Related Application and/or Package Version (run apt policy $PACKAGE NAME):
Installer
Issue/Bug Description:
The installer ISO is around 3 GB. Of this entire size, only a region of 16 bytes is modified during installation, so far as I can see. But any change at all defeats self-verification that the installer looks exactly the same after the installation as before it. This comparison is important (but not totally sufficient) to ensure that the installer image wasn't somehow compromised during the installation process.
Steps to reproduce (if you know):
Download an ISO to install. Burn it to a USB stick using the dd command. Go and run the installer somewhere. (You can actually pull out the USB as soon as you get to the desktop; you don't actually need to install.) Now read back the USB stick using the dd command. You can abort as soon as the size of the image being read exceeds the size of the original ISO. Truncate the captured image to equal that original size. Notice that some bytes in the region at offsets 0x1DF through 0x1ED are modified. This modification is slightly above some text which reads "EFI PART", which suggests that perhaps this is some sort of partition header data that for some reason doesn't get filled in until after the first run. But on subsequent runs, and even if you redo the entire experiment, you'll always get the same modifications.
Expected behavior:
The modified bytes should just be injected before the ISO gets published in the first place. If you just run your new installer once on your end, you'll know which bytes to inject. It would be simple to do this and would make the install process readily verifiable. By the way, it used to work like this, but at some point in recent years, these bytes appeared (but I didn't actually track down the locations until now).
Distribution (run
cat /etc/os-release):22.04
Related Application and/or Package Version (run
apt policy $PACKAGE NAME):Installer
Issue/Bug Description:
The installer ISO is around 3 GB. Of this entire size, only a region of 16 bytes is modified during installation, so far as I can see. But any change at all defeats self-verification that the installer looks exactly the same after the installation as before it. This comparison is important (but not totally sufficient) to ensure that the installer image wasn't somehow compromised during the installation process.
Steps to reproduce (if you know):
Download an ISO to install. Burn it to a USB stick using the dd command. Go and run the installer somewhere. (You can actually pull out the USB as soon as you get to the desktop; you don't actually need to install.) Now read back the USB stick using the dd command. You can abort as soon as the size of the image being read exceeds the size of the original ISO. Truncate the captured image to equal that original size. Notice that some bytes in the region at offsets 0x1DF through 0x1ED are modified. This modification is slightly above some text which reads "EFI PART", which suggests that perhaps this is some sort of partition header data that for some reason doesn't get filled in until after the first run. But on subsequent runs, and even if you redo the entire experiment, you'll always get the same modifications.
Expected behavior:
The modified bytes should just be injected before the ISO gets published in the first place. If you just run your new installer once on your end, you'll know which bytes to inject. It would be simple to do this and would make the install process readily verifiable. By the way, it used to work like this, but at some point in recent years, these bytes appeared (but I didn't actually track down the locations until now).
Other Notes: