From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id OFydD9yeWWJQJAEAgWs5BA (envelope-from ) for ; Fri, 15 Apr 2022 18:35:40 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 6K3pDNyeWWIK7gAA9RJhRA (envelope-from ) for ; Fri, 15 Apr 2022 18:35:40 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C90092E219 for ; Fri, 15 Apr 2022 18:35:39 +0200 (CEST) Received: from localhost ([::1]:50444 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nfOv4-0003F5-OT for larch@yhetil.org; Fri, 15 Apr 2022 12:35:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42266) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nfOuG-0003Es-Mi for guix-devel@gnu.org; Fri, 15 Apr 2022 12:34:49 -0400 Received: from mx1.riseup.net ([198.252.153.129]:47506) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nfOuE-0007RO-HD for guix-devel@gnu.org; Fri, 15 Apr 2022 12:34:48 -0400 Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4Kg23m5CFmzDsgV for ; Fri, 15 Apr 2022 09:34:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1650040485; bh=eEu4Ie5IbY/26S6TzaKFQ8lDhHsKEdeOBkdP0Q1czVs=; h=Date:From:To:Subject:In-Reply-To:References:From; b=siF7k4Q6hVahUQw+EJhk2RTpy50o4NG9knoLKCGj7j0UCKFDqK6tR4s6Ijc3sIe+R gQHIy4aEp0wUze1YIRw4KIgbF2eggQby9hGGCqn8lSmt8yNLJRaZEQV/Rv7HWFVDip PYIidsKnLOArFCDDIPQOMkqX2ptf/W6StSEzRIkg= X-Riseup-User-ID: C1EB0BE24FE638CC41E15A1F7C361F6C763138EC56D0B3822C85D264F02AB105 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews2.riseup.net (Postfix) with ESMTPSA id 4Kg23m0JZWz219L for ; Fri, 15 Apr 2022 09:34:43 -0700 (PDT) Date: Fri, 15 Apr 2022 18:34:41 +0200 From: raingloom To: guix-devel@gnu.org Subject: Re: Hardened toolchain Message-ID: <20220415183441.49a2628b@riseup.net> In-Reply-To: <86ee1ys55z.fsf@163.com> References: <874k3r8m4m.fsf@gmail.com> <8464b1bff3acb0a84f46ea6dcbbeaa7045b03d1c.camel@telenet.be> <874k3iwysf.fsf@gmail.com> <87pmm512uv.fsf@gnu.org> <86ee1ys55z.fsf@163.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=198.252.153.129; envelope-from=raingloom@riseup.net; helo=mx1.riseup.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1650040539; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=SCQ1sjv9aMD6n8Je8enoTvethITYR+pBYbf1W4TZPrI=; b=jtAH+ytt+sb4CuOuu28w6gFZguNnd0sj7XAxNmxbmuaw7ebTusmgVFBzi56LHSfggw2hmj Tva4AMGWNtJ7+KQrxADE3M/1cn2/TbwGBJstV0iYYYWwC3uTJWxUxukibHixKMnUSGeoRi JXDCDhdpYkbMCTw/jXfaTbiZZ0dv5M0QOD8lObTQVPnUSf6pkYsCZssmxAijIXnpU0XVyq f5V9BjMuP1X0YRAYbuLyTMy7PKRAdOVyF9ZJFadrksfY+lAWyx0/NBxAPRQkHmHiEaaj4o Zgq6moLLU24abn/cc5Am1V7KQAxpgOrehTVlonzcmhh10iBVVSvT8fRZ7jCctw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650040539; a=rsa-sha256; cv=none; b=RiVdGQ1Jk18gyZohq2Oqcv2peMkhpqePvRcb12a/OSm586DpGh34WUCubRu4ID0TGxxDG0 aP/IeGzPRMjQhEDYfFCqkCFX/5xRHzpfcbX7FjPpWDBCI8uZKw8g7xVVzuUJoyVLfAvohK 2GWWbvcr7Fje/cpUhwWYghJAPwgWQTlKtIJg94RZs8rJnnwYVdeLRlwtMGPwGZlwqHglxF lJIoagliBON0AEEcC7trlnuko/SNCMMNNwNhwRRljHhJ2jpeWvty2Xw1QXVz21m3kCOlEV rNhOLE9M/BehMJYsNyiIWP07pV/oqIX7Qz01HiVVr+zb43swN3cLasRyUMoarQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=siF7k4Q6; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -5.14 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=siF7k4Q6; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: C90092E219 X-Spam-Score: -5.14 X-Migadu-Scanner: scn0.migadu.com X-TUID: Ky7HVKTCY/hc On Sat, 16 Apr 2022 00:04:37 +0800 Zhu Zihao wrote: > > I like this idea. I propose we make harden? default to #t. That > > way practically most packages will be built with hardened features. > > Let's face it, I am a bit lazy, if I submit a package to guix, I am > > usually going to be it the easy way. If the easy way is harden? #f, > > then that's is how I will submit it. :) > > I suggest a build transform flag like `--hardened` for people who > wants a hardened software, just like `--tune` for SIMD instructions. People shouldn't have to take extra steps and burn extra CPU cycles for security. If I have to recompile everything to harden my system, I likely won't bother. Pretty much everyone benefits from hardening, but not everyone has the resources and know how to do it manually. Just choosing what to harden is already not a trivial question.