Thank you all for your suggestions!
Richard W.M. Jones:
I keep meaning to write a comprehensive "virt-diff" tool.
I needed it
myself just yesterday.
Most interesting. I guess there are two reasons for creating such a
tool: just compare the images (show the diff) and/or check for malicious
additions in the other image.
Did you consider implementing the former or both?
Do you think it's realistic to compare vm images with the goal of
eventually finding deliberately hard to detect (malicious) changes?
At the moment I am not trying to write a virt-diff like tool, but
something simpler. A tool to create a report of all of a vm image's
contents. (Checksums for all files, filesystem, for MBR and Volume Boot
Record.) When publishing VM images, it might be useful to publish such a
report together with the image, so others who re-build from source can
be certain, they ended up with a very similar image. When having created
two such reports, one could easily get a virt-diff like tool.
although that *only*
compares files, not the other data outside the filesystem
What other data can there be outside the filesystem?
I can think of:
- MBR
- Volume Boot Record
Anything else?
If these have been compared, the compared image should be as safe to use
as the original one?
(I could imagine that there can be extra data outside filesystem, maybe
in regions outside the partition table, but those data shouldn't get
executed after starting the image in a VM.)
Cheers,
adrelanos