[Patch 0/2] Libwaive for signify

  • Done
  • quality assurance status badge
Details
2 participants
  • Leo Famulari
  • Vincent Legoll
Owner
unassigned
Submitted by
Vincent Legoll
Severity
normal

Debbugs page

Vincent Legoll wrote 4 years ago
(name . Tobias Geerinckx-Rice via Guix-patches via)(address . guix-patches@gnu.org)
CAEwRq=pBWFuJw+FoKCQ3amdRdm1c2+s1wzMEzmGgu-exOS=Qrg@mail.gmail.com
The following series adds libwaive, use it
for signify, and remove the TODO item.

I don't know if the test I did is sufficient to
ensure that the libwaive was used but the
following worked OK:

sha256sum -c --ignore-missing SHA256
signify -Cp ./openbsd-68-base.pub -x SHA256.sig miniroot68.img

--
Vincent Legoll
Vincent Legoll wrote 4 years ago
[PATCH 1/2] gnu: Add libwaive.
(address . 45344@debbugs.gnu.org)(name . Vincent Legoll)(address . vincent.legoll@gmail.com)
20201220185302.20652-1-vincent.legoll@gmail.com
* gnu/packages/linux.scm (libwaive): New variable.
---
gnu/packages/linux.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (37 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 2a9aafb50e..a7acab615a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -2526,6 +2526,30 @@ Linux-based operating systems.")
(define-deprecated libcap/next libcap)
(export libcap/next)
+(define-public libwaive
+ ;; There's no release
+ (let ((commit "cdf7c1688dd13e86edd3536b9885b790b0f552e4")
+ (revision "1"))
+ (package
+ (name "libwaive")
+ (version (git-version "0.0.0" revision commit))
+ (home-page "https://github.com/dimkr/libwaive")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url home-page)
+ (commit commit)))
+ (sha256
+ (base32 "1wzy8wqryd26bs6vl8r6sx5jai7afsz0brvjczcpzlfwa7c6c1nn"))
+ (file-name (git-file-name name version))))
+ (build-system cmake-build-system)
+ (arguments '(#:tests? #f))
+ (native-inputs
+ `(("libseccomp" ,libseccomp)))
+ (synopsis "")
+ (description "")
+ (license license:x11))))
+
(define-public bridge-utils
(package
(name "bridge-utils")
--
2.29.2
Vincent Legoll wrote 4 years ago
[PATCH 2/2] gnu: signify: Build with libwaive to emulate OpenBSD's pledge().
(address . 45344@debbugs.gnu.org)(name . Vincent Legoll)(address . vincent.legoll@gmail.com)
20201220185302.20652-2-vincent.legoll@gmail.com
* gnu/packages/crypto.scm (native-inputs): Add libseccomp & libwaive.
(arguments): Add PLEDGE variable to #:make-flags.
---
gnu/packages/crypto.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (28 lines)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 1b51366d7e..0b446c08e2 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -154,17 +154,17 @@ communication, encryption, decryption, signatures, etc.")
(base32
"11l67j04gyxnlw6zrzsygqs5cgsc1sww1rh0apl05yay131hd17n"))))
(build-system gnu-build-system)
- ;; TODO Build with libwaive (described in README.md), to implement something
- ;; like OpenBSD's pledge().
(arguments
`(#:make-flags
- (list "CC=gcc"
+ (list "CC=gcc" "PLEDGE=waive"
(string-append "PREFIX=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
(delete 'configure))))
(native-inputs
- `(("pkg-config" ,pkg-config)))
+ `(("pkg-config" ,pkg-config)
+ ("libseccomp" ,libseccomp)
+ ("libwaive" ,libwaive)))
(inputs
`(("libbsd" ,libbsd)))
(synopsis "Create and verify cryptographic signatures")
--
2.29.2
Vincent Legoll wrote 4 years ago
Following up
(address . 45344@debbugs.gnu.org)
CAEwRq=ppp+gERJ-wJKjMkKhxyXx3anbs2_Ee4FJzct-PPL8tsg@mail.gmail.com
Yes, it's missing a proper description & synopsis.

I'll add those, but will accept feedback anyways.

Thanks

--
Vincent Legoll
Leo Famulari wrote 4 years ago
Re: [bug#45344] [Patch 0/2] Libwaive for signify
(name . Vincent Legoll)(address . vincent.legoll@gmail.com)(address . 45344@debbugs.gnu.org)
YDFZDvm6svVOtI0Q@jasmine.lan
On Sun, Dec 20, 2020 at 07:49:22PM +0100, Vincent Legoll wrote:
Toggle quote (14 lines)
> The following series adds libwaive, use it
> for signify, and remove the TODO item.
>
> I don't know if the test I did is sufficient to
> ensure that the libwaive was used but the
> following worked OK:
>
> wget https://ftp.openbsd.org/pub/OpenBSD/6.8/openbsd-68-base.pub
> wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/miniroot68.img
> wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256
> sha256sum -c --ignore-missing SHA256
> wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256.sig
> signify -Cp ./openbsd-68-base.pub -x SHA256.sig miniroot68.img

Well, as long as signify keeps working, these extra security features
are offered as "best effort" on Linux. From what I can see, the only
OpenBSD software that is fully supported on Linux is OpenSSH. So, we are
only missing the description and synopsis.
Vincent Legoll wrote 4 years ago
(name . Leo Famulari)(address . leo@famulari.name)(address . 45344@debbugs.gnu.org)
CAEwRq=ojf6PA1Vn8LCaOnTBLypsEU8_9dFDEgc_gtJvuS3PEVg@mail.gmail.com
Hello,

On Sat, Feb 20, 2021 at 7:46 PM Leo Famulari <leo@famulari.name> wrote:
Toggle quote (5 lines)
> Well, as long as signify keeps working, these extra security features
> are offered as "best effort" on Linux. From what I can see, the only
> OpenBSD software that is fully supported on Linux is OpenSSH. So, we are
> only missing the description and synopsis.

Yes, I'm not knowledgeable enough to check for sure that this is really
enhancing security or anything else, but saw the light^Wcomment and
tried to do it... It certainly is more interesting than bare boring package
version updates (which I'll still continue to do anyways though).

I'll update the patch with desc and synopsis.

Thanks

--
Vincent Legoll
Vincent Legoll wrote 4 years ago
(name . Leo Famulari)(address . leo@famulari.name)(address . 45344@debbugs.gnu.org)
CAEwRq=qy5oZGtvuL1M-vdxtwpOa=o2UWsfszBKsrEB+V8ePs0A@mail.gmail.com
This one is not ready anyways, signify still uses the
bundled libwaive, I have to handle that properly as
well...

--
Vincent Legoll
Leo Famulari wrote 4 years ago
(name . Vincent Legoll)(address . vincent.legoll@gmail.com)(address . 45344@debbugs.gnu.org)
YDGWiCfiLLAdon6m@jasmine.lan
On Sat, Feb 20, 2021 at 10:38:00PM +0100, Vincent Legoll wrote:
Toggle quote (4 lines)
> This one is not ready anyways, signify still uses the
> bundled libwaive, I have to handle that properly as
> well...

Alright.

I noticed that libwaive hasn't been active in a few years. I wonder if
it's something we should pursue...
Vincent Legoll wrote 4 years ago
(name . Leo Famulari)(address . leo@famulari.name)(address . 45344@debbugs.gnu.org)
CAEwRq=rCopYYM6dbZ=8PkTwEeC4M6_KAyRAzy+qHLjmahOM+qA@mail.gmail.com
Hello,

On Sun, Feb 21, 2021 at 12:09 AM Leo Famulari <leo@famulari.name> wrote:
Toggle quote (3 lines)
> I noticed that libwaive hasn't been active in a few years. I wonder if
> it's something we should pursue...

libwaive is a single-file C (~300 LOCs [1]) source code library, I glanced over
it and it looks straightforward enough. I compared it to the seccomp manpage
[2] code samples and saw nothing suspicious.

I think it may not have been updated for newly added syscalls, but that
should not make it unsecure, mainly because what is not explicitely allowed
is prevented from use (default-locked policy [3]).

So, I'll wait for a bit more feedback before working on this, but I think
it may still be a worthwhile addition.

WDYT ?


--
Vincent Legoll
Leo Famulari wrote 4 years ago
(name . Vincent Legoll)(address . vincent.legoll@gmail.com)(address . 45344@debbugs.gnu.org)
YDKupBZpj6eM+UyB@jasmine.lan
On Sun, Feb 21, 2021 at 10:55:16AM +0100, Vincent Legoll wrote:
Toggle quote (19 lines)
> Hello,
>
> On Sun, Feb 21, 2021 at 12:09 AM Leo Famulari <leo@famulari.name> wrote:
> > I noticed that libwaive hasn't been active in a few years. I wonder if
> > it's something we should pursue...
>
> libwaive is a single-file C (~300 LOCs [1]) source code library, I glanced over
> it and it looks straightforward enough. I compared it to the seccomp manpage
> [2] code samples and saw nothing suspicious.
>
> I think it may not have been updated for newly added syscalls, but that
> should not make it unsecure, mainly because what is not explicitely allowed
> is prevented from use (default-locked policy [3]).
>
> So, I'll wait for a bit more feedback before working on this, but I think
> it may still be a worthwhile addition.
>
> WDYT ?

I think you've done all the things a reviewer would ask for, so please
proceed as you see fit :)
Vincent Legoll wrote 9 months ago
close 45344
(address . control@debbugs.gnu.org)
CAEwRq=qdTnoH1fhzmPkKhDarh+-zSH3ub-uyBcj7zr09o6mRyw@mail.gmail.com
close 45344
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 45344@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 45344
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help