[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/04: website: securing-updates: Add illustration for introductions.
|
From: |
Ludovic Courtès |
|
Subject: |
04/04: website: securing-updates: Add illustration for introductions. |
|
Date: |
Wed, 1 Jul 2020 11:35:46 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix-artwork.
commit 4b8834549e21cff4cd62510835fd2653868803c9
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Wed Jul 1 17:33:58 2020 +0200
website: securing-updates: Add illustration for introductions.
* website/posts/securing-updates.md: Add picture with introduction and
comment it.
* website/static/blog/img/commit-graph-intro.dot,
website/static/blog/img/commit-graph-intro.svg: New files.
---
website/posts/securing-updates.md | 17 +++-
website/static/blog/img/commit-graph-intro.dot | 21 +++++
website/static/blog/img/commit-graph-intro.svg | 104 +++++++++++++++++++++++++
3 files changed, 138 insertions(+), 4 deletions(-)
diff --git a/website/posts/securing-updates.md
b/website/posts/securing-updates.md
index 863e288..5aac984 100644
--- a/website/posts/securing-updates.md
+++ b/website/posts/securing-updates.md
@@ -1,6 +1,6 @@
title: Securing updates
author: Ludovic Courtès
-date: 2020-07-01 17:30
+date: 2020-07-01 17:40
tags: Security, Software development, Scheme API
---
Software deployment tools like Guix are in a key position when it comes
@@ -94,7 +94,7 @@ for a pedagogical overview!)
Let’s take an example to illustrate. In the figure below, each box is a
commit, and each arrow is a parent relationship:
-
+
This figure shows two lines of development: the orange line may be the
main development branch, while the purple line may correspond to a
@@ -158,6 +158,13 @@ introducing a channel to users, one needs to provide an
additional piece
of information: the first commit where the authorization invariant
holds, and the fingerprint of the OpenPGP key used to sign that commit
(it’s not strictly necessary but provides an additional check).
+Consider this commit graph:
+
+
+
+On this figure, _B_ is the introduction commit. Its ancestors, such as
+_A_ are considered authentic. To authenticate, _C_, _D_, _E_, and _F_,
+we check the authorization invariant.
As always when it comes to establishing trust, distributing channel
introductions is very sensitive. The introduction of the official
@@ -200,7 +207,9 @@ manipulates branch heads on Savannah to have them point to
unrelated
commits (such as commits on an orphan branch that do not share any
history with the “official†branches), authentication will necessarily
fail as it stumbles upon the first unauthorized commit made by the
-attacker.
+attacker. In the figure above, the red branch with commits _G_ and _H_
+cannot be authenticated because it starts from _A_, which lacks
+`.guix-authorizations` and thus fails the authorization invariant.
That’s all for authentication! I’m glad you read this far. At this
point you can take a break or continue with the next section on how
@@ -235,7 +244,7 @@ Git parlance—just like `git pull` does, but compared to the
previously-deployed Guix. A fast-forward update is when the new commit
is a descendant of the current commit. Going back to the figure above,
going from commit _A_ to commit _F_ is a fast-forward update, but going
-from _F_ to _A_ or from _C_ to _E_ is not.
+from _F_ to _A_ or from _D_ to _E_ is not.
Not doing a fast-forward update would mean that the user is deploying an
older version of the Guix currently used, or deploying an unrelated
diff --git a/website/static/blog/img/commit-graph-intro.dot
b/website/static/blog/img/commit-graph-intro.dot
new file mode 100644
index 0000000..f3b48c2
--- /dev/null
+++ b/website/static/blog/img/commit-graph-intro.dot
@@ -0,0 +1,21 @@
+digraph "Grafts" {
+ A [ label = "A", shape = box, fontname = Helvetica, color="#22aa44" ];
+ B [ label = "B", shape = box, fontname = Helvetica, color="#22aa44",
+ style = bold, xlabel = "introductory commit" ];
+ C [ label = "C", shape = box, fontname = Helvetica, color="#22aa44" ];
+ D [ label = "D", shape = box, fontname = Helvetica, color="#22aa44" ];
+ E [ label = "E", shape = box, fontname = Helvetica, color="#22aa44" ];
+ F [ label = "F", shape = box, fontname = Helvetica, color="#22aa44" ];
+ G [ label = "G", shape = box, fontname = Helvetica, color="#22aa44",
+ style = filled, fillcolor = "#ddeedd", color = "#ff0000", fontcolor =
"#ff0000" ];
+ H [ label = "H", shape = box, fontname = Helvetica, color="#22aa44"
+ style = filled, fillcolor = "#ddeedd", color = "#ff0000", fontcolor =
"#ff0000" ];
+
+ B -> A [ color = orange ];
+ C -> B [ color = orange ];
+ D -> C [ color = orange ];
+ E -> C [ color = darkviolet ];
+ F -> E [ color = darkviolet ];
+ G -> A [ color = red ];
+ H -> G [ color = red ];
+}
diff --git a/website/static/blog/img/commit-graph-intro.svg
b/website/static/blog/img/commit-graph-intro.svg
new file mode 100644
index 0000000..c63c61a
--- /dev/null
+++ b/website/static/blog/img/commit-graph-intro.svg
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+ "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd";>
+<!-- Generated by graphviz version 2.42.3 (20191010.1750)
+ -->
+<!-- Title: Grafts Pages: 1 -->
+<svg width="276pt" height="332pt"
+ viewBox="0.00 0.00 276.00 332.00" xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";>
+<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 328)">
+<title>Grafts</title>
+<polygon fill="white" stroke="transparent" points="-4,4 -4,-328 272,-328 272,4
-4,4"/>
+<!-- A -->
+<g id="node1" class="node">
+<title>A</title>
+<polygon fill="none" stroke="#22aa44" points="232,-36 178,-36 178,0 232,0
232,-36"/>
+<text text-anchor="middle" x="205" y="-14.3"
font-family="Helvetica,sans-Serif" font-size="14.00">A</text>
+</g>
+<!-- B -->
+<g id="node2" class="node">
+<title>B</title>
+<polygon fill="none" stroke="#22aa44" stroke-width="2" points="196,-108
142,-108 142,-72 196,-72 196,-108"/>
+<text text-anchor="middle" x="169" y="-86.3"
font-family="Helvetica,sans-Serif" font-size="14.00">B</text>
+<text text-anchor="middle" x="71" y="-111.8"
font-family="Helvetica,sans-Serif" font-size="14.00">introductory commit</text>
+</g>
+<!-- B->A -->
+<g id="edge1" class="edge">
+<title>B->A</title>
+<path fill="none" stroke="orange" d="M177.9,-71.7C182,-63.73 186.95,-54.1
191.49,-45.26"/>
+<polygon fill="orange" stroke="orange" points="194.74,-46.6 196.2,-36.1
188.52,-43.4 194.74,-46.6"/>
+</g>
+<!-- C -->
+<g id="node3" class="node">
+<title>C</title>
+<polygon fill="none" stroke="#22aa44" points="196,-180 142,-180 142,-144
196,-144 196,-180"/>
+<text text-anchor="middle" x="169" y="-158.3"
font-family="Helvetica,sans-Serif" font-size="14.00">C</text>
+</g>
+<!-- C->B -->
+<g id="edge2" class="edge">
+<title>C->B</title>
+<path fill="none" stroke="orange" d="M169,-143.7C169,-135.98 169,-126.71
169,-118.11"/>
+<polygon fill="orange" stroke="orange" points="172.5,-118.1 169,-108.1
165.5,-118.1 172.5,-118.1"/>
+</g>
+<!-- D -->
+<g id="node4" class="node">
+<title>D</title>
+<polygon fill="none" stroke="#22aa44" points="160,-252 106,-252 106,-216
160,-216 160,-252"/>
+<text text-anchor="middle" x="133" y="-230.3"
font-family="Helvetica,sans-Serif" font-size="14.00">D</text>
+</g>
+<!-- D->C -->
+<g id="edge3" class="edge">
+<title>D->C</title>
+<path fill="none" stroke="orange" d="M141.9,-215.7C146,-207.73 150.95,-198.1
155.49,-189.26"/>
+<polygon fill="orange" stroke="orange" points="158.74,-190.6 160.2,-180.1
152.52,-187.4 158.74,-190.6"/>
+</g>
+<!-- E -->
+<g id="node5" class="node">
+<title>E</title>
+<polygon fill="none" stroke="#22aa44" points="232,-252 178,-252 178,-216
232,-216 232,-252"/>
+<text text-anchor="middle" x="205" y="-230.3"
font-family="Helvetica,sans-Serif" font-size="14.00">E</text>
+</g>
+<!-- E->C -->
+<g id="edge4" class="edge">
+<title>E->C</title>
+<path fill="none" stroke="darkviolet" d="M196.1,-215.7C192,-207.73
187.05,-198.1 182.51,-189.26"/>
+<polygon fill="darkviolet" stroke="darkviolet" points="185.48,-187.4
177.8,-180.1 179.26,-190.6 185.48,-187.4"/>
+</g>
+<!-- F -->
+<g id="node6" class="node">
+<title>F</title>
+<polygon fill="none" stroke="#22aa44" points="232,-324 178,-324 178,-288
232,-288 232,-324"/>
+<text text-anchor="middle" x="205" y="-302.3"
font-family="Helvetica,sans-Serif" font-size="14.00">F</text>
+</g>
+<!-- F->E -->
+<g id="edge5" class="edge">
+<title>F->E</title>
+<path fill="none" stroke="darkviolet" d="M205,-287.7C205,-279.98 205,-270.71
205,-262.11"/>
+<polygon fill="darkviolet" stroke="darkviolet" points="208.5,-262.1 205,-252.1
201.5,-262.1 208.5,-262.1"/>
+</g>
+<!-- G -->
+<g id="node7" class="node">
+<title>G</title>
+<polygon fill="#ddeedd" stroke="#ff0000" points="268,-108 214,-108 214,-72
268,-72 268,-108"/>
+<text text-anchor="middle" x="241" y="-86.3"
font-family="Helvetica,sans-Serif" font-size="14.00" fill="#ff0000">G</text>
+</g>
+<!-- G->A -->
+<g id="edge6" class="edge">
+<title>G->A</title>
+<path fill="none" stroke="red" d="M232.1,-71.7C228,-63.73 223.05,-54.1
218.51,-45.26"/>
+<polygon fill="red" stroke="red" points="221.48,-43.4 213.8,-36.1 215.26,-46.6
221.48,-43.4"/>
+</g>
+<!-- H -->
+<g id="node8" class="node">
+<title>H</title>
+<polygon fill="#ddeedd" stroke="#ff0000" points="268,-180 214,-180 214,-144
268,-144 268,-180"/>
+<text text-anchor="middle" x="241" y="-158.3"
font-family="Helvetica,sans-Serif" font-size="14.00" fill="#ff0000">H</text>
+</g>
+<!-- H->G -->
+<g id="edge7" class="edge">
+<title>H->G</title>
+<path fill="none" stroke="red" d="M241,-143.7C241,-135.98 241,-126.71
241,-118.11"/>
+<polygon fill="red" stroke="red" points="244.5,-118.1 241,-108.1 237.5,-118.1
244.5,-118.1"/>
+</g>
+</g>
+</svg>