Re: [Bug debuginfod/27277] Describe retrieved files when verbose

[Mark Wielaard]

Hi,

On Thu, 2021-08-05 at 12:54 -0400, Frank Ch. Eigler wrote:
> > I like the verbose http header output, but wish it was done earlier
> > instead of after the download. Maybe when we commit to an url, if
> > the
> > info is available then.
> 
> What do you mean "done"?  Printed?

Yes, since the actual download might take a bit, it is nice to see the
headers at the moment we commit to a server/download. aka here in the
source:

  if (vfd >= 0 && !verbose_reported && committed_to >= 0)
{
  bool pnl = (c->default_progressfn_printed_p && vfd == STDERR_FILENO);
  dprintf (vfd, "%scommitted to url %d\n", pnl ? "\n" : "",
   committed_to);
  if (pnl)
c->default_progressfn_printed_p = 0;
  verbose_reported = true;
}

Assuming we have the headers at that point of course.
Otherwise right after that when they become available (this is inside
the download loop).

> > The new X-FILE and X-ARCHIVE headers also seem useful.
> > One question about X-FILE, if it doesn't come from an archive, does
> > it
> > leak a file system path that might be "secret" on the server?
> 
> Perhaps kind of sort of ... but since source files for such buildids
> are resolved only against the host filesystem, those same names will
> be there in all their glory in the DWARF.  My guess is that public
> servers that care about such configuration privacy will be
> exclusively
> archive based.

Yeah, you are right, the DWARF debug files themselves already "expose"
those paths.

> > Why is X-FILE-SIZE != Content-Length ?
> 
> Because Content-Length can be shorter due to compression
> transfer-encoding.  It's the file size that governs local storage &
> DEBUGINFOD_MAXSIZE interaction.

Ah, of course, then it is indeed useful to have both headers.

> > I am less enthusiastic about the new
> > debuginfod_get_response_headers
> > interface. It seems not as useful since it only works if we haven't
> > already (negatively) cached the file and it is very free-form, do
> > we
> > guarantee any headers are there? 
> 
> Naturally we can't guarantee any headers, because they are at the
> pleasure of the server.
> 
> > Could you provide a user story where this is used?
> 
> Not really, beyond just printing the things for information purposes,
> but not wanting the whole DEBUGINFOD_VERBOSE=1 firehose.  In the mid
> term, it could help systemd-coredumpctl type tools map buildids to
> actual distro artifact names, and enable paranoid
> federation/buildtree/checking type measures (where we may want to
> spot-check servers that buildids haven't been hijacked).  Vague but I
> think there's something there.

Yes, I do think there is something there, but imho it is too vague and
fragile to be useful as is, especially since it depends on what is in
the cache.

> > Maybe this interface is more useful if it was done as a new active
> > query type (the HEAD query you mention in the commit message)?
> 
> That in turn would require THREE new API functions or a stateful
> set_HEAD_mode_and_return_dev_null one and modifying the three main
> lookup functions.

Yes, it definitely is more work.

Cheers,

Mark

Re: [Bug debuginfod/27277] Describe retrieved files when verbose

[Frank Ch. Eigler via Elfutils-devel]

Hi -

> Yes, since the actual download might take a bit, it is nice to see the
> headers at the moment we commit to a server/download. aka here in the
> source:
> 
>   if (vfd >= 0 && !verbose_reported && committed_to >= 0)
> {
>   bool pnl = (c->default_progressfn_printed_p && vfd == STDERR_FILENO);
>   dprintf (vfd, "%scommitted to url %d\n", pnl ? "\n" : "",
>committed_to);
>   if (pnl)
> c->default_progressfn_printed_p = 0;
>   verbose_reported = true;
> }

One could print it there, but verbose printing is so voluminous and
unstructured that mingling http headers there can only be for a
masochist human's consumption.


> > > Why is X-FILE-SIZE != Content-Length ?
> > 
> > Because Content-Length can be shorter due to compression
> > transfer-encoding.  It's the file size that governs local storage &
> > DEBUGINFOD_MAXSIZE interaction.
> 
> Ah, of course, then it is indeed useful to have both headers.

(... which reminds me, we should document those new headers in the
webapi section of the debuginfod.8 man page ...)


> Yes, I do think there is something there, but imho it is too vague and
> fragile to be useful as is, especially since it depends on what is in
> the cache.

I believe you mean that these headers would only be available for
files fetched anew, not for queries previously cached.  Yeah.  A
person or tool can force a new fetch by using something like
DEBUGINFOD_CACHE_PATH=`mktemp -d`.


> > That in turn would require THREE new API functions or a stateful
> > set_HEAD_mode_and_return_dev_null one and modifying the three main
> > lookup functions.
> 
> Yes, it definitely is more work.

So, is that your suggestion?  We proceed with that sort of thing?


- FChE

[Bug debuginfod/28204] New: extend webapi / verification with forthcoming signed-contents archives

[fche at redhat dot com via Elfutils-devel]

https://sourceware.org/bugzilla/show_bug.cgi?id=28204

Bug ID: 28204
   Summary: extend webapi / verification with forthcoming
signed-contents archives
   Product: elfutils
   Version: unspecified
Status: NEW
  Severity: normal
  Priority: P2
 Component: debuginfod
  Assignee: unassigned at sourceware dot org
  Reporter: fche at redhat dot com
CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Efforts such as https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents
might look stalled, but some distro builds are experimenting with this stuff
already.   We may soon avail ourselves of RPMs that carry per-file IMA
signatures.  If so, we should extract those signature bits and pass them back
to debuginfod clients.  They may be able to offline verify the integrity of the
download, so as to not trust the debuginfod server.

-- 
You are receiving this mail because:
You are on the CC list for the bug.