Re: maradns reproducibility fixes and the merits of picking a random number

[Vagrant Cascadian]

On 2022-06-09, Arun Isaac wrote:
> Hi Vagrant,
>
>> But there's one nervous-making issue this revealed; maradns embeds a
>> random number at build time ... allegedly for systems that don't have
>> /dev/urandom... see
>> maradns-3.5.0020/deadwood-3.5.0020/src/Makefile.ubuntu2004:
>>
>>   # Since some systems may not have /dev/urandom (Windows, *cough* *cough*), 
>> we
>>   # keep a randomly generated prime around
>>
>> So it's got some code to generate a random number at build time and
>> embed it in the binary. Now, if there's anything I know about good
>> practices about random numbers, this sort of thing is generally a very
>> large red flag! It also makes the package build differently every
>> time!
>
> Wow, great find! Has this issue been reported to maradns upstream? If
> upstream fixes it or provides us a compile flag to disable this
> "feature", it would be even better in the long run.

That does sound like the best long-term approach, definitely!

Will take the issue upstream...


live well,
  vagrant

signature.asc
Description: PGP signature