unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: Efraim Flashner <efraim@flashner.co.il>,
	Julien Lepiller <julien@lepiller.eu>
Cc: guix-devel@gnu.org, Felix Lechner <felix.lechner@gmail.com>
Subject: Re: maradns reproducibility fixes and the merits of picking a random number
Date: Wed, 08 Jun 2022 13:33:18 -0700	[thread overview]
Message-ID: <87a6amgak1.fsf@contorta> (raw)
In-Reply-To: <YqCMT5v2ls44PNoB@3900XT>

[-- Attachment #1: Type: text/plain, Size: 2726 bytes --]

On 2022-06-08, Efraim Flashner wrote:
> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
>> On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner <felix.lechner@gmail.com> wrote:
>> >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
>> ><vagrant@reproducible-builds.org> wrote:
>> >>
>> >> So, Debian's maradns package just removes this embedding of a "random"
>> >> number, and I've basically adapted their patches to build reproducibly
>> >> on guix too... by basically embedding the same "random" number every
>> >> single build!
>
> I have to say I was shocked to not see 4 as the random number¹.
...
> ¹ https://xkcd.com/221/

In an alternate reality, I did consider 4 for the reasons you alluded
to, but ruled it out because it was not a random prime number. :)


>> >There may be more than one opinion, but as the maintainer of a TLS
>> >library in Debian I think it is a questionable tradeoff. At a minimum,
>> >it would be preferable to use the version number instead of a fixed
>> >constant for all releases.
>> 
>> Consider that even without the patch, each distro will build maradns once and distribute the package to their user. Every user gets the same binary with the same "random" number. So even if it's chosen at build time, it won't really help.
>> 
>> In our case, it only means users who don't use substitutes get a random number, others get the same number that the build farm picked at random. Fixing a number doesn't sound like it's gonna change a lot for these users.
>
> This is something we can work with. We can just mark the package as
> '#:substitutable? #f' and then everyone will have to build it
> themselves. It still won't really be reproducible, but everyone will
> actually have their own special random number.

This actually seems like the best approach in the short term! Leaving
time to work out a better fix long-term, probably by working with
upstream...

Thoughts?


>> >MaraDNS does not support DNSSEC so the program may not use entropy for
>> >keys. Either way, I'd rather use an unreproducible build than,
>> >accidentally, a known number series to encrypt secrets. Can one patch
>> >out the constant entirely so it is no longer available?
>> >
>> >The upstream website says: "People like MaraDNS because it’s ...
>> >remarkably secure." [1] Since many distributions have the same issue,
>> >upstream could perhaps offer the patch as a build switch to enable a
>> >build-time seed only when needed.
>> 
>> Sounds like the safest option. Maybe we could change the code that uses that number to naise an exception or abort?

Yeah, seems worth taking this or similar ideas upstream...


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

  reply	other threads:[~2022-06-08 20:33 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-07  1:49 maradns reproducibility fixes and the merits of picking a random number Vagrant Cascadian
2022-06-07  3:24 ` Felix Lechner
2022-06-07  5:20   ` Julien Lepiller
2022-06-07 12:11     ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-08 11:48       ` Efraim Flashner
2022-06-08 14:09         ` Tobias Geerinckx-Rice
2022-06-08 11:47     ` Efraim Flashner
2022-06-08 20:33       ` Vagrant Cascadian [this message]
2022-06-23  2:05         ` Vagrant Cascadian
2022-06-28  1:31           ` Vagrant Cascadian
2022-06-28  9:30             ` Efraim Flashner
2022-06-28 15:39               ` Jack Hill
2022-06-28 16:04               ` Tobias Geerinckx-Rice
2022-06-28 16:18                 ` Gábor Boskovits
2022-06-28 16:33                   ` Vagrant Cascadian
2022-06-28 19:06                     ` Tobias Geerinckx-Rice
2022-06-28 19:15                       ` Tobias Geerinckx-Rice
2022-07-12  2:36                       ` Vagrant Cascadian
2022-07-12  2:41                         ` Vagrant Cascadian
2022-07-18 11:21                           ` Ludovic Courtès
2022-07-19 13:09                             ` Tobias Geerinckx-Rice
2022-06-07 15:15 ` Ludovic Courtès
2022-06-08 19:28 ` Arun Isaac
2022-06-08 20:25   ` Vagrant Cascadian
2022-06-14 17:16     ` Philip McGrath
2022-06-08 19:43 ` Liliana Marie Prikler
2022-06-08 20:23   ` Vagrant Cascadian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87a6amgak1.fsf@contorta \
    --to=vagrant@reproducible-builds.org \
    --cc=efraim@flashner.co.il \
    --cc=felix.lechner@gmail.com \
    --cc=guix-devel@gnu.org \
    --cc=julien@lepiller.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).