From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id KAXsGOIfpWKs3AAAbAwnHQ (envelope-from ) for ; Sun, 12 Jun 2022 01:06:10 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id eA/8F+IfpWK30wAAG6o9tA (envelope-from ) for ; Sun, 12 Jun 2022 01:06:10 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 208F7ED66 for ; Sun, 12 Jun 2022 01:06:10 +0200 (CEST) Received: from localhost ([::1]:45326 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o0ABF-0004b9-1h for larch@yhetil.org; Sat, 11 Jun 2022 19:06:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52580) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o0AB4-0004au-4r for guix-devel@gnu.org; Sat, 11 Jun 2022 19:05:58 -0400 Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]:57756) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o0AB2-0003X7-AE for guix-devel@gnu.org; Sat, 11 Jun 2022 19:05:57 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@aikidev.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 5EAB41AB70; Sat, 11 Jun 2022 16:05:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=reproducible-builds.org; s=1.vagrant; t=1654988754; bh=hW71YA8iRSuIHuwjvaIrOdpEv1CMdqfaxIwxHMJBNKI=; h=From:To:Subject:In-Reply-To:References:Date:From; b=Di6wDKa23kwJbZeApLjcN8arIjyIIxxuliqNgzbIkzVkhxFuM/Q0at+Ince6dn61e 84rP1g02QFzroRpfRZ5p2tJ7VtL9pexXTdOXGFmE3cMKTIwCDWBfLXMYbVjNvP/pLo S540CYCIGkN+rnUpGIOdFuGcbG+NXZ/MCTS1LJkPpoHgAmYwODY6oFix+cQXb0BG7r wVzjEF642/1RytWH1P159CymLyOphmMgX6vBoMEpgegF00GBtrizkYpu//kseGjpGF 1SWLuWOFY+bL0fXkLGJI5rJ6eZ6VVgCDKMbgCwDp7P47lDjKQ07hof90544oZg9mqy jO33ZYNG80NKQ== From: Vagrant Cascadian To: Maxime Devos , jbranso@dismail.de, guix-devel@gnu.org Subject: Re: U.S. Midwest based build farm In-Reply-To: <1c9065963fe7fed97613bc641e40d5f082c60e9b.camel@telenet.be> References: <6ed41abd5d3bfa35c699ee65f009dbb8@dismail.de> <1c9065963fe7fed97613bc641e40d5f082c60e9b.camel@telenet.be> Date: Sat, 11 Jun 2022 16:05:38 -0700 Message-ID: <874k0qyf5p.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=2600:3c01:e000:267:0:a171:de7:c; envelope-from=vagrant@reproducible-builds.org; helo=cascadia.aikidev.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1654988770; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=mYND/hHoG9iiFIX8P1JoFKNNrOC+/eFgLXLzQYKYhPY=; b=Pyxq2Ga4Ppy1VXhQmCl3vN1pLnX8uTqQmVb21GhnKpobyRKDXauG21E/KeLgnPjW8kF9sx I+z47oIVTLow+TUeakCzNhN4XaKDAbF6T6JLq5Nh35LnEnPBg5oOzDRvAOOdn9P8B0F+fi O4o0QYbBKydUfLNO26GsWSW7pIralwBTILid5RtFNN1esEJj4H2P+CQoHFHqOhj95vsYg8 qOnb37SkOv6C6I6u1GgUNP3THyCZ9infj5V/sCOKwjZjVjLXjkJVKJV8gYKkbBttHTGE3l uvsrtYWVd6l1q6/NxWDRQEMRrvLiPyhgcMTJdpUQxb3Rrq01FxcZm5mRAJjkow== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654988770; a=rsa-sha256; cv=none; b=gE2yDdoXLQqnJWknOo/GvI2yao+6fuYfb0YToNcUf5tzyj3u/4mvWfH+tlNpthMd2tAKpv wB4zSlVbFngwajzUbucHLFbeqiZVLJhGMYbUXfJo2r6FGoKee2HEvvcUKYTD2AZ+dEv7Fm iHy476esM7oh1Vwv/XjrYdU4XtGgglCyW7uyXPLKt4DHqQLmcvgBcb5kCPt+HEM5iVLwIz KyIeX2rVuvtoqd0B+sY9L5JbbF9tDQZVm+fowOS9JRF0WVqorwkcd20zKu3NA4O553LB2y /sZd0PDaG5QraHV71cEDFaDAyx8A8C/7cAWc2C7r7Ia6BATgO0lLrax45k/CjA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b=Di6wDKa2; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -7.38 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b=Di6wDKa2; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 208F7ED66 X-Spam-Score: -7.38 X-Migadu-Scanner: scn0.migadu.com X-TUID: mslkGo72JtMV --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2022-06-11, Maxime Devos wrote: > jbranso@dismail.de schreef op za 11-06-2022 om 16:06 [+0000]: >> What's good and/or bad about this idea? > > A positive point: extra resources, could be useful for reproducibility > testing, ...? > > A negative point: extra points through with malware can be introduced > (->compromises). Can be solved by reproducible builds and variation of > "guix challenge". Unfortunately, "guix challenge" is inherently racy. > "guix substitute" currently only checks that the narinfo has a _single_ > authorised signature, maybe it can be adjusted to allow the user to > ask: =E2=80=98only consider a substitute to be authorised if the same has= h is > signed by N different authorised keys=E2=80=99? Even without "signed by N" reproducible builds and guix substitute servers have some very interesting qualities! It's been a while since I've tested, but I seem to recall setting up a situation where I had a untrusted substitute server locally (e.g. I didn't add that server's keys to guix's trusted keys), and also configured my guix machine to use the default guix substitute servers (which were in the guix acl for authorized keys). Roughly approximated as: guix COMMAND --substitute-urls=3D'https://untrusted.example.com https://c= i.guix.gnu.org https://bordeaux.guix.gnu.org' For packages that build reproducibly, you could actually download the signatures (which are fairly small) from the "trusted" substitute servers, but download the actual packages (which can be quite large) from the "untrusted" substitute server... I've actually been wondering if one couldn't make this behavior more explicit, e.g. have substitute servers that *only* served signatures, and substitute servers that *only* served (unsigned?) builds. I guess you can more-or-less create this effect by never publishing the key that packages are signed with for the untrusted/untrustable substitute server? Anything that you can download from the "unstrusted" server is demonstratably reproducible, because a "trusted" server also built it. presuming, of course, both servers are actually performing the builds, but worst case you still get the bit-for-bit identical packages as the "trusted" substitutes. It's an awesome way to be able to distribute the downloads for that 80% and growing number of packages that are reproducible away from the default substitute servers, without actually having to even place much trust an arbitrary third party, other than metadata about what you've downloaded... I remember this being one of my favorite features of guix that I learned about early on, but haven't really done much with it! live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYqUfwwAKCRDcUY/If5cW qhmwAP9V3lbuyosS6PZznayRhVhz+wrQCO6GCHqUa9zXPSBiiQEAq+K//6RE9pwP CYIju4HaHXXNGIL7BWMeEoqOXGceCQQ= =F7bV -----END PGP SIGNATURE----- --=-=-=--