From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 74259 invoked by alias); 19 Nov 2019 21:15:18 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 74218 invoked by uid 89); 19 Nov 2019 21:15:16 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 spammy=hassle, offer, quality, personal X-Spam-Status: No, score=-3.2 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: us-smtp-delivery-1.mimecast.com Received: from us-smtp-1.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (207.211.31.81) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 19 Nov 2019 21:15:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1574198113; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xryu4OETDcoLnqeqQF2vFwa26BbcCIg82D5X8+2Uv1E=; b=HTPoZoNkDPOyRLQEJl8nPKcp4U7+0N9IWPXaQSTQj2sLFK5KZF0SWxyFiWCVeFtbafCJV7 JvYzsee+s89FTwGBXvxXQix9ysmgf7yRKY8XPWYDHF33suaMwgKqDX7Q73ihsWzkYuuMrq Qbg67vIsu45xv+bdvO9bGBpkmnO/fLU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-37-Dw4HAIZxMAyM6kHYbkr5JA-1; Tue, 19 Nov 2019 16:15:06 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B677D107ACE6; Tue, 19 Nov 2019 21:15:05 +0000 (UTC) Received: from redhat.com (ovpn-116-19.phx2.redhat.com [10.3.116.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 94FFA1001DC0; Tue, 19 Nov 2019 21:15:05 +0000 (UTC) Received: from fche by redhat.com with local (Exim 4.92) (envelope-from ) id 1iXApz-0002zF-VX; Tue, 19 Nov 2019 16:15:04 -0500 Date: Tue, 19 Nov 2019 21:15:00 -0000 From: "Frank Ch. Eigler" To: Mark Wielaard Cc: elfutils-devel@sourceware.org, amerey@redhat.com Subject: Re: patch 2/2 debuginfod server etc. Message-ID: <20191119211503.GF4911@redhat.com> References: <20191028190438.GC14349@redhat.com> <20191028190602.GD14349@redhat.com> <20191028190726.GE14349@redhat.com> <8d0b26865cc18838c24ea57c09f4ee5af713af16.camel@klomp.org> <20191114122953.GC873@redhat.com> <20191118184108.GC2880@redhat.com> <52e9358695f8486af6e4e467660c971a1e97c02f.camel@klomp.org> <20191119161348.GB4911@redhat.com> <20191119201128.GA3494@wildebeest.org> MIME-Version: 1.0 In-Reply-To: <20191119201128.GA3494@wildebeest.org> User-Agent: Mutt/1.12.0 (2019-05-25) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: Dw4HAIZxMAyM6kHYbkr5JA-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-IsSubscribed: yes X-SW-Source: 2019-q4/txt/msg00187.txt.bz2 Hi - > [...] What I want is simply make it easy for the user to say where > they expect the sources are. So there is no surprises. If this were a mandate, it would be a hassle, for any build that's more than one directory wide. > > The -F mode is suitable for sharing build trees. By definition, the > > content is going to be up to the runtime whims of the system, because > > even non-/usr/include files may change between one build and the next. > > This is okay, it is just like running gdb on an older binary when the > > source trees have changed. (We even propagate mtimes to the client, > > so gdb can notice it the same way as if it were local.) >=20 > -F mode does indeed seem suitable for sharing local build trees. If > we add a big warning about it possibly sharing all local files. OK, will add a cautionary blurb to the man page. > > The compiled-in default for the binary is off. The systemd service > > default, it happens to be on, but it's configured to serve only > > privileged directories that people with bad compilers cannot sneak > > binaries into. People running personal servers can/should use -F as > > they see fit. In the context of a normal workgroup - it's fine. >=20 > So -F seems fine for the later, just not for the former. IMHO, even the former seems okay and even desirable: debuginfod -F /usr/lib/debug is a safe & easy way to relay the contents of all the debuginfo rpms that were installed, to nearby clients. All those binaries come from packages/distros, so are at least as high quality & trustworthiness as the user's own. Again I offer to do an audit of some distro debuginfo that all their source refs are milquetoast like /usr/include or /usr/src/debug. > > System certs do not serve to authenticate clients. Client > > certificates are per-user things that come with their own management > > headaches. Will think about authentication matters in the future. >=20 > I thought ca-certificates.crt were normally used to authenticate > remote servers. ca-certificates.crt types of files (or /usr/share/pki/ files) are the trust roots for validating the *servers'* certificates. They are generally provided by the distro, so can't possibly serve as unique *client* authentication. - FChE