Re: patch 2/2 debuginfod server etc.

public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed

From: "Frank Ch. Eigler" <fche@redhat.com>
To: Mark Wielaard <mark@klomp.org>
Cc: elfutils-devel@sourceware.org, amerey@redhat.com
Subject: Re: patch 2/2 debuginfod server etc.
Date: Tue, 19 Nov 2019 21:15:00 -0000	[thread overview]
Message-ID: <20191119211503.GF4911@redhat.com> (raw)
In-Reply-To: <20191119201128.GA3494@wildebeest.org>

Hi -

> [...] What I want is simply make it easy for the user to say where
> they expect the sources are. So there is no surprises.

If this were a mandate, it would be a hassle, for any build that's
more than one directory wide.

> > The -F mode is suitable for sharing build trees.  By definition, the
> > content is going to be up to the runtime whims of the system, because
> > even non-/usr/include files may change between one build and the next.
> > This is okay, it is just like running gdb on an older binary when the
> > source trees have changed.  (We even propagate mtimes to the client,
> > so gdb can notice it the same way as if it were local.)
> 
> -F mode does indeed seem suitable for sharing local build trees.  If
> we add a big warning about it possibly sharing all local files.

OK, will add a cautionary blurb to the man page.

> > The compiled-in default for the binary is off.  The systemd service
> > default, it happens to be on, but it's configured to serve only
> > privileged directories that people with bad compilers cannot sneak
> > binaries into.  People running personal servers can/should use -F as
> > they see fit.  In the context of a normal workgroup - it's fine.
> 
> So -F seems fine for the later, just not for the former.

IMHO, even the former seems okay and even desirable:

    debuginfod -F /usr/lib/debug

is a safe & easy way to relay the contents of all the debuginfo rpms
that were installed, to nearby clients.  All those binaries come from
packages/distros, so are at least as high quality & trustworthiness as
the user's own.  Again I offer to do an audit of some distro debuginfo
that all their source refs are milquetoast like /usr/include or
/usr/src/debug.

> > System certs do not serve to authenticate clients.  Client
> > certificates are per-user things that come with their own management
> > headaches.  Will think about authentication matters in the future.
> 
> I thought ca-certificates.crt were normally used to authenticate
> remote servers.

ca-certificates.crt types of files (or /usr/share/pki/ files) are the
trust roots for validating the *servers'* certificates.  They are
generally provided by the distro, so can't possibly serve as unique
*client* authentication.

- FChE

next prev parent reply	other threads:[~2019-11-19 21:15 UTC|newest]

Thread overview: 78+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-28 19:04 patch 0/2 debuginfod submission Frank Ch. Eigler
2019-10-28 19:06 ` patch 1/2 debuginfod client Frank Ch. Eigler
2019-10-28 19:09   ` patch 2/2 debuginfod server etc Frank Ch. Eigler
2019-11-04 21:48     ` patch 3/3 debuginfod client interruptability Frank Ch. Eigler
2019-11-07  9:07       ` patch 4 debuginfod: symlink following mode Frank Ch. Eigler
2019-11-07  9:08         ` patch 5 debuginfod: prometheus metrics Frank Ch. Eigler
2019-11-15 17:26           ` Mark Wielaard
2019-11-15 17:58             ` Frank Ch. Eigler
2019-11-18 16:20               ` Mark Wielaard
2019-11-18 16:48                 ` Frank Ch. Eigler
2019-11-19 16:13                   ` Mark Wielaard
2019-11-15 16:49         ` patch 4 debuginfod: symlink following mode Mark Wielaard
2019-11-15 18:31           ` Frank Ch. Eigler
2019-11-18 16:27             ` Mark Wielaard
2019-11-15 16:16       ` patch 3/3 debuginfod client interruptability Mark Wielaard
2019-11-15 17:03         ` Aaron Merey
2019-11-15 17:35           ` Mark Wielaard
2019-11-15 18:14             ` Pedro Alves
2019-11-17 23:44               ` Mark Wielaard
2019-11-18  2:50                 ` Frank Ch. Eigler
2019-11-18  9:24                   ` Pedro Alves
2019-11-19 12:58                   ` Mark Wielaard
2019-11-13 17:22     ` patch 2/2 debuginfod server etc Mark Wielaard
2019-11-14 11:54       ` Frank Ch. Eigler
2019-11-16  1:31         ` Mark Wielaard
2019-11-13 23:19     ` Mark Wielaard
2019-11-14 12:30       ` Frank Ch. Eigler
2019-11-18 14:17         ` Mark Wielaard
2019-11-18 18:41           ` Frank Ch. Eigler
2019-11-19 15:41             ` Mark Wielaard
2019-11-19 16:13               ` Frank Ch. Eigler
2019-11-19 20:11                 ` Mark Wielaard
2019-11-19 21:15                   ` Frank Ch. Eigler [this message]
2019-11-20 11:53                     ` Mark Wielaard
2019-11-20 12:29                       ` Frank Ch. Eigler
2019-11-21 14:16                       ` Mark Wielaard
2019-11-21 15:40                         ` Mark Wielaard
2019-11-21 16:01                           ` Frank Ch. Eigler
2019-11-21 15:58                         ` Frank Ch. Eigler
2019-11-21 16:37                           ` Mark Wielaard
2019-11-21 17:18                             ` Frank Ch. Eigler
2019-11-21 20:42                               ` Mark Wielaard
2019-11-22 12:08                                 ` Mark Wielaard
2019-11-14 20:45     ` Mark Wielaard
2019-11-15 11:03       ` Mark Wielaard
2019-11-15 21:00       ` Frank Ch. Eigler
2019-11-18 15:01         ` Mark Wielaard
2019-11-15 14:40     ` Mark Wielaard
2019-11-15 19:54       ` Frank Ch. Eigler
2019-11-18 15:31         ` Mark Wielaard
2019-11-18 15:49           ` Frank Ch. Eigler
2019-11-12 11:12   ` patch 1/2 debuginfod client Mark Wielaard
2019-11-12 15:14     ` Frank Ch. Eigler
2019-11-12 21:59       ` Mark Wielaard
2019-11-14  0:33         ` Frank Ch. Eigler
2019-11-15 21:33       ` Mark Wielaard
2019-11-12 21:25   ` Mark Wielaard
2019-11-13 23:25     ` Frank Ch. Eigler
2019-11-16  0:46       ` Mark Wielaard
2019-11-16 18:53         ` Frank Ch. Eigler
2019-11-18 17:17           ` Mark Wielaard
2019-11-18 20:33             ` Frank Ch. Eigler
2019-11-19 15:57               ` Mark Wielaard
2019-11-19 16:20                 ` Frank Ch. Eigler
2019-11-19 20:16                   ` Mark Wielaard
2019-11-19 21:22                     ` Frank Ch. Eigler
2019-11-20 12:50                       ` Mark Wielaard
2019-11-20 13:30                         ` Frank Ch. Eigler
2019-11-21 14:02                           ` Mark Wielaard
2019-11-13 13:57   ` Mark Wielaard
2019-11-14 11:24     ` Frank Ch. Eigler
2019-11-16  0:52       ` Mark Wielaard
2019-11-16  2:28         ` Frank Ch. Eigler
2019-10-30 11:04 ` patch 0/2 debuginfod submission Mark Wielaard
2019-10-30 13:40   ` Frank Ch. Eigler
2019-10-30 14:12     ` Mark Wielaard
2019-10-30 18:11       ` Frank Ch. Eigler
2019-10-31 11:18         ` Mark Wielaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191119211503.GF4911@redhat.com \
    --to=fche@redhat.com \
    --cc=amerey@redhat.com \
    --cc=elfutils-devel@sourceware.org \
    --cc=mark@klomp.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).