From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bircoph@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=unavailable autolearn_force=no version=3.4.1
Date: Sat, 11 Apr 2020 13:36:31 +0300
From: Andrey Savchenko <bircoph@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-Id: <20200411133631.daac861f97979c67511cf3ef@altlinux.org>
In-Reply-To: <20200410231044.1436970-1-vseleznv@altlinux.org>
References: <20200410231044.1436970-1-vseleznv@altlinux.org>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="PGP-SHA512";
 boundary="Signature=_Sat__11_Apr_2020_13_36_32_+0300_Y5oqDYJN0+jMyrD9"
Subject: Re: [devel] RFC: girar: optimize rebuild
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 10:36:48 -0000
Archived-At: <http://lore.altlinux.org/devel/20200411133631.daac861f97979c67511cf3ef@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

--Signature=_Sat__11_Apr_2020_13_36_32_+0300_Y5oqDYJN0+jMyrD9
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, 11 Apr 2020 02:10:42 +0300 Vladimir D. Seleznev wrote:
>=20
> Hi!
>=20
> The first part of rebuilt packages optimization for girar. It introduces
> pkg_identity() and simple optimization of the rebuilt sourcerpm.
>=20
> pkg_identity() takes RPM package and returns a value called package ident=
ity,
> a hash of subset of RPM package header. That subset is the entire header
> without some nonessential artifacts like buildhost, buildtime, header has=
hsum,
> etc.
>=20
> The two package builds of the same NEVR might have equal or different
> package identities. The equal identities mean that build results of these
> packages are equal too, that allows build optimization. The practical
> example of simple rebuilt sourcerpm optimization also introduced.
>=20
> The future work can be about optimization of "copied" to another branch
> sourcerpm with retrieved from archive sourcerpm, and binary packages
> optimization (this case has an issue when binary subpackages are mixed
> archs, i.e. arch and noarch, this probably could work only with single-ar=
ch
> builds).
>=20
> Please review and discuss.

I see two problems with proposed approach:

1) It assumes there will be not pkg_identity hash collisions. This
is wrong. They may occur sooner or later and the code *must*
correctly deal with such collisions. Remember what happened to
subversion when collision occurred in a repository, while git was
resilient.

The way proposal is now the identity hash collision will lead to
undergraded repository at best and broken at worst.

I see no easy way to fix this problem, but it must be either fixed
or proposed optimization rejected.

2) The hash function choise =E2=80=94 sha256 =C2=AD=E2=80=94 is very unfort=
unate: it has
longer digest than sha1, but otherwise is vulnerable to the same
attack; so right now it is still marginally secure, but it will not
last long. Moreover sha256 is quite slow.

It is better to use newer generation of hash functions, e.g.
blake2b based on the chacha stream cipher. It is more future proof
and faster at the same time. You can just use the b2sum
implementation from the GNU coreutils.

Best regards,
Andrew Savchenko

--Signature=_Sat__11_Apr_2020_13_36_32_+0300_Y5oqDYJN0+jMyrD9
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAl6RnbAACgkQ9lNaM7oe
5I1o+Q/9GcQi4zYNCu/A6/L8WCbbDjlwN2sFEUVK5elnBhK3Z5S5UGf1C9Ppr7EI
/K6j5M0BvwwJAYkLoQR6+xW5TNv82Smes0m4zUEy0pVCq5lnlJFd0D+xFg15CdXb
hOe3Q0UtQKs6BvN0manYEBe5C9B1jlpzuQTyVkYVoX9JH2UIIWuc9e6yvBuwB8vf
EKXXCP4/VdBfvFjaxQGbYdDrRuzpLmaDTP8iBkT0tbw8u+U4TFMADgn2DH1eGZoR
yx/EgDBmxpbpEYrDJRBV3ZLjrmwwsdvSTbECm1vc3a1pFNbmf8clF33bkB5jN+Jn
lAiF2LEvyFlDrXya1HGW3lkifOnqLYIGwlpUZselkChqQ6zkDc9DyIh68JACwE31
cWBw9Kccv6CFzr9O9/hJiLez0Fph6w5eJxPNLXdeJr1J409hforP8D6zD/nwMkq8
ikS6QBBNRtXmCoQuRqq2rNyxNDik+qvqdizmR4QKYerzMddmMBETVHoKOrv2uf/2
8b1M0tlpLrl+FDfqOSAUcLq9BOrztqJUQCeRn6EizQm3KCJ6qVVVFtlXlSULt6PP
GXfRsvPCYA5XVYZJ5iQjxJR/Hd6Eq8d4sZvoVl/Vj0UoulH4o2792de8BBCE0VdC
XPcQrtr433hz9fouSLyFmIqErTInfltYQDRuyVVAZo6YQChb9k8=
=hU8b
-----END PGP SIGNATURE-----

--Signature=_Sat__11_Apr_2020_13_36_32_+0300_Y5oqDYJN0+jMyrD9--