From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id WApBBw0u/GRwKgAA9RJhRA:P1 (envelope-from ) for ; Sat, 09 Sep 2023 10:34:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id WApBBw0u/GRwKgAA9RJhRA (envelope-from ) for ; Sat, 09 Sep 2023 10:34:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C6533458A3 for ; Sat, 9 Sep 2023 10:34:20 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=jpoiret.xyz header.s=dkim header.b=e9nKhoZs; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=jpoiret.xyz ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1694248461; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=z5dHzfqEuloRw/rhWzoZK7adxypY3h+e6rV5d0RdwZo=; b=lCckpJcWvSIq5QrVgF989VRagA3p9gqV4tf1f7huZfR46uoIBZndeTx8VmAuim6d5vyFf5 jyqTxYQrZPd+bTeA4KbLtAnxXe5rJyen3z/q7nA/HpG5e8f+qLK98LOUTdP8/EwA3mmNii 7KrumAbRhgHazwk6aBNheWhRrdFrXOvYDpgC3FgM17D/rrYBnMMIcs42VOICibDoqbOdhe wRiqMr9ZKHySHQ5baBta471BFN+DbDqWUpDvCQ0h5Rn2gbKSKDE0D3WgnYBUnD/5E7JoAG VOSn6jnOhXlD4JtwoCO/xFXym05+Gk/1SmvGh8aEg2EuKUe56PRZgbIK2sGMyQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1694248461; a=rsa-sha256; cv=none; b=BINOiGGOlBJa3+0qcFM6M4TQRAO0+/RSTqcwujY6Tb25iOvnKF+pqCgd9iXcDhvgLgasDs EMc6tI4iSZwfELDF4l1ZbCSVYloDkUZeBI9WW8XwhRaAV+9LdcORJ4DFdQsPTbO1toDiUT VevPR/sjONrEDQHteDRID/bv0a7GFbOTJoXUrTu3HNvaqYNxIbv/G6hdyyr16dkgiRWCbg N9gq0if8h5vXrg962BI7llgEMBlbxnwztYMbJZCJ3CqHjEo1xFD8p0841N6Ej7eW8SPxkO 4U8Zi5Xx+DvhBauZP6Mz1t6h4OCDYW37kNeplCIz5ohbIlFNipbhTwxuTIXLcw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=jpoiret.xyz header.s=dkim header.b=e9nKhoZs; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=reject) header.from=jpoiret.xyz Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qetPL-0006Jk-SP; Sat, 09 Sep 2023 04:33:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qetPJ-0006JP-Rs for guix-devel@gnu.org; Sat, 09 Sep 2023 04:33:33 -0400 Received: from jpoiret.xyz ([206.189.101.64]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qetPH-0008J0-9G for guix-devel@gnu.org; Sat, 09 Sep 2023 04:33:33 -0400 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 78A12185422; Sat, 9 Sep 2023 08:33:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1694248409; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=z5dHzfqEuloRw/rhWzoZK7adxypY3h+e6rV5d0RdwZo=; b=e9nKhoZshVYXs8iKgko3uiCS3b7MnxHd1CCOrHziQDUHDl0+vNAs667F6ONhXxBrZWhmLp pqvb9Uw1Wd0r1JYdfUCuQgQ46pWCysvzI695Y3DmMX0AZSGFxsj6yqWvS7EW06kno6Fn3j jPKh/Pu6UxnhInk1zTM00dt2fE8YxQI7NvYYxYuRIcdxcsMUiSJKhdZ62RCmdbSzVblU5q pXa5GMAwfLPs8Q7tMuiiWXIH6slmpcztvFyNnpJs82rIi35VcFLDExPUc6MUcAc3eAFFig jg3NZJ8vCu4op+cMKM8Ky34KO1fiyyef0Z/M0E7Velc2F1QvaKcWmcX017A6EQ== From: Josselin Poiret To: wolf , Wojtek Kosior Cc: Simon Tournier , Nicolas =?utf-8?Q?D=C3=A9bo?= =?utf-8?Q?nnaire?= , guix-devel@gnu.org Subject: Re: Building from git In-Reply-To: References: <87ledikx1u.fsf@gmail.com> <87ledht4he.fsf@jpoiret.xyz> <20230908114756.61b28cf2.koszko@koszko.org> Date: Sat, 09 Sep 2023 10:32:43 +0200 Message-ID: <87a5tvvj9w.fsf@jpoiret.xyz> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spamd-Bar: / Received-SPF: pass client-ip=206.189.101.64; envelope-from=dev@jpoiret.xyz; helo=jpoiret.xyz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx2.migadu.com X-Spam-Score: -10.29 X-Migadu-Queue-Id: C6533458A3 X-Migadu-Spam-Score: -10.29 X-TUID: bk1ILmArk6fB --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi both of you (I'm replying to both at the same time), wolf writes: On 2023-09-08 11:47:56 +0200, Wojtek Kosior wrote: > Hello Josselin >=20 > > wolf writes: > >=20 > > > Hmm, but the recipe for the authenticate rule comes from the (possibl= y) > > > compromised source, no? So the attacker can just modify the recipe i= nstead of > > > the command going the authentication. Am I missing something?=20=20 > >=20 > > You can use a previously trusted guix to do the authentication. `make > > authenticate` is here for committers to check that their commits are all > > properly signed before pushing (it's used as a pre-push hook). >=20 > From my understanding of the documentation, `make authenticate` is not > just for committers but for all people who do a `git pull` in Guix tree > and want to verify that the newly pulled commits do come from the > committers. It it is not the case, then the documentation should > probably be modified to make it clear. >=20 > The recipe is not from an untrusted source mecause the Makefile is not > tracked by git. Rather, it gets generated when first building Guix. And > =E2=80=94 as the documentation instructs =E2=80=94 the initial checkout g= ets > authenticated with `guix git authenticate` rather than with `make > authenticate` so it can't get compromised that easily. If you've already authenticated the initial check-out, what is the point of `make authenticate` then? Maybe the manual isn't that clear, but as wolf points out `make authenticate` itself cannot be a guarantee as it requires trust in the Makefiles, creating a chicken-and-egg problem . > I mean, if make authenticate is just for the convenience of the committer= s, then > this is completely fine. But the documentation does not currently read t= hat > way. Yes, I believe this should then be clarified. Best, =2D-=20 Josselin Poiret --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHEBAEBCgAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmT8LasQHGRldkBqcG9p cmV0Lnh5egAKCRBQXkC5FhcaihI3C/9hX0gnVJY8srC+j5BcslKLU5bCL4NJgcsK tBWb11oN6zSeQAbcQiwspkmBGiq4hQkrO2WOKzQ7XT7CEro08L/6bcz5bTA+geE7 L9ZXUMAj8bOx4F+0aWIOFR9s6glbrwMAvSm/pDkqFg9svB7O43w3+5M3e42KUCdl TAEBag2/k8p+kfK3bGRpvq38OGjZPYsfJmFWAwEhEY7kIM7+rhrx8oTVw0bhODsE foLhzLpXTbJxf5K1uuoUubPNAo4AXPzHKNcYkXM07XUTeRmX/MpB6Ef7AoVNUZ0q TY2ow37qG+U+jfDxjjo5yuKuACJ76u9UFccI4CtN729W2CsOmWBA3HNAnyFbBjnl HaN/2GES4NP7XztFq3UYa+ni4wF9uwoKzd++PEL3TsHR/8pX1qUfNPLd8PwN28Ye WtPH9KigPNOjSRUlzwi6NcQdPjhhWia+b2b1EM8v66sKvuM5Zy0thiSb7SKCZLTJ nf8Wcgtc2ePiF/Li1NJ3UC38KjCa8MY= =lx4j -----END PGP SIGNATURE----- --=-=-=--