Startsida Utforska Hjälp
Logga in
maximed
/
guix-gnunet
Bevaka 2
Stjärnmärk 2
Fork 0
Filer Ärenden 7 Pull-förfrågningar 0 Wiki
Gren: wip-gnunet
Grenar Taggar
guix-gnunet
/
gnunet
/
README

README 4.2 KB
Permalänk Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. Copyright © 2020 Maxime Devos <maxime.devos@student.kuleuven.be>
    2. 

  2. This file is part of rehash.
    3. 

  3. 

  4. rehash is free software; you can redistribute it and/or modify it
    5. 

  5. under the terms of the GNU General Public License as published by
    6. 

  6. the Free Software Foundation; either version 3 of the License, or (at
    7. 

  7. your option) any later version.
    8. 

  8. 

  9. rehash is distributed in the hope that it will be useful, but
    10. 

  10. WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. GNU General Public License for more details.
    13. 

  13. 

  14. You should have received a copy of the GNU General Public License
    15. 

  15. along with rehash.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. * What is rehash?
    18. 

  18. 

  19. rehash is a GNUnet service for mapping a hash of one type o
    20. 

  20. a corresponding hash of another via the DHT.  A program
    21. 

  21. can insert hash->hash mappings into the rehash service,
    22. 

  22. which then are stored locally and pushed onto the network.
    23. 

  23. Another program, possibly on another peer, could then look
    24. 

  24. up a hash by one type and find a hash of another.
    25. 

  25. 

  26. TODO: implement content pushing
    27. 

  27. 

  28. * How to use?
    29. 

  29. 

  30. The following components are planned:
    31. 

  31. 

  32. - a C implementation
    33. 

  33. - a Scheme binding to the C implementation
    34. 

  34. - a nice guile-fibers binding to the former
    35. 

  35. - a REST API
    36. 

  36.   (should be less problematic to include in Guix
    37. 

  37.   than depending on GNUnet)
    38. 

  38. - a web demo
    39. 

  39. 

  40. * Limitations
    41. 

  41. 

  42. Any hash->hash mappings found in this manner can of course
    43. 

  43. not be guaranteed to be correct (^), so don't forget to verify
    44. 

  44. the found mapping, and if it turns out to be incorrect,
    45. 

  45. don't forget to tell that to the rehash service, to prevent
    46. 

  46. further propagation of bad mappings.
    47. 

  47. 

  48. TODO: implement this
    49. 

  49. 

  50. (^) An evil peer could spam incorrect hash->hash mappings.
    51. 

  51. 

  52. * Limitations to limitations
    53. 

  53. 

  54. TODO locally delete old mappings if a good mapping becomes known.
    55. 

  55. TODO work out the mathematics on how effective an attacker could be
    56. 

  56. TODO work out countermeasures
    57. 

  57. 

  58. I don't think evil peers will be a large-scale problem in practice
    59. 

  59. (what would be the point?), although targeted denial-of-service by
    60. 

  60. spamming attacks would be possible I guess.
    61. 

  61. 

  62. * For what would this be useful?
    63. 

  63. 

  64. This service was written for use in guix-gnunet, an experimental
    65. 

  65. fork of guix for integrating GNUnet in Guix. More specifically, for
    66. 

  66. finding substitutes over GNUnet (including sources, which usually are
    67. 

  67. fixed-output derivations).
    68. 

  68. 

  69. In the case of sources (or more technically correct, any fixed-output
    70. 

  70. derivation), its nix (?) hash is known, but this hash isn't directly
    71. 

  71. useful for downloading the source over the GNUnet file-sharing system,
    72. 

  72. which has its own directory format and (presumably? (*)) splits
    73. 

  73. (large) files in some tree structure and hashes this tree recursively
    74. 

  74. (or something (*)). The rehash service allows for converting
    75. 

  75. between hash types (for some value of unreliable).
    76. 

  76. 

  77. In case of variable-output derivations, some authorised substitute
    78. 

  78. server still needs to publish signed narinfos. The local Guix
    79. 

  79. could then try to ‘convert’ the nix (?) hash in the narinfo to an
    80. 

  80. appropriate GNUnet hash, and try to download the substitute over
    81. 

  81. GNUnet.
    82. 

  82. 

  83. (*) TODO verify with the ECRS paper.
    84. 

  84. 

  85. * A path not taken: embedding the GNUnet hash in the narinfo
    86. 

  86. 

  87. This is what the wip-ipfs-substitutes patch does (*2). However,
    88. 

  88. GNUnet isn't quite stable yet (but it's getting better,
    89. 

  89. for some protocols informational RFCs are written / have been
    90. 

  90. written / have received feedback / etc.), so it seems unreasonable
    91. 

  91. for the upstream substitute servers to include GNUnet hashes
    92. 

  92. anytime soon.
    93. 

  93. 

  94. If GNUnet (or at least its file-sharing protocols)  is stable enough,
    95. 

  95. this will probably be implemented, to avoid bad mappings.
    96. 

  96. 

  97. (Note: generating GNUnet hashes doesn't quite require the full
    98. 

  98. stack, and could be done fully in Scheme without too much trouble.
    99. 

  99. See (*3) for a suspended work-in-progress.)
    100. 

  100. 

  101. (*2) https://issues.guix.gnu.org/33899
    102. 

  102. (*3) https://notabug.org/mdevos/scheme-gnunet
    103. 

  103. 

  104. * Another path not taken: embedding the GNUnet hash in the origin specification
    105. 

  105. 

  106. Advantage: no incorrect hashes
    107. 

  107. Disadvantage: all origins would need to be updated, not very useful
    108. 

  108. for variable-output derivations (e.g. packages), whose inputs can change.
    109. 

  109. 

  110. This may still be implemented if GNUnet becomes stable and popular enough,
    111. 

  111. but its applicability is limited.
    112.