From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: Efraim Flashner <efraim@flashner.co.il>,
Julien Lepiller <julien@lepiller.eu>
Cc: guix-devel@gnu.org, Felix Lechner <felix.lechner@gmail.com>
Subject: Re: maradns reproducibility fixes and the merits of picking a random number
Date: Mon, 27 Jun 2022 18:31:41 -0700 [thread overview]
Message-ID: <87leth7ev6.fsf@contorta> (raw)
In-Reply-To: <87r13grv6a.fsf@contorta>
[-- Attachment #1: Type: text/plain, Size: 2340 bytes --]
On 2022-06-22, Vagrant Cascadian wrote:
> On 2022-06-08, Vagrant Cascadian wrote:
>> On 2022-06-08, Efraim Flashner wrote:
>>> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
>>>> On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner <felix.lechner@gmail.com> wrote:
>>>> >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
>>>> ><vagrant@reproducible-builds.org> wrote:
>>> This is something we can work with. We can just mark the package as
>>> '#:substitutable? #f' and then everyone will have to build it
>>> themselves. It still won't really be reproducible, but everyone will
>>> actually have their own special random number.
>>
>> This actually seems like the best approach in the short term! Leaving
>> time to work out a better fix long-term, probably by working with
>> upstream...
>>
>> Thoughts?
>
> Should I just push that part for the short-term workaround? Or does
> someone else want to push that?
>
>
>>>> >MaraDNS does not support DNSSEC so the program may not use entropy for
>>>> >keys. Either way, I'd rather use an unreproducible build than,
>>>> >accidentally, a known number series to encrypt secrets. Can one patch
>>>> >out the constant entirely so it is no longer available?
>>>> >
>>>> >The upstream website says: "People like MaraDNS because it’s ...
>>>> >remarkably secure." [1] Since many distributions have the same issue,
>>>> >upstream could perhaps offer the patch as a build switch to enable a
>>>> >build-time seed only when needed.
>>>>
>>>> Sounds like the safest option. Maybe we could change the code that uses that number to naise an exception or abort?
>>
>> Yeah, seems worth taking this or similar ideas upstream...
>
> And, this was the best place I found to mention this issue upstream,
> will see what kind of response I get:
>
> https://github.com/samboy/MaraDNS/discussions/101#discussioncomment-3006487
Upstream appears to think it is mostly ok to actually embed a specific
random prime... and not have it be different across all the builds, as
the number is mixed with other randomness from /dev/urandom.
It is expensive to generate the random prime on some hardware, so doing
so at runtime might not be feasible in some cases...
So, where do we go from here, knowing what we now know? :)
live well,
vagrant
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
next prev parent reply other threads:[~2022-06-28 1:32 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 1:49 maradns reproducibility fixes and the merits of picking a random number Vagrant Cascadian
2022-06-07 3:24 ` Felix Lechner
2022-06-07 5:20 ` Julien Lepiller
2022-06-07 12:11 ` Brian Cully via Development of GNU Guix and the GNU System distribution.
2022-06-08 11:48 ` Efraim Flashner
2022-06-08 14:09 ` Tobias Geerinckx-Rice
2022-06-08 11:47 ` Efraim Flashner
2022-06-08 20:33 ` Vagrant Cascadian
2022-06-23 2:05 ` Vagrant Cascadian
2022-06-28 1:31 ` Vagrant Cascadian [this message]
2022-06-28 9:30 ` Efraim Flashner
2022-06-28 15:39 ` Jack Hill
2022-06-28 16:04 ` Tobias Geerinckx-Rice
2022-06-28 16:18 ` Gábor Boskovits
2022-06-28 16:33 ` Vagrant Cascadian
2022-06-28 19:06 ` Tobias Geerinckx-Rice
2022-06-28 19:15 ` Tobias Geerinckx-Rice
2022-07-12 2:36 ` Vagrant Cascadian
2022-07-12 2:41 ` Vagrant Cascadian
2022-07-18 11:21 ` Ludovic Courtès
2022-07-19 13:09 ` Tobias Geerinckx-Rice
2022-06-07 15:15 ` Ludovic Courtès
2022-06-08 19:28 ` Arun Isaac
2022-06-08 20:25 ` Vagrant Cascadian
2022-06-14 17:16 ` Philip McGrath
2022-06-08 19:43 ` Liliana Marie Prikler
2022-06-08 20:23 ` Vagrant Cascadian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87leth7ev6.fsf@contorta \
--to=vagrant@reproducible-builds.org \
--cc=efraim@flashner.co.il \
--cc=felix.lechner@gmail.com \
--cc=guix-devel@gnu.org \
--cc=julien@lepiller.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).