In the light of xz backdoor and the way the payload got in via the testsuite, let's do an audit just in case. Most images come from known people (for the btrfs check cases), however some images have been copied from bugzilla.kernel.org reports without change (fuzz-tests/images). Image formats are either raw partition (plain or compressed by ehm xz) or the custom image dump format managed by btrfs-image (also plain or compressed).
Task list:
go through all images and make a list of the problamatic ones
look which images could be replaced by a series of steps to recreate the state, add/update tools to do the changes on fresh images
look for other binary blobs like partition layout for loop devices
document how images should be created as needed instead of blobs
Expected result is minimal number of blobs, better tools for fuzz and targeted corruption testing. As a bonus the internal image format should be documented and fuzzed.
In the light of xz backdoor and the way the payload got in via the testsuite, let's do an audit just in case. Most images come from known people (for the
btrfs checkcases), however some images have been copied from bugzilla.kernel.org reports without change (fuzz-tests/images). Image formats are either raw partition (plain or compressed by ehm xz) or the custom image dump format managed bybtrfs-image(also plain or compressed).Task list:
Expected result is minimal number of blobs, better tools for fuzz and targeted corruption testing. As a bonus the internal image format should be documented and fuzzed.