From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 122515 invoked by alias); 18 Nov 2019 18:41:16 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 122505 invoked by uid 89); 18 Nov 2019 18:41:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 spammy= X-Spam-Status: No, score=-3.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: us-smtp-1.mimecast.com Received: from us-smtp-delivery-1.mimecast.com (HELO us-smtp-1.mimecast.com) (207.211.31.120) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 18 Nov 2019 18:41:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1574102473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sdwhbpUcEEznabBqA4c+tAgOVTJ9vYngxjZdPanzxjg=; b=Udm/+QG1inrj/0giwACtvK8PInTpIxwQswTxwQhDPHpKXmDngDLYNVFb+4vdZ1Ze61uHOK OnolWH/HnLFqG/PvBR69ubT8650idxdu1E6F6DVKoYY33fdOXZMUkKceD0jn/C/WYWx7Ox +t0D2QxXCTPrfuOVUtyuq63G0PNaChI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-415-XshyiegHNIScljAyTCXzYg-1; Mon, 18 Nov 2019 13:41:12 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1511F800A02; Mon, 18 Nov 2019 18:41:11 +0000 (UTC) Received: from redhat.com (ovpn-116-19.phx2.redhat.com [10.3.116.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 768F960BF4; Mon, 18 Nov 2019 18:41:10 +0000 (UTC) Received: from fche by redhat.com with local (Exim 4.92) (envelope-from ) id 1iWlxU-00011S-SD; Mon, 18 Nov 2019 13:41:08 -0500 Date: Mon, 18 Nov 2019 18:41:00 -0000 From: "Frank Ch. Eigler" To: Mark Wielaard Cc: elfutils-devel@sourceware.org, amerey@redhat.com Subject: Re: patch 2/2 debuginfod server etc. Message-ID: <20191118184108.GC2880@redhat.com> References: <20191028190438.GC14349@redhat.com> <20191028190602.GD14349@redhat.com> <20191028190726.GE14349@redhat.com> <8d0b26865cc18838c24ea57c09f4ee5af713af16.camel@klomp.org> <20191114122953.GC873@redhat.com> MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.12.0 (2019-05-25) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-MC-Unique: XshyiegHNIScljAyTCXzYg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-IsSubscribed: yes X-SW-Source: 2019-q4/txt/msg00175.txt.bz2 Hi - > > I see where you're going with it, it's a reasonable concern. For now, > > we can consider it covered by the "debuginfod should be given > > trustworthy binaries" general rule. >=20 > This does keep me slightly worried. Even "trustworthy binaries" could > be produced by buggy compilers.=20 Those would be untrustworthy binaries. > I really think we should have some way to restrict which files on > the file system can be served up. IMHO the default should be that no > files outside directories explicit given to debuginfod should be > allowed to be provided to the client. So it makes sense providing > any extra source dirs, so you can check that any references to > source files are actually correct/intended. It's not so easy. For build trees, source files can include /usr/include/*, which do not contain executables and so don't need indexing. The use of symlinks in some configury/build systems makes filtering after the fact difficult too - the realpath of object files and source trees need not even be near, or in a single place. Would you be satisfied if the -F / -R flags were restored, so that -F would be required in order to start file-scanning threads (and similar for -R)? Then all this does not arise, because people who don't trust their compilers wouldn't run debuginfod in -F mode. > > I was thinkinng [300s] it's about right for a developer's live build tr= ee. >=20 > OK, but those aren't included by default.=20 A concern about the systemd service defaults can be addressed at the systemd service / sysconfig level. Would you prefer a day for that? > > > So basically never, ever use [-G]? :) > > > Can you add a hint when you should use it? > >=20 > > See also the DATA MANAGEMENT section. :-) >=20 > Which says: >=20 > There is also an optional one-shot \fImaximal grooming\fP pass is > available. It removes information debuginfo-unrelated data from the > RPM content index, but it is slow and temporarily requires up to > twice the database size as free space. Worse: it may result in > missing source-code info if the RPM traversals were > interrupted. Use it rarely to polish a complete index. >=20 > Which suggest to use it to polish by removing debuginfo-unrelated data. > I am still not sure what that unrelated data is or when I really want > to do this. It doesn't really list any quantifiable benefits. OK, elaborating this point in the man page. > > The text says that debuginfod does not provide https service at all, > > so this is not relevant. A front-end https reverse-proxy would have > > to deal with this stuff. I plan to cover this in a blog post later > > on, and probably in the form of software baked into a container image. >=20 > But debuginfod might use HTTPS services itself for fallback. I think it > is important to describe how/if those https ssl/tls connections are > authenticated. OK, will add a blurb. - FChE