Thanks for looking into this.

Just going to add, in case you wonder why it shouldn't be up to the
software that is mounting the ISO to sort out symbolic links and just
duplicate content, that neither Windows File Explorer nor 7-zip (both of
which can mount/extract ISO content) will list anything under the
'/firmware/' directory besides the 'dep11/' subdirectory and the
'Contents-firmware' file.

In short, a Windows user trying to use the most common ways of
extracting ISO content will be missing all the '*.deb' firmware files in
'/firmware/'. So this means that, unfortunately, the issue can't exactly
be dismissed as something that should be fixed at the ISO mounting level
rather than at the Debian ISO mastering level, at least for Windows users.

I guess one approach could be to have the Debian firmware detection and
loading software handle something like plain text files containing a
relative path when they use a specific extension (e.g. .deblink), in
order to perform the link resolution manually instead of relying on the
underlying file system...

Regards,

/Pete

Bug #1031696 [cdimage.debian.org] Use of symbolic links in non-free ISO images breaks file system transposition support
Bug reassigned from package 'cdimage.debian.org' to 'debian-cd'.
Ignoring request to alter found versions of bug #1031696 to the same values previously set
Ignoring request to alter fixed versions of bug #1031696 to the same values previously set
Bug #1031696 [debian-cd] Use of symbolic links in non-free ISO images breaks file system transposition support
Added tag(s) moreinfo.

Hi,
This could be achieved by a bunch of hard links instead of the symbolic
links. In /firmware of firmware-bookworm-DI-alpha1-amd64-netinst.iso
i see only symbolic links to data files. So replacing symlinks by
hardlinks should be technically possible.

xorriso represents hard link siblings in ISO 9660 and Joliet as data files
which use the same data content blocks. So these views of the Debian ISO
would produce separate copies of target and link when both get extracted
to disk.

A Rock Ridge reader could do better by help of the PN entry. But Linux
computes own inode numbers from the byte addresses of the ISO 9660
directory records. So hardlinks do not get represented as such when Linux
mounts an ISO. Thus copying them out of the ISO causes duplication.

This would be a disadvantage of hard links for those people who unpack
Debian ISOs on Linux.


Have a nice day :)

Thomas

Hi James,
Presented this way I will agree with the "degraded-but-functional".

It should also be noted that some utilities (Rufus prior to version
3.22) create 0-sized files for the symbolic links in order to alert the
user to their presence. But this means that users may be trying to load
a firmware from these zero-sized .deb packages, get an error and give up
instead of just picking the file from an external source on account that
it is not present. Rufus 3.22 will actually fix this issue, by
duplicating the symbolically linked content, but of course, this does
not address the problem for folks who want to use native OS utilities.

Regards,

/Pete

Hi Cyril,

The regression, in my opinion, is that the standard release of bullseye
made sure that all the packages that may be required for a successful
installation would be available for users who did not create their media
using 'dd', whereas bookworm doesn't.

Whereas one could use file system transposition with bullseyes to create
a working installation media for a UEFI system, the same is not true for
bookworm, as we now have .deb packages that are symbolically linked and
that will not be found unless the user takes care of manually
duplicating those, or copies the ISO through a utility that does.

Again, I will point out that the goal is for users of any OS to be able
to bypass the need to use any external utility (and I'll remind everyone
that Windows does not come with a native 'dd' equivalent for instance)
and just use the native tools that come with the OS to create a Debian
installation UEFI bootable media .

With bullseye, and to continue with the example of Windows, this was
possible by simply formatting a USB drive to FAT32 (which can be easily
achieved by right clicking on the drive or through the native disk
utility) then mounting the ISO in File Explorer (again right click, for
any version of Windows starting with Windows 8 included) and copying the
files to the USB drive.

If you did just that, you would end up with a media that, for all
intents and purposes, behaved the same as a 'dd' written media as far as
Debian installation was concerned (granted, there were still some Rock
Ridge symbolic links being lost, but those were for non essential files
like documentation, etc.).

With bookworm, doing the above no longer guarantees that the media will
result in an installable Debian, because if the user happens to require
a firmware, the relevant .deb package will be missing from /firmware due
to the use of symbolic links.

In my view, this counts as a regression (though, to be fair, non-free
bullseye is also affected by this issue, but I'm not entirely sure how
"standard" non-free is considered) on account that, whereas bullseye
stored all of the .deb packages required for installation as actual
physical files that could be copied over, bookworm does not.

I hope that clarifies it.

Regards,

/Pete

Hi,
I wish i would understand the clause
ifneq (,$(filter i386 amd64 arm64 hppa,$(ARCHES)))

Surely i386, amd64, and arm64 get their published Debian ISOs made
by xorriso. hppa seems to have switched to xorriso between Debian 10 and
11. sparc64 10.0 is genisoimage, ppc64el 10.8.0 is xorriso,
armhf 10.1.0 is xorriso ...
powerpc needs HFS and thus its ISO is made by genisoimage.


So let's test hardlink handling in genisoimage:

$ ls -l /u/test/hardlinks
total 88
-rw-r--r-- 2 thomas thomas 42786 Nov 14 2005 hardlink_x
-rw-r--r-- 2 thomas thomas 42786 Nov 14 2005 x
$ genisoimage -o test2.iso -R /u/test/hardlinks
...
196 extents written (0 MB)

We inspect the resulting ISO by xorriso:

$ xorriso -indev test2.iso -find / -type f -exec report_lba --
...
Report layout: xt , Startlba , Blocks , Filesize , ISO image path
File data lba: 0 , 25 , 21 , 42786 , '/hardlink_x'
File data lba: 0 , 25 , 21 , 42786 , '/x'
$

Both files in the ISO refer to the same block range starting at 2048-byte
block 25 up to block 45. So in the ISO, they are deduplicated

Now for a bit of kernel slapstick:

$ sudo mount test2.iso /mnt/iso
mount: /mnt/iso: WARNING: source write-protected, mounted read-only.
$ ls -li /mnt/iso
1479 -rw-r--r-- 2 thomas thomas 42786 Nov 14 2005 hardlink_x
1483 -rw-r--r-- 2 thomas thomas 42786 Nov 14 2005 x

Note the link count 2 in combination with the differing inode numbers.
(The link count stems from Rock Ridge field PX. By mistake i mentoned it
as "PN" in my previous mail.)

The false link count does not hamper restoring of the files:

$ cp -r /mnt/iso /u/test/hardlinks_restored
$ ls -li /u/test/hardlinks_restored
total 88
8913418 -rw-r--r-- 1 thomas thomas 42786 Mar 11 17:38 hardlink_x
8913419 -rw-r--r-- 1 thomas thomas 42786 Mar 11 17:38 x

So the files are independent after being restored by Debian 11 to ext4.

The same happens with an ISO made by xorriso:

$ xorriso -as mkisofs -o test.iso -R /u/test/hardlinks
...
$ xorriso -indev test.iso -find / -type f -exec report_lba
...
Report layout: xt , Startlba , Blocks , Filesize , ISO image path
File data lba: 0 , 33 , 21 , 42786 , '/hardlink_x'
File data lba: 0 , 33 , 21 , 42786 , '/x'

$ sudo mount test.iso /mnt/iso
...
$ cp -r /mnt/iso /u/test/hardlinks_restored
$ ls -li /u/test/hardlinks_restored
total 88
8913418 -rw-r--r-- 1 thomas thomas 42786 Mar 11 17:47 hardlink_x
8913419 -rw-r--r-- 1 thomas thomas 42786 Mar 11 17:47 x

Just to prove that the restored files are really not hardlinked:

$ echo some_tail_bytes >> /u/test/hardlinks_restored/x
$ ls -li /u/test/hardlinks_restored
total 88
8913418 -rw-r--r-- 1 thomas thomas 42786 Mar 11 17:47 hardlink_x
8913419 -rw-r--r-- 1 thomas thomas 42802 Mar 11 17:48 x
$


Have a nice day :)

Thomas

Hi,
With genisoimage we only know empirically. With libisofs under xorriso
i can tell that a red-black-tree of device and inode numbers is used to
match hard links. This is well tested by Debian ISOs because already now
the Linux kernels are hard link siblings.
E.g. in firmware-bookworm-DI-alpha1-amd64-netinst.iso 15 MB are won:
Report layout: xt , Startlba , Blocks , Filesize , ISO image path
File data lba: 0 , 35982 , 3761 , 7700896 , '/install.amd/gtk/vmlinuz'
File data lba: 0 , 35982 , 3761 , 7700896 , '/install.amd/vmlinuz'
File data lba: 0 , 35982 , 3761 , 7700896 , '/install.amd/xen/vmlinuz'

If genisoimage would not deduplicate some hardlinks then the ISO would
simply become larger but stay functional for the boot paths which
debian-cd prepares and also for the file copying method which Pete Batard
wants to get enabled.


This method is intended for booting via EFI from USB stick. In general i
support Pete Batard's goal to have bootable ISOs ready for it, regardless
whether it is a wish or the fix of a regression.
(I looked into firmware-11.6.0-amd64-netinst.iso and found its /firmare
directory filled with symbolic links and one sub directory ./deb11.)

The file extraction method is supposed to be a behavioral pattern of
experienced users of MS-Windows. Let's be inviting to them or else they
might install Debian on WSL.


Have a nice day :)

Thomas

Hi,
I'm clumsy with web based development. So my comments by mail:

----------------------------------------------------------------------
Shouldn't that be ", we want to" ?

Since the symlinks are currently produced, shouldn't it be "as symlinks
currently provide." ?

(Disclaimer: I'm not a native speaker of english.)
It's rather about being copyable _to_ many filesystems by many operating
systems.

Actually it is mostly about FAT as target filesystem. It is the intended
target for copying because EFI is willing to search for its boot program
in about any partition with a FAT filesystem. (The specs prescribe special
partition types but in practice EFI does not care.)

Pete Batard's use case has two problems with symbolic links:
- The FAT filesystem has no concept of links.
- MS-Windows does not read Rock Ridge and thus ignores the symbolic link
info anyways. (But this problem is not significant in the end.)

So how about:
"We'd also like the files of the ISO 9660 filesystem to be copyable to
as many filesystems by as many operating systems as possible."
I propose to write:

"Links are not supported everywhere. The best substitute is to create
independent copies of the link target file for every link which is
encountered."
How about:

"The free ISO 9660 specs ECMA-119 give in 6.5.1 permission to use the
same file content blocks for multiple files. The ISO 9660 generation
tools genisoimage and xorriso do this to represent hard link relations
among their input files and to save space.
Reading operating systems usually perceive the files as not hardlinked,
though. So this representation of hard links causes creation of the
desired independent data files when they get copied out of the ISO
filesystem."

man genisoimage says that this feature is enabled by default on "Unix-like
operating systems" and can be disabled by option -no-cache-inodes .
xorriso does not offer to disable it. Its mkisofs emulation ignores the
option -no-cache-inodes .
The tools represent symbolic links in form of Rock Ridge SL entries.
The current Debian ISOs mounted by Linux show the links and Linux follows
them just fine. (Else it won't work for the Debian Installer.)
Handling of infinite link loops is the job of the reader.

So i propose to omit this part of the sentence.
Well, this aspect is out of my area of expertise.


Have a nice day :)

Thomas

Hi,
They do this only with hard links, not with symbolic links.
So i propose: "de-duplicate multiple hard linked files".


Have a nice day :)

Thomas

Hi Steve,
Yes, I'm happy to see this development as well. And I have to stress
out, since this appears to be gist of your query, that mine is far from
a self centred goal, but something that aims at providing a *choice* to
people, when it comes to the manner in which they should create their
boot media, the reasons for which I will elaborate on hereafter.
I will venture that this is because, and this is not criticism per se,
most distributions currently make that process quite difficult or
fraught with so many hurdles that people who would want to use FST will
not yet bother trying it. For one thing, outside of Debian, most
distributions still seem to be relying on labels to locate the
installation media, which of course renders the process of using FST not
as straightforward as it should be, especially if the label used doesn't
meet the FAT limitations of using 11 uppercase characters (with further
additional restrictions), as this may result in a need to manually edit
GRUB/Syslinux configuration files.

Which means that, currently, unless you are using Debian (or Arch, which
does make an effort to use labels are FAT compatible), you are better of
not trying to use FST, as you are taking a gamble as to whether your
media is actually going to work unless you know precisely what you're doing.

And this gamble is precisely what I aim at trying to eliminate moving
forward, with the help of distro maintainers.

In other words, as a person invested in the means of providing people
with *choice* on how they should create their media, especially on
Windows platforms, I am trying to make the current problematic situation
evolve for the better. Which means that, yes, you will find me at the
forefront of trying to guide distributions into establishing FST as a
viable alternative to dd, and, sadly, as a potentially lone voice in
doing so.

But I have to be 100% clear about this, even if it would be easy to draw
the conclusion that, as the purveyor of Rufus, a boot media creation
application which tries not to use 'dd' as default (for the reasons that
will be explained below) I might have some clear vested interest, my
goal here, even if it may seem to be counter productive, is to genuinely
allow people to create their Linux installation media *without* having
to use third party applications like Rufus, since this is something
that, as opposed to BIOS, UEFI certainly makes achievable. This is
because I do consider that people who want to install a new OS should be
given the choice on how they should proceed with how they do so. But
currently, because ISOHybrid + 'dd' appears to be largely being seen as
the ultimate panacea by distro maintainers (and I can certainly see the
reasons why, because it certainly does make life easier for distro
maintainers), I do have to point out that it does come with some
drawbacks, along with my concerns at how little traction there appears
to be in terms of wanting to establish an alternative to only using dd
with ISOHybrids. That's because, from where I stand, I see this "dd uber
alles" stance as ultimately damaging for end users in the long run, even
if it does appear that I am currently have to be the one person that has
to try to convince distro maintainers that they may want to apply
careful consideration before putting all of their eggs in the ISOHybrid
as 'dd' basket...
I will assert that this is because you are looking at this the wrong way
around. The underlying problem is that, and this always seems to come as
a shock to people who may be Linux-centric, people trying to create boot
media through ISOHybrid + dd *are* actually experiencing issues that are
effectively preventing them from installing Linux systems altogether.

And the annoying thing is that, since these are mostly Windows users,
very few of these issues actually make their way towards the attention
of Linux distro maintainers...

So, to starts us, here's a non-exhaustive list of reports I compiled
some time ago, to demonstrate this very point (and I'm going to stop at
12 examples, because I will assume that, even if I could add more, you
will get the point that this is a *real* issue faced by users, and not
something that should be dismissed as a low impact problem):

*
https://old.reddit.com/r/linuxquestions/comments/j4nolf/creating_a_bootable_usb_drive_for_linux/
*
https://old.reddit.com/r/ManjaroLinux/comments/gofq71/problem_with_rufus_310_and_manjaro_2001/
*
https://old.reddit.com/r/ManjaroLinux/comments/gjdpi4/cannot_create_bootable_usb_usb_size_shrinks_after/
*
https://old.reddit.com/r/ManjaroLinux/comments/c58bb8/manjaro_boot_media_shows_up_as_miso_efi/
*
https://old.reddit.com/r/techsupport/comments/499b5c/usb_stick_capacity_shrunk_to_2mb/
*
https://superuser.com/questions/752874/16-gb-usb-flash-drive-capacity-down-to-938-mb
*
https://www.diskgenius.com/how-to/how-to-restore-usb-drive-back-to-full-capacity.php
*
https://www.quora.com/After-making-my-32-GB-pen-drive-Kali-Linux-bootable-its-size-reduced-to-712-KB-Is-it-normal-If-not-then-how-can-I-fix-it
*
https://askubuntu.com/questions/289971/usbs-storage-capacity-reduced-to-2-mb-from-16-gb
*
https://askubuntu.com/questions/611325/capacity-of-pen-drive-shown-is-less-than-the-actual
*
https://askubuntu.com/questions/586118/16gb-pen-drive-showing-2mb-space-after-formatting-on-windows-7
*
https://forums.tomshardware.com/threads/usb-flash-drive-8gb-is-now-only-1gb.660997/

Note that some of these links may mention Rufus, because I mostly got
them while looking for issues that people may run into while running
Rufus. But since it's about 'dd' mode creation from ISOHybrid, and not
FST, the application being used here is irrelevant, as you will have no
trouble getting similar reports from people using balenaEtcher or any
'dd' like application you can use on Windows.

The core of the issue is that, because ISOHybrid media written in DD
mode on Windows usually results in a multipartioned device, with the
larger partition usually using a file system that Windows will not mount
and the smaller partition being the ESP, users are being thrown off by
the result, and are considering that the media creation process did not
complete successfully. Thus, they will not even try to use their media
to install Linux.

And I know that it is very tempting to say that "This is a user problem"
or that "These people should just plow through and it's their fault for
not doing so", but that doesn't it make less of an issue.

I could also mention that some people want to make sure that, if they
use a computer that supports UEFI and Legacy, they do install their OS
in pure UEFI mode, which is something that can easily be sorted out by
ensuring that the media is partitioned as GPT, but which an ISOHybrid
almost never is (and, I should add, if it is, then, because it will not
have the backup GPT at the expected position when written in dd mode,
then any GPT based ISOHYbrid media written in dd mode will actually be
"broken" in terms of UEFI compliance... and some UEFI firmwares might be
pedantic enough not to boot a media with a broken backup GPT). So, there
again, we are facing an issue with using ISOHybrid as 'dd', that can
easily be sorted out by switching to FST.

Then there are some opportunities of doing things, like installing
Debian ARM64 in full UEFI mode on a Raspberry Pi 4 using a single media
[1] (and I think this is part of a conversation you and I were already
involved in the past) that will never ever be achievable if treating
ISOHybrid only as a glorified dd image. And there again, I know that one
might be tempted to dismiss the idea of doing single media installation
on an SBC, when someone *should* just be able to use 2 drives anyway,
but if that is the case, I have to warn about idea once again of
*limiting* the end-user's choice (or deciding that all users, and
especially low priced SBC ones, should be wealthy enough to afford two
flash media).

I believe that we pretty much all came to FLOSS because we didn't like
to be limited by software in terms of choice. Which is why, even if it
appears that, (much to my dismay) I might be a single voice in doing so,
I feel it is my duty to continue to hammer the message that users should
be given the choice on how they create their installation media and
that, precisely because most distros are still placing major hurdles in
that respect, we must ensure that the hurdles that prevent choice are
being cleared.

I'll also conclude this section by stating that, from a technical
perspective, I can't help but feel a bit both amused and slightly
dismayed that, whereas UEFI was designed from the ground up to do away
with the necessity, enacted by BIOS, of creating boot media at the
sector level, to instead allow for the creation of boot media purely at
the file system level, we've now seen a push from many Linux distro
maintainers to completely ignore this most welcome UEFI improvement, and
instead do a complete 180 on it by more or less enforcing the writing of
boot media at the sector level, through the promotion of ISOHybrid as dd
only...
I'd reframe this, because we're really only dealing with UEFI here, as:

"transposition" == "copying things onto the file system that is mandated
by UEFI as supported for boot"

The fact that it is indeed less capable is an unfortunate design
decision by the UEFI committee (which is hard to fathom where they had
plenty of more capable file systems to pick from at the time, especially
as FAT did come with licensing issues that Microsoft had to provide an
exception for). But this is neither something that you, nor I, nor the
end-user, has any choice with in the first place. In other words,
transposition is not a choice of a lesser file system. It's simply the
hand we are being dealt with by UEFI.
I just want future users to be able to create Debian installation media
that they can use for their purpose, which, unlike what some people here
may think, may mean providing them with a *choice* to use either dd of
FST when creating the media, since each mode has its advantages and
drawbacks (and let me also be clear here, since it may appear that I am
bashing ISOHybrid as dd, I am in no way implying that one is "better"
than the other, as I very much see both as having their place). But
right now, because I would say Linux-centric folks appear to be less
alert to the current plight of Windows users, I feel like I have no
choice to raise my voice to make this plight heard, and the need for FST
support, as an alternative to dd, be understood. And it is very
disheartening for me to be faced with Linux-centric person after
Linux-centric person not coming to the logical conclusion that:

1. ISOHybrid as DD has its limits, and some of it are negatively
impacting the very same users that ISOHybrid as DD was supposed to help
in the first place.

2. Treating FST on an equal standing as DD will benefit users, and
therefore Linux distributions that support it, in the long run.
BIOS boot breakage is a given and is out of scope, since I am only
considering UEFI FST (which I will assert, considering that almost all
modern systems are UEFI based, should be fair).

Rufus can actually work some magic, to some extent, to make BIOS based
systems also work with FST, but that's well beyond the scope of what I
consider we should concern ourselves with (and, in case this is a
question, I am certainly not asking for anything from Debian that is
directly related to BIOS FST boot)
It seems you aren't aware that the default behaviour of Windows is to
create a 'System Volume Information' folder on any file system it
recognises.

Which means that, if you create an ISOHybrid using 'dd' on Windows, and
it includes a ESP, Windows will create a 'System Volume Information'
folder, which will break the full image checksum, since the ESP content
will have been altered the minute you created the media on Windows.

This is a Windows behaviour that is enabled by default and that you
can't disable without a reboot.

On the other hand, individual file checksums, which is what Ubuntu (and
others) have been using to validate their media, does work quite well
with both FST and DD.

Furthermore, the expectation (or at least my expectation) is that we're
moving towards trusted validation of binaries that are being loaded
during the boot sequence, which implicitly includes individual file
checksums, and makes part of the need for whole image checksums
redundant (and which, again, will work regardless of whether you're
using a "limited" file system like FAT or a more "capable" one).
They are important for me too. That's why, if you want BIOS boot, I
would encourage you to use Rufus, as it will take care of creating a
Debian bootable media that just works, regardless of whether you are
*choosing* to use FST or DD
Then I hope some of the points I highlighted above, and that should help
appreciate that ISOHybrid as DD might not be the foolproof panacea that
quite a few distro maintainers appear to think it is, will hit home.

Regards,

/Pete

[1] https://forums.raspberrypi.com//viewtopic.php?f=50&t=282839

No, then I expect we'll simply end up with duplicate copies of the
files.
Then a better answer for this edge case is to manually flatten the
symlinks to hard links. But of course that will only work for files
and won't work for directories. Probably best not to worry about the
FAQ tarball here, to be honest.

Hi,
Let's pack up some symbolic links with -f:

$ sudo mount firmware-bookworm-DI-alpha1-amd64-netinst.iso /mnt/iso
...
$ ls -l /mnt/iso/firmware
total 4
lr-xr-xr-x 1 root root 73 Sep 20 14:30 amd64-microcode_3.20220411.1_amd64.deb -> ../pool/non-free/a/amd64-microcode/amd64-microcode_3.20220411.1_amd64.deb
lr-xr-xr-x 1 root root 62 Sep 20 14:30 atmel-firmware_1.3-6_all.deb -> ../pool/non-free/a/atmel-firmware/atmel-firmware_1.3-6_all.deb
lr-xr-xr-x 1 root root 62 Sep 20 14:30 bluez-firmware_1.2-7_all.deb -> ../pool/non-free/b/bluez-firmware/bluez-firmware_1.2-7_all.deb
...

So Linux shows the symbolic links of the mounted ISO.
I pick the directory with the links and a tree with most of their target
files and put them into an ISO:

$ xorriso -as mkisofs -f -R -o test.iso -graft-points /firmware=/mnt/iso/firmware /pool/non-free=/mnt/iso/pool/non-free
...

Our goal is to have link and target path pointing to the same blocks.
And indeed:

$ xorriso -indev test.iso -find / -type f -sort_lba -exec report_lba --
...
Report layout: xt , Startlba , Blocks , Filesize , ISO image path
File data lba: 0 , 49 , 57 , 115444 , '/firmware/amd64-microcode_3.20220411.1_amd64.deb'
File data lba: 0 , 49 , 57 , 115444 , '/pool/non-free/a/amd64-microcode/amd64-microcode_3.20220411.1_amd64.deb'
File data lba: 0 , 106 , 72 , 147088 , '/firmware/atmel-firmware_1.3-6_all.deb'
File data lba: 0 , 106 , 72 , 147088 , '/pool/non-free/a/atmel-firmware/atmel-firmware_1.3-6_all.deb'
File data lba: 0 , 178 , 89 , 181620 , '/firmware/bluez-firmware_1.2-7_all.deb'
File data lba: 0 , 178 , 89 , 181620 , '/pool/non-free/b/bluez-fir
...

With genisoimage i see the same.

The only drawback seems to be that this prevents any symbolic links from
being in the ISO.
Whether the detection of dangling symbolic links at ISO production time is
an advantage or a disadvantage is not so clear.


Have a nice day :)

Thomas

I have now created
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032941.

Personally, I don't see it as much of an issue, since none of the
symbolic links are critical for installation from a file system where
they can't be replicated, but I'll leave the team decide if the links I
listed warrant special consideration.

Thanks,

/Pete

Hi James,
Ah, yes, the infamous '.disk/' directory.

If it's any consolation, you're not the first person to stumble on that
one when creating boot media using FST [1].
Indeed, Debian Installer identifies the installation media by looking
for a specific file in .disk/.

At this stage, since I believe it is relevant to this bug, I am going to
point out that, with GRUB also having recently pushed a fix that aims at
improving FST support [2], GRUB is going to follow Debian's lead in also
looking into a .disk/ directory to locate the boot media (by searching
for a '/.disk/<TIMEBASED_UUID>.uuid' file created by grub-mkrescue
during the ISO mastering process -- and yes, in case you wonder, we did
test that this new additional disk/ content is properly merged with
existing .disk/ data, if any is provided).

This means that, even if (as I understand it) Debian is not currently
using grub-mkrescue to generate its ISOHybrid images, those .disk/
directories are likely to be used by more than Debian moving forward,
and it is of course quite unfortunate that some OSes do treat dot
directories as hidden (for the record, Windows' File Explorer does *not*
hide them), which adds a potential hurdle for some users, whereas this
is all part of an effort to make the process of creating boot media
easier for people who may prefer an alternate way of doing so...

I am not sure who started to use .disk/ to store potentially important
installation media metadata (I can see that Ubuntu have been using it
since at least release 16.x, Mint since release 12.x, though I haven't
looked further than that) but I'm afraid that it has now become a
de-facto standard, that we have to contend with one way or another...
If the fix finds its way into the testing images, I should be able to
also validate the changes soon-ish. If not, I'll see if I can build my
own ISOs to test this.

Regards,

/Pete

[1]
https://forums.raspberrypi.com/viewtopic.php?t=282839&sid=b7ef0bae203269b187c25b3a4b7247dd&start=25#p1763629
[2] https://lists.gnu.org/archive/html/grub-devel/2022-12/msg00222.html

Hi James
Ah, yes, the infamous '.disk/' directory.

If it's any consolation, you're not the first person to stumble on that
one when creating boot media using FST [1].
Indeed, Debian Installer identifies the installation media by looking
for a specific file in .disk/.

At this stage, since I believe it is relevant to this bug, I am going to
point out that, with GRUB also having recently pushed a fix that aims at
improving FST support [2], GRUB is going to follow Debian's lead in also
looking into a .disk/ directory to locate the boot media (by searching
for a '/.disk/<TIMEBASED_UUID>.uuid' file created by grub-mkrescue
during the ISO mastering process -- and yes, in case you wonder, we did
test that this new additional disk/ content is properly merged with
existing .disk/ data, if any is provided).

This means that, even if (as I understand it) Debian is not currently
using grub-mkrescue to generate its ISOHybrid images, those .disk/
directories are likely to be used by more than Debian moving forward,
and it is of course quite unfortunate that some OSes do treat dot
directories as hidden (for the record, Windows' File Explorer does *not*
hide them), which adds a potential hurdle for some users, whereas this
is all part of an effort to make the process of creating boot media
easier for people who may prefer an alternate way of doing so...

I am not sure who started to use .disk/ to store potentially important
installation media metadata (I can see that Ubuntu have been using it
since at least release 16.x, Mint since release 12.x, though I haven't
looked further than that) but I'm afraid that it has now become a
de-facto standard, that we have to contend with one way or another...
If the fix finds its way into the testing images, I should be able to
also validate the changes soon-ish. If not, I'll see if I can build my
own ISOs to test this.

Regards,

/Pete

[1]
https://forums.raspberrypi.com/viewtopic.php?t=282839&sid=b7ef0bae203269b187c25b3a4b7247dd&start=25#p1763629
[2] https://lists.gnu.org/archive/html/grub-devel/2022-12/msg00222.html

Hi,
Besides such user pitfalls with the produced ISO and the problem of
symbolic links there are other constraints which an ISO has to fulfill
for this use case.
At least:
- The file tree of the FAT filesystem in the EFI partition needs to be
mirrored by a copy in the ISO filesystem.
- File names must be unique in respect to case-insensitive comparison.
- (I am not sure whether file name length can be a problem.)

I guess Pete Batard can give a more comprehensive list.


Have a nice day :)

Thomas

Hi,
Oh it does with ISOs for i386 and amd64. There is a data file in the ISO
filesystem named
/boot/grub/efi.img
advertised as MBR partition of type 0xEF and as El Torito boot image
for EFI:

$ xorriso -indev debian-11.5.0-amd64-netinst.iso -report_system_area plain -report_el_torito plain
...
MBR partition table: N Status Type Start Blocks
MBR partition : 1 0x80 0x00 0 782336
MBR partition : 2 0x00 0xef 4064 5184
MBR partition path : 2 /boot/grub/efi.img
...
El Torito images : N Pltf B Emul Ld_seg Hdpt Ldsiz LBA
El Torito boot img : 1 BIOS y none 0x0000 0x00 4 2312
El Torito boot img : 2 UEFI y none 0x0000 0x00 5184 1016
El Torito img path : 1 /isolinux/isolinux.bin
El Torito img opts : 1 boot-info-table isohybrid-suitable
El Torito img path : 2 /boot/grub/efi.img

But Debian is nice by having in the ISO filesystem a copy of the file
tree in the FAT filesystem of the EFI partition.

# mount debian-11.5.0-amd64-netinst.iso /mnt/iso
...
# mount /mnt/iso/boot/grub/efi.img /mnt/fat
$ (cd /mnt/fat ; find . -type f -exec ls -ld '{}' ';')
-rwxr-xr-x 1 root root 934240 Sep 10 2022 ./efi/boot/bootx64.efi
-rwxr-xr-x 1 root root 1684864 Sep 10 2022 ./efi/boot/grubx64.efi
-rwxr-xr-x 1 root root 101 Sep 10 2022 ./efi/debian/grub.cfg
$ (cd /mnt/iso ; find ./EFI -type f -exec ls -ld '{}' ';')
-r--r--r-- 1 root root 934240 Sep 10 2022 ./EFI/boot/bootx64.efi
-r--r--r-- 1 root root 1684864 Sep 10 2022 ./EFI/boot/grubx64.efi
-r--r--r-- 1 root root 101 Sep 10 2022 ./EFI/debian/grub.cfg

The differences in the paths become insignificant when copying to FAT.
The tests results indicate that the lack of x-permissions with the ISO
files is not an issue either.

In the arm64 ISOs the /EFI tree is present three times. Once as appended
MBR partition 2, once as FAT image file /boot/grub/efi.img in the ISO
which serves as El Torito boot image, and again as unpacked /EFI tree in
the ISO.
(xorriso could point El Torito to the appended partition, thus eliminating
the need for the /boot/grub/efi.img file.)
It's less. A Joliet directory record has the same maximum size as an ISO
directory record: 255 bytes. Joliet encodes names in UCS-2 which uses
16 bit per character. The fixed header part of a directory record is 34
bytes large. So only 110 UCS-2 characters have room. For some reason
libisofs offers to write 103 characters at most. (It's long ago that this
decision was made not by me.)

In file
/mnt/iso/.disk/mkisofs
i see the recorded -as mkisofs option:
-joliet-long
which means according to man xorrisofs:
Allow 103 characters in Joliet file names rather than 64 as is
prescribed by the specification. Allow Joliet paths longer than
the prescribed limit of 240 characters.
The largest official Debian ISOs are 50 GB.
But i have a script which can merge a complete set to a ~90 GB ISO. :))


Have a nice day :)

Thomas