[Patch 0/2] Libwaive for signify

Open

Details

2 participants

Leo Famulari
Vincent Legoll

Owner: unassigned

Submitted by: Vincent Legoll

Severity: normal

Vincent Legoll wrote on 20 Dec 2020 19:49

Recipients:(name . Tobias Geerinckx-Rice via Guix-patches via)(address . guix-patches@gnu.org)

Message-ID:CAEwRq=pBWFuJw+FoKCQ3amdRdm1c2+s1wzMEzmGgu-exOS=Qrg@mail.gmail.com

The following series adds libwaive, use it
for signify, and remove the TODO item.

I don't know if the test I did is sufficient to
ensure that the libwaive was used but the
following worked OK:

wget https://ftp.openbsd.org/pub/OpenBSD/6.8/openbsd-68-base.pub
wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/miniroot68.img
wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256
sha256sum -c --ignore-missing SHA256
wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256.sig
signify -Cp ./openbsd-68-base.pub -x SHA256.sig miniroot68.img

-- 
Vincent Legoll

Vincent Legoll wrote on 20 Dec 2020 19:53

[PATCH 1/2] gnu: Add libwaive.

Recipients:(address . 45344@debbugs.gnu.org)(name . Vincent Legoll)(address . vincent.legoll@gmail.com)

Message-ID:20201220185302.20652-1-vincent.legoll@gmail.com

* gnu/packages/linux.scm (libwaive): New variable.

---

gnu/packages/linux.scm | 24 ++++++++++++++++++++++++

1 file changed, 24 insertions(+)

Toggle diff (37 lines)diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 2a9aafb50e..a7acab615a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -2526,6 +2526,30 @@ Linux-based operating systems.")
 (define-deprecated libcap/next libcap)
 (export libcap/next)
 
+(define-public libwaive
+  ;; There's no release
+  (let ((commit "cdf7c1688dd13e86edd3536b9885b790b0f552e4")
+        (revision "1"))
+    (package
+      (name "libwaive")
+      (version (git-version "0.0.0" revision commit))
+      (home-page "https://github.com/dimkr/libwaive")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url home-page)
+                      (commit commit)))
+                (sha256
+                 (base32 "1wzy8wqryd26bs6vl8r6sx5jai7afsz0brvjczcpzlfwa7c6c1nn"))
+                (file-name (git-file-name name version))))
+    (build-system cmake-build-system)
+    (arguments '(#:tests? #f))
+    (native-inputs
+     `(("libseccomp" ,libseccomp)))
+    (synopsis "")
+    (description "")
+    (license license:x11))))
+
 (define-public bridge-utils
   (package
     (name "bridge-utils")
-- 
2.29.2

Vincent Legoll wrote on 20 Dec 2020 19:53

[PATCH 2/2] gnu: signify: Build with libwaive to emulate OpenBSD's pledge().

Recipients:(address . 45344@debbugs.gnu.org)(name . Vincent Legoll)(address . vincent.legoll@gmail.com)

Message-ID:20201220185302.20652-2-vincent.legoll@gmail.com

* gnu/packages/crypto.scm (native-inputs): Add libseccomp & libwaive.
(arguments): Add PLEDGE variable to #:make-flags.
---
 gnu/packages/crypto.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (28 lines)diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 1b51366d7e..0b446c08e2 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -154,17 +154,17 @@ communication, encryption, decryption, signatures, etc.")
                (base32
                 "11l67j04gyxnlw6zrzsygqs5cgsc1sww1rh0apl05yay131hd17n"))))
     (build-system gnu-build-system)
-    ;; TODO Build with libwaive (described in README.md), to implement something
-    ;; like OpenBSD's pledge().
     (arguments
      `(#:make-flags
-       (list "CC=gcc"
+       (list "CC=gcc" "PLEDGE=waive"
              (string-append "PREFIX=" (assoc-ref %outputs "out")))
        #:phases
        (modify-phases %standard-phases
          (delete 'configure))))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("pkg-config" ,pkg-config)
+       ("libseccomp" ,libseccomp)
+       ("libwaive" ,libwaive)))
     (inputs
      `(("libbsd" ,libbsd)))
     (synopsis "Create and verify cryptographic signatures")
-- 
2.29.2

Vincent Legoll wrote on 20 Dec 2020 19:55

Following up

Recipients:(address . 45344@debbugs.gnu.org)

Message-ID:CAEwRq=ppp+gERJ-wJKjMkKhxyXx3anbs2_Ee4FJzct-PPL8tsg@mail.gmail.com

Yes, it's missing a proper description & synopsis.

I'll add those, but will accept feedback anyways.

Thanks

Vincent Legoll

Leo Famulari wrote on 20 Feb 2021 19:46

Re: [bug#45344] [Patch 0/2] Libwaive for signify

Recipients:(name . Vincent Legoll)(address . vincent.legoll@gmail.com)(address . 45344@debbugs.gnu.org)

Message-ID:YDFZDvm6svVOtI0Q@jasmine.lan

On Sun, Dec 20, 2020 at 07:49:22PM +0100, Vincent Legoll wrote:

Toggle quote (14 lines)> The following series adds libwaive, use it
> for signify, and remove the TODO item.
> 
> I don't know if the test I did is sufficient to
> ensure that the libwaive was used but the
> following worked OK:
> 
> wget https://ftp.openbsd.org/pub/OpenBSD/6.8/openbsd-68-base.pub
> wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/miniroot68.img
> wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256
> sha256sum -c --ignore-missing SHA256
> wget https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/SHA256.sig
> signify -Cp ./openbsd-68-base.pub -x SHA256.sig miniroot68.img

Well, as long as signify keeps working, these extra security features
are offered as "best effort" on Linux. From what I can see, the only
OpenBSD software that is fully supported on Linux is OpenSSH. So, we are
only missing the description and synopsis.

Vincent Legoll wrote on 20 Feb 2021 20:05

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 45344@debbugs.gnu.org)

Message-ID:CAEwRq=ojf6PA1Vn8LCaOnTBLypsEU8_9dFDEgc_gtJvuS3PEVg@mail.gmail.com

Hello,

On Sat, Feb 20, 2021 at 7:46 PM Leo Famulari <leo@famulari.name> wrote:

Toggle quote (5 lines)

> Well, as long as signify keeps working, these extra security features

> are offered as "best effort" on Linux. From what I can see, the only

> OpenBSD software that is fully supported on Linux is OpenSSH. So, we are

> only missing the description and synopsis.

Yes, I'm not knowledgeable enough to check for sure that this is really

enhancing security or anything else, but saw the light^Wcomment and

tried to do it... It certainly is more interesting than bare boring package

version updates (which I'll still continue to do anyways though).

I'll update the patch with desc and synopsis.

Thanks

Vincent Legoll

Vincent Legoll wrote on 20 Feb 2021 22:38

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 45344@debbugs.gnu.org)

Message-ID:CAEwRq=qy5oZGtvuL1M-vdxtwpOa=o2UWsfszBKsrEB+V8ePs0A@mail.gmail.com

This one is not ready anyways, signify still uses the
bundled libwaive, I have to handle that properly as
well...

-- 
Vincent Legoll

Leo Famulari wrote on 21 Feb 2021 00:08

Recipients:(name . Vincent Legoll)(address . vincent.legoll@gmail.com)(address . 45344@debbugs.gnu.org)

Message-ID:YDGWiCfiLLAdon6m@jasmine.lan

On Sat, Feb 20, 2021 at 10:38:00PM +0100, Vincent Legoll wrote:

Toggle quote (4 lines)

> This one is not ready anyways, signify still uses the

> bundled libwaive, I have to handle that properly as

> well...

Alright.

I noticed that libwaive hasn't been active in a few years. I wonder if

it's something we should pursue...

Vincent Legoll wrote on 21 Feb 2021 10:55

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 45344@debbugs.gnu.org)

Message-ID:CAEwRq=rCopYYM6dbZ=8PkTwEeC4M6_KAyRAzy+qHLjmahOM+qA@mail.gmail.com

Hello,

On Sun, Feb 21, 2021 at 12:09 AM Leo Famulari <leo@famulari.name> wrote:

Toggle quote (3 lines)

> I noticed that libwaive hasn't been active in a few years. I wonder if

> it's something we should pursue...

libwaive is a single-file C (~300 LOCs [1]) source code library, I glanced over

it and it looks straightforward enough. I compared it to the seccomp manpage

[2] code samples and saw nothing suspicious.

I think it may not have been updated for newly added syscalls, but that

should not make it unsecure, mainly because what is not explicitely allowed

is prevented from use (default-locked policy [3]).

So, I'll wait for a bit more feedback before working on this, but I think

it may still be a worthwhile addition.

WDYT ?

[1] https://github.com/dimkr/libwaive/blob/master/waive.c

[2] https://man7.org/linux/man-pages/man3/seccomp_rule_add.3.html

[3] https://en.wikipedia.org/wiki/Seccomp

Vincent Legoll

Leo Famulari wrote on 21 Feb 2021 20:04

Recipients:(name . Vincent Legoll)(address . vincent.legoll@gmail.com)(address . 45344@debbugs.gnu.org)

Message-ID:YDKupBZpj6eM+UyB@jasmine.lan

On Sun, Feb 21, 2021 at 10:55:16AM +0100, Vincent Legoll wrote:

Toggle quote (19 lines)> Hello,
> 
> On Sun, Feb 21, 2021 at 12:09 AM Leo Famulari <leo@famulari.name> wrote:
> > I noticed that libwaive hasn't been active in a few years. I wonder if
> > it's something we should pursue...
> 
> libwaive is a single-file C (~300 LOCs [1]) source code library, I glanced over
> it and it looks straightforward enough. I compared it to the seccomp manpage
> [2] code samples and saw nothing suspicious.
> 
> I think it may not have been updated for newly added syscalls, but that
> should not make it unsecure, mainly because what is not explicitely allowed
> is prevented from use (default-locked policy [3]).
> 
> So, I'll wait for a bit more feedback before working on this, but I think
> it may still be a worthwhile addition.
> 
> WDYT ?

I think you've done all the things a reviewer would ask for, so please

proceed as you see fit :)

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 45344@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date