From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8DgqIBB9fmIggQEAbAwnHQ (envelope-from ) for ; Fri, 13 May 2022 17:45:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id CNcPIBB9fmKSRQEAauVa8A (envelope-from ) for ; Fri, 13 May 2022 17:45:20 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 275C738DDA for ; Fri, 13 May 2022 17:45:20 +0200 (CEST) Received: from localhost ([::1]:45122 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1npX7J-00011d-Oc for larch@yhetil.org; Fri, 13 May 2022 11:22:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40938) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npX7C-00011V-5W for bug-guix@gnu.org; Fri, 13 May 2022 11:22:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50706) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1npX7B-0004mI-Sy for bug-guix@gnu.org; Fri, 13 May 2022 11:22:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1npX7B-0002cd-N0 for bug-guix@gnu.org; Fri, 13 May 2022 11:22:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#55399: guix system reconfigure fails on channel validation Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 13 May 2022 15:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55399 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 55399@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165245530810045 (code B ref -1); Fri, 13 May 2022 15:22:01 +0000 Received: (at submit) by debbugs.gnu.org; 13 May 2022 15:21:48 +0000 Received: from localhost ([127.0.0.1]:44603 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1npX6x-0002bw-RA for submit@debbugs.gnu.org; Fri, 13 May 2022 11:21:48 -0400 Received: from lists.gnu.org ([209.51.188.17]:54204) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1npX6w-0002bp-6z for submit@debbugs.gnu.org; Fri, 13 May 2022 11:21:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40810) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npX6w-00011H-26 for bug-guix@gnu.org; Fri, 13 May 2022 11:21:46 -0400 Received: from mx0.riseup.net ([198.252.153.6]:55370) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1npX6t-0004kl-MD for bug-guix@gnu.org; Fri, 13 May 2022 11:21:45 -0400 Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx0.riseup.net (Postfix) with ESMTPS id 4L0C6X3PV8z9s7f for ; Fri, 13 May 2022 08:21:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1652455300; bh=TMxbG2DvezrP8tFrRmR+pKDZpr+J8ZsAWihxQwEL6bE=; h=Date:From:To:Subject:From; b=YMf2cmxgV4RGFYTOunOe+nHWOG7piyvQDN/AK0tseiVCMzyfE2ZMCbhuhv5bd+v1e SXxA1DUbEymsD8qLE8usnjLK7XGs+j7cMwVQM9237MqBJLQWAJUVRaIJNrmC38fNjd NfegQob1J2JET9fEs3gmMvjdX4hGgZtbwk+hpdyI= X-Riseup-User-ID: A422B65AA728CA59D5DC920278E4FA4F43FAD4E46B87EAC9E1140F38A1AE7074 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews2.riseup.net (Postfix) with ESMTPSA id 4L0C6V5dk9z1yBZ for ; Fri, 13 May 2022 08:21:38 -0700 (PDT) Date: Fri, 13 May 2022 12:21:27 -0300 From: =?UTF-8?Q?Andr=C3=A9?= Batista Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@riseup.net; helo=mx0.riseup.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1652456720; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=ZuuP2um6WYy+yY3Rv1Imci9oXBZfySxvNNbZwPquIz8=; b=VCmsfFUcZxaHBi7pbyGqDOnkbuL2CampMrM8FTM8RcBbVQ7ZwlomS7UFSb7kR8pKcbkTEm Sm4rf/JaIEXiVBmzlaqDnwsrs5GszRjZcN+akOGSkUzTeNhzOVLjUUrKid57GmABjw6e3m 9CM2h6qLuGWwz8WBx/hndp5LJI2mETdZAucVmFCpO6d3FCgjjk1xP8rFRThG+NjTPhAxdW YUN3HVOP/hzvjUGzkpdzthvQMFNdidlnqKt0ylHuqde9R3Ds7cbqgt3I+2jJIyqW6xlaOS Je7ETUZEv5vActsRyFkJuRSH8Vz9eDhs8lpn8lj3SQqEAHTRZvHTCVYx3jniag== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1652456720; a=rsa-sha256; cv=none; b=Nj4sum62LhkpbHBPieLh0WZjgUQGjlifG8a163PrDfsUin6+Qg1RrdCuTmoRCVv9XPJKD5 FAuZ25l8Ad1PnZBwpJ3MonU2mJgEDfO1p4yFXPMBThcf0eOSqKXMswefTeNfvBZb8GRstz JcimVa2Prqtld83udNYSGVTLEahCFp9mjfTMPO/pn5wQ9mrhJLk5rfPd+3t7gO8cK3no6q Fk+69xnTeSWZDgJtXLUpIBhGZWjMYrtINQuw1rk3JKl6EKZRuiNZB6M02oxnq15WVCiu+9 AmsCd5o7mtRuYeJSDTqdZkAWYY5oRtN2S/MSkwmErNmfA/mMz8fwmxUVJpOGrA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=YMf2cmxg; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 5.27 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=YMf2cmxg; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 275C738DDA X-Spam-Score: 5.27 X-Migadu-Scanner: scn0.migadu.com X-TUID: WNIsBMVhIhVP Hello Guix! Recently, I've not been able to reconfigure some of my guix systems because guix fails to forward validate the commits in between the current system deployment and the newer one. This appears to be related to the new libgit2 version 1.4.3[1][2], which addressed CVE 2022-24765, since there was no change to the related guix routines on the time lapse since the last deploy. This is the error I'm getting: $ sudo guix system --fallback -c 3 -M 3 reconfigure myconfig.scm Backtrace: 19 (primitive-load "/home/user/.config/guix/current/bin/g?") In guix/ui.scm: 2230:7 18 (run-guix . _) 2193:10 17 (run-guix-command _ . _) In ice-9/boot-9.scm: 1752:10 16 (with-exception-handler _ _ #:unwind? _ # _) In guix/status.scm: 829:3 15 (_) 809:4 14 (call-with-status-report _ _) In guix/scripts/system.scm: 1253:4 13 (_) In ice-9/boot-9.scm: 1752:10 12 (with-exception-handler _ _ #:unwind? _ # _) In guix/store.scm: 658:37 11 (thunk) 1320:8 10 (call-with-build-handler # ?) 2129:25 9 (run-with-store # _ # _ ?) In guix/scripts/system.scm: 1277:15 8 (_ _) 819:5 7 (perform-action reconfigure #< name: #f format:?> ?) In guix/scripts/system/reconfigure.scm: 345:3 6 (check-forward-update _ #:current-channels _) In srfi/srfi-1.scm: 691:23 5 (filter-map # . #) In guix/scripts/system/reconfigure.scm: 352:37 4 (_ #< name: guix url: "/src/guix.git" branch: ?>) In guix/git.scm: 469:7 3 (update-cached-checkout _ #:ref _ #:recursive? _ # _ # _ ?) In git/bindings.scm: 77:2 2 (raise-git-error _) In ice-9/boot-9.scm: 1685:16 1 (raise-exception _ #:continuable? _) 1685:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1685:16: In procedure raise-exception: Git error: repository path '/src/guix.git/' is not owned by current user ----- And these are the commits being compared: $ guix system describe Generation 214 May 06 2022 22:47:43 (current) file name: /var/guix/profiles/system-214-link canonical file name: /gnu/store/b0wrzz8sxqi9hywpqz29cm73l9adxjy9-system label: GNU with Linux-Libre-Atom 5.17.5 bootloader: grub root device: label: "rootfs" kernel: /gnu/store/xmdskyk85sypr4wgf5iwg5iid08l4aiq-linux-libre-atom-5.17.5/bzImage channels: guix: repository URL: /src/guix.git branch: master commit: ee70ed5bf50e781a6a43985211aa763e28db62b9 configuration file: /gnu/store/g653hksfz0iwnbpynaq2mx4nv7ayb7r7-configuration.scm $ guix describe Generation 200 May 12 2022 13:48:01 (current) guix a1cb645 repository URL: /src/guix.git branch: master commit: a1cb645d83d085382eaf64f4c097642aa47c297a Any thoughts? 1. https://github.com/libgit2/libgit2/blob/v1.4.3/docs/changelog.md 2. https://github.com/libgit2/libgit2/commit/0cc4a70db0942f65528f4877be14a6a987fe3c64 3. https://github.blog/2022-04-12-git-security-vulnerability-announced/