From: "Ludovic Courtès" <ludo@gnu.org>
To: 22883@debbugs.gnu.org
Subject: bug#22883: [PATCH 8/9] pull: Add '--disable-authentication'.
Date: Mon, 8 Jun 2020 23:54:14 +0200 [thread overview]
Message-ID: <20200608215415.2871-8-ludo@gnu.org> (raw)
In-Reply-To: <20200608215415.2871-1-ludo@gnu.org>
* guix/channels.scm (latest-channel-instance): Add #:authenticate? and
honor it.
(latest-channel-instances): Likewise.
* guix/scripts/pull.scm (%default-options): Add 'authenticate-channels?'.
(show-help, %options): Add '--disable-authentication'.
(guix-pull): Pass #:authenticate? to 'latest-channel-instances'.
* doc/guix.texi (Invoking guix pull): Document it.
---
doc/guix.texi | 14 ++++++++++++++
guix/channels.scm | 25 +++++++++++++++++--------
guix/scripts/pull.scm | 14 ++++++++++++--
3 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 6fcb47970b..8131b3bf0d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3927,6 +3927,20 @@ Make sure you understand its security implications before using
@option{--allow-downgrades}.
@end quotation
+@item --disable-authentication
+Allow pulling channel code without authenticating it.
+
+@cindex authentication, of channel code
+By default, @command{guix pull} authenticates code downloaded from
+channels by verifying that its commits are signed by authorized
+developers, and raises an error if this is not the case. This option
+instructs it to not perform any such verification.
+
+@quotation Note
+Make sure you understand its security implications before using
+@option{--disable-authentication}.
+@end quotation
+
@item --system=@var{system}
@itemx -s @var{system}
Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of
diff --git a/guix/channels.scm b/guix/channels.scm
index 43ddff6f7c..9e6adda5e9 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -391,11 +391,12 @@ commits ~a to ~a (~h new commits)...~%")
(define* (latest-channel-instance store channel
#:key (patches %patches)
starting-commit
+ (authenticate? #f)
(validate-pull
ensure-forward-channel-update))
"Return the latest channel instance for CHANNEL. When STARTING-COMMIT is
true, call VALIDATE-PULL with CHANNEL, STARTING-COMMIT, the target commit, and
-their relation."
+their relation. When AUTHENTICATE? is false, CHANNEL is not authenticated."
(define (dot-git? file stat)
(and (string=? (basename file) ".git")
(eq? 'directory (stat:type stat))))
@@ -409,13 +410,15 @@ their relation."
(when relation
(validate-pull channel starting-commit commit relation))
- (if (channel-introduction channel)
- (authenticate-channel channel checkout commit)
- ;; TODO: Warn for all the channels once the authentication interface
- ;; is public.
- (when (guix-channel? channel)
- (warning (G_ "the code of channel '~a' cannot be authenticated~%")
- (channel-name channel))))
+ (if authenticate?
+ (if (channel-introduction channel)
+ (authenticate-channel channel checkout commit)
+ ;; TODO: Warn for all the channels once the authentication interface
+ ;; is public.
+ (when (guix-channel? channel)
+ (warning (G_ "the code of channel '~a' cannot be authenticated~%")
+ (channel-name channel))))
+ (warning (G_ "channel authentication disabled~%")))
(when (guix-channel? channel)
;; Apply the relevant subset of PATCHES directly in CHECKOUT. This is
@@ -463,11 +466,15 @@ allow non-forward updates."))))))))))
(define* (latest-channel-instances store channels
#:key
(current-channels '())
+ (authenticate? #t)
(validate-pull
ensure-forward-channel-update))
"Return a list of channel instances corresponding to the latest checkouts of
CHANNELS and the channels on which they depend.
+When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a
+\"channel introduction\".
+
CURRENT-CHANNELS is the list of currently used channels. It is compared
against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called
for each channel update and can choose to emit warnings or raise an error,
@@ -505,6 +512,8 @@ depending on the policy it implements."
(let* ((current (current-commit (channel-name channel)))
(instance
(latest-channel-instance store channel
+ #:authenticate?
+ authenticate?
#:validate-pull
validate-pull
#:starting-commit
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index d3d0d2bd64..f953957161 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -82,6 +82,7 @@
(graft? . #t)
(debug . 0)
(verbosity . 1)
+ (authenticate-channels? . #t)
(validate-pull . ,ensure-forward-channel-update)))
(define (show-help)
@@ -97,6 +98,9 @@ Download and deploy the latest version of Guix.\n"))
--branch=BRANCH download the tip of the specified BRANCH"))
(display (G_ "
--allow-downgrades allow downgrades to earlier channel revisions"))
+ (display (G_ "
+ --disable-authentication
+ disable channel authentication"))
(display (G_ "
-N, --news display news compared to the previous generation"))
(display (G_ "
@@ -165,6 +169,9 @@ Download and deploy the latest version of Guix.\n"))
(lambda (opt name arg result)
(alist-cons 'validate-pull warn-about-backward-updates
result)))
+ (option '("disable-authentication") #f #f
+ (lambda (opt name arg result)
+ (alist-cons 'authenticate-channels? #f result)))
(option '(#\p "profile") #t #f
(lambda (opt name arg result)
(alist-cons 'profile (canonicalize-profile arg)
@@ -771,7 +778,8 @@ Use '~/.config/guix/channels.scm' instead."))
(channels (channel-list opts))
(profile (or (assoc-ref opts 'profile) %current-profile))
(current-channels (profile-channels profile))
- (validate-pull (assoc-ref opts 'validate-pull)))
+ (validate-pull (assoc-ref opts 'validate-pull))
+ (authenticate? (assoc-ref opts 'authenticate-channels?)))
(cond ((assoc-ref opts 'query)
(process-query opts profile))
((assoc-ref opts 'generation)
@@ -793,7 +801,9 @@ Use '~/.config/guix/channels.scm' instead."))
#:current-channels
current-channels
#:validate-pull
- validate-pull)))
+ validate-pull
+ #:authenticate?
+ authenticate?)))
(format (current-error-port)
(N_ "Building from this channel:~%"
"Building from these channels:~%"
--
2.26.2
next prev parent reply other threads:[~2020-06-08 21:55 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-02 18:03 bug#22883: Trustable "guix pull" Christopher Allan Webber
2016-03-02 19:26 ` Leo Famulari
2016-03-02 21:07 ` Christopher Allan Webber
2016-04-25 22:25 ` Ludovic Courtès
2016-04-26 0:13 ` Leo Famulari
2016-04-26 0:17 ` Thompson, David
2016-04-26 7:12 ` Ludovic Courtès
2016-04-30 4:43 ` Mike Gerwitz
2016-06-03 16:12 ` bug#22883: Authenticating a Git checkout Ludovic Courtès
2016-06-03 20:17 ` Leo Famulari
2016-06-04 11:04 ` Ludovic Courtès
2016-06-04 4:24 ` Mike Gerwitz
2016-06-04 11:17 ` Ludovic Courtès
2016-06-04 12:45 ` ng0
2016-06-06 12:20 ` ng0
2016-06-04 16:14 ` Mike Gerwitz
2016-06-05 20:39 ` Christopher Allan Webber
2016-06-05 21:15 ` Leo Famulari
2016-06-06 2:41 ` Mike Gerwitz
2016-06-06 7:01 ` Ludovic Courtès
2016-07-22 8:22 ` Ludovic Courtès
2016-07-22 12:58 ` Thompson, David
2016-07-22 13:58 ` Ludovic Courtès
2017-10-24 23:30 ` Ludovic Courtès
2019-12-27 19:48 ` Ricardo Wurmus
2019-12-28 14:47 ` Ludovic Courtès
2019-12-28 16:05 ` Ricardo Wurmus
2019-12-28 17:45 ` Ludovic Courtès
2020-04-30 15:32 ` Ludovic Courtès
2020-05-01 15:46 ` Justus Winter
2020-05-01 16:50 ` Ludovic Courtès
2020-05-01 17:04 ` Ludovic Courtès
2020-05-19 20:23 ` Ludovic Courtès
2020-06-01 14:07 ` bug#22883: Channel introductions Ludovic Courtès
2020-06-02 23:45 ` zimoun
2020-06-03 9:50 ` Ludovic Courtès
2020-06-03 16:20 ` zimoun
2020-06-04 9:55 ` Ludovic Courtès
2020-05-01 17:20 ` bug#22883: Authenticating a Git checkout Ludovic Courtès
2020-05-02 22:02 ` Ludovic Courtès
2020-05-04 8:03 ` Ludovic Courtès
2016-06-01 16:47 ` bug#22883: Discussion of TUF in the context of Git checkout authentication Ludovic Courtès
2016-05-15 12:40 ` bug#22883: Trustable "guix pull" fluxboks
2016-05-16 17:55 ` Thompson, David
2016-05-17 21:19 ` Ludovic Courtès
2016-06-04 16:19 ` Werner Koch
2016-06-04 22:27 ` Ludovic Courtès
2016-06-05 7:51 ` Werner Koch
2016-06-06 21:01 ` Leo Famulari
2016-06-07 8:08 ` bug#22883: gpg2 vs. gpg Ludovic Courtès
2016-06-07 11:25 ` Werner Koch
2016-06-07 12:58 ` ng0
2016-06-05 1:43 ` bug#22883: Trustable "guix pull" Mike Gerwitz
2018-08-28 19:56 ` Vagrant Cascadian
2018-09-02 16:05 ` Ludovic Courtès
2018-09-02 17:15 ` Vagrant Cascadian
2018-09-02 20:07 ` Ludovic Courtès
2019-12-20 22:11 ` bug#22883: Authenticating Git checkouts: step #1 Ludovic Courtès
[not found] ` <87mubmodfb.fsf_-_@gnu.org>
2019-12-21 1:33 ` zimoun
2019-12-27 12:58 ` Ludovic Courtès
[not found] ` <87eewqgc1v.fsf@gnu.org>
2019-12-27 20:47 ` Ricardo Wurmus
[not found] ` <87o8vto5rl.fsf@elephly.net>
2019-12-29 2:45 ` Vagrant Cascadian
[not found] ` <87a77bzw6p.fsf@yucca>
2019-12-29 7:34 ` Efraim Flashner
2019-12-30 21:29 ` Ludovic Courtès
2019-12-31 19:16 ` Jakub Kądziołka
2020-01-08 13:30 ` Ludovic Courtès
2020-06-02 13:49 ` bug#22883: Authenticating a Git checkout John Soo
2020-06-03 9:33 ` Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 2/9] git-authenticate: 'authenticate-commits' takes a #:keyring parameter Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 3/9] tests: Move OpenPGP helpers to (guix tests gnupg) Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 4/9] channels: 'latest-channel-instance' authenticates Git checkouts Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 5/9] channels: Make 'validate-pull' call right after clone/pull Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 6/9] .guix-channel: Add 'keyring-reference' Ludovic Courtès
2020-06-08 21:54 ` bug#22883: [PATCH 7/9] channels: Automatically add introduction for the official 'guix' channel Ludovic Courtès
2020-06-08 21:54 ` Ludovic Courtès [this message]
2020-06-08 21:54 ` bug#22883: [PATCH 9/9] DROP? channels: Add prehistorical authorizations to <channel-introduction> Ludovic Courtès
2020-06-08 22:04 ` bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608215415.2871-8-ludo@gnu.org \
--to=ludo@gnu.org \
--cc=22883@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).