From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 108572 invoked by alias); 20 Nov 2019 11:53:30 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 108554 invoked by uid 89); 20 Nov 2019 11:53:29 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 spammy=offer, quality, personal, management X-Spam-Status: No, score=-6.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: gnu.wildebeest.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (212.238.236.112) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 20 Nov 2019 11:53:28 +0000 Received: from tarox.wildebeest.org (tarox.wildebeest.org [172.31.17.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id D4FAA30002CB; Wed, 20 Nov 2019 12:53:25 +0100 (CET) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id 8B5CF413CEAA; Wed, 20 Nov 2019 12:53:25 +0100 (CET) Message-ID: <7f1273e6dbfd52b95e9f8e86f6096fe46e800745.camel@klomp.org> Subject: Re: patch 2/2 debuginfod server etc. From: Mark Wielaard To: "Frank Ch. Eigler" Cc: elfutils-devel@sourceware.org, amerey@redhat.com Date: Wed, 20 Nov 2019 11:53:00 -0000 In-Reply-To: <20191119211503.GF4911@redhat.com> References: <20191028190438.GC14349@redhat.com> <20191028190602.GD14349@redhat.com> <20191028190726.GE14349@redhat.com> <8d0b26865cc18838c24ea57c09f4ee5af713af16.camel@klomp.org> <20191114122953.GC873@redhat.com> <20191118184108.GC2880@redhat.com> <52e9358695f8486af6e4e467660c971a1e97c02f.camel@klomp.org> <20191119161348.GB4911@redhat.com> <20191119201128.GA3494@wildebeest.org> <20191119211503.GF4911@redhat.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Evolution 3.28.5 (3.28.5-5.el7) Mime-Version: 1.0 X-Spam-Flag: NO X-IsSubscribed: yes X-SW-Source: 2019-q4/txt/msg00189.txt.bz2 On Tue, 2019-11-19 at 16:15 -0500, Frank Ch. Eigler wrote: > Hi - >=20 >=20 > > [...] What I want is simply make it easy for the user to say where > > they expect the sources are. So there is no surprises. >=20 > If this were a mandate, it would be a hassle, for any build that's > more than one directory wide. It wouldn't be mandatory. It just wouldn't be the default. > > > The compiled-in default for the binary is off. The systemd service > > > default, it happens to be on, but it's configured to serve only > > > privileged directories that people with bad compilers cannot sneak > > > binaries into. People running personal servers can/should use -F as > > > they see fit. In the context of a normal workgroup - it's fine. > >=20 > > So -F seems fine for the later, just not for the former. >=20 > IMHO, even the former seems okay and even desirable: >=20 > debuginfod -F /usr/lib/debug >=20 > is a safe & easy way to relay the contents of all the debuginfo rpms > that were installed, to nearby clients. All those binaries come from > packages/distros, so are at least as high quality & trustworthiness as > the user's own. Again I offer to do an audit of some distro debuginfo > that all their source refs are milquetoast like /usr/include or > /usr/src/debug. Sure, you could use that if you wanted to share your whole build/source trees and don't mind serving any other files on some local network. I just think it shouldn't be the default. If you go look for odd paths in .debug files you probably will find them. We already know some builds generate and/or build files in /tmp or outside the src/builddir. I'll look to see what is necessary to make sure none of those leak out by default. > > > System certs do not serve to authenticate clients. Client > > > certificates are per-user things that come with their own management > > > headaches. Will think about authentication matters in the future. > >=20 > > I thought ca-certificates.crt were normally used to authenticate > > remote servers. >=20 > ca-certificates.crt types of files (or /usr/share/pki/ files) are the > trust roots for validating the *servers'* certificates. They are > generally provided by the distro, so can't possibly serve as unique > *client* authentication. I think we are talking past each other here. I am not really interested in "client certificates". I am simply interested in knowing what is done for outgoing https connections to be authenticated. What would it take to use the trust roots for validating the server certificates? Thanks, Mark