Received: by 10.223.185.116 with SMTP id b49csp1153011wrg; Fri, 16 Feb 2018 13:26:52 -0800 (PST) X-Google-Smtp-Source: AH8x225M0iOKecKBtMA3DD9biYBUEOkzdjqKtWXwmVefce4UvTf48r9Nir8DlUUZ8HE43YK2FlN0 X-Received: by 2002:a17:902:b610:: with SMTP id b16-v6mr7018518pls.132.1518816412354; Fri, 16 Feb 2018 13:26:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518816412; cv=none; d=google.com; s=arc-20160816; b=f8V7xgvF2tk8HV3cQQDTiXyhcYUcZnbcjeIAtSQlKIrHKdXejbvK1c/i21y7I33Xc8 I664XdijEidMNpvPrOot2XoXM3F798b8C6NVijDfO7EUHZWEziocy8x9Vesn6TzZNp3g ikTKaBeYv9W3J5q0AThN+VdfwoKjjs4QTRReYdxBwFIo5XDeOvH5S4dFbTjXonGitjNU A2xjaBftcI4SXubyzRhQ2zcNUzG7cMikaSySckEVxVVTIrSRTpnH8E09NmFMVdFRJwJI 1uxOvIx3sTzPcAU+9WJdLrF8ZH0KzlbXKshMUMGWmEX9ffp7KwxTrI1twNB5O1Xd1CJW 76aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=Hr05Yrw7NhPVLNc2j5RI2loS1NWzCQzqESteGO5CPVo=; b=l0SBNGNBbDRStN3FHUvzXSrWyZaJaGvLv358ThN7MfRBSCm+t9gghvvDQQRjdZk2Kt 0WDTMyqAWvXsmRaOsoSVw6SHXrRmCAD+4VKS1eTW06WqE9UDGn7lQE9XFPBoAYV/1C3o JQX35onsexbU+1qdfV0xIifMuOwzbZwMc68Z9fy5oKmJCoIIwx0xkReGnvGxYD6NhFE1 HI6UbigXsedHYJWrt60uu/YI/i4FbwJa7mfY7kHebBMtF1PoZWKycmfb7a3QqpO6RvMy SEJY5wIojuMhpppJHVQzpIJGq2oHOqYfZnyP6+CzA0XOLdWvNx5JLCx961ZbtyB9DMha DsLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=Gupeabcg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d10-v6si1551719plm.539.2018.02.16.13.26.38; Fri, 16 Feb 2018 13:26:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@landley-net.20150623.gappssmtp.com header.s=20150623 header.b=Gupeabcg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750946AbeBPVZP (ORCPT + 99 others); Fri, 16 Feb 2018 16:25:15 -0500 Received: from mail-io0-f196.google.com ([209.85.223.196]:38784 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750914AbeBPVZL (ORCPT ); Fri, 16 Feb 2018 16:25:11 -0500 Received: by mail-io0-f196.google.com with SMTP id d13so5525803iog.5 for ; Fri, 16 Feb 2018 13:25:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=landley-net.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Hr05Yrw7NhPVLNc2j5RI2loS1NWzCQzqESteGO5CPVo=; b=GupeabcgxUTAi7NLp4uq6kkpyzdUvmiv7Yy4plxL8uBQoWBKLJWW6X3EeQeWQ4ZBvV iGln1ma0SceeyY25DiTwpJHrnrpVeB9r7AHWqviRJajegP7ybyk63uNWjCyH4TGyKTVu qpuvloNJOoI4h1MN2kJlIn9kNKL4tX8XNZvLciKrhQPPMFSoMxfvX+0qhEA9R3uL93hs wW6x/kcmfV5jVUrrfMrFQIxOWExjIl6XLNq0IHvMx0JGchpXBpv+DI6aw2u+HX/haTGM 51SPikZ5FJ8oLS93Dr7zEqSaKB37kGTZ40cp5oegOG01cyq14FY+bDVhkr1CvTy/vc+B LLCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Hr05Yrw7NhPVLNc2j5RI2loS1NWzCQzqESteGO5CPVo=; b=edubj5lEcrdYOhIMmVMux3/S6F14puvbvcbo/i/ZTwOKsLwPOvYuNoLsPhyRkkwGkx wW7gbkjVDzfJDn1B3/C7n3Awjt2kBUt1eBE9h62CBlKd5m+7GP3i4qQv/lUPN9cf2pqc ya9Gy+5Gdq4qSAvKhjUI8fx8K32CtDvanf+gBXkbnpZvFmywrkFuifNyBoe/O4211zaw VBsK2vFTEHJLHDKxR8VRMItbdu0+L0sO9lNSkQr9SY2TAdijRV++f/+JfAryD6T1gxFk xOghrzXZw57P+VCH/sWP4wBQsdbLitSIOYAChNzkY8noAtYw9o7hUEH/XLq47338ylfY mcgQ== X-Gm-Message-State: APf1xPA+/Ugrw0ESHwY4xvsiPXPn+7PQvZmgXKyug3wUOZttf4mGhpTm YuFhSaz1IxPWg+6METOA+PfygA== X-Received: by 10.107.139.195 with SMTP id n186mr10255066iod.49.1518816310937; Fri, 16 Feb 2018 13:25:10 -0800 (PST) Received: from [192.168.42.140] ([172.58.140.111]) by smtp.googlemail.com with ESMTPSA id s70sm2621499itb.0.2018.02.16.13.25.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Feb 2018 13:25:10 -0800 (PST) Subject: Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description To: "H. Peter Anvin" , Taras Kondratiuk , Al Viro , Arnd Bergmann , Mimi Zohar , Jonathan Corbet , James McMechan Cc: initramfs@vger.kernel.org, Victor Kamensky , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, xe-linux-external@cisco.com References: <1518813234-5874-1-git-send-email-takondra@cisco.com> <1518813234-5874-2-git-send-email-takondra@cisco.com> From: Rob Landley Message-ID: <72480de8-e6d6-5125-e647-08815eb9f6a7@landley.net> Date: Fri, 16 Feb 2018 15:25:07 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/16/2018 02:59 PM, H. Peter Anvin wrote: > On 02/16/18 12:33, Taras Kondratiuk wrote: >> Many of the Linux security/integrity features are dependent on file >> metadata, stored as extended attributes (xattrs), for making decisions. >> These features need to be initialized during initcall and enabled as >> early as possible for complete security coverage. >> >> Initramfs (tmpfs) supports xattrs, but newc CPIO archive format does not >> support including them into the archive. >> >> This patch describes "extended" newc format (newcx) that is based on >> newc and has following changes: >> - extended attributes support >> - increased size of filesize to support files >4GB >> - increased mtime field size to have 64 bits of seconds and added a >> field for nanoseconds >> - removed unused checksum field >> > > If you are going to implement a new, non-backwards-compatible format, > you shouldn't replicate the mistakes of the current format. Specifically: So rather than make minimal changes to the existing format and continue to support the existing format (sharing as much code as possible), you recommend gratuitous aesthetic changes? > 1. The use of ASCII-encoded fixed-length numbers is an idiotic legacy > from an era before there were any portable way of dealing with numbers > with prespecified endianness. It lets encoders and decoders easily share code with the existing cpio format, which we still intend to be able to read and write. > If you are going to use ASCII, make them > delimited so that they don't have fixed limits, or just use binary. When it's gzipped this accomplishes what? (Other than being gratuitously different from the previous iteration?) > The cpio header isn't fixed size, so that argument goes away, in fact > the only way to determine the end of the header is to scan forward. > > 2. Alignment sensitivity! Because there is no header length > information, the above scan tells you where the header ends, but there > is padding before the data, and the size of that padding is only defined > by alignment. Again, these are minimal changes to the existing cpio format. You're complaining about _cpio_, and that the new stuff isn't _different_ enough from it. > 3. Inband encoding of EOF: if you actually have a filename "TRAILER!!!" > you have problems. Been there, done that: http://lkml.iu.edu/hypermail/linux/kernel/1801.3/01791.html > But first, before you define a whole new format for which no tools exist > (you will have to work with the maintainers of the GNU tools to add > support) No, he's been working with the maintainer of toybox to add support (for about a year now), which gets him the Android command line. And the kernel has its own built-in tool to generate cpio images anyway. Why would anyone care what the GNU project thinks? > you should see how complex it would be to support the POSIX > tar/pax format, That argument was had (at length) when initramfs went in over a decade ago. There are links in Documentation/filesystems/ramfs-rootfs-initramfs.txt to the mailing list entries about it. > which already has all the features you are seeking, and > by now is well-supported. So... tar wasn't well-supported 15 years ago? (Hasn't the kernel source always been distributed via tarball back since 0.0.1?) You're suggesting having a whole second codepath that shares no code with the existing cpio extractor. Are you suggesting abandoning support for the existing initramfs.cpio.gz file format? Rob