bug#41604: guix pull impossible after rebasing a local repository

[zimoun <zimon.toutoune@gmail.com>]

Hi Ludo,

On Wed, 3 Jun 2020 at 17:14, Ludovic Courtès <ludo@gnu.org> wrote:

> >> (This can be overridden this by passing ‘--allow-downgrades’.)
> >
> > Does '--allow-downgrades' support unrelated git histories?  I tried that
> > flag and it did not work.
>
> It supports unrelated Git histories.  It could really be called
> ‘--allow-anything’ but I thought it’d be less descriptive.  :-)
>
> If you hit a problem with that, please report it (perhaps I just
> overlooked it in the other issue.)

I think it is not a bug and it is a feature* :-) but the behaviour has
changed for the commits which do not belong to the repo anymore.
That's why John has not seen the issue of his "rebase workflow"
before.

*feature: at least, it seems expected from what I understand of the code. :-)


Let remind the commit history.  Instead of create a channel file, I
directly use the raw repo, but it is the same for any channel (Git
repo).

--8<---------------cut here---------------start------------->8---
$ SRC=~/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq
$ git -C $SRC --no-pager log --oneline c873980d18^..8bd0b533b3
8bd0b533b3 gnu: libexif: Update to 0.6.22 [security fixes].
e451612602 gnu: libgphoto2: Update to 2.5.25.
9744cc7b46 pull: Protect against downgrade attacks.
872898f768 channels: 'latest-channel-instances' guards against
non-forward updates.
8d1d56578a git: 'update-cached-checkout' returns the commit relation.
9b049de84e channels: 'latest-channel-instances' doesn't leak internal state.
c098c11be8 git: Add 'commit-relation'.
86ac14b2f3 (HEAD -> master) gnu: protonvpn-cli: Tweak description.
c873980d18 gnu: Add protonvpn-cli.
--8<---------------cut here---------------end--------------->8---


Here, a first session from a commit before the "downgrade attacks"
commit.  A commit is added, then pulled, then rebased where this
addition is totally deleted of the Git repo, then another pulled.  No
error at all.

--8<---------------cut here---------------start------------->8---
$ guix describe
Generation 34    Jun 05 2020 02:16:22    (current)
  guix 86ac14b
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 86ac14b2f37efbb6f4a3ed1c3e183fbc9496b7a5

$ echo hello >> $SRC/README && git -C $SRC commit -am hello
[master 20e984e931] hello
 1 file changed, 1 insertion(+)

$ guix pull --commit=$(git -C $SRC rev-parse HEAD)
Updating channel 'guix' from Git repository at
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix      https://git.savannah.gnu.org/git/guix.git    20e984e
Computing Guix derivation for 'x86_64-linux'... /

$ guix describe
Generation 35    Jun 05 2020 02:32:43    (current)
  guix 20e984e
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 20e984e9311404295c9c82b54eac1c277709b0a0

$ git -C $SRC reset --hard HEAD^
HEAD is now at 86ac14b2f3 gnu: protonvpn-cli: Tweak description.

$ git -C $SRC reflog expire --expire-unreachable=now --all
$ git -C $SRC gc --prune=now --quiet

$ git -C $SRC show 20e984e9311404295c9c82b54eac1c277709b0a0
fatal: bad object 20e984e9311404295c9c82b54eac1c277709b0a0

$ guix pull --commit=c873980d18
Updating channel 'guix' from Git repository at
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix      https://git.savannah.gnu.org/git/guix.git    c873980
Computing Guix derivation for 'x86_64-linux'... /
--8<---------------cut here---------------end--------------->8---


Now the same session after the introduction of '--allow-downgrades'.

--8<---------------cut here---------------start------------->8---
$ guix describe
Generation 37    Jun 05 2020 01:28:52    (current)
  guix 8bd0b53
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 8bd0b533b30d7ee5e03aee99a2eb96d5b0b1c836

$ echo hello >> $SRC/README && git -C $SRC commit -am hello
[master 09f6e9b34c] hello
 1 file changed, 1 insertion(+)

$ guix pull --commit=$(git -C $SRC rev-parse HEAD)
Updating channel 'guix' from Git repository at
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix      https://git.savannah.gnu.org/git/guix.git    09f6e9b
Computing Guix derivation for 'x86_64-linux'... /

$ guix describe
Generation 38    Jun 05 2020 02:57:13    (current)
  guix 09f6e9b
    repository URL: https://git.savannah.gnu.org/git/guix.git
    commit: 09f6e9b34c6239bcdd8ca9e030d698b5244507a6

$ git -C $SRC reset --hard HEAD^
HEAD is now at 8bd0b533b3 gnu: libexif: Update to 0.6.22 [security fixes].

$ git -C $SRC reflog expire --expire-unreachable=now --all
$ git -C $SRC gc --prune=now --quiet
$ git -C $SRC show 09f6e9b34c6239bcdd8ca9e030d698b5244507a6
fatal: bad object 09f6e9b34c6239bcdd8ca9e030d698b5244507a6

$ guix pull --commit=e451612602 --allow-downgrades
Updating channel 'guix' from Git repository at
'https://git.savannah.gnu.org/git/guix.git'...
guix pull: error: Git error: object not found - no match for id
(09f6e9b34c6239bcdd8ca9e030d698b5244507a6)
--8<---------------cut here---------------end--------------->8---


Well, I admit it is an unexpected use-case.  The solution here is to
'--roll-back' but it can be tedious if we are talking about several
commits which had been removed in the channel by the user.  Therefore,
the best is to use "--list-generations" to find a generation with an
existing commit and switch to it with "guix pull
--switch-generation=NN".  However, some '--news' will be lost.  No
free lunch. ;-)

I do not think it will be worth to allow this kind of workflow but one
solution could be to add a flag, i.e., '--allow-downgrade=dangerous',
and bypass 'commit-relation' which is somehow the culprit here.

IMHO, it is better to document what to do when someone does a mistake
by removing the current commit where they is currently (describe).

WDYT?

All the best,
simon