with numbers
> with prespecified endianness.

It lets encoders and decoders easily share code with the existing cpio format,
which we still intend to be able to read and write.

> If you are going to use ASCII, make them
> delimited so that they don't have fixed limits, or just use binary.

When it's gzipped this accomplishes what? (Other than being gratuitously
different from the previous iteration?)

> The cpio header isn't fixed size, so that argument goes away, in fact
> the only way to determine the end of the header is to scan forward.
> 
> 2. Alignment sensitivity!  Because there is no header length
> information, the above scan tells you where the header ends, but there
> is padding before the data, and the size of that padding is only defined
> by alignment.

Again, these are minimal changes to the existing cpio format. You're complaining
about _cpio_, and that the new stuff isn't _different_ enough from it.

> 3. Inband encoding of EOF: if you actually have a filename "TRAILER!!!"
> you have problems.

Been there, done that:

http://lkml.iu.edu/hypermail/linux/kernel/1801.3/01791.html

> But first, before you define a whole new format for which no tools exist
> (you will have to work with the maintainers of the GNU tools to add
> support)

No, he's been working with the maintainer of toybox to add support (for about a
year now), which gets him the Android command line. And the kernel has its own
built-in tool to generate cpio images anyway.

Why would anyone care what the GNU project thinks?

> you should see how complex it would be to support the POSIX
> tar/pax format,

That argument was had (at length) when initramfs went in over a decade ago.
There are links in Documentation/filesystems/ramfs-rootfs-initramfs.txt to the
mailing list entries about it.

> which already has all the features you are seeking, and
> by now is well-supported.

So... tar wasn't well-supported 15 years ago? (Hasn't the kernel source always
been distributed via tarball back since 0.0.1?)

You're suggesting having a whole second codepath that shares no code with the
existing cpio extractor. Are you suggesting abandoning support for the existing
initramfs.cpio.gz file format?

Rob