IETF Logo Mail Archive

Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)

Ron <ron@debian.org> Mon, 16 December 2013 18:02 UTC

Return-Path: <ron@debian.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50B301ADF9B for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 10:02:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5vvR3J_4EfSx for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 10:02:14 -0800 (PST)
Received: from ipmail04.adl6.internode.on.net (ipmail04.adl6.internode.on.net [IPv6:2001:44b8:8060:ff02:300:1:6:4]) by ietfa.amsl.com (Postfix) with ESMTP id D572F1ADF86 for <rtcweb@ietf.org>; Mon, 16 Dec 2013 10:02:13 -0800 (PST)
Received: from ppp121-45-127-249.lns20.adl6.internode.on.net (HELO audi.shelbyville.oz) ([121.45.127.249]) by ipmail04.adl6.internode.on.net with ESMTP; 17 Dec 2013 04:32:12 +1030
Received: from localhost (localhost [127.0.0.1]) by audi.shelbyville.oz (Postfix) with ESMTP id CEC444F8F3 for <rtcweb@ietf.org>; Tue, 17 Dec 2013 04:32:08 +1030 (CST)
X-Virus-Scanned: Debian amavisd-new at audi.shelbyville.oz
Received: from audi.shelbyville.oz ([127.0.0.1]) by localhost (audi.shelbyville.oz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id PcXWk9mBRUUX for <rtcweb@ietf.org>; Tue, 17 Dec 2013 04:32:08 +1030 (CST)
Received: by audi.shelbyville.oz (Postfix, from userid 1000) id 18EE84F902; Tue, 17 Dec 2013 04:32:08 +1030 (CST)
Date: Tue, 17 Dec 2013 04:32:08 +1030
From: Ron <ron@debian.org>
To: rtcweb@ietf.org
Message-ID: <20131216180208.GG3245@audi.shelbyville.oz>
References: <20131211193239.GK3245@audi.shelbyville.oz> <558F8D49-4024-4DF1-9A9E-AF422F1292C2@iii.ca> <20131212011550.GM3245@audi.shelbyville.oz> <E8882BCE-4795-4CF5-B785-18C2141A5DE2@iii.ca> <20131212183852.GN3245@audi.shelbyville.oz> <9B19C671-4356-4918-B271-D95B7AA84BBA@iii.ca> <20131212213234.GQ3245@audi.shelbyville.oz> <CECFDD00.20577%mzanaty@cisco.com> <52AF1879.60106@alvestrand.no> <71aua9tfn3e0t051e4l06vo9oskfd2lkj4@hive.bjoern.hoehrmann.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <71aua9tfn3e0t051e4l06vo9oskfd2lkj4@hive.bjoern.hoehrmann.de>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 18:02:16 -0000

On Mon, Dec 16, 2013 at 05:55:00PM +0100, Bjoern Hoehrmann wrote:
> * Harald Alvestrand wrote:
> 
> As an example, a binary might contain absolute paths to where the debug
> symbol files have been generated during compilation.

That actually raises another interesting point, being whether the people
proposing these blobs have thought about also providing debug symbols for
them, since the lack of that would certainly make problems harder to
diagnose.

It is possible these days to strip those into a separate image from the
runtime library.


> >The bootable image of the build environment may be the simplest way....
> 
> The idea is to avoid trusting binary blobs, so one binary blob producing
> another binary blob is not really interesting. Of course, explaining how
> to create an equivalent bootable image (install Debian vX.Y with default
> options, apt-get build tools, wget source code, untar, configure, make)
> can avoid many problems.

It actually requires much more than that, since any given Debian X.Y is
not definitive about what versions of which packages you may end up with.
Debian potentially has security updates several times a day, so if a
dependency is affected by one of those, you could build a binary that will
not be perfectly reproducible just a few hours later on "the same" X.Y
release of the distro.

There are several options around that, one being http://snapshot.debian.org/
but really you need to document the precise version of everything in the
loop.

And then there were other fun things the tor people found, like locale
being significant for some builds.


I agree that "here's a binary build environment image" doesn't really solve
the problem though -- that just means the paranoid people we're relying on
to be our canaries here need to solve the even bigger problem of figuring
out how to exactly reproduce it first.  As with the question of toolchain
verification, that's probably something we should leave to the OS vendors,
with the paranoids directly keeping them in check -- since there's probably
already plenty to do here just properly specifying the environment needed
for one relatively simple lib.

Ideally this will all eventually be automated, and people can run build
farms independently, that continually verify all the software all the time.
Which is a big part of the reason I'd like to see the people working on
this all get together to build common tools and infrastructure for it.

  Ron

v2.23.0 | Report a Bug | By Email