From: Mark H Weaver <mhw@netris.org>
To: guix-devel@gnu.org
Subject: How to reduce our vulnerability from self-hosted compilers
Date: Thu, 26 Feb 2015 18:22:13 -0500 [thread overview]
Message-ID: <87385s8di2.fsf@netris.org> (raw)
We are starting to add more self-hosted compilers, where our build
recipes are downloading pre-compiled binaries from upstream. I'd like
to propose a policy for dealing with this in such a way that protects us
as much as possible from upstream security breaches.
So far, with self-hosted compilers other than GCC, our recipes are
simply downloading pre-compiled binaries for the latest version of the
compiler. This makes us more vulnerable than necessary, because it
means that every time we update one of these compilers, that is a new
opportunity to get hacked.
Instead, I would prefer to do something closer to what we do in our core
bootstrap. We should produce our own bootstrap binaries for each of
these self-hosted compilers. Like our GCC bootstrap binaries, these
binaries should be updated very rarely. Then, we should use our own
bootstrap binaries to build the latest version of any self-hosted
compiler. In some cases, if the bootstrap binaries are too old to build
the latest compiler, this might involve multiple steps.
Just as we have recipes to produce bootstrap gcc and binutils, we should
have recipes to build bootstrap binaries for each self-hosted compiler
in our system. Each time we produce an updated bootstrap compiler from
an earlier one, it should be done with our deterministic package such
that this update step can be independently verified by anyone who wishes
to do so.
What do you think?
Mark
next reply other threads:[~2015-02-26 23:22 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-26 23:22 Mark H Weaver [this message]
2015-02-27 10:49 ` How to reduce our vulnerability from self-hosted compilers Ludovic Courtès
2015-02-27 21:12 ` Andreas Enge
-- strict thread matches above, loose matches on Subject: below --
2015-02-27 11:25 Federico Beffa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87385s8di2.fsf@netris.org \
--to=mhw@netris.org \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.