| 1 |
On 02/28/2017 12:05 PM, Miroslav Rovis wrote: |
| 2 |
|
| 3 |
> On 170227-21:59-0500, Rich Freeman wrote: |
| 4 |
>> On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis |
| 5 |
>> <miro.rovis@××××××××××××××.hr> wrote: |
| 6 |
>>> Apologies for my not being able to reply sooner! |
| 7 |
>>> |
| 8 |
>>> On 170227-18:18+0300, Andrew Savchenko wrote: |
| 9 |
>>> |
| 10 |
>>>>> And via a new private big business, the Github. Giving over all users to |
| 11 |
>>>>> big Github brother. |
| 12 |
>>>> ??? |
| 13 |
>>>> Github is entirely optional and is only for those who want to use it |
| 14 |
>>>> (we have both users and devs willing so), but in no way anyone |
| 15 |
>>>> demands its usage. |
| 16 |
>>> Yeah! Still, it would be great if git was used in distributed way, and |
| 17 |
>>> not from a central private business... |
| 18 |
>>> |
| 19 |
>> Git can pretty-much ONLY be used in a distributed way. |
| 20 |
> Correct, in that sense. But I didn't express clearly what I meant. |
| 21 |
> |
| 22 |
> I really meant in this sense (invented quotations in this paragraph): |
| 23 |
>> Git was intended for everyone to run their own little git server and |
| 24 |
>> pull from each other. Git was NOT invented for centralized commercial |
| 25 |
>> social networking clouds such as github! |
| 26 |
> That was from: |
| 27 |
> https://wiki.gentoo.org/wiki/Overlay:Youbroketheinternet |
| 28 |
> |
| 29 |
>> In the sync |
| 30 |
>> workflow github is basically just a mirror. A lot of our mirrors are |
| 31 |
>> run by private businesses, and nobody knows what OS they're even |
| 32 |
>> hosted on, let alone whether the firmware and CPU microcode are FOSS |
| 33 |
>> along with their hard drive firmware. |
| 34 |
> I understand that. And I support any honess business. What I hate is |
| 35 |
> examples like Google, Oracle, Microsoft, IBM is a little more honest, I |
| 36 |
> think... The few at the control of those ruined so much in computing and |
| 37 |
> the internet. |
| 38 |
> |
| 39 |
> GNU and FOSS, to lesser extent OSi, are good, even beautiful, socially |
| 40 |
> and philosophically. |
| 41 |
> |
| 42 |
>> As far as distribution goes I think github is the wrong thing to worry |
| 43 |
>> about. What you want is traceable signatures from dev to user. Once |
| 44 |
>> you have that you can download from an NSA mirror and there shouldn't |
| 45 |
>> be any risk. All a mirror does is replicate data, and if |
| 46 |
>> modifications are detectable the worst they can do is a DoS. |
| 47 |
> I see. |
| 48 |
>> Most of the concerns that people tend to have with github is that you |
| 49 |
>> can become dependent on them for issue and pull request tracking and |
| 50 |
>> then if they decide to pull the plug you lose all that data. We try |
| 51 |
>> to minimize the use of these features and not make it a core part of |
| 52 |
>> the dev workflow. |
| 53 |
> Good practice! |
| 54 |
> |
| 55 |
>> But, we do use pull requests and in theory we could |
| 56 |
>> lose those someday. The actual code itself gets pushed to the Gentoo |
| 57 |
>> infra Repo from a developer's box using plain old git after they've |
| 58 |
>> inspected/tested/etc it. So, there isn't really any way for Github to |
| 59 |
>> go injecting commits into the repositories we actually use. I guess |
| 60 |
>> they could do it for anybody using our github mirrors on the |
| 61 |
>> distribution side, but that's only because we don't have that all |
| 62 |
>> locked down and the same issue applies with any other mirror (rsync, |
| 63 |
>> etc). Again, you really need end-to-end signature checking to make |
| 64 |
>> any of these things truly safe. |
| 65 |
> Absolutely! I did figure that out since long! |
| 66 |
>> -- |
| 67 |
>> Rich |
| 68 |
>> |
| 69 |
> And what I've spent some time doing today, is figuring out about the |
| 70 |
> info that I finally got from you people! |
| 71 |
> |
| 72 |
> About time! My rattling was all about whether there was or wasn't a way |
| 73 |
> to do what is still in the title of that mail that I linked to, and gave |
| 74 |
> Message-ID of, to do this: |
| 75 |
> |
| 76 |
> Is it safe to switch from webrsync to the git repo now? |
| 77 |
> |
| 78 |
> And finally Andrew Shavchenko pointed me to gkeys ! |
| 79 |
> |
| 80 |
> Here's the answer to my query (ah, just the beginning of, my |
| 81 |
> implementation of it will take time): |
| 82 |
> |
| 83 |
> emerge -tuDN app-crypt/gkeys app-crypt/gkeys-gen |
| 84 |
> |
| 85 |
> # equery f gkeys-gen |
| 86 |
> ... |
| 87 |
> /usr/share/doc/gkeys-gen-0.2/README.md.bz2 |
| 88 |
> ... |
| 89 |
> |
| 90 |
> ( |
| 91 |
> NOTE: The: |
| 92 |
> /usr/share/doc/gkeys-0.2/README.md.bz2 |
| 93 |
> of the gkeys package is identical. |
| 94 |
> ) |
| 95 |
> |
| 96 |
> # bzcat /usr/share/doc/gkeys-gen-0.2/README.md.bz2 |
| 97 |
> |
| 98 |
> Gentoo Keys |
| 99 |
> ----------- |
| 100 |
> |
| 101 |
> ### About |
| 102 |
> |
| 103 |
> Gentoo Keys is a Python based project that aims to manage the GPG keys used |
| 104 |
> for validation on users and Gentoo's infrastracutre servers. Gentoo Keys will be able |
| 105 |
> to verify GPG keys used for Gentoo's release media, such as installation CD's, |
| 106 |
> Live DVD's, packages and other GPG signed documents. It will also be used by |
| 107 |
> Gentoo infrastructure to achieve GPG signed git commits in the forthcoming git |
| 108 |
> migration of the main CVS tree. |
| 109 |
> |
| 110 |
> ### License |
| 111 |
> |
| 112 |
> Gentoo Keys is under GPL-2 License |
| 113 |
> # |
| 114 |
> |
| 115 |
> But do I read this correctly?: |
| 116 |
> |
| 117 |
> ...Gentoo Keys will be able |
| 118 |
> to verify GPG keys used for Gentoo's release media, such as installation CD's, |
| 119 |
> Live DVD's, packages and other GPG signed documents. |
| 120 |
> |
| 121 |
> Again, about this (syntactical) object (in the sentence), with other |
| 122 |
> objects removed: |
| 123 |
> |
| 124 |
> ...Gentoo Keys will be able |
| 125 |
> to verify GPG keys used for ... |
| 126 |
> ... packages... |
| 127 |
> |
| 128 |
> Does that mean what I read? That with gkeys any user will be able to get |
| 129 |
> packages via git, and somehow automatically gpg -verify the signature of |
| 130 |
> each package that (s)he got when (s)he, say: |
| 131 |
> |
| 132 |
> emerge -tuDN world |
| 133 |
> |
| 134 |
> ? |
| 135 |
> |
| 136 |
> Does that mean that? |
| 137 |
> |
| 138 |
> And then, to achieve true verifiability in the open (machine connected |
| 139 |
> to online, and doing emerge'ing), you know what is still left to be |
| 140 |
> done? This: |
| 141 |
> |
| 142 |
> Write TLS session keys to $SSLKEYLOGFILE #11614 |
| 143 |
> https://github.com/rg3/youtube-dl/issues/11614#issuecomment-271064602 |
| 144 |
> |
| 145 |
> ( of course, apply that to git, just the way it has been, and that's so |
| 146 |
> beautiful to me, applied to wget, kudos to wget maintainer Giuseppe |
| 147 |
> Scrivano! IIRC his name ) |
| 148 |
> |
| 149 |
> There's no encryption on me, behind my back, in my machine that I can |
| 150 |
> allow and believe it's fine. No way. It must be allowed by me, asked of |
| 151 |
> me, and decryptable for me! |
| 152 |
> |
| 153 |
> ( I decided to go without dbus in my life after this happened, behind my |
| 154 |
> back, with my Debian installation: |
| 155 |
> |
| 156 |
> How to avoid stealth installation of systemd? |
| 157 |
> http://forums.debian.net/viewtopic.php?f=20&t=116770&start=45#p552566 |
| 158 |
> |
| 159 |
> PASTING, so readers get a feel about it: |
| 160 |
> |
| 161 |
> $ ps aux | grep ssh |
| 162 |
> root 2184 0.0 0.0 54976 1004 ? Ss Sep06 0:00 /usr/sbin/sshd |
| 163 |
> mr 2447 0.0 0.0 10592 32 ? Ss Sep06 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-manager |
| 164 |
> mr 15141 0.0 0.0 19980 1796 pts/9 S+ 21:48 0:00 grep ssh |
| 165 |
> |
| 166 |
> PASTED. |
| 167 |
> ) |
| 168 |
> |
| 169 |
> But, I already spent on this more than I can if I am not to lose track |
| 170 |
> on other things that I'm now doing (related to virtualization). Will |
| 171 |
> have to leave this issue very soon now, else I'll have to go over from |
| 172 |
> scratch in that other work... |
| 173 |
> |
| 174 |
> Thanks, Rich! |
| 175 |
> |
| 176 |
> So, do I read those gkeys/gkeys-gen READMEs correctly? |
| 177 |
> |
| 178 |
> Regards! |
| 179 |
> |
| 180 |
It is possible to have a reasonably secure system where the hard drive |
| 181 |
firmware (or any other devices) can't fuck around with the stuff on |
| 182 |
disk, although I highly doubt that the gentoo infrastructure (and |
| 183 |
kernel.org, and all the source repos for all the other software) does this |
| 184 |
|
| 185 |
One way is to use a blob-free coreboot IOMMU supporting board and |
| 186 |
bootstrap the crypto/kernel off of the board firmware EEPROM chip to |
| 187 |
load the initial kernel thus no plaintext touches the disk and thus |
| 188 |
nothing can mess with it. |
| 189 |
|
| 190 |
The IOMMU (theoretically) protects the CPU and memory from rogue |
| 191 |
devices, such as the hard drive. |
| 192 |
|
| 193 |
In terms of ethics IBM *for now* is a way better company than Intel/AMD, |
| 194 |
their POWER servers are owner controlled as there isn't any boot |
| 195 |
guard/secure boot/management engine/platform "security" processor (amd's |
| 196 |
ME) to stop you from re-writing the firmware as you please. They also |
| 197 |
have an getting-there-almost-reasonable open source effort (OpenPOWER) |
| 198 |
|
| 199 |
You can buy a TYAN OpenPOWER8 "Palmetto" (100% FOSS out of the box, |
| 200 |
although not that powerful) or an IBM POWER8 S822 "Firestone" (very |
| 201 |
powerful) which needs only a small amount of final work to be open sourced. |
| 202 |
|
| 203 |
IBM's POWER8 has a supervisor processor, although it is owner controlled |
| 204 |
(the key difference) unlike ME/PSP. |
| 205 |
|
| 206 |
It is a shame that TALOS (POWER workstation board) never went anywhere, |
| 207 |
it seems the linux community won't care about real freedom - right up |
| 208 |
until microsoft finally locks us out for good and it is too late to do |
| 209 |
anything about it. |
| 210 |
|
| 211 |
https://www.coreboot.org/Board_freedom_levels |
Archives