From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 401043858D33 for ; Thu, 28 Jul 2022 16:23:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 401043858D33 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from tarox.wildebeest.org (83-87-18-245.cable.dynamic.v4.ziggo.nl [83.87.18.245]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 28F2F303C3D5; Thu, 28 Jul 2022 18:23:41 +0200 (CEST) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id 78A29413CBBB; Thu, 28 Jul 2022 18:23:41 +0200 (CEST) Message-ID: <7e442ae6d3be28043d3c3ecd8a66af011b8dd573.camel@klomp.org> Subject: Re: debuginfod Credential Helper RFC From: Mark Wielaard To: Daniel Thornburgh , elfutils-devel@sourceware.org Date: Thu, 28 Jul 2022 18:23:41 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Evolution 3.28.5 (3.28.5-10.el7) Mime-Version: 1.0 X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00, HK_OBFDOM, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2022 16:23:45 -0000 Hi Daniel, On Tue, 2022-07-26 at 15:50 -0700, Daniel Thornburgh via Elfutils-devel=20 wrote: > I'm working on a use case for debuginfod (in LLVM) that needs a > solution > for authentication and authorization of users when accessing source and > debug information. I've put together a short RFC for how this might work, > based on how git and Docker CLIs handle credentials. It should be fairly > straightforward to implement and to generalize to new credential types. >=20 > Please take a look; it'd be good to have a consensus on how this should > work across interested debuginfod implementations before moving forward > towards implementation. I think this could work for a standalone program like debuginfod-find, but not for a library like libdebuginfod. I would rather not have to fork and exec from libdebuginfod. We don't really know in what state the program is and forking a big process is not cheap. The process might be watching its own children (like when libdebuginfod is used in a debugger or profiler) and suddenly get unexpected sigchilds or pids from wait. Can't this be handled through e.g. the underlying libcurl library by setting a proxy environment variable so the requests goes through a local proxy that is setup to do some kind of authentication transparently? Or by simply defining the base DEBUGINFOD_URL with=20 https://user:pass@debuginfod.example.com/ ? Thanks, Mark