unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#71153: [PATCH] gnu: Validate substitute URLs for guix service.
@ 2024-05-23 22:33 Antero Mejr
  2024-05-24 14:19 ` Richard Sent
  0 siblings, 1 reply; 3+ messages in thread
From: Antero Mejr @ 2024-05-23 22:33 UTC (permalink / raw)
  To: 71153


* gnu/services/base.scm (guix-service-type): Validate `substitute-urls' field.

Change-Id: I11ed74304ab02ae550db5479be9f02601857f294
---
If you forget to write "https://" when specifying a substitute URL in
guix-configuration, the system will end up in a bad state where any
`guix pull` or `guix reconfigure` operation immediately fail. It's
difficult to fix, so validate the field to avoid the problem.

 gnu/services/base.scm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3ab..da26b86c83 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -99,6 +99,7 @@ (define-module (gnu services base)
   #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
   #:use-module (ice-9 format)
+  #:use-module (web uri)
   #:re-export (user-processes-service-type        ;backwards compatibility
                %default-substitute-urls)
   #:export (fstab-service-type
@@ -2075,6 +2076,11 @@ (define (guix-extension-merge a b)
    (chroot-directories (append (guix-extension-chroot-directories a)
                                (guix-extension-chroot-directories b)))))
 
+(define (validate-substitute-url url-str)
+  (if (string->uri url-str)
+      url-str
+      (error "Not a valid substitute URL: " url-str)))
+
 (define guix-service-type
   (service-type
    (name 'guix)
@@ -2093,8 +2099,10 @@ (define guix-service-type
               (inherit config)
               (authorized-keys (append (guix-extension-authorized-keys extension)
                                        (guix-configuration-authorized-keys config)))
-              (substitute-urls (append (guix-extension-substitute-urls extension)
-                                       (guix-configuration-substitute-urls config)))
+              (substitute-urls
+               (map validate-substitute-url
+                    (append (guix-extension-substitute-urls extension)
+                            (guix-configuration-substitute-urls config))))
               (build-machines
                (and (or (guix-configuration-build-machines config)
                         (pair? (guix-extension-build-machines extension)))

base-commit: 9901416233867233192b63fde7f616751127b189
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 3+ messages in thread

* bug#71153: [PATCH] gnu: Validate substitute URLs for guix service.
  2024-05-23 22:33 bug#71153: [PATCH] gnu: Validate substitute URLs for guix service Antero Mejr
@ 2024-05-24 14:19 ` Richard Sent
  2024-05-24 18:26   ` Antero Mejr
  0 siblings, 1 reply; 3+ messages in thread
From: Richard Sent @ 2024-05-24 14:19 UTC (permalink / raw)
  To: Antero Mejr; +Cc: 71153

Antero Mejr <mail@antr.me> writes:

> +(define (validate-substitute-url url-str)
> +  (if (string->uri url-str)
> +      url-str
> +      (error "Not a valid substitute URL: " url-str)))
> +

> +              (substitute-urls
> +               (map validate-substitute-url
> +                    (append (guix-extension-substitute-urls extension)
> +                            (guix-configuration-substitute-urls config))))

Should we instead create a validate-substitute-urls and use that as a
sanitizer for the guix-extension and guix-configuration records? This
would catch errors during record creation instead of service creation,
as well as still perform validation if anything else does or will use
those records in the future.

-- 
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.




^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#71153: [PATCH] gnu: Validate substitute URLs for guix service.
  2024-05-24 14:19 ` Richard Sent
@ 2024-05-24 18:26   ` Antero Mejr
  0 siblings, 0 replies; 3+ messages in thread
From: Antero Mejr @ 2024-05-24 18:26 UTC (permalink / raw)
  To: Richard Sent; +Cc: 71153

Richard Sent <richard@freakingpenguin.com> writes:

> Should we instead create a validate-substitute-urls and use that as a
> sanitizer for the guix-extension and guix-configuration records? This
> would catch errors during record creation instead of service creation,
> as well as still perform validation if anything else does or will use
> those records in the future.

The problem mentioned in the initial patch only occurs when the invalid
URLs are used in the Guix service type. Having them in the record isn't
a problem. I don't there there is a major difference in where the
validation occurs though.




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-05-24 18:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-23 22:33 bug#71153: [PATCH] gnu: Validate substitute URLs for guix service Antero Mejr
2024-05-24 14:19 ` Richard Sent
2024-05-24 18:26   ` Antero Mejr

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).