From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id wL4sMRtaumLAMwAAbAwnHQ (envelope-from ) for ; Tue, 28 Jun 2022 03:32:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id yL0lMRtaumKTEAEA9RJhRA (envelope-from ) for ; Tue, 28 Jun 2022 03:32:11 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6DD79135C2 for ; Tue, 28 Jun 2022 03:32:11 +0200 (CEST) Received: from localhost ([::1]:46796 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o605K-00025q-Ex for larch@yhetil.org; Mon, 27 Jun 2022 21:32:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40812) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o6051-00024X-OH for guix-devel@gnu.org; Mon, 27 Jun 2022 21:31:53 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:50260) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o604z-0005U7-PJ for guix-devel@gnu.org; Mon, 27 Jun 2022 21:31:51 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@aikidev.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 105941ABFC; Mon, 27 Jun 2022 18:31:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=reproducible-builds.org; s=1.vagrant; t=1656379906; bh=bz19O43kM8jjlz197910aEcPzUDRJorzZKlLQhmjcGw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=HiIZdkySYLox0y3yTMEsLlTRqUKbLuOZP60UOsFX6CDUlDlbE0qHGdUz2nSCWPTyd uBD83Q4R6YH4lvXxOCJMPdmzwxakt9pj82xZNVlepW/fe0cM0cUPQMS5kQaSnjtPss w/qoKr8I20H2L3LZgDP8A9uyjk8zPTYW6g4UYOSfo2MrHmAte6Pn0YTvkou8CC+cCd KX+S4h1Q77yG2VAACaO9G1Pjn7+HHr6clZPRjCGRjN4MKdwDDRnlCSUDm6SqYpo7Ti KeYYEZeWhjYT0iCkv2PkdCkSXifKGSDMVuYpVXq4HVJMiK9MvOQ1j0lmMb4CExnBHm Q60M0UZt3lhwg== From: Vagrant Cascadian To: Efraim Flashner , Julien Lepiller Cc: guix-devel@gnu.org, Felix Lechner Subject: Re: maradns reproducibility fixes and the merits of picking a random number In-Reply-To: <87r13grv6a.fsf@contorta> References: <87pmjlfdjl.fsf@contorta> <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> <87a6amgak1.fsf@contorta> <87r13grv6a.fsf@contorta> Date: Mon, 27 Jun 2022 18:31:41 -0700 Message-ID: <87leth7ev6.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@reproducible-builds.org; helo=cascadia.aikidev.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1656379931; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=vF1sDcGYIXWt+P0fQ4MffZcfVJop8jyd57O438hp8Gg=; b=rtqkgMcmeqj8AlN3CKpjMAELRsRXLapQiagQXUBKQljddC/6a3BZQfFqlKx95CaKdRDWt9 gwFzhhFv2mcKMJwJAbhVN/7TBJGB3OHBGiggoZ8Nci2NHnJ4eKj1aD4/BlgGexvPJO7BS5 1YGswB+4fj2DD6Fl2BSv7hvBmWvOUveJrKbuYvT4YyjJpF3/9ZVKu/9/IiFCUjQ0iI/lpk h5JqgaH10lt5SGJhhPQsQetyxQUMAizj0EoJPy9m3juknRAeleQRgkrK7WjgdOD63wi6kf xDbxD2Qcw3iO3LqWOGXgNJeelUJ8QxlwdEUxXKp9WIxUmueGGcuw63yPA7RRdw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1656379931; a=rsa-sha256; cv=none; b=TxH51PrSdF1qDpIyt4khSttl8wOt5TKysNk3YhhQcpbZRL/dTt7z0/x4arr9q0e5x/SgDs NHZlAUrpD2hHe7jSTo1CDCHaBWOmgpj9+KlJHZF8b5BRNyjOu4YWdsGr94/Pt6oH86NF+R UZEngTLwoYrtWBeWQFrgWnPCrv9af30dgcctMg216/sF58M0P7TV3hWxw4qEL3b7NyrG+l 0jP9jTW2RKk09wKI66zLYYfOTjspTbwUIl4/MU4fZbETWI8zvKK1Getq91h39LUdSiRgl8 R4Eml3yeaCp4rSHLnYTwlvCnchQ+YgO458eA05V2rtu1mHHQyauPWOyST8L8uQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b=HiIZdkyS; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.05 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b=HiIZdkyS; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6DD79135C2 X-Spam-Score: -2.05 X-Migadu-Scanner: scn1.migadu.com X-TUID: YSquyD1ptq3I --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2022-06-22, Vagrant Cascadian wrote: > On 2022-06-08, Vagrant Cascadian wrote: >> On 2022-06-08, Efraim Flashner wrote: >>> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote: >>>> On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner wrote: >>>> >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian >>>> > wrote: >>> This is something we can work with. We can just mark the package as >>> '#:substitutable? #f' and then everyone will have to build it >>> themselves. It still won't really be reproducible, but everyone will >>> actually have their own special random number. >> >> This actually seems like the best approach in the short term! Leaving >> time to work out a better fix long-term, probably by working with >> upstream... >> >> Thoughts? > > Should I just push that part for the short-term workaround? Or does > someone else want to push that? > > >>>> >MaraDNS does not support DNSSEC so the program may not use entropy for >>>> >keys. Either way, I'd rather use an unreproducible build than, >>>> >accidentally, a known number series to encrypt secrets. Can one patch >>>> >out the constant entirely so it is no longer available? >>>> > >>>> >The upstream website says: "People like MaraDNS because it=E2=80=99s = ... >>>> >remarkably secure." [1] Since many distributions have the same issue, >>>> >upstream could perhaps offer the patch as a build switch to enable a >>>> >build-time seed only when needed. >>>>=20 >>>> Sounds like the safest option. Maybe we could change the code that use= s that number to naise an exception or abort? >> >> Yeah, seems worth taking this or similar ideas upstream... > > And, this was the best place I found to mention this issue upstream, > will see what kind of response I get: > > https://github.com/samboy/MaraDNS/discussions/101#discussioncomment-300= 6487 Upstream appears to think it is mostly ok to actually embed a specific random prime... and not have it be different across all the builds, as the number is mixed with other randomness from /dev/urandom. It is expensive to generate the random prime on some hardware, so doing so at runtime might not be feasible in some cases... So, where do we go from here, knowing what we now know? :) live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYrpZ/gAKCRDcUY/If5cW qujOAQDZx2Efh3iNL7bJAJmDK5W95oJWKvYOn4JkIjTBM1KYJwD/bqtajUICLujg OwIdc/GYMQbstwINDhvfTFlVS6u6MwA= =csyz -----END PGP SIGNATURE----- --=-=-=--