bug#55399: guix system reconfigure fails on channel validation

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

From: "André Batista" <nandre@riseup.net>
To: 55399@debbugs.gnu.org
Subject: bug#55399: guix system reconfigure fails on channel validation
Date: Fri, 13 May 2022 12:21:27 -0300	[thread overview]
Message-ID: <Yn53d4GR+kohZh/b@andel> (raw)

Hello Guix!

Recently, I've not been able to reconfigure some of my guix systems
because guix fails to forward validate the commits in between the
current system deployment and the newer one. This appears to be
related to the new libgit2 version 1.4.3[1][2], which addressed CVE
2022-24765, since there was no change to the related guix routines
on the time lapse since the last deploy.

This is the error I'm getting:

$ sudo guix system --fallback -c 3 -M 3  reconfigure myconfig.scm
Backtrace:
          19 (primitive-load "/home/user/.config/guix/current/bin/g?")
In guix/ui.scm:
   2230:7 18 (run-guix . _)
  2193:10 17 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1752:10 16 (with-exception-handler _ _ #:unwind? _ # _)
In guix/status.scm:
    829:3 15 (_)
    809:4 14 (call-with-status-report _ _)
In guix/scripts/system.scm:
   1253:4 13 (_)
In ice-9/boot-9.scm:
  1752:10 12 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
   658:37 11 (thunk)
   1320:8 10 (call-with-build-handler #<procedure b445f18 at guix/u?> ?)
  2129:25  9 (run-with-store #<store-connection 256.99 b0934d8> _ # _ ?)
In guix/scripts/system.scm:
  1277:15  8 (_ _)
    819:5  7 (perform-action reconfigure #<<image> name: #f format:?> ?)
In guix/scripts/system/reconfigure.scm:
    345:3  6 (check-forward-update _ #:current-channels _)
In srfi/srfi-1.scm:
   691:23  5 (filter-map #<procedure ba4c460 at guix/scripts/syst?> . #)
In guix/scripts/system/reconfigure.scm:
   352:37  4 (_ #<<channel> name: guix url: "/src/guix.git" branch: ?>)
In guix/git.scm:
    469:7  3 (update-cached-checkout _ #:ref _ #:recursive? _ # _ # _ ?)
In git/bindings.scm:
     77:2  2 (raise-git-error _)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Git error: repository path '/src/guix.git/' is not owned by current user


-----

And these are the commits being compared:

$ guix system describe
Generation 214  May 06 2022 22:47:43    (current)
  file name: /var/guix/profiles/system-214-link
  canonical file name: /gnu/store/b0wrzz8sxqi9hywpqz29cm73l9adxjy9-system
  label: GNU with Linux-Libre-Atom 5.17.5
  bootloader: grub
  root device: label: "rootfs"
  kernel: /gnu/store/xmdskyk85sypr4wgf5iwg5iid08l4aiq-linux-libre-atom-5.17.5/bzImage
  channels:
    guix:
      repository URL: /src/guix.git
      branch: master
      commit: ee70ed5bf50e781a6a43985211aa763e28db62b9
  configuration file: /gnu/store/g653hksfz0iwnbpynaq2mx4nv7ayb7r7-configuration.scm


$ guix describe
Generation 200  May 12 2022 13:48:01    (current)
  guix a1cb645
    repository URL: /src/guix.git
    branch: master
    commit: a1cb645d83d085382eaf64f4c097642aa47c297a

Any thoughts?

1. https://github.com/libgit2/libgit2/blob/v1.4.3/docs/changelog.md
2. https://github.com/libgit2/libgit2/commit/0cc4a70db0942f65528f4877be14a6a987fe3c64
3. https://github.blog/2022-04-12-git-security-vulnerability-announced/

next             reply	other threads:[~2022-05-13 15:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-13 15:21 André Batista [this message]
2022-05-13 15:26 ` bug#55399: guix system reconfigure fails on channel validation Maxime Devos
2022-05-13 15:28 ` Maxime Devos
2022-05-18 17:38   ` bug#55399: Temporary fix André Batista
2022-05-23 14:18     ` bug#55399: guix system reconfigure fails on channel validation Ludovic Courtès
2022-05-24  1:44       ` André Batista
2022-05-24 23:44       ` André Batista
2023-02-03  3:48         ` André Batista
2022-08-28 10:44 ` Maxime Devos
2022-08-28 10:58 ` bug#55399: [PATCH 1/2] guix: Disable owner validation Maxime Devos
2022-08-28 10:58   ` bug#55399: [PATCH 2/2] gnu: guile-git: Add patches to support owner validation, and use libgit2@1.4.3 Maxime Devos
2022-08-28 11:02   ` bug#55399: [PATCH 1/2] guix: Disable owner validation Maxime Devos

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yn53d4GR+kohZh/b@andel \
    --to=nandre@riseup.net \
    --cc=55399@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).