From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id mBAeEdZKUGH1DAAAgWs5BA (envelope-from ) for ; Sun, 26 Sep 2021 12:26:30 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id eLrjDNZKUGHWFgAA1q6Kng (envelope-from ) for ; Sun, 26 Sep 2021 10:26:30 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CA1692998F for ; Sun, 26 Sep 2021 12:26:29 +0200 (CEST) Received: from localhost ([::1]:58862 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mURMa-0000Ya-Up for larch@yhetil.org; Sun, 26 Sep 2021 06:26:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60812) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mURMA-0000SJ-Kb for guix-patches@gnu.org; Sun, 26 Sep 2021 06:26:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:52668) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mURMA-0001x9-CZ for guix-patches@gnu.org; Sun, 26 Sep 2021 06:26:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mURMA-00016m-1N for guix-patches@gnu.org; Sun, 26 Sep 2021 06:26:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 26 Sep 2021 10:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 50814 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 50814@debbugs.gnu.org Cc: Attila Lendvai X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16326519234212 (code B ref -1); Sun, 26 Sep 2021 10:26:01 +0000 Received: (at submit) by debbugs.gnu.org; 26 Sep 2021 10:25:23 +0000 Received: from localhost ([127.0.0.1]:35981 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mURLX-00015r-5C for submit@debbugs.gnu.org; Sun, 26 Sep 2021 06:25:23 -0400 Received: from lists.gnu.org ([209.51.188.17]:33704) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mURLV-00015k-G5 for submit@debbugs.gnu.org; Sun, 26 Sep 2021 06:25:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60722) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mURLO-0000HA-PG for guix-patches@gnu.org; Sun, 26 Sep 2021 06:25:17 -0400 Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]:45029) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mURLL-000141-3U for guix-patches@gnu.org; Sun, 26 Sep 2021 06:25:12 -0400 Received: by mail-ed1-x531.google.com with SMTP id v18so20606511edc.11 for ; Sun, 26 Sep 2021 03:25:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=; b=NE5MAxP/Zg288tkwzt/6F/uey5dKmPTmsNJUFzdJ0j8pU9cgX4G+VJGVjdoBHMqC9/ SAUojM7tu96Jo1ZZeb1R263lo7t6kgRwKfGijQCQpBaJZY3zJmjyxjfZLkjx38AMXj1T AGVqvDUBixR+2WxRV3b160oLWu+GGytzp0lKv/l9lSo0OXoLCFKi3mJ/UE+tgWpKW7DB 5SKPxeBqzlXOiBDwCoA+6w/ZqsMMte+VvsJapLGU0JAy/ym5sSL0bNJ1oXOKkRzHjDph IUf85m9PjM4DRrNE+I1OGfDgJfyiq3qUkV3EGDS3m28hihQGB3YmWzp8GRl3BNeoVILH kZog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=; b=4gbSyeAaiILawwoUPAA7M0k+wAsKtAaoVjk9btLyWhIVhP+eSUmevCMs9RTZeNulnC Sl0rsEU2b2mdYnsQBpPdDnPt71GOMgxwxBWd+zCNBdIU6t5/LQ/JoKmuCTaEZYoEDEIw jN6dLRknHThdKTMaI9IXsnolIkJqI8rNAzt8c4IbLqQwm3xERL8LqXHwZO9cUEj5Quxi upc00JQbdzHVP/4Hj+JYIPgUU6XY1QkKgaMPhe/4lQmQcfto0rfAkBsC+79RQz1ITRkr 1UdEkFWjN9GBM5fWcdREkY5TBjqkOCT0QnALa09ttCpbLiJ9rt3yCXrJ8VJFii+asJAL bYxw== X-Gm-Message-State: AOAM530asKAkPxFJUo5CvBUPWiCgYzelEKez09+cCKctm1jF94zlIYH8 1GmF7unTLeIQP4jag3QPMSWNQ9L5TkY= X-Google-Smtp-Source: ABdhPJwYCuFtAvjJctMQyP3m/ZxTPRkBfe7AePmKpc4vLW2iCLba+VZSXIPLDF2246z0G5q2afW5Fg== X-Received: by 2002:a05:6402:6d6:: with SMTP id n22mr16850262edy.257.1632651908356; Sun, 26 Sep 2021 03:25:08 -0700 (PDT) Received: from localhost.localdomain ([2a02:ab88:370d:c380:4c15:c040:7494:7502]) by smtp.gmail.com with ESMTPSA id o5sm4059852eds.26.2021.09.26.03.25.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Sep 2021 03:25:07 -0700 (PDT) From: Attila Lendvai Date: Sun, 26 Sep 2021 12:19:29 +0200 Message-Id: <20210926101928.3877-1-attila@lendvai.name> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::531; envelope-from=attila.lendvai@gmail.com; helo=mail-ed1-x531.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632651990; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=; b=HrWDHHVqV2H0CW0juTRMDoUcXZ9bGYBPA/rAdsT3Gud+nB5UHBjM5RTNXDVDpItzwFFXnK RaaS3t2MnUmT0qsEikxTKJ/ZOzFmy2QvwPPdXmU3cozlbVS9eEa8qOuPO3WpAJwVv0R9Ov UxNw/t9ziQSzBIgavOTOWTr5yAIhSCL1RALugJg60ykJ/epHypdutHUFunqPWYcf7SPPhj RSoLX7yZWGusey24lhfq3gxEwLBHedNnvsY12+7I0zRr+UFEFBEnhB6yftscQoHB/RprmL hqBUd7H/Fdguhs/oQ+jdTsYEDpdiCAQRrjc+J6rjqWlbiyyqW+XK2vF5zJw8fg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632651990; a=rsa-sha256; cv=none; b=MXQhjUqupl1pv5HjQMD0IUbRApcKykqa0zKXboKIZOhMPEdQNDMjvDusDgI3+uTlcAUppc Qac1EYtx+BVyuvkuC1G0Au5Rmu/o3YpbfdP8k/Pwgc9bQfSJ7GAajWKZ9bFeCP21OaTzxf z0e3nqKOETIYc6IaO6aDg8aVhnwD8stqzjjU99Y+woqR+Dr+hCa/Kp79JipH+e4NnWB2Y3 Aa0P0EAbW8wWoMZe+Ri6gBVpJMgXZUgM8NSBnC1/QKuG298Iw66V0ic6hB82o16LJXkyGF PADx3GhC9Jh3ckiBLL245Kug7dOLuN6IIhYXR36xuWVnPO61ZN0x7mLW8J43Vg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="NE5MAxP/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: 4.51 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="NE5MAxP/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: CA1692998F X-Spam-Score: 4.51 X-Migadu-Scanner: scn1.migadu.com X-TUID: P5NbfLYaefTI * guix/git-authenticate.scm (authenticate-commit): Reword and extend the error message to point to the relevant part of the manual. (authenticate-repository): Explicitly authenticate the channel introduction commit, so that it's also rejected unless it is signed by an authorized key. Otherwise only the second commit would yield an error, which is confusing. --- here's how i tested this: i set up pulling from a local checkout of guix. in that branch i created a signed dummy commit, and added it as a channel introduction, replacing guix in my /etc/guix/channels.scm. then tried to guix pull, which worked. then i added another dummy commit, which resulted in an error when pulling. then i reset the branch back to only contain the first commit, and added this code that then resulted in an error even with a single commit. i have encountered it while i was trying to set up my local checkout to test my patches on my live guix, and i was utterly confused why my commit was rejected as unauthenticated (i misunderstood how git-authenticate works). guix/git-authenticate.scm | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm index ab3fcd8b2f..7d66bf0754 100644 --- a/guix/git-authenticate.scm +++ b/guix/git-authenticate.scm @@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS." (condition (&unauthorized-commit-error (commit id) (signing-key signing-key))) - (formatted-message (G_ "commit ~a not signed by an authorized \ -key: ~a") + (formatted-message (G_ "commit ~a is signed by an unauthorized \ +key: ~a\nSee info guix \"Specifying Channel Authorizations\".") (oid->string id) (openpgp-format-fingerprint (openpgp-public-key-fingerprint @@ -424,7 +424,12 @@ denoting the authorized keys for commits whose parent lack the ;; If it's our first time, verify START-COMMIT's signature. (when (null? authenticated-commits) (verify-introductory-commit repository keyring - start-commit signer)) + start-commit signer) + ;; Explicitly authenticate the channel introduction commit, so that + ;; it's also rejected unless it's signed by an authorized + ;; key. Otherwise only the second commit would yield an error, which + ;; is confusing. + (authenticate-commits repository (list start-commit))) (let ((stats (call-with-progress-reporter reporter (lambda (report) -- 2.33.0