From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id yIXvA1iPoGLPJAAAbAwnHQ (envelope-from ) for ; Wed, 08 Jun 2022 14:00:24 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id uGTuA1iPoGLP6wAA9RJhRA (envelope-from ) for ; Wed, 08 Jun 2022 14:00:24 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8812832FC4 for ; Wed, 8 Jun 2022 14:00:23 +0200 (CEST) Received: from localhost ([::1]:54456 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nyuMI-0004RN-KI for larch@yhetil.org; Wed, 08 Jun 2022 08:00:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48406) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nyuD1-0006cl-9T for guix-devel@gnu.org; Wed, 08 Jun 2022 07:50:47 -0400 Received: from flashner.co.il ([178.62.234.194]:34446) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nyuCw-0006Wq-8M for guix-devel@gnu.org; Wed, 08 Jun 2022 07:50:45 -0400 Received: from localhost (unknown [141.226.14.232]) by flashner.co.il (Postfix) with ESMTPSA id CFAE140043; Wed, 8 Jun 2022 11:50:36 +0000 (UTC) Date: Wed, 8 Jun 2022 14:47:27 +0300 From: Efraim Flashner To: Julien Lepiller Cc: guix-devel@gnu.org, Felix Lechner , Vagrant Cascadian Subject: Re: maradns reproducibility fixes and the merits of picking a random number Message-ID: Mail-Followup-To: Julien Lepiller , guix-devel@gnu.org, Felix Lechner , Vagrant Cascadian References: <87pmjlfdjl.fsf@contorta> <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="u42V4locD1TZBfkd" Content-Disposition: inline In-Reply-To: <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=178.62.234.194; envelope-from=efraim@flashner.co.il; helo=flashner.co.il X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1654689623; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=ic3gcVhvfLVwVJVIhBvqD1y2lodbV4U3hJS2EgsPxHw=; b=fiFVO9ZkArz4waDO5+P07HRFZfNPUFodotwzjK6QL+BblvBKvzfmBSXM59u0IFMJ+hay/1 2ydlyPuXKG5XwK5lbi/bSPqw+Um1s7DX/tdeRy0eGFf26LOuqA41Nl8bR6Ocl7x/80P67q e25Lk6fO0ADwfUZD52bjiKtQWrYImqhCoH4orDPrTH0izIT1p4DWjc6OmpNyewsY/fbVZM +/i584qtTFAEF3U54cBkJkCjBtigSnWDC9w7Bf8ssG2ZWIYWz+w/DwWMaMH18r0JsqTMIA BvZQzZcj3lS1MkxTdyaoRihi3ekaxWzLZ9/qEYwXRMmQ2taQHmfroKWCol3cXQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654689623; a=rsa-sha256; cv=none; b=ZFpwieDokwHbSdxC4xuZLkWEp2TeCo91z8BdCONoUGyxRAhVubDTN6vyELnCbe4ra+jL+D jpzNkshHrBsencovq/81kyKRIeclnXeL0x9Y03Mq7nz84hH4avdKzhZ6bI887yQGTGrFMt cJLBTd65d79kWRdSE29MAufdvGApID+wEAW0FpBRgunwT+Nvos9iv8dlMuu694NG0hiBw0 oSgiScxnkNRXXb8kLpYzDhVs3h/2vLRPi12Y3s6EEwmxYTB76xWIwQlKO+blIKq7PgNdD9 I1xdLmZ9D0vxpqtV6Py4fTCQaOSeyKzGVl2Q+/3SeTydAwLZmx6F+YcPaS70Cw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.70 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 8812832FC4 X-Spam-Score: -1.70 X-Migadu-Scanner: scn0.migadu.com X-TUID: Lt24OcGRa5+0 --u42V4locD1TZBfkd Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote: >=20 >=20 > On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner wrote: > >Hi, > > > >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian > > wrote: > >> > >> So, Debian's maradns package just removes this embedding of a "random" > >> number, and I've basically adapted their patches to build reproducibly > >> on guix too... by basically embedding the same "random" number every > >> single build! I have to say I was shocked to not see 4 as the random number=C2=B9. > >There may be more than one opinion, but as the maintainer of a TLS > >library in Debian I think it is a questionable tradeoff. At a minimum, > >it would be preferable to use the version number instead of a fixed > >constant for all releases. >=20 > Consider that even without the patch, each distro will build maradns once= and distribute the package to their user. Every user gets the same binary = with the same "random" number. So even if it's chosen at build time, it won= 't really help. >=20 > In our case, it only means users who don't use substitutes get a random n= umber, others get the same number that the build farm picked at random. Fix= ing a number doesn't sound like it's gonna change a lot for these users. This is something we can work with. We can just mark the package as '#:substitutable? #f' and then everyone will have to build it themselves. It still won't really be reproducible, but everyone will actually have their own special random number. > > > >MaraDNS does not support DNSSEC so the program may not use entropy for > >keys. Either way, I'd rather use an unreproducible build than, > >accidentally, a known number series to encrypt secrets. Can one patch > >out the constant entirely so it is no longer available? > > > >The upstream website says: "People like MaraDNS because it=E2=80=99s ... > >remarkably secure." [1] Since many distributions have the same issue, > >upstream could perhaps offer the patch as a build switch to enable a > >build-time seed only when needed. >=20 > Sounds like the safest option. Maybe we could change the code that uses t= hat number to naise an exception or abort? > > > >Thank you for your hard work on Guix! As a newbie I'll say, what a > >great distro. Thanks, everyone! > > > >Kind regards, > >Felix Lechner > > > >[1] https://maradns.samiam.org/ > > >=20 =C2=B9 https://xkcd.com/221/ --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --u42V4locD1TZBfkd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmKgjE8ACgkQQarn3Mo9 g1E5wg//cxam+j5o7Waw1HAZJ+oJ22RuSqZQjT6GfScntcXkoUVsLSNqPRpGnAc/ mGUqlVGYBHj52oZ93lGs9z1upYHfiThI2rhbT+A6kVu6Rims3N4ibFYF/FysALC3 5ia9evs7t9gEBJb+ZYxqw0ZebeBXhjd/To1TK26OjtaIzr7oUyoRH2TO/gmf2G0j 6917VJ+DOtEMFwArW9YjrIIBdTrPC/S8AE754kmzhrOhFV/7Z+H9VY/2Vwzl/XbJ QN1xcThG9qIQT92YHVoOWKNefWjdHObzdsIMGBBc6E8TA65Xg+EXdnyAAMZqAXgo 0+4RA5cp0w/IdNYzqjNGXR2WmdnWgwJrAb3tcg+XxPF1trNt0XfEQkYFj8Wq60Eh s1D7LOPcW90qWj9SSp7fM5InH88b5YqUHSXycYZSHD7DHMwqETABs4vkixgQQpdR vME8LUi1PuVRY4rAb6jjU7yQwcspTvlFW6rt4DsCAqMrfO1w8dCMFlMdCjNSGnpz vSdvrFUdHDyXGEt6s21768PRPurLjwndM45zBaZ8J9RE3d6Du7XRZ4ZvXkrojNAC orosoAPAs3igTlQoyUREodDx+F9mVlMqjlUb5ZDOrUKTR7J16yJtLm2gm9vAY+iU nQI9RhFEIBCLtXAxyjuQxnW7pr693NE31Zi2XZ0WtUB05pphies= =pujm -----END PGP SIGNATURE----- --u42V4locD1TZBfkd--