From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 0CfPKTMuzV7JQAAA0tVLHw (envelope-from ) for ; Tue, 26 May 2020 14:56:51 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id APmuJTMuzV7sCwAAB5/wlQ (envelope-from ) for ; Tue, 26 May 2020 14:56:51 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0F318940B2B for ; Tue, 26 May 2020 14:56:50 +0000 (UTC) Received: from localhost ([::1]:52762 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jdb0b-0003ND-Pk for larch@yhetil.org; Tue, 26 May 2020 10:56:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43510) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jdb0R-0003LS-Nr for guix-devel@gnu.org; Tue, 26 May 2020 10:56:39 -0400 Received: from mx1.riseup.net ([198.252.153.129]:40400) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jdb0Q-0006Ok-1d; Tue, 26 May 2020 10:56:39 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49WcVP742fzFg9B; Tue, 26 May 2020 07:56:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1590504990; bh=fG1UKtI1b78oAALqQaryMcPvKYOSKd8zJNtTZRVwnNQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=fAqnoUro1PYVX9fg1S1fkFVRymWYbgA50NAKNpNvhl3McCzGcAu1UuPuGZEF3zY9S vEDYD3q9iV+qkSIfxTvN9WE8w2Ggy0Fk1QqwFGGgZKQ7OE8I/uSPiWfFWwq8zsc7p6 P+ROw5pdpEWBQWN6KJTbyQBJenUM5Kh8/wKbyAkI= X-Riseup-User-ID: 97A790354B59908CFCC041992AC825DBDE6F158369E6B07E93774C2D5A5480D5 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49WcVP0JT7zJqcf; Tue, 26 May 2020 07:56:28 -0700 (PDT) Date: Tue, 26 May 2020 11:56:21 -0300 From: Andre Batista To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [PATCH] Add Tor client only package definition Message-ID: <20200526145621.GA28490@andel> References: <20200517031127.GA17209@andel> <87y2phys3f.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline In-Reply-To: <87y2phys3f.fsf@gnu.org> Received-SPF: pass client-ip=198.252.153.129; envelope-from=nandre@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/26 10:56:30 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=fAqnoUro; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -3.31 X-TUID: dIL04clY1cJu --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Ludo, dom 24 mai 2020 =C3=A0s 22:51:16 (1590371476), ludo@gnu.org enviou: > Hi Andre, >=20 > What difference does it make, for instance in terms of the total size > returned by =E2=80=9Cguix size tor-client=E2=80=9D vs. =E2=80=9Cguix size= tor=E2=80=9D? Considering only the total size, the difference doesn't appear to be significant: 90.6 MiB vs 91.0 MiB. However, since most of it is relared to gcc and glibc, I also thought it would be more accurate to compare the difference between the binaries. Comparing those, there is a 8.5% reduction on it's size - from 4120K to 3768K on my i686 machine[1]. On x86_64, it goes from 97.0MiB to 96.7MiB total size or 3840K to 3532K, which equals a reduction of 8.0% on the bin[2]. I did not try to emulate other architectures, but I can do it, if you think the idea is worth. > Are there other considerations, such as a reduced attack surface? Other considerations were: not loading code which is not meant to be used into memory, reducing the compilation and check time as well as avoiding running relays by mistake (miunderstanding on ORPort or copy+pasting old configs or config files found on the web). AFAIUI, this could also mean a reduced attack surface, but I couldn't think of a way of exploiting the relay module without relying on a prior exploit. Maybe if the user is running a onion service or through the SocksPort. I dont know. > It looks good to me overall! Some nitpicking: I see you've been kind to me. Thank you. > We=E2=80=99d rather use =E2=80=98substitute-keyword-arguments=E2=80=99 to= augment > #:configure-flags without touching the other keyword arguments (there > are several examples in the source). I've overlooked the warning on section 14.5.3 of guix manual regarding Lispers tendency to overuse car, cdr cadr and co. > We generally avoid concatenating text like this, for the reasons > explained at: >=20 > https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html And I've also overlooked this section. > Regarding the format of patches, you can take a look at this: >=20 > https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html This I had read, but I thought I could skip some of it since it was not a new package, just a new flag through inheritance. But I suppose I was just passing the burden onto others. I'll send a new patch taking your warnings into account. --- Notes: 1: user@local ~$ guix size tor tor-client store item total s= elf /gnu/store/z4li262il798hbl0l1h1k3a5g7r6bffa-glibc-2.31 37.7 = 36.0 34.6% /gnu/store/1527570cy2g7ld4wppmh3skvi27kvm43-gcc-7.5.0-lib 65.0 = 27.4 26.3% /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5 91.0 = 13.5 13.0% /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5 90.6 = 13.1 12.6% /gnu/store/9p15ivj0lc5sd5ivizn8lnzh781lbbgr-openssl-1.1.1f 71.5 = 6.4 6.2% /gnu/store/m21nvi8k4jqhdfxgra87zdri1xpdi8hy-libevent-2.1.11 67.2 = 2.2 2.1% /gnu/store/izqg5ia1ci2xijfw6l1qmw4sylc4p9x9-bash-static-5.0.16 1.6 = 1.6 1.6% /gnu/store/v1g7f3p4f0851mywrla8qmr9hb8jgfjr-bash-minimal-5.0.16 38.8 = 1.1 1.0% /gnu/store/4zsgsg1x32nmwgm6dr5fbb9akkydkclz-zstd-1.4.4-lib 66.0 = 1.0 1.0% /gnu/store/fwyjnzl9z55d9byzsn8nq8g0vlbxxmgn-xz-5.2.4 67.0 = 0.9 0.9% /gnu/store/3ai13wmy7d8civi5xpvl9x0bm9qjfszx-libseccomp-2.4.3 65.6 = 0.6 0.6% /gnu/store/pqyqxd5mbvlb22ifxzp4q2skjfq1p8yj-zlib-1.2.11 65.3 = 0.2 0.2% total: 104.1 MiB user@local ~$ ls -s /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5= /bin/tor 4120 /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor user@local ~$ ls -s /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-= 0.4.3.5/bin/tor 3768 /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor 2: store item total s= elf /gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31 38.4 = 36.7 33.4% /gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib 71.0 = 32.6 29.7% /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5 97.0 = 13.2 12.0% /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5 96.7 = 12.9 11.7% /gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f 77.4 = 6.4 5.9% /gnu/store/c7wscymmk379v16invi8m68f6v5c8gsv-libevent-2.1.11 73.3 = 2.3 2.1% /gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16 1.6 = 1.6 1.5% /gnu/store/v04z33qas38iiv5ndasf4cw80kqyyr1r-zstd-1.4.4-lib 72.1 = 1.1 1.0% /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16 39.4 = 1.0 0.9% /gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4 73.0 = 0.9 0.8% /gnu/store/5gc93y4n3f9p5sivp0i4f7ixqmqz3zpv-libseccomp-2.4.3 71.9 = 0.9 0.8% /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11 71.2 = 0.2 0.2% total: 109.9 MiB user@local ~$ ls -s /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5= /bin/tor 3840 /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5/bin/tor user@local ~$ ls -s /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-= 0.4.3.5/bin/tor 3532 /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5/bin/tor --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl7NLg4FgwPCZwAACgkQ YrJ+WmBEwoIu9RAAsAW4bvZy3t47wB9E32vUm/TSWSUIlnIXsaBJ9lTUpMrIKkxx CTsyFKitgshj1JS8oe3PbBSvi1R7a0ydtOxysdF+vjCgWX1IcxM/W1WwZzv9663t lB/m5Z0m4V/lJXc3G5LdchG88IiVK0CGDX0nt4aUEEHpr367RPLxqameiqTLdmg0 T6ZMNV0hHWXxpC4UkX+QFgYO2K6oAtWb8VXsUWUmNwkn4C1kXnqOJF1a3NgZLZzR 3uNOWYIWXUDbgIyHDfgx6nbVnzdHQvIjRxs8W/Mqsj0utivcmRcORd+1X/T/EXxM SA7ZiByOCIh2+45yX8zY/2XmvFxHSla0qDYXqAoVzLYTzpPVQTZX6JpkY0m6gDxn 0/+LAVZFfYKX1zW5e6T9wa8adshoqB3dxdv2ToK37Xd9hNKpJIhuqjx/rimIhi/o 3sq44ynWncvuVxzK8HISCLC1x8WW0Y4aezhEFcxzeU2JMavyV6xiR+zMSU6y+ZQF Vw2qqBpGpulvj487x5+6MbviHPp9O+hINXEVFGneb0YDX3KRTmodngH+A01JdkBc 5GVICB28ZyxpNLg2/B+6pQdYPjxdrPzKVqpNv61G4A+F8sehBzFjh0U1/2f63oQK jRUySWf3yaDEhLdnZnpkZz/c8N+OFVyYLrM3PhQ/dVnhuBwk5MNFzPiHj2I= =Xizx -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE--