[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFE: Could crc32 be included in the debian live/installation disk?


On Sat, Oct 05, 2019 at 03:57:09PM +0200, Albretch Mueller wrote:
>  this is a hash algorithm that is implemented of the chips anyway, it
> is the fastest of them all, used by synch (is it?) and it is crucially
> helpful when data integrity is very important.

And it's also one of those broken checksum algorithms which makes it
easy to replace a part of file while keeping a checksum intact.

>  I like to do baseline checks when I first install an OS base and when
> I upgrade it.

apt install debsums

Every Debian package contains MD5 checksums of the files it provides.
All you need to do is to check them on a routine basis.
If you need a better checksum algorithm, you use IDS, not homegrown

>  Does Debian internally have the kind of check pointing that Windows
> does with which you could revert the state of an OS to a operating
> "moment" you can manage?

Sure. And it's called "off-host backup", a concept which predates both
Linux and Windoze.
As you helpfully mention below, "you do not own your computer", so
"in-host" checkpoints are untrusted by your very own definition.

>  the reason why I push for the crc32 algo is because instead of using
> sha?sums which are much slower, I would rely on both crc32 and md5sum,
> when I have to baselines the 200+K files included in the base install
> that comes with the installation disk.

A noble if misguided effort. Surely you're aware that Debian project
provides both install media and LiveDVDs along with checksums of them?
They did this job for you already.

>  Nowadays you can safely assume that you do not own your computer

And refraining from using certain processor architectures and non-free
operating systems (and a non-free software in general) is the only
reasonable way to be sure that you do own your computer.
Designing and building your own hardware is the next logical step,
although the cost and the complexity of it can be discouraging.

> (or any of your networked hardware or data encrypted or not), you just
> paid for it to make vendors happy, but  I think "we the people" could
> claim more of an ownership of what we pay for.

Could not agree more. That's one of Free Software Movement broad goals -
to put the user of the software in control.

>  I would like to remove all cookies

Why accept them in the first place then?

>  Anyway, here is some crappy proof of concept to what I am suggesting.
> That kind of utility could be made part of the installation:

Checkpointing the contents of volatile directories such as /run and /tmp
won't do you any good.
Checksumming of /lib* /usr and the like is done by every Debian package
Checksumming of /boot is an interesting idea (AFAIK you can validate
the kernel only, but that's it), but I'd use something like dm-integrity
for this.
As for the user data (/home and the like) - I'd say that backups are


Reply to: