From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 2BTdJuJN814JZwAA0tVLHw (envelope-from ) for ; Wed, 24 Jun 2020 12:58:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id WNWMIuJN816cBAAAbx9fmQ (envelope-from ) for ; Wed, 24 Jun 2020 12:58:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 56B9A940220 for ; Wed, 24 Jun 2020 12:58:09 +0000 (UTC) Received: from localhost ([::1]:35310 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jo4yd-0000HC-Lf for larch@yhetil.org; Wed, 24 Jun 2020 08:58:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36856) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jo4yY-0000Fo-2w for guix-patches@gnu.org; Wed, 24 Jun 2020 08:58:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54632) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jo4yX-0000Yh-Q9 for guix-patches@gnu.org; Wed, 24 Jun 2020 08:58:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jo4yX-00026o-Og for guix-patches@gnu.org; Wed, 24 Jun 2020 08:58:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42030] [PATCH] channels: Error out when the 'guix' channel lacks an introduction. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 24 Jun 2020 12:58:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 42030 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 42030@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15930034808096 (code B ref -1); Wed, 24 Jun 2020 12:58:01 +0000 Received: (at submit) by debbugs.gnu.org; 24 Jun 2020 12:58:00 +0000 Received: from localhost ([127.0.0.1]:37945 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jo4yV-00026V-QD for submit@debbugs.gnu.org; Wed, 24 Jun 2020 08:58:00 -0400 Received: from lists.gnu.org ([209.51.188.17]:33986) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jo4yU-00026O-Pj for submit@debbugs.gnu.org; Wed, 24 Jun 2020 08:57:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36840) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jo4yU-0000Bm-H9 for guix-patches@gnu.org; Wed, 24 Jun 2020 08:57:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49342) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jo4yT-0000QS-J4; Wed, 24 Jun 2020 08:57:57 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59798 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jo4yS-0003ix-8c; Wed, 24 Jun 2020 08:57:56 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Wed, 24 Jun 2020 14:57:49 +0200 Message-Id: <20200624125749.10908-1-ludo@gnu.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 3.99 X-TUID: ZruQ/ejFaFi3 * guix/channels.scm (latest-channel-instance): Raise an error instead of warning when 'guix is unauthenticated. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): New test. --- guix/channels.scm | 13 ++++++++++--- tests/channels.scm | 21 +++++++++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) Hi! This patch makes it an error to have a 'guix' channel without an introduction. Before that, it was just a warning, which is easily overlooked. (Similarly, wget or your browser stop if they cannot authenticate the host you're connecting to over HTTPS.) Note that when using the "official" 'guix' channel, (guix channels) automatically adds the introduction (see commit c3f6f564e909ebefe752d24b325871a4e3a02d40). It will work similarly for people who maintain forks. Thanks, Ludo'. diff --git a/guix/channels.scm b/guix/channels.scm index 3eec5df883..1016b95045 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -406,9 +406,16 @@ their relation. When AUTHENTICATE? is false, CHANNEL is not authenticated." ;; TODO: Warn for all the channels once the authentication interface ;; is public. (when (guix-channel? channel) - (warning (G_ "channel '~a' lacks an introduction and \ -cannot be authenticated~%") - (channel-name channel)))) + (raise (condition + (&message + (message (format #f (G_ "channel '~a' lacks an \ +introduction and cannot be authenticated~%") + (channel-name channel)))) + (&fix-hint + (hint (G_ "Add the missing introduction to your +channels file to address the issue. Alternatively, you can pass +@option{--disable-authentication}, at the risk of running unauthenticated and +thus potentially malicious code."))))))) (warning (G_ "channel authentication disabled~%"))) (when (guix-channel? channel) diff --git a/tests/channels.scm b/tests/channels.scm index 3a2c1d429b..d7202f8cbf 100644 --- a/tests/channels.scm +++ b/tests/channels.scm @@ -402,6 +402,27 @@ (channel-news-for-commit channel commit5 commit1)) '(#f "tag-for-first-news-entry"))))))) +(unless (which (git-command)) (test-skip 1)) +(test-assert "latest-channel-instances, missing introduction for 'guix'" + (with-temporary-git-repository directory + '((add "a.txt" "A") + (commit "first commit") + (add "b.scm" "#t") + (commit "second commit")) + (with-repository directory repository + (let* ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (channel (channel (url (string-append "file://" directory)) + (name 'guix)))) + + (guard (c ((message-condition? c) + (->bool (string-contains (condition-message c) + "introduction")))) + (with-store store + ;; Attempt a downgrade from NEW to OLD. + (latest-channel-instances store (list channel)) + #f)))))) + (unless (gpg+git-available?) (test-skip 1)) (test-equal "authenticate-channel, wrong first commit signer" #t -- 2.26.2