Hi,
On Thu, 2021-08-05 at 12:54 -0400, Frank Ch. Eigler wrote:
> > I like the verbose http header output, but wish it was done earlier
> > instead of after the download. Maybe when we commit to an url, if
> > the
> > info is available then.
>
> What do you mean "done"? Printed?
Yes, since the actual download might take a bit, it is nice to see the
headers at the moment we commit to a server/download. aka here in the
source:
if (vfd >= 0 && !verbose_reported && committed_to >= 0)
{
bool pnl = (c->default_progressfn_printed_p && vfd == STDERR_FILENO);
dprintf (vfd, "%scommitted to url %d\n", pnl ? "\n" : "",
committed_to);
if (pnl)
c->default_progressfn_printed_p = 0;
verbose_reported = true;
}
Assuming we have the headers at that point of course.
Otherwise right after that when they become available (this is inside
the download loop).
> > The new X-FILE and X-ARCHIVE headers also seem useful.
> > One question about X-FILE, if it doesn't come from an archive, does
> > it
> > leak a file system path that might be "secret" on the server?
>
> Perhaps kind of sort of ... but since source files for such buildids
> are resolved only against the host filesystem, those same names will
> be there in all their glory in the DWARF. My guess is that public
> servers that care about such configuration privacy will be
> exclusively
> archive based.
Yeah, you are right, the DWARF debug files themselves already "expose"
those paths.
> > Why is X-FILE-SIZE != Content-Length ?
>
> Because Content-Length can be shorter due to compression
> transfer-encoding. It's the file size that governs local storage &
> DEBUGINFOD_MAXSIZE interaction.
Ah, of course, then it is indeed useful to have both headers.
> > I am less enthusiastic about the new
> > debuginfod_get_response_headers
> > interface. It seems not as useful since it only works if we haven't
> > already (negatively) cached the file and it is very free-form, do
> > we
> > guarantee any headers are there?
>
> Naturally we can't guarantee any headers, because they are at the
> pleasure of the server.
>
> > Could you provide a user story where this is used?
>
> Not really, beyond just printing the things for information purposes,
> but not wanting the whole DEBUGINFOD_VERBOSE=1 firehose. In the mid
> term, it could help systemd-coredumpctl type tools map buildids to
> actual distro artifact names, and enable paranoid
> federation/buildtree/checking type measures (where we may want to
> spot-check servers that buildids haven't been hijacked). Vague but I
> think there's something there.
Yes, I do think there is something there, but imho it is too vague and
fragile to be useful as is, especially since it depends on what is in
the cache.
> > Maybe this interface is more useful if it was done as a new active
> > query type (the HEAD query you mention in the commit message)?
>
> That in turn would require THREE new API functions or a stateful
> set_HEAD_mode_and_return_dev_null one and modifying the three main
> lookup functions.
Yes, it definitely is more work.
Cheers,
Mark
