Re: Adding Passim as a Fedora 40 feature?
On Thu, Sep 7 2023 at 12:55:03 PM +0200, Fabio Valentini wrote: Sure, but that means it will still be started on Fedora with default configuration, unless I misunderstand something? It will. D-Bus services are a little weird because they often ship systemd services but they're still effectively enabled by default even if the systemd service is disabled. The disabled preset means systemd *itself* will not activate the service, but dbus-broker still will. This is sort of an end run around the expectation that FESCo approve new services, but FESCo only approves systemd presets, and no preset is required for D-Bus services. And almost all desktop services are D-Bus services. It's actually not *too* serious of a problem IMO, because packages generally make good decisions, and somebody is going to notice if something unwanted appears. But it's probably not what you're expecting if you're thinking that new services have to be approved. Michael ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Thu, Sep 7, 2023 at 12:53 PM Richard Hughes wrote: > > On Thu, 7 Sept 2023 at 11:36, Fabio Valentini wrote: > > All systemd services that have an "enabled by default" preset need to do > > that: > > https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_enabling_services_by_default > > It's not exactly enabled by default -- it's autostarted when required > using D-Bus system activation. If you don't ever use it (if fwupd is > configured with no active remotes, like in RHEL) then it never gets > started at all. Sure, but that means it will still be started on Fedora with default configuration, unless I misunderstand something? Fabio ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Thu, 7 Sept 2023 at 11:36, Fabio Valentini wrote: > All systemd services that have an "enabled by default" preset need to do that: > https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_enabling_services_by_default It's not exactly enabled by default -- it's autostarted when required using D-Bus system activation. If you don't ever use it (if fwupd is configured with no active remotes, like in RHEL) then it never gets started at all. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Thu, Sep 7, 2023 at 8:00 AM Richard Hughes wrote: > > On Wed, 6 Sept 2023 at 21:32, Adam Williamson > wrote: > > There is no -lib package split in Fedora currently. The 'passim' > > package provides the libraries. > > https://koji.fedoraproject.org/koji/buildinfo?buildID=2278800 - there > > is no 'passim-libs'. > > Oopa, sorry. I pushed the commit: > > commit 44a1d6df6cf40912ea07bd7e71bc69bc0742e814 (HEAD -> main, > origin/rawhide, origin/main, origin/HEAD) > Author: Richard Hughes > Date: Fri Aug 25 20:53:33 2023 +0100 > > Split out a -libs subpackage > > :100644 100644 bc51e57 3ad7ccc Mpassim.spec > > ...but for some reason didn't do the build. Building now. > > > Sep 06 02:27:08 fedora systemd[1]: Starting passim.service - A local > > caching server... > > Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed to set up > > mount namespacing: /run/systemd/mount-rootfs/var/lib/passim/data: No such > > file or directory > > Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed at step > > NAMESPACE spawning /usr/libexec/passimd: No such file or directory > > Sep 06 02:27:08 fedora systemd[1]: passim.service: Main process exited, > > code=exited, status=226/NAMESPACE > > Sep 06 02:27:08 fedora systemd[1]: passim.service: Failed with result > > 'exit-code'. > > > > I'm guessing the "failed to set up mount namespacing" thing is the real > > problem, and the error about /usr/libexec/passimd not being there is > > just some odd consequence of the namespacing problem. > > Will debug today, thanks. > > > > It's intentional in that if the feature gets rejected I'd change the > > > "Recommends" to a "Suggests". If you'd rather me do the opposite (i.e. > > > move from Suggests to Recommends if the proposal gets accepted) that's > > > 100% okay with me and I can do that tomorrow. > > > > I do think that would be more appropriate. But you'd also need to split > > the libs out for this to mean anything. > > Done, also building for rawhide now. Note that if you want the passim service to be enabled by default, you will need to request approval with FESCo (or the appropriate Working Group). All systemd services that have an "enabled by default" preset need to do that: https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_enabling_services_by_default And at that point, I'd rather have this as a proper System-Wide Change Proposal than just a discussion on the mailing list. Fabio ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, Sep 06, 2023 at 07:58:24AM -0400, Stephen Smoogen wrote: > On Fri, 25 Aug 2023 at 13:31, Richard Hughes wrote: > > > On Fri, 25 Aug 2023 at 16:27, Stephen Smoogen wrote: > > > It depends on the scanning from ports open to unknown shared files to > > 'why did our network costs go up so much?' > > > > Surely if you're on a local network with bandwidth costs you'd turn > > off avahi or lock down the firewall? Lots of stuff blasts out mDNS > > traffic these days. mDNS traffic is 99.9% local, shouldn't matter for metered connections. > In the Windows world, you have a one-click which says 'I am on a metered > line' which is supposed to do things like that. I don't see anything like > that on the Mac but I am only 'learning' it now. In MacOS X there's "Low data mode" switch, but it's available on WiFi connections only (it seems). -- Tomasz Torcz 72->| 80->| to...@pipebreaker.pl 72->| 80->| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 6 Sept 2023 at 21:32, Adam Williamson wrote: > There is no -lib package split in Fedora currently. The 'passim' > package provides the libraries. > https://koji.fedoraproject.org/koji/buildinfo?buildID=2278800 - there > is no 'passim-libs'. Oopa, sorry. I pushed the commit: commit 44a1d6df6cf40912ea07bd7e71bc69bc0742e814 (HEAD -> main, origin/rawhide, origin/main, origin/HEAD) Author: Richard Hughes Date: Fri Aug 25 20:53:33 2023 +0100 Split out a -libs subpackage :100644 100644 bc51e57 3ad7ccc Mpassim.spec ...but for some reason didn't do the build. Building now. > Sep 06 02:27:08 fedora systemd[1]: Starting passim.service - A local caching > server... > Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed to set up > mount namespacing: /run/systemd/mount-rootfs/var/lib/passim/data: No such > file or directory > Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed at step > NAMESPACE spawning /usr/libexec/passimd: No such file or directory > Sep 06 02:27:08 fedora systemd[1]: passim.service: Main process exited, > code=exited, status=226/NAMESPACE > Sep 06 02:27:08 fedora systemd[1]: passim.service: Failed with result > 'exit-code'. > > I'm guessing the "failed to set up mount namespacing" thing is the real > problem, and the error about /usr/libexec/passimd not being there is > just some odd consequence of the namespacing problem. Will debug today, thanks. > > It's intentional in that if the feature gets rejected I'd change the > > "Recommends" to a "Suggests". If you'd rather me do the opposite (i.e. > > move from Suggests to Recommends if the proposal gets accepted) that's > > 100% okay with me and I can do that tomorrow. > > I do think that would be more appropriate. But you'd also need to split > the libs out for this to mean anything. Done, also building for rawhide now. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 2023-09-06 at 22:33 +0100, Jonathan Dieter wrote: > On Fri, 2023-08-25 at 12:42 +0100, Richard Hughes wrote: > > The tl;dr: is I want to add a mDNS server that reshares the public > > firmware update metadata from the LVFS on your LAN. The idea is that > > rather than 25 users in an office downloading the same ~2MB file from > > the CDN every day, the first downloads from the CDN and the other 24 > > download from the first machine. All machines still download the > > [tiny] jcat file from the CDN still so we know the SHA256 to search > > for and verify. > > I realize I'm late to the conversation, but what about compressing the > metadata using zchunk, like we do for the DNF metadata? Assuming we > keep a cache of the file locally and that changes (as a percentage of > the whole file) are minimal, this allows you to download only the > differences. The only requirement is that the CDN supports HTTP range > requests. > And, of course, after posting, I realize that I'd missed a chunk of the thread where you explained that you're not a fan of deltas. FWIW, zchunk doesn't do static deltas, so the only file you need to worry about on the server/CDN is the latest one. If this is something you'd be interested in, I'd be happy to help get it working. If not, I'm happy to fade back into the background. :) Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 2023-08-25 at 12:42 +0100, Richard Hughes wrote: > The tl;dr: is I want to add a mDNS server that reshares the public > firmware update metadata from the LVFS on your LAN. The idea is that > rather than 25 users in an office downloading the same ~2MB file from > the CDN every day, the first downloads from the CDN and the other 24 > download from the first machine. All machines still download the > [tiny] jcat file from the CDN still so we know the SHA256 to search > for and verify. I realize I'm late to the conversation, but what about compressing the metadata using zchunk, like we do for the DNF metadata? Assuming we keep a cache of the file locally and that changes (as a percentage of the whole file) are minimal, this allows you to download only the differences. The only requirement is that the CDN supports HTTP range requests. Jonathan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 2023-09-06 at 21:09 +0100, Richard Hughes wrote: > On Wed, 6 Sept 2023 at 19:12, Adam Williamson > wrote: > > This message says you're "thinking of adding Passim", but in point of > > fact, it appears to have been added to the package set already, and as > > of fwupd-1.9.5-2.fc40 (built two days ago), fwupd hard requires it, > > It hard requires the -lib -- the daemon is a softer requirement ; see below. There is no -lib package split in Fedora currently. The 'passim' package provides the libraries. https://koji.fedoraproject.org/koji/buildinfo?buildID=2278800 - there is no 'passim-libs'. > > > Workstation installs even seems to try and auto-start it on user login: > > Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed at step > > NAMESPACE spawning /usr/libexec/passimd: No such file or directory > > I'm confused why the service definition exists but not the binary -- > to clarify -- you've got passim-libs installed, but *not* passim -- > correct? Ah, sorry, I forgot - that error isn't the 'real' error, it's misleading. That file is actually there, I think. This is the full error: Sep 06 02:27:08 fedora systemd[1]: Starting passim.service - A local caching server... Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed to set up mount namespacing: /run/systemd/mount-rootfs/var/lib/passim/data: No such file or directory Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed at step NAMESPACE spawning /usr/libexec/passimd: No such file or directory Sep 06 02:27:08 fedora systemd[1]: passim.service: Main process exited, code=exited, status=226/NAMESPACE Sep 06 02:27:08 fedora systemd[1]: passim.service: Failed with result 'exit-code'. I'm guessing the "failed to set up mount namespacing" thing is the real problem, and the error about /usr/libexec/passimd not being there is just some odd consequence of the namespacing problem. > > so...at this point, in Rawhide (not F39), this 'thinking of adding' > > feature appears to be basically fully implemented already (except for > > the service start failing). Was this intentional? > > It's intentional in that if the feature gets rejected I'd change the > "Recommends" to a "Suggests". If you'd rather me do the opposite (i.e. > move from Suggests to Recommends if the proposal gets accepted) that's > 100% okay with me and I can do that tomorrow. I do think that would be more appropriate. But you'd also need to split the libs out for this to mean anything. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org https://www.happyassassin.net ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 6 Sept 2023 at 18:36, Adam Williamson wrote: > NetworkManager has the same concept, but of course it depends on apps > that use data *caring* about it. It sounds like passimd should be a thing that cares too -- https://github.com/hughsie/passim/issues/13 Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 6 Sept 2023 at 19:12, Adam Williamson wrote: > This message says you're "thinking of adding Passim", but in point of > fact, it appears to have been added to the package set already, and as > of fwupd-1.9.5-2.fc40 (built two days ago), fwupd hard requires it, It hard requires the -lib -- the daemon is a softer requirement ; see below. > Workstation installs even seems to try and auto-start it on user login: > Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed at step > NAMESPACE spawning /usr/libexec/passimd: No such file or directory I'm confused why the service definition exists but not the binary -- to clarify -- you've got passim-libs installed, but *not* passim -- correct? > so...at this point, in Rawhide (not F39), this 'thinking of adding' > feature appears to be basically fully implemented already (except for > the service start failing). Was this intentional? It's intentional in that if the feature gets rejected I'd change the "Recommends" to a "Suggests". If you'd rather me do the opposite (i.e. move from Suggests to Recommends if the proposal gets accepted) that's 100% okay with me and I can do that tomorrow. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 2023-08-25 at 12:42 +0100, Richard Hughes wrote: > Hi all, > > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. So this is a very long thread and I really don't have time to read the whole thing and see if this is answered, but I'm a bit confused here. This message says you're "thinking of adding Passim", but in point of fact, it appears to have been added to the package set already, and as of fwupd-1.9.5-2.fc40 (built two days ago), fwupd hard requires it, which means it's pulled into most Fedora installs. (the spec added an explicit Recommends: passim, but there is also an autogenerated requires for "libpassim.so.1()(64bit)", which is provided by passim). Workstation installs even seems to try and auto-start it on user login: Sep 06 02:27:08 fedora systemd[1]: Starting passim.service - A local caching server... Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed to set up mount namespacing: /run/systemd/mount-rootfs/var/lib/passim/data: No such file or directory Sep 06 02:27:08 fedora (passimd)[2647]: passim.service: Failed at step NAMESPACE spawning /usr/libexec/passimd: No such file or directory Sep 06 02:27:08 fedora systemd[1]: passim.service: Main process exited, code=exited, status=226/NAMESPACE Sep 06 02:27:08 fedora systemd[1]: passim.service: Failed with result 'exit-code'. Sep 06 02:27:08 fedora systemd[1]: Failed to start passim.service - A local caching server. so...at this point, in Rawhide (not F39), this 'thinking of adding' feature appears to be basically fully implemented already (except for the service start failing). Was this intentional? -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org https://www.happyassassin.net ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 2023-09-06 at 07:58 -0400, Stephen Smoogen wrote: > On Fri, 25 Aug 2023 at 13:31, Richard Hughes wrote: > > > On Fri, 25 Aug 2023 at 16:27, Stephen Smoogen wrote: > > > It depends on the scanning from ports open to unknown shared files to > > 'why did our network costs go up so much?' > > > > Surely if you're on a local network with bandwidth costs you'd turn > > off avahi or lock down the firewall? Lots of stuff blasts out mDNS > > traffic these days. > > > > In the Windows world, you have a one-click which says 'I am on a metered > line' which is supposed to do things like that. I don't see anything like > that on the Mac but I am only 'learning' it now. NetworkManager has the same concept, but of course it depends on apps that use data *caring* about it. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org https://www.happyassassin.net ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, Sep 6, 2023 at 12:58 PM Stephen Smoogen wrote: > > > > On Fri, 25 Aug 2023 at 13:31, Richard Hughes wrote: >> >> On Fri, 25 Aug 2023 at 16:27, Stephen Smoogen wrote: >> > It depends on the scanning from ports open to unknown shared files to 'why >> > did our network costs go up so much?' >> >> Surely if you're on a local network with bandwidth costs you'd turn >> off avahi or lock down the firewall? Lots of stuff blasts out mDNS >> traffic these days. > > > In the Windows world, you have a one-click which says 'I am on a metered > line' which is supposed to do things like that. I don't see anything like > that on the Mac but I am only 'learning' it now. > > I just realized.. is avahi even on in a default install or would this be an > extra service needed to be turned on and 'configured' (not that avahi needs > much configuring). It isn't on my F38 box, but I have been living in it for a > long time so it could be something I did in the past or something I inherited > from a long ago release. It is default on Workstation and I believe most desktops ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 13:31, Richard Hughes wrote: > On Fri, 25 Aug 2023 at 16:27, Stephen Smoogen wrote: > > It depends on the scanning from ports open to unknown shared files to > 'why did our network costs go up so much?' > > Surely if you're on a local network with bandwidth costs you'd turn > off avahi or lock down the firewall? Lots of stuff blasts out mDNS > traffic these days. > In the Windows world, you have a one-click which says 'I am on a metered line' which is supposed to do things like that. I don't see anything like that on the Mac but I am only 'learning' it now. I just realized.. is avahi even on in a default install or would this be an extra service needed to be turned on and 'configured' (not that avahi needs much configuring). It isn't on my F38 box, but I have been living in it for a long time so it could be something I did in the past or something I inherited from a long ago release. -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Thu, 31 Aug 2023 at 23:13, Marcus Müller wrote: > - using avahi for local peer discovery, how does this compare to good ole > bittorrent with > Protocol/Message Stream Encryption turned on, and DHT instead of a tracker? I think more than a few places would ban/block/report bittorrent traffic -- and more to the point, I've deliberately restricted this to a local LAN to avoid falling foul of EAR/ITAR regulations regarding strong encryption. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Just realized: - using avahi for local peer discovery, how does this compare to good ole bittorrent with Protocol/Message Stream Encryption turned on, and DHT instead of a tracker? - I guess the "self-signed certificate" discussion stems from the fact that TLS assumes you have certificates – which really isn't the case in these peer-to-peer scenarios. All you need is a *session key*, which, painting with a broom-sized brush here, can easily be agreed on using e.g. Diffie-Hellman/25519 (as implemented in NaCl/libsodium). Cheers, Marcus On 28.08.23 21:55, Richard Hughes wrote: On Mon, 28 Aug 2023 at 16:27, Leon Fauster via devel wrote: whats the benefit of this "self-signed TLS certificate" (as it does not provide any "security")? Is this stub for something later ... ? It's a good question. It provides encryption (so client A can provide the file to client B without client C being aware what's being sent) -- and also placates various corporate security teams that say that HTTP without TLS isn't good enough -- even if it's got two other layers of protection. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Thu, 31 Aug 2023 at 22:05, Björn Persson wrote: > The document doesn't say what design decisions were made based on the > assumption of a friendly network. Well, I can certainly add them -- this discussion was started so I can add any missing information. > All of those design decisions need to > be reconsidered with the assumption that there are attackers on the LAN > who will abuse Passim any way they can, and that Passim must deal > reasonably with any and all attacks. The fallback for being provided with data that doesn't match the SHA256 checksum is to download the file from the CDN. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Richard Hughes wrote: > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. I finally read the README, and, oh geez, this thing is even documented as assuming a friendly network! And it's being proposed to be enabled by default, which means it will run on laptops that move around between cafés, hotels, airports and all the hostile environments anyone can imagine. The document doesn't say what design decisions were made based on the assumption of a friendly network. All of those design decisions need to be reconsidered with the assumption that there are attackers on the LAN who will abuse Passim any way they can, and that Passim must deal reasonably with any and all attacks. Björn Persson pgpwa7vJgc1mo.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Wed, 2023-08-30 at 09:11 +0100, Peter Robinson wrote: > On Mon, Aug 28, 2023 at 9:50 PM Simo Sorce wrote: > > > > On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote: > > > Once upon a time, Richard Hughes said: > > > > On Mon, 28 Aug 2023 at 16:27, Leon Fauster via devel > > > > wrote: > > > > > whats the benefit of this "self-signed TLS certificate" (as it does > > > > > not provide any "security")? Is this stub for something later ... ? > > > > > > > > It's a good question. It provides encryption (so client A can provide > > > > the file to client B without client C being aware what's being sent) > > > > > > Without identification though, it doesn't do that, because there's no > > > way for client B to know it is really talking to client A - it could be > > > talking to client C with a man-in-the-middle attack and a different > > > self-signed cert pretending to be client A. > > > > It helps dealing with passive attacks, but not with active attacks. > > > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure modes to be dealt with if one of the actors get re-imaged > > or changes the cert for any reason. > > > > > > Richard, > > given your files are all independently integrity checked, you should > > probably not use a TLS connection, because it will be flagged up pretty > > rapidly if it is using a self-singed cert anyway. > > > > This thing works only within the same LAN, therefore already "within" a > > firewall so it does not need to cross any boundary for which encryption > > matters enough. > > > > Finally if an enterprise says TLS is a must you could give an option to > > use TLS if said enterprise provides the certs (they will probably > > disable the service anyway otherwise). > > What about integration with Let's Encypt as an option, the cert > registration/renewal process is then pretty automated. You need to have control of the service, you need an account in let's encrypt, and it needs to be reachable from let's encrypt via a DNS name. I thought about it for a second, but there simply are no working pre- requisites, the client changes address all the time, so the certificate will be marked invalid and not passing muster even if you were able to pass the hurdles of getting one from let's encrypt (which you won't in the general case). Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Once upon a time, Peter Robinson said: > What about integration with Let's Encypt as an option, the cert > registration/renewal process is then pretty automated. Since this is about desktop systems on internal networks, they probably won't have pre-existing DNS entries, so Let's Encrypt is not an option. -- Chris Adams ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, Aug 28, 2023 at 9:50 PM Simo Sorce wrote: > > On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote: > > Once upon a time, Richard Hughes said: > > > On Mon, 28 Aug 2023 at 16:27, Leon Fauster via devel > > > wrote: > > > > whats the benefit of this "self-signed TLS certificate" (as it does > > > > not provide any "security")? Is this stub for something later ... ? > > > > > > It's a good question. It provides encryption (so client A can provide > > > the file to client B without client C being aware what's being sent) > > > > Without identification though, it doesn't do that, because there's no > > way for client B to know it is really talking to client A - it could be > > talking to client C with a man-in-the-middle attack and a different > > self-signed cert pretending to be client A. > > It helps dealing with passive attacks, but not with active attacks. > > It could be improved by using TOFU, so that the window of impersonation > is small, but requires clients to cache an association and then has > weird failure modes to be dealt with if one of the actors get re-imaged > or changes the cert for any reason. > > > Richard, > given your files are all independently integrity checked, you should > probably not use a TLS connection, because it will be flagged up pretty > rapidly if it is using a self-singed cert anyway. > > This thing works only within the same LAN, therefore already "within" a > firewall so it does not need to cross any boundary for which encryption > matters enough. > > Finally if an enterprise says TLS is a must you could give an option to > use TLS if said enterprise provides the certs (they will probably > disable the service anyway otherwise). What about integration with Let's Encypt as an option, the cert registration/renewal process is then pretty automated. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Tue, 29 Aug 2023 at 21:03, Simo Sorce wrote: > You could have deltas, so that clients will not get the whole thing > every day, but deltas compared to what they have already (which would > be 0 bytes if thy are up to date). I'm trying to reduce the number of CDN accesses and the number of files. > This means it is up to you to decide how many delta files to keep for > how long. This didn't work out so well for rpm metadata or packages -- for a large number of reasons -- and I'd rather not revisit that particular journey. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Tue, 2023-08-29 at 20:07 +0100, Richard Hughes wrote: > On Tue, 29 Aug 2023 at 18:54, Simo Sorce wrote: > > That depends on how you are going to handle re-installs of peers in the > > network where the certificate will start mismatching ... > > In event of a mismatch I was going to ignore the peer; in most home > networks there'll be dozens of devices all offering the same data. Eventually all devices will end up ignoring each other? > > How do you handle certificate expiration ? > > At the moment, not, i.e. a year expiration. Ugh. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Tue, 2023-08-29 at 20:05 +0100, Richard Hughes wrote: > On Tue, 29 Aug 2023 at 17:06, Vít Ondruch wrote: > > The point was that `fwupdmgr get-devices` lists ~32 devices for my LP. I > > can't imagine that the metadata for these 32 devices would take 2 MBs. > > That is more likely data for all devices ever supported. > > It is the metadata for every device -- every fwupd client deliberately > gets the entire catalog rather than making a bespoke request like > Windows update. This ensures that the LVFS doesn't know what hardware > you have on your computer, and couldn't provide that kind of data even > if compelled to by law enforcement. The entire architecture is privacy > centric, and also allows it to scale to millions of devices without > having thousands of servers. You could have deltas, so that clients will not get the whole thing every day, but deltas compared to what they have already (which would be 0 bytes if thy are up to date). You reveal nothing of consequence by disclosing what version you already previously downloaded, and that you need just a delta. If a client has a too old version, you return an error, and they download the whole thing. This means it is up to you to decide how many delta files to keep for how long. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Tue, 29 Aug 2023 at 18:54, Simo Sorce wrote: > That depends on how you are going to handle re-installs of peers in the > network where the certificate will start mismatching ... In event of a mismatch I was going to ignore the peer; in most home networks there'll be dozens of devices all offering the same data. > How do you handle certificate expiration ? At the moment, not, i.e. a year expiration. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Tue, 29 Aug 2023 at 17:06, Vít Ondruch wrote: > The point was that `fwupdmgr get-devices` lists ~32 devices for my LP. I > can't imagine that the metadata for these 32 devices would take 2 MBs. > That is more likely data for all devices ever supported. It is the metadata for every device -- every fwupd client deliberately gets the entire catalog rather than making a bespoke request like Windows update. This ensures that the LVFS doesn't know what hardware you have on your computer, and couldn't provide that kind of data even if compelled to by law enforcement. The entire architecture is privacy centric, and also allows it to scale to millions of devices without having thousands of servers. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Monday, 28 August 2023 22:07:50 BST Richard Hughes wrote: > On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote: > > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure modes to be dealt with if one of the actors get re-imaged > > or changes the cert for any reason. > > > I was thinking of implementing TOFU; good idea or bad idea? > > Richard. What identity do you attach the "first use" to, and how do you discover that the identify is expected to have a certificate change? In the SSH use case, the identity is the host name, and if the host name is expected to rekey, then the user is told that there's an issue and has to manually intervene. With this use case, I can't see how I tell you that there's been an expected rekeying event - nor am I clear on how I'd work out that a change of key is expected so that I can tell you to permit a rekey. -- Simon Farnsworth ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 2023-08-28 at 22:07 +0100, Richard Hughes wrote: > On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote: > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure modes to be dealt with if one of the actors get re-imaged > > or changes the cert for any reason. > > I was thinking of implementing TOFU; good idea or bad idea? That depends on how you are going to handle re-installs of peers in the network where the certificate will start mismatching ... How do you handle certificate expiration ? Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Dne 28. 08. 23 v 21:52 Richard Hughes napsal(a): On Mon, 28 Aug 2023 at 15:53, Vít Ondruch wrote: Sorry, I am probably missing something, but how this would help my computer (or three I have at home)? One computer downloads the 2MB from the CDN and the other two download it from the first computer. This saves you 4MB in bandwidth, and saves me ~2*1,000,000 MB And why there is need to download ~2 MB of data every day? My laptop has just a couple devices. I can't see why the metadata for their possible update should take that much. Firmware security updates happen all the time, you wouldn't want to check monthly. The point was that `fwupdmgr get-devices` lists ~32 devices for my LP. I can't imagine that the metadata for these 32 devices would take 2 MBs. That is more likely data for all devices ever supported. IOW there are other ways to save the bandwidth IMHO. Vít Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue OpenPGP_signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 28 Aug 2023 at 16:02, Richard Hughes wrote: > On Fri, 25 Aug 2023 at 12:42, Richard Hughes wrote: > > I was thinking of adding Passim as a default-installed and > > default-enabled dep of fwupd in the Fedora 40 release. Before I create > > lots of unnecessary drama, is there any early feedback on what's > > described in https://github.com/hughsie/passim/blob/main/README.md > > please. > > Given that I've not been flamed into a cave with the suggestion, > should this be a standalone change or a system-wide change? I could > argue it either way. > > I would say system wide change. It is affecting a security posture and the assumptions of use may expand to allowing things like RPMs and other things to be shared. > Richard. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 28 Aug 2023 at 21:50, Simo Sorce wrote: > It could be improved by using TOFU, so that the window of impersonation > is small, but requires clients to cache an association and then has > weird failure modes to be dealt with if one of the actors get re-imaged > or changes the cert for any reason. I was thinking of implementing TOFU; good idea or bad idea? Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 28 Aug 2023 at 21:14, Chris Adams wrote: > Without identification though, it doesn't do that, because there's no > way for client B to know it is really talking to client A - it could be > talking to client C with a man-in-the-middle attack and a different > self-signed cert pretending to be client A. Yes, that's perfectly fine. Every client receiving files has to verify the sha256 of the file at the least, and the PKCS#7 signature of the file in the common case. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 2023-08-28 at 15:14 -0500, Chris Adams wrote: > Once upon a time, Richard Hughes said: > > On Mon, 28 Aug 2023 at 16:27, Leon Fauster via devel > > wrote: > > > whats the benefit of this "self-signed TLS certificate" (as it does > > > not provide any "security")? Is this stub for something later ... ? > > > > It's a good question. It provides encryption (so client A can provide > > the file to client B without client C being aware what's being sent) > > Without identification though, it doesn't do that, because there's no > way for client B to know it is really talking to client A - it could be > talking to client C with a man-in-the-middle attack and a different > self-signed cert pretending to be client A. It helps dealing with passive attacks, but not with active attacks. It could be improved by using TOFU, so that the window of impersonation is small, but requires clients to cache an association and then has weird failure modes to be dealt with if one of the actors get re-imaged or changes the cert for any reason. Richard, given your files are all independently integrity checked, you should probably not use a TLS connection, because it will be flagged up pretty rapidly if it is using a self-singed cert anyway. This thing works only within the same LAN, therefore already "within" a firewall so it does not need to cross any boundary for which encryption matters enough. Finally if an enterprise says TLS is a must you could give an option to use TLS if said enterprise provides the certs (they will probably disable the service anyway otherwise). There is one more option you could entertain, and that is to use a "well know" pre-shared key instead of certificates for authentication, will be faster, and will give you the "fake-secure" TLS tunnel without the self-signed cert headache I think ... (not endorsing this option, just mentioning it). HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Once upon a time, Richard Hughes said: > On Mon, 28 Aug 2023 at 16:27, Leon Fauster via devel > wrote: > > whats the benefit of this "self-signed TLS certificate" (as it does > > not provide any "security")? Is this stub for something later ... ? > > It's a good question. It provides encryption (so client A can provide > the file to client B without client C being aware what's being sent) Without identification though, it doesn't do that, because there's no way for client B to know it is really talking to client A - it could be talking to client C with a man-in-the-middle attack and a different self-signed cert pretending to be client A. -- Chris Adams ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 12:42, Richard Hughes wrote: > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. Given that I've not been flamed into a cave with the suggestion, should this be a standalone change or a system-wide change? I could argue it either way. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 28 Aug 2023 at 11:05, Petr Pisar wrote: > V Fri, Aug 25, 2023 at 07:34:35PM +0100, Richard Hughes napsal(a): > > you need to reboot into the new firmware before the published firmware gets > > shared; > Won't this suppress an effeciency of the local sharing? Yes -- but it's a compromise between efficiency and also broadcasting to the network that you've just downloaded a firmware with a security fix and the firmware you're running right now can be attacked. > If a typical period > between a download and the reboot is significantly longer than a period in > which machines check for and download the firmaware, it will happen that all > machines will sepearately download the firmware from a central server instead > of downloading it from local peers. Because all the machines will be waiting > on the reboot. Yes, that's certainly fair -- although I hope that at least one person would reboot straight away given it's a security update. > For how long is the firmware adveritised? As long as it is advertised, people > know what version you are currently running. This information becomes > interesting when a new firmware is released. Then you have exactly the same > problem you want to address. It's up to the thing publishing -- for the case of firmware payload (which is a default off option) it's 30 days for firmware and 24 hours for metadata (which would be default on). Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 28 Aug 2023 at 16:27, Leon Fauster via devel wrote: > whats the benefit of this "self-signed TLS certificate" (as it does > not provide any "security")? Is this stub for something later ... ? It's a good question. It provides encryption (so client A can provide the file to client B without client C being aware what's being sent) -- and also placates various corporate security teams that say that HTTP without TLS isn't good enough -- even if it's got two other layers of protection. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Mon, 28 Aug 2023 at 15:53, Vít Ondruch wrote: > Sorry, I am probably missing something, but how this would help my > computer (or three I have at home)? One computer downloads the 2MB from the CDN and the other two download it from the first computer. This saves you 4MB in bandwidth, and saves me ~2*1,000,000 MB > And why there is need to download ~2 MB of data every day? My laptop has > just a couple devices. I can't see why the metadata for their possible > update should take that much. Firmware security updates happen all the time, you wouldn't want to check monthly. Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Hi Richard, Am 25.08.23 um 13:42 schrieb Richard Hughes: Hi all, I was thinking of adding Passim as a default-installed and default-enabled dep of fwupd in the Fedora 40 release. Before I create lots of unnecessary drama, is there any early feedback on what's described in https://github.com/hughsie/passim/blob/main/README.md please. whats the benefit of this "self-signed TLS certificate" (as it does not provide any "security")? Is this stub for something later ... ? -- Leon ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Sorry, I am probably missing something, but how this would help my computer (or three I have at home)? Why should I have anything like this installed on my computer(s)? Why they should talk "secretly" to each other? And why there is need to download ~2 MB of data every day? My laptop has just a couple devices. I can't see why the metadata for their possible update should take that much. Vít Dne 25. 08. 23 v 13:42 Richard Hughes napsal(a): Hi all, I was thinking of adding Passim as a default-installed and default-enabled dep of fwupd in the Fedora 40 release. Before I create lots of unnecessary drama, is there any early feedback on what's described in https://github.com/hughsie/passim/blob/main/README.md please. The tl;dr: is I want to add a mDNS server that reshares the public firmware update metadata from the LVFS on your LAN. The idea is that rather than 25 users in an office downloading the same ~2MB file from the CDN every day, the first downloads from the CDN and the other 24 download from the first machine. All machines still download the [tiny] jcat file from the CDN still so we know the SHA256 to search for and verify. The backstory is that as the fwupd grows and grows (to ChromeOS, FreeBSD, Windows and macOS) we need to scale things up a couple of orders of magnitude. This isn't specific to firmware stuff, although I think it makes a great testcase which we could add dnf or ostree content to in the future. Comments and questions are most welcome. Thanks, Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue OpenPGP_signature.asc Description: OpenPGP digital signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Le samedi 26 août 2023 à 15:14 +0100, Peter Robinson a écrit : > > In a lot of corporate datacentre networks the "users" on the network > would know what the network is comprised of, and often on these > networks they will have 10s, 100s of even 1000s of identical devices > where being able to do sharing of the same firmware is useful. Maybe > make that configurable so the network/system admin can make the > decision for what's best for their usecase? This king of corporate datacenter network will proxy system downloads (more to detect attacks than to save any bandwidth), they won’t benefit at all from domain-specific download sharing. (Unless the original source plays cdn games that breaks proxying that is) Regards, -- Nicolas Mailhot ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
V Fri, Aug 25, 2023 at 07:34:35PM +0100, Richard Hughes napsal(a): > you need to reboot into the new firmware before the published firmware gets > shared; Won't this suppress an effeciency of the local sharing? If a typical period between a download and the reboot is significantly longer than a period in which machines check for and download the firmaware, it will happen that all machines will sepearately download the firmware from a central server instead of downloading it from local peers. Because all the machines will be waiting on the reboot. > on the logic that you don't want to advertise to the world that you're > currently running insecure firmware. > For how long is the firmware adveritised? As long as it is advertised, people know what version you are currently running. This information becomes interesting when a new firmware is released. Then you have exactly the same problem you want to address. -- Petr signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, Aug 25, 2023 at 7:35 PM Richard Hughes wrote: > > On Fri, 25 Aug 2023 at 19:26, Marcus Müller wrote: > > I fully agree with that assessment. "Here's a knob you turn that has the > > potential to make > > your firmware update 2s faster and is generally good for the ecosystem, but > > you will have > > set it on every machine you set up" will not lead to significant deployment. > > Agree. > > > Question: I presume you only want to share the metadata, and never > > downloaded fw images, > > right? > > I think for phase 1 that's completely correct. > > > If that's the case, it'd alleviate a lot of the privacy concerns I'd have > > with my > > laptop sharing with a campus network all of the devices for which I've > > lately downloaded > > firmware. > > There are concerns with sharing firmware, I totally agree. It's > non-free software (which you have permission to redistribute, but > still unpalatable for many) -- the compromise I've done for people > changing the default to "metadata,firmware" is that you need to reboot > into the new firmware before the published firmware gets shared; on > the logic that you don't want to advertise to the world that you're > currently running insecure firmware. In a lot of corporate datacentre networks the "users" on the network would know what the network is comprised of, and often on these networks they will have 10s, 100s of even 1000s of identical devices where being able to do sharing of the same firmware is useful. Maybe make that configurable so the network/system admin can make the decision for what's best for their usecase? > > Can I suggest we make this at most a "Recommends:" dependence for fwupd in > > any case, so > > that one might uninstall passim without disabling fwupd? > > Yes, that's what I have right now. I do need to split out a > passim-libs so that you can remove the daemon and just leave the tiny > client library. > > > I'd actually love if I knew of a way my fedora containers could > > automagically find > > local package and metadata sources. Knowing that "change dnf to pull data > > from > > mDNS-announced sources *by default*" is a big change, flying the fwupd > > balloon first seems > > very attractive to me. > > Yup, totally agree. I think it's a nice self contained test that if > successful we could extend out to DNF metadata and other container-y > stuff. > > Richard. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On 8/25/23 20:24, Richard Hughes wrote: > On Fri, 25 Aug 2023 at 16:00, Benson Muite wrote: >> Better as optional rather than default-enabled. It would likely be >> helpful for computers in an institutional setting where the LAN is well >> controlled. > > So that's the thing; if it's default disabled then I can say with > certainty that almost nobody will use it and we won't see any > reduction in network traffic at all. a) The default time for checking for updates can be increased. b) In some places, internet access is charged per byte downloaded, so there will be quite some interest in local caching, and an easy to use Squid Proxy replacement ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
That sounds very good, and having a libs package desirable anyway should more
consumers pop up
On 25.08.23 20:43, Richard Hughes wrote:
On Fri, 25 Aug 2023 at 19:34, Richard Hughes wrote:
Yes, that's what I have right now. I do need to split out a
passim-libs so that you can remove the daemon and just leave the tiny
client library.
Something like this perhaps?
diff --git a/passim.spec b/passim.spec
index bc51e57..3ad7ccc 100644
--- a/passim.spec
+++ b/passim.spec
@@ -21,10 +21,18 @@ BuildRequires: systemd-rpm-macros
BuildRequires: systemd >= %{systemd_version}
Requires: glib2%{?_isa} >= %{glib2_version}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
Passim is a daemon that allows software to share files on your local network.
+%package libs
+Summary: Local caching server library
+
+%description libs
+libpassim is a library that allows software to share files on your
local network
+using the passimd daemon.
+
%package devel
Summary: Development package for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
@@ -69,12 +77,15 @@ appstream-util validate-relax --nonet
%{buildroot}%{_metainfodir}/*.metainfo.xml
%{_datadir}/dbus-1/system-services/org.freedesktop.Passim.service
%{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.Passim.png
%{_datadir}/metainfo/org.freedesktop.Passim.metainfo.xml
-%{_libdir}/libpassim.so.1*
%{_libdir}/girepository-1.0/Passim-1.0.typelib
%{_libexecdir}/passimd
%{_mandir}/man1/passim.1*
%{_unitdir}/passim.service
+%files libs
+%license LICENSE
+%{_libdir}/libpassim.so.1*
+
%files devel
%{_datadir}/gir-1.0/Passim-1.0.gir
%dir %{_includedir}/passim-1
...then fwupd would hard depend on passim-libs (automatically, via the
shared library use) and would "recommend" passim (the daemon) -- so
the latter could be easily removed.
Richard.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 19:34, Richard Hughes wrote:
> Yes, that's what I have right now. I do need to split out a
> passim-libs so that you can remove the daemon and just leave the tiny
> client library.
Something like this perhaps?
diff --git a/passim.spec b/passim.spec
index bc51e57..3ad7ccc 100644
--- a/passim.spec
+++ b/passim.spec
@@ -21,10 +21,18 @@ BuildRequires: systemd-rpm-macros
BuildRequires: systemd >= %{systemd_version}
Requires: glib2%{?_isa} >= %{glib2_version}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
Passim is a daemon that allows software to share files on your local network.
+%package libs
+Summary: Local caching server library
+
+%description libs
+libpassim is a library that allows software to share files on your
local network
+using the passimd daemon.
+
%package devel
Summary: Development package for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
@@ -69,12 +77,15 @@ appstream-util validate-relax --nonet
%{buildroot}%{_metainfodir}/*.metainfo.xml
%{_datadir}/dbus-1/system-services/org.freedesktop.Passim.service
%{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.Passim.png
%{_datadir}/metainfo/org.freedesktop.Passim.metainfo.xml
-%{_libdir}/libpassim.so.1*
%{_libdir}/girepository-1.0/Passim-1.0.typelib
%{_libexecdir}/passimd
%{_mandir}/man1/passim.1*
%{_unitdir}/passim.service
+%files libs
+%license LICENSE
+%{_libdir}/libpassim.so.1*
+
%files devel
%{_datadir}/gir-1.0/Passim-1.0.gir
%dir %{_includedir}/passim-1
...then fwupd would hard depend on passim-libs (automatically, via the
shared library use) and would "recommend" passim (the daemon) -- so
the latter could be easily removed.
Richard.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 19:26, Marcus Müller wrote: > I fully agree with that assessment. "Here's a knob you turn that has the > potential to make > your firmware update 2s faster and is generally good for the ecosystem, but > you will have > set it on every machine you set up" will not lead to significant deployment. Agree. > Question: I presume you only want to share the metadata, and never downloaded > fw images, > right? I think for phase 1 that's completely correct. > If that's the case, it'd alleviate a lot of the privacy concerns I'd have > with my > laptop sharing with a campus network all of the devices for which I've lately > downloaded > firmware. There are concerns with sharing firmware, I totally agree. It's non-free software (which you have permission to redistribute, but still unpalatable for many) -- the compromise I've done for people changing the default to "metadata,firmware" is that you need to reboot into the new firmware before the published firmware gets shared; on the logic that you don't want to advertise to the world that you're currently running insecure firmware. > Can I suggest we make this at most a "Recommends:" dependence for fwupd in > any case, so > that one might uninstall passim without disabling fwupd? Yes, that's what I have right now. I do need to split out a passim-libs so that you can remove the daemon and just leave the tiny client library. > I'd actually love if I knew of a way my fedora containers could automagically > find > local package and metadata sources. Knowing that "change dnf to pull data from > mDNS-announced sources *by default*" is a big change, flying the fwupd > balloon first seems > very attractive to me. Yup, totally agree. I think it's a nice self contained test that if successful we could extend out to DNF metadata and other container-y stuff. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
Hi Richard, On 25.08.23 19:24, Richard Hughes wrote: So that's the thing; if it's default disabled then I can say with certainty that almost nobody will use it and we won't see any reduction in network traffic at all. I fully agree with that assessment. "Here's a knob you turn that has the potential to make your firmware update 2s faster and is generally good for the ecosystem, but you will have set it on every machine you set up" will not lead to significant deployment. Question: I presume you only want to share the metadata, and never downloaded fw images, right? If that's the case, it'd alleviate a lot of the privacy concerns I'd have with my laptop sharing with a campus network all of the devices for which I've lately downloaded firmware. Can I suggest we make this at most a "Recommends:" dependence for fwupd in any case, so that one might uninstall passim without disabling fwupd? I'm wondering a bit whether you might be reinventing something that the cloud ops folks already have as "service recovery compatible cache" or something? Feels like if I pull up a lot of docker containers which in turn start fetching data, I'd want to have a happy fallover mechanism in case some main repository for some artifacts goes down. Or, maybe, this is a common problem? I, for one, find myself working with mock and on containers for my small CI network, and I get to download a lot of package metadata a lot of times, same for packages, and I don't want to modify the base layers to use my local repo mirror (not am I inclined to set up such). I'd actually love if I knew of a way my fedora containers could automagically find local package and metadata sources. Knowing that "change dnf to pull data from mDNS-announced sources *by default*" is a big change, flying the fwupd balloon first seems very attractive to me. Best, Marcus ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 15:59, Peter Robinson wrote: > Is this something where you could enable it on one specific device and > have a systemd time to pull the metadata and it advertises it to the > network so you can designate a single device to run the service? Yes, not a bad idea at all. Can you file it as an issue https://github.com/hughsie/passim/issues and I'll get to this next week. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 16:27, Stephen Smoogen wrote: > It depends on the scanning from ports open to unknown shared files to 'why > did our network costs go up so much?' Surely if you're on a local network with bandwidth costs you'd turn off avahi or lock down the firewall? Lots of stuff blasts out mDNS traffic these days. > Going from other things it has been a way to inject bad packages, bad > metadata, mass system slowdowns across a fleet, using the service on N > systems as a DDOS against third parties (which they then charge fees for), > etc. All good things to document in the README, thanks. I think it helps that if you're on a LAN with 25 machines all offering the same file we choose one *at random* so if there's one bad actor we don't degrade things for everybody all at the same time. And the fallback for "someone on my LAN has given me garbage" is "fall back to the CDN" anyway. > chained flaw in say a compression routine which 'should never happen with > legitimate data'.) Agree. I'm less worried about this one as the first thing we do is compare the SHA-256 checksum, and the next is check the signature using GnuTLS. I'll update the README with some of those points next week, thanks. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 16:00, Benson Muite wrote: > Better as optional rather than default-enabled. It would likely be > helpful for computers in an institutional setting where the LAN is well > controlled. So that's the thing; if it's default disabled then I can say with certainty that almost nobody will use it and we won't see any reduction in network traffic at all. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 10:31, Richard Hughes wrote: > On Fri, 25 Aug 2023 at 13:19, Stephen Smoogen wrote: > > My understanding was that Microsoft found their own 'share updates' not > working as much as expected > > Hmm, I heard the opposite; can you give any more info? They have way > No, I only have some chatter from sysadmins at enterprise sites who had to deal with audits, failed updates, and being told to turn it off to fix them. So let's just assume I am talking to too many cranky old sysadmins and I believed their fish stories too much. > more telemetry than we do, and I was told it would not "be feasible" > to continue WU without the peer-to-peer functionality built into > windows. According to them they even have some kind of IPv6 tunnel > thing going on which seems alarming if true. > > either by network scans > > As in "port 27500 exists you have a security problem" kind of scans? > > It depends on the scanning from ports open to unknown shared files to 'why did our network costs go up so much?' > > or just the fact that as soon as someone puts up a service like this.. > it is profitable for the crooks to abuse it. > > Probably my naivety, but what kind of things did you have in mind? > > The following are just things I have seen from blackhat/defcon over the years and criminal gang stories. I don't expect (m)any of them may be related to passim, but most of the time the problems are with a protocol/service which says "Here we've assuming your local network (aka LAN) is a nice and friendly place, without evil people trying to overwhelm your system or feed you fake files." So when I read that these days, I get anxious. Going from other things it has been a way to inject bad packages, bad metadata, mass system slowdowns across a fleet, using the service on N systems as a DDOS against third parties (which they then charge fees for), etc. The bad packages are more of a problem because of stolen keys being used to sign something. The 'onion' layers of protection that might have been in place is that you get updates on that from a subset of 'secure' places. Instead now, this could be any system which presents the signed data on a distributed service which says its legitimate. [And depending on the P2P, it can be that like cockroaches the bad data will keep popping up and spreading so you need to make sure you have somewhere else a blacklist to remove things.. though you need to make sure that blacklist can't be manipulated also.] Mass slowdowns are where you find that the sharing does some sort of scan which can somehow be overloaded in some sort of CPU or disk usage loop (this is usually a chained flaw in say a compression routine which 'should never happen with legitimate data'.) DDOS are where the metadata being shared points everyone to download something from some place which isn't expecting it. [Or some packet lookup that the P2P service expects] > Richard. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On 8/25/23 14:42, Richard Hughes wrote: > Hi all, > > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. > Better as optional rather than default-enabled. It would likely be helpful for computers in an institutional setting where the LAN is well controlled. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, Aug 25, 2023 at 12:43 PM Richard Hughes wrote: > > Hi all, > > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. > > The tl;dr: is I want to add a mDNS server that reshares the public > firmware update metadata from the LVFS on your LAN. The idea is that > rather than 25 users in an office downloading the same ~2MB file from > the CDN every day, the first downloads from the CDN and the other 24 > download from the first machine. All machines still download the > [tiny] jcat file from the CDN still so we know the SHA256 to search > for and verify. > > The backstory is that as the fwupd grows and grows (to ChromeOS, > FreeBSD, Windows and macOS) we need to scale things up a couple of > orders of magnitude. This isn't specific to firmware stuff, although I > think it makes a great testcase which we could add dnf or ostree > content to in the future. Comments and questions are most welcome. > Thanks, Is this something where you could enable it on one specific device and have a systemd time to pull the metadata and it advertises it to the network so you can designate a single device to run the service? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 13:19, Stephen Smoogen wrote: > My understanding was that Microsoft found their own 'share updates' not > working as much as expected Hmm, I heard the opposite; can you give any more info? They have way more telemetry than we do, and I was told it would not "be feasible" to continue WU without the peer-to-peer functionality built into windows. According to them they even have some kind of IPv6 tunnel thing going on which seems alarming if true. > either by network scans As in "port 27500 exists you have a security problem" kind of scans? > or just the fact that as soon as someone puts up a service like this.. it is > profitable for the crooks to abuse it. Probably my naivety, but what kind of things did you have in mind? Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, Aug 25, 2023, at 7:42 AM, Richard Hughes wrote: > Hi all, > > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. Since this isn't really Fedora specific I started https://github.com/hughsie/passim/discussions/7 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 13:50, Petr Pisar wrote: > I see you wrote "metadata". It's not the firmware itself .Sill my concert is > the same: what's a license of the metada? Can I redistribute them? The metadata is explicitly CC0-1.0 -- but even if we later did firmware one of the things I negotiated with the vendors uploading firmware to the LVFS was that we have the transferable permission to redistribute the firmware -- which is how big companies can "mirror the entire LVFS" when servers have no internet access. Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
V Fri, Aug 25, 2023 at 12:42:34PM +0100, Richard Hughes napsal(a): > The tl;dr: is I want to add a mDNS server that reshares the public > firmware update metadata from the LVFS on your LAN. I see you wrote "metadata". It's not the firmware itself .Sill my concert is the same: what's a license of the metada? Can I redistribute them? -- Petr signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Adding Passim as a Fedora 40 feature?
On Fri, 25 Aug 2023 at 07:44, Richard Hughes wrote: > Hi all, > > I was thinking of adding Passim as a default-installed and > default-enabled dep of fwupd in the Fedora 40 release. Before I create > lots of unnecessary drama, is there any early feedback on what's > described in https://github.com/hughsie/passim/blob/main/README.md > please. > > The tl;dr: is I want to add a mDNS server that reshares the public > firmware update metadata from the LVFS on your LAN. The idea is that > rather than 25 users in an office downloading the same ~2MB file from > the CDN every day, the first downloads from the CDN and the other 24 > download from the first machine. All machines still download the > [tiny] jcat file from the CDN still so we know the SHA256 to search > for and verify. > > I am not sure how much this will actually help things. My understanding was that Microsoft found their own 'share updates' not working as much as expected and causing way too many security headaches even on 'nice friendly networks' either by network scans or just the fact that as soon as someone puts up a service like this.. it is profitable for the crooks to abuse it. I am not against it, but I think the days of "Here we've assuming your local network (aka LAN) is a nice and friendly place, without evil people trying to overwhelm your system or feed you fake files." is dead and whatever tool applied needs to be designed with the fact that it only takes 0.01% of 'evil people' in the population to make things crap. > The backstory is that as the fwupd grows and grows (to ChromeOS, > FreeBSD, Windows and macOS) we need to scale things up a couple of > orders of magnitude. This isn't specific to firmware stuff, although I > think it makes a great testcase which we could add dnf or ostree > content to in the future. Comments and questions are most welcome. > Thanks, > > Richard. > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Adding Passim as a Fedora 40 feature?
Hi all, I was thinking of adding Passim as a default-installed and default-enabled dep of fwupd in the Fedora 40 release. Before I create lots of unnecessary drama, is there any early feedback on what's described in https://github.com/hughsie/passim/blob/main/README.md please. The tl;dr: is I want to add a mDNS server that reshares the public firmware update metadata from the LVFS on your LAN. The idea is that rather than 25 users in an office downloading the same ~2MB file from the CDN every day, the first downloads from the CDN and the other 24 download from the first machine. All machines still download the [tiny] jcat file from the CDN still so we know the SHA256 to search for and verify. The backstory is that as the fwupd grows and grows (to ChromeOS, FreeBSD, Windows and macOS) we need to scale things up a couple of orders of magnitude. This isn't specific to firmware stuff, although I think it makes a great testcase which we could add dnf or ostree content to in the future. Comments and questions are most welcome. Thanks, Richard. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
