From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id GP1DBrpO/F43JgAA0tVLHw (envelope-from ) for ; Wed, 01 Jul 2020 08:52:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id UIYTArpO/F6sFgAA1q6Kng (envelope-from ) for ; Wed, 01 Jul 2020 08:52:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5C32F940607 for ; Wed, 1 Jul 2020 08:52:09 +0000 (UTC) Received: from localhost ([::1]:55786 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqYTO-0006q9-AJ for larch@yhetil.org; Wed, 01 Jul 2020 04:52:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42378) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jqYTK-0006py-Ns for guix-patches@gnu.org; Wed, 01 Jul 2020 04:52:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:40732) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jqYTK-0007Sr-E5 for guix-patches@gnu.org; Wed, 01 Jul 2020 04:52:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jqYTK-0000mD-D6 for guix-patches@gnu.org; Wed, 01 Jul 2020 04:52:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 01 Jul 2020 08:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Ricardo Wurmus Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.15935934872938 (code B ref 42048); Wed, 01 Jul 2020 08:52:02 +0000 Received: (at 42048) by debbugs.gnu.org; 1 Jul 2020 08:51:27 +0000 Received: from localhost ([127.0.0.1]:52277 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqYSk-0000lK-Lr for submit@debbugs.gnu.org; Wed, 01 Jul 2020 04:51:26 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:51346) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqYSh-0000l4-8a for 42048@debbugs.gnu.org; Wed, 01 Jul 2020 04:51:26 -0400 Received: by mail-wm1-f66.google.com with SMTP id 22so21547025wmg.1 for <42048@debbugs.gnu.org>; Wed, 01 Jul 2020 01:51:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=rArBIQPUw27RbPSBc9X1DA+5O6FlTjopDAEuwbJyJGk=; b=Fb5mlYuLkiNk7sj0KJoDjdzvmJKk38RP8J671t5zGNqAxCNPDftjgX4MmZlc81MAIx 4zYM68aI7nbIvdjhScenQ7ma6fC4G4+HfI4O7/Y1VKxp436CrhZYMVJTBBsUQFWCYOR1 jm1VfkCfAMCV3kcin7JlEINbjPYjCKnLjZMADqS+RZ4lKq4vEBvZSdIRt9kHfaZfXD3J L3zBgtvQybDkFMNJYmd7qkPheEcksTt7puHh9DLv3w3j8vTq+VRSZTUjArgZ5cx2ekHP hvEM976cWrqdhGmqtYGGK9DTxPJNMZK1fJJ8hz3M4Mo9XqG00hXSOoXu5iiUST60fB9E ZBIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=rArBIQPUw27RbPSBc9X1DA+5O6FlTjopDAEuwbJyJGk=; b=JY9mtw25hED8Zv9Psp2LuFM8GjNFQcnWvHafk2brv96Jnz3nDIXXAmW9xcdZQQ/cra 1FxvDZzCr7HAkjjymm5ylaRGDivWpaW04G+8wLmMNPua0cYyOoJ8uCA//mApHs+0tCzV cFz9kl/7l2cj1iTXHA5gw/DEvoWV344cYwFitLq7E4YFcOF28yqMpggDqjPi7C9MsP2m xC4knJfIcu0Jb+2cauRZOsi2GBYpEfwH8Wnx/LDBAWnjs7Og3dq4Om0pKCtl/2mmVFLE hzu6FoKnRtugY5JMIdRl5A8HXw9wSUuUHa7pSXXEUwQK81EAEl1ZYk3CJztL8E9c8RVj xShw== X-Gm-Message-State: AOAM531PgvqPO3CR292UcniQ3ukRcH7fRLBIeyVPVVDwPvBXQ83SZO/S rvK71oY9EDiZ9je3RII40YhMXNqeQdQ= X-Google-Smtp-Source: ABdhPJxGlBoJ++oFDiojiQPN67Wy4AMjtAK7w6X37/WZO2IzpwdIRUORpXgKzFLMmMpd+XYhH/+P8Q== X-Received: by 2002:a1c:f007:: with SMTP id a7mr25538089wmb.103.1593593476764; Wed, 01 Jul 2020 01:51:16 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id n14sm6813157wro.81.2020.07.01.01.51.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2020 01:51:16 -0700 (PDT) From: zimoun In-Reply-To: <87imf847sr.fsf@gnu.org> References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> <87imf847sr.fsf@gnu.org> Date: Wed, 01 Jul 2020 10:51:14 +0200 Message-ID: <86lfk3aa9p.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmail.com header.s=20161025 header.b=Fb5mlYuL; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: 7mmPx3yUr7ME Hi, On Tue, 30 Jun 2020 at 22:28, Ludovic Court=C3=A8s wrote: >> One thing that I worry about is authentication of channels that are >> added as dependencies of user-selected channels. Let=E2=80=99s say my c= hannel >> =E2=80=9Cguix-bimsb=E2=80=9D depends on =E2=80=9Cguix-past=E2=80=9D. Ho= w will users of =E2=80=9Cguix-bimsb=E2=80=9D >> authenticate the commits of =E2=80=9Cguix-past=E2=80=9D when they don=E2= =80=99t know about >> =E2=80=9Cguix-past=E2=80=9D (they only care about =E2=80=9Cguix-bimsb=E2= =80=9D), and don=E2=80=99t explicitly >> add introduction information to their channels file? >> >> Is there something that the authors of =E2=80=9Cguix-bimsb=E2=80=9D can = do to not only >> indicate the dependency on =E2=80=9Cguix-past=E2=80=9D, but also to atta= ch introduction >> information? Will the format of the =E2=80=9C.guix-channel=E2=80=9D nee= d to be >> adjusted? > > That=E2=80=99s a very good question and I had completely overlooked it. H=C3=A9h=C3=A9, yet I had the same question one month ago. :-) --8<---------------cut here---------------start------------->8--- > The question about recursive still applies. ;-) > Currently, if the local channel file points to a channel A which > contains the file '.guix-channel' which points to another channel B, > then when one runs "guix pull" well the channel A will be pulled and > then the channel B, even if this channel B is not explicit in the > initial local channel. (Even, there is bug about recursive implicit > pulls, see http://issues.guix.gnu.org/issue/41069; well another > story.) >What happens for such situation? Nothing special, I guess: each channel would be authenticated (or not,if it=E2=80=99s an unsigned channel). I think it=E2=80=99s completely orthogo= nal. --8<---------------cut here---------------end--------------->8--- http://issues.guix.gnu.org/issue/22883#75 > With this patch set, someone pulling guix-bimsb would just end up > pulling guix-past unauthenticated; there=E2=80=99s not even a warning. > > (There=E2=80=99s currently a warning in (guix channels), but only when pu= lling > an unauthenticated 'guix channel. It=E2=80=99s perhaps too early to have= that > warning enabled for all channels. WDYT?) Enable the warning appears to me a good idea because this dependency is like "doing something I am not necessary aware in my back". For example, the first time I pulled the channel "guix-bimsb-non-free" which depends on "guix-bimsb", it took me some time to understand why "guix-bimsb" was pulled twice and once with a name I do not have in my local channels.scm file. Anyway. > So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2= =80=99 format for > dependencies. Luckily it should be quite simply because that format is > extensible; older Guix versions would ignore the =E2=80=98introduction=E2= =80=99 field. > It would look something like this: > > (channel > (version 0) > (dependencies > (channel > (name some-collection) > (url "https://example.org/first-collection.git") > (introduction (channel-introduction > (version 0) > (commit "=E2=80=A6") > (signer "=E2=80=A6")))) > (channel > (name some-other-collection) > (url "https://example.org/second-collection.git") > (branch "testing")))) ;not an authenticated channel > > It does mean that a channel can indirectly trick you into turning off > authentication for a dependent channel. But I think that=E2=80=99s withi= n the > expectations for channels: when you choose a channel, you trust it > enough to run its code. Sound good to me. When I choose a channel, I trust the people enough to run their code. But I do not trust the URL which serves it. I mean, it is the point of all this new authentication mechanism, isn't it? However, I agree. Channel should stay easy to fork and add something (then maybe send a pull-request) without going in all the GPG signature dance and/or running the options --allow-downgrades or --disable-authentication (I do not remember the exact name). Cheers, simon