Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced filesystem verification and container deployment techniques in this 37-minute conference talk from DevConf.CZ 2025. Learn how to leverage composefs and fs-verity technologies to create secure, bootable container systems where every byte of every file is cryptographically verified on load using hash-based verification similar to Git. Discover how composefs separates file content from metadata to enable efficient file-level deduplication, allowing multiple OS images to coexist on a single filesystem without requiring pre-allocated space for each image. Understand the advantages of this approach over fixed-size disk image formats like dm-verity commonly used in image-based systems. Follow a practical demonstration of building an OS image using OCI containers with familiar Containerfile syntax, pushing the image to a container registry, and deploying it on target systems. Gain insights into the integration of these technologies with the Bootable Containers project (bootc) and how UKI signatures can effectively sign entire filesystem trees through hash-based verification mechanisms.
