P345 - Sicherheit 2024 - Sicherheit, Schutz und Zuverlässigkeit
Auflistung P345 - Sicherheit 2024 - Sicherheit, Schutz und Zuverlässigkeit nach Schlagwort "Arch Linux"
1 - 1 von 1
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragReproducible Builds and Insights from an Independent Verifier for Arch Linux(Sicherheit 2024, 2024) Drexel, Joshua; Hänggi, Esther; Veiga, Iyán MéndezSupply chain attacks have emerged as a prominent cybersecurity threat in recent years. Reproducible and bootstrappable builds have the potential to reduce such attacks significantly. In combination with independent, exhaustive and periodic source code audits, these measures can effectively eradicate compromises in the building process. In this paper we introduce both concepts, we analyze the achievements over the last ten years and explain the remaining challenges. We contribute to the reproducible builds effort by setting up a rebuilder and verifier instance to test the reproducibility of Arch Linux packages. Using the results from this instance, we uncover an unnoticed and security-relevant packaging issue affecting 16 packages related to Certbot, the recommended software to install TLS certificates from Let’s Encrypt, making them unreproducible. Additionally, we find the root cause of unreproduciblity in the source code of fwupd, a critical software used to update device firmware on Linux devices, and submit an upstream patch to fix it.