IETF Logo Mail Archive

Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)

Randell Jesup <randell-ietf@jesup.org> Tue, 17 December 2013 07:39 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31FF61AE0EC for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 23:39:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl8Elcjq4jfO for <rtcweb@ietfa.amsl.com>; Mon, 16 Dec 2013 23:39:17 -0800 (PST)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id E2A911ADFBF for <rtcweb@ietf.org>; Mon, 16 Dec 2013 23:39:16 -0800 (PST)
Received: from pool-173-49-144-199.phlapa.fios.verizon.net ([173.49.144.199]:4332 helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <randell-ietf@jesup.org>) id 1VspFL-000AjG-Fg for rtcweb@ietf.org; Tue, 17 Dec 2013 01:39:15 -0600
Message-ID: <52AFFF91.4060704@jesup.org>
Date: Tue, 17 Dec 2013 02:38:57 -0500
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <186CE8D65BA3A741A81A543F936DD0D10A5803D8@xmb-rcd-x07.cisco.com> <A672E2AB-827D-46E8-9EB1-D7ED82B10B94@cisco.com> <20131211193239.GK3245@audi.shelbyville.oz> <558F8D49-4024-4DF1-9A9E-AF422F1292C2@iii.ca> <20131212011550.GM3245@audi.shelbyville.oz> <E8882BCE-4795-4CF5-B785-18C2141A5DE2@iii.ca> <20131212183852.GN3245@audi.shelbyville.oz> <9B19C671-4356-4918-B271-D95B7AA84BBA@iii.ca> <20131212213234.GQ3245@audi.shelbyville.oz> <CECFDD00.20577%mzanaty@cisco.com> <52AF1879.60106@alvestrand.no>
In-Reply-To: <52AF1879.60106@alvestrand.no>
Content-Type: multipart/alternative; boundary="------------010402030302070806030703"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Get-Message-Sender-Via: r2-chicago.webserversystems.com: authenticated_id: randell@jesup.org
Subject: Re: [rtcweb] Hermetic builds (Re: Cisco to open source its H.264 implementation and absorb MPEG-LA licensing fees)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2013 07:39:19 -0000

On 12/16/2013 10:12 AM, Harald Alvestrand wrote:
> Since this is a subthread with technical content, I'd like it to have 
> its own header....
>
> the name I've heard for this kind of generation environments is 
> "hermetic build".
> Google's been trying for hermetic builds for NaCL for instance - see 
> this doc:
> http://www.chromium.org/nativeclient/design-documents/building-a-hermetic-toolchain-on-cygwin
>
>
> On 12/13/2013 04:33 AM, Mo Zanaty (mzanaty) wrote:
>> Yes, Cisco and Mozilla plan on solving fully reproducible binaries for all
>> targets officially supported in the openh264 project. Nothing less would
>> be acceptable to the community, especially given the recent security
>> incidents.
>>
>> We welcome contributions from anyone who has struggled with this in the
>> past, and is aware of specific problems or solutions beyond the obvious
>> ones below.
>>
>> 1. Identical source trees (git hash)
>> 2. Identical project configuration (make targets that include all
>> configuration options)
>> 3. Identical tool chains on similar build machines (same arch at least,
>> probably x86-64)
>> 4. Deterministic tool chains (avoid tool options that lack determinism)
>> 5. Deterministically identical tool chain output must be hashed separately
>> from uniquely generated data (build info, etc.)
>>
>> Some feel that tool chains can also be subverted and therefore should also
>> be built from source, using some root golden tool chain. We are not that
>> paranoid yet. Should we be?

#include <classic_unix_getty_backdoor.h>

Tool chains absolutely can be subverted, to the point where even 
rebuilding them using themselves from 'clean' source leaves them subverted.

Super-widely-distributed binaries (like this would be) are obvious 
targets for such things (as are browsers like Chrome and Firefox - but 
those have some extra safety due to build built across a wide range of 
toolchains - but even that leaves the official binaries at risk in theory).

At some point, you have to decide if hand-assembling code with a hex 
editor is worth it (and do you *trust* your hex editor?)
;-)  And don't forget, the backdoor code-flip could be in the filesystem 
too!  With some serious hackery, even in the HD (stretching, but 
theoretically possible I believe).

If you don't want to go that far down, you need to decide to trust 
*some* basic toolchain, use it to build the "current" toolchain, and use 
that to build the binaries.  You can help yourselves by choosing a base 
toolchain that predates anyone knowing you're going to use it for this 
project.  (Note: base toolchain includes the base OS...)

-- 
Randell Jesup -- rjesup a t mozilla d o t com

v2.23.0 | Report a Bug | By Email