From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id mOFcLj3hhl+KYAAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 14 Oct 2020 11:30:05 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id 8BMJKj3hhl9rEQAAbx9fmQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 14 Oct 2020 11:30:05 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 57D4B9408E2
	for <larch@yhetil.org>; Wed, 14 Oct 2020 11:30:05 +0000 (UTC)
Received: from localhost ([::1]:42862 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1kSeyq-0002fn-4z
	for larch@yhetil.org; Wed, 14 Oct 2020 07:30:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44830)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <zimon.toutoune@gmail.com>)
 id 1kSeyg-0002fb-Fr
 for guix-devel@gnu.org; Wed, 14 Oct 2020 07:29:54 -0400
Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]:42151)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <zimon.toutoune@gmail.com>)
 id 1kSeye-0006Dy-MD
 for guix-devel@gnu.org; Wed, 14 Oct 2020 07:29:54 -0400
Received: by mail-wr1-x435.google.com with SMTP id e18so3355346wrw.9
 for <guix-devel@gnu.org>; Wed, 14 Oct 2020 04:29:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=2UF0d4FxfnHaPB+jy9oFtodbh/oOyHgYecIx6KHipLY=;
 b=uyaXnMtBS32TdXtS453vm1cn9ObaYeeGqpXVcNuCWeNw14uJaAaBG0/32dagnuUjmq
 J1vDW4EwqnisIegMbJdvCIS+1SXJ9htIVKm3YFBCv2oDBMVeVGalD+6P28815PLcK/lz
 6JUvsAm2xhGezMwGFCDKKqtuSPh8hpum5X/ayabfy94nzmpnk8aJWs7bK1bHhGTXy1o0
 W/wbKfh3hciPOyODj/2YDEDGi+84LMkhLvlV0fxX6GWX48Tjl3PmtNKqDgngqBgk47pf
 nWqQLfxTCsqLXWFYMksFcxb34Gp0FmhXOMDmV/hlZzzMIylf6SeBypp+ktij5e63/HH5
 Be6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=2UF0d4FxfnHaPB+jy9oFtodbh/oOyHgYecIx6KHipLY=;
 b=XYQVGLTh2ecqIwREfte1E3Yv7x/yeEk25hGIFo/boKtVQvKuYqTqNwvNH44HzM+3mU
 sFnuQDTKy0PWgbdC+y7oZwKRtIrCyRAqk7pP+YPHa7LdXp9Wkc8KhIFsSaNNGJwKAHTZ
 xFMPAtGG6mqgdFSPCHNH2D6WqjanD6W+D2kTC7+bfTthf7pYVtR8bpBd5BRnBmNU3QcH
 l4fJWx99t4hbqDFHewhuc9gQsXCsLKdNt80vBgEFEcETwFHhAL74paDMSyPJNPvH0hM5
 SegHOwOm27Hjvi4+8MROVLxa7NNgw3s5uqt29UYaNMw6OqGpxYAlX9sRZWor9r1sc52p
 oGtA==
X-Gm-Message-State: AOAM532s1aFdT/cw8pCFl8ttydEwprxRtpApJ04JSEtaNMjxF2TxSLe+
 GO2I1go6Oah8JO4inIRkoERhEaJuF64=
X-Google-Smtp-Source: ABdhPJxR2jb/jMeu8X+Wn6DV+tLCSdihChZfMNgoj5RK/X9pxe+fbbDCMULFyb7dspUK+WZ62zPK5Q==
X-Received: by 2002:adf:e681:: with SMTP id r1mr4805743wrm.181.1602674990318; 
 Wed, 14 Oct 2020 04:29:50 -0700 (PDT)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id y66sm3817813wmd.14.2020.10.14.04.29.48
 for <guix-devel@gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 14 Oct 2020 04:29:49 -0700 (PDT)
From: zimoun <zimon.toutoune@gmail.com>
To: guix-devel@gnu.org
Subject: Diverse Double-Compiling, --with-c-toolchain and trusting trust
Date: Wed, 14 Oct 2020 13:29:47 +0200
Message-ID: <86blh5jb9w.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2a00:1450:4864:20::435;
 envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x435.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20161025 header.b=uyaXnMtB;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Spam-Score: -1.71
X-TUID: Z8vfVEteIb2Q

Hi,

Reading the recent discussions about Reproducible Builds, see [1, 2, 3],
I was in the mood to use the recent option =E2=80=99=E2=80=93with-c-toolcha=
in=E2=80=99 to
demonstrate how Guix is cool!  But I have failed because I miss some UI,
I guess.

Well, my understanding of Diverse Double-Compiling can be summarized as:

Let=E2=80=99s consider that you have the source code of compiler (say =E2=
=80=99tcc=E2=80=99
because it compiles fast) and 2 another compilers (say =E2=80=99clang=E2=80=
=99 and
=E2=80=99gcc=E2=80=99).

| step | source | compiled with | produces |
|------+--------+---------------+----------|
| #1   | tcc    | clang         | tcc-A    |
| #2   | tcc    | tcc-A         | tcc-B    |
| #3   | tcc    | gcc           | tcc-C    |

Nothing ensures that tcc-{A,B,C} are bit-to-bit identical =E2=80=93=E2=80=
=93 even they
should have different binary code =E2=80=93=E2=80=93 but they are functiona=
lly
equivalent, or something is already wrong.

The next steps is to recompile:

| step | source | compiled with | produces |
|------+--------+---------------+----------|
| #4   | tcc    | tcc-B         | tcc-1    |
| #5   | tcc    | tcc-C         | tcc-2    |

And now, if everything is ok, then =E2=80=99tcc-1=E2=80=99 and =E2=80=99tcc=
-2=E2=80=99 must be
bit-identical.  Otherwise, the binaries =E2=80=99clang=E2=80=99 *or* =E2=80=
=99gcc=E2=80=99 are
compromised.  Assuming that the source code of =E2=80=99tcc=E2=80=99 is aud=
ited and not
compromised. ;-)

If the source of the compilers used at step #1 and #2 are available,
then the same procedure can be applied to detect an attack.


Well, the idea is to implement the procedure with Guix: step #1,

  guix build tcc --with-c-toolchain=3Dtcc=3Dclang-toolchain

but then I do not know how to use the output to complete the step #2.
Is it possible to do it at the CLI level?  Or do I have to write some
Scheme?


Thank you in advance for any tips.

All the best,
simon

1: <https://lists.reproducible-builds.org/pipermail/rb-general/2020-October=
/002056.html>
2: <https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-=
of-mes-c-compiler/>
3: <https://dwheeler.com/trusting-trust/#real-world>