From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8tK9GEvgnmLaDAAAbAwnHQ (envelope-from ) for ; Tue, 07 Jun 2022 07:21:15 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id AHnEF0vgnmK0QwAA9RJhRA (envelope-from ) for ; Tue, 07 Jun 2022 07:21:15 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EA862146F1 for ; Tue, 7 Jun 2022 07:21:14 +0200 (CEST) Received: from localhost ([::1]:43562 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nyReU-0004K1-31 for larch@yhetil.org; Tue, 07 Jun 2022 01:21:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52544) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nyRe1-0004Jb-VB for guix-devel@gnu.org; Tue, 07 Jun 2022 01:20:47 -0400 Received: from lepiller.eu ([2a00:5884:8208::1]:56940) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nyRdz-0006i8-It for guix-devel@gnu.org; Tue, 07 Jun 2022 01:20:45 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 5a69b966; Tue, 7 Jun 2022 05:20:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date:from :to:cc:subject:in-reply-to:references:message-id:mime-version :content-type:content-transfer-encoding; s=dkim; bh=NoZToX7xET0I RTP/GkcbeYyZ0TWdxrc91QDMxEGjJbM=; b=UP/+E4qapDQdvfWcJmVsd/3tw8Hf 7yMd0x52ihAuH0CiuewqrdqeeBjECTm8O15d5OgeZXTN0D/Vug56S7ihgwykzNZS AC/P2LH8T6yQ+OagSgrOGhQYWR9a7aZZAIoo6eV84jnlRNRZpSfPxZ1dEJk6KI0v AKdJ/hQ6SqYmbIq/k//HtkoCw+05udd00QvPOp3x9gALKurbg3VNQ//tc62jCy40 ngwql8ZEUNel7RdjoIoa+UnZGFM0bhLyJOY5OIKWy2JNMAa8VWeRMChWAsMdxTJv L0AsZ/HtZI9l9iRPG8dvvNGRUFCV2tYTAyGCZjEs+nEKEkRRY1iCkdF5SA== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id da39b758 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Tue, 7 Jun 2022 05:20:35 +0000 (UTC) Date: Tue, 07 Jun 2022 07:20:25 +0200 From: Julien Lepiller To: guix-devel@gnu.org, Felix Lechner , Guix Devel CC: Vagrant Cascadian Subject: =?US-ASCII?Q?Re=3A_maradns_reproducibility_fixes_and?= =?US-ASCII?Q?_the_merits_of_picking_a_random_number?= User-Agent: K-9 Mail for Android In-Reply-To: References: <87pmjlfdjl.fsf@contorta> Message-ID: <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:5884:8208::1; envelope-from=julien@lepiller.eu; helo=lepiller.eu X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1654579275; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=NoZToX7xET0IRTP/GkcbeYyZ0TWdxrc91QDMxEGjJbM=; b=RDHOV+EnzxBsMwu6ZkP7b35qpd/WptwjvQrYzYA0bzZwllYS9m2RUgHn+s2G+yP2w+P3ov lDKtSryPHRutHHOFJrkvE/1BFjeD7RQuXQC5V338qZwWDWmZZDCwPHDLM14EtRg28WCPU3 3YikrNyPUHF5p8wPS4t0tVQl8M+FvxeqCSTtdcVW4/mfHT+xwJKg/M86WRDt6okb/D5obM txezcSZCUJjHlReuPqQN44cxPsA32JntS2VgTloU4xpzfbHHeTnUccQrb7m/qJRrMBHT9t y/Xhr9r4NQZMoSzp/CrO1i4Dn9BRMIfsAOwtC/gWDompb/Ci9/bX+hFy1xvVyA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654579275; a=rsa-sha256; cv=none; b=YPf0uk+Q0ZtuWs4sr3vMUlptt4+c/+nMvuyXw2pZlVQwhdTo7q/fdFdrc0xnopI1MbS8tv P8+si2dEFz/sMyrt4RL8g2qDYDPqFtdm5r57lU8ZR+0iHLAA5muPS/8r3NoZN+XtDMnEMM DTrRZCEsw0alb4WS0j0i+uoShWN0WB4wb4HExRBD/Uu6PXIxbwkMlUP8S3mQURrxMOPBJR TNaJcWRDvdwvLOyTsTP+er65ctmR1L6GyhU4mwqvvJ+oGnlG9rr16YV3s/W7EIDqtkMn+8 cET0gOprRUmEKh7VeMhZUqOWapzegCfozna9bMphlnHn8Swi4hap35gYKD37tA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=lepiller.eu header.s=dkim header.b="UP/+E4qa"; dmarc=pass (policy=none) header.from=lepiller.eu; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.11 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=lepiller.eu header.s=dkim header.b="UP/+E4qa"; dmarc=pass (policy=none) header.from=lepiller.eu; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: EA862146F1 X-Spam-Score: -3.11 X-Migadu-Scanner: scn0.migadu.com X-TUID: yw2ol/avagBw On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner wrote: >Hi, > >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian > wrote: >> >> So, Debian's maradns package just removes this embedding of a "random" >> number, and I've basically adapted their patches to build reproducibly >> on guix too=2E=2E=2E by basically embedding the same "random" number ev= ery >> single build! > >There may be more than one opinion, but as the maintainer of a TLS >library in Debian I think it is a questionable tradeoff=2E At a minimum, >it would be preferable to use the version number instead of a fixed >constant for all releases=2E Consider that even without the patch, each distro will build maradns once = and distribute the package to their user=2E Every user gets the same binary= with the same "random" number=2E So even if it's chosen at build time, it = won't really help=2E In our case, it only means users who don't use substitutes get a random nu= mber, others get the same number that the build farm picked at random=2E Fi= xing a number doesn't sound like it's gonna change a lot for these users=2E > >MaraDNS does not support DNSSEC so the program may not use entropy for >keys=2E Either way, I'd rather use an unreproducible build than, >accidentally, a known number series to encrypt secrets=2E Can one patch >out the constant entirely so it is no longer available? > >The upstream website says: "People like MaraDNS because it=E2=80=99s =2E= =2E=2E >remarkably secure=2E" [1] Since many distributions have the same issue, >upstream could perhaps offer the patch as a build switch to enable a >build-time seed only when needed=2E Sounds like the safest option=2E Maybe we could change the code that uses = that number to naise an exception or abort? > >Thank you for your hard work on Guix! As a newbie I'll say, what a >great distro=2E Thanks, everyone! > >Kind regards, >Felix Lechner > >[1] https://maradns=2Esamiam=2Eorg/ >