From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id SPDtENyg+15dVgAA0tVLHw (envelope-from ) for ; Tue, 30 Jun 2020 20:30:20 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 6I2bDNyg+14yOQAAbx9fmQ (envelope-from ) for ; Tue, 30 Jun 2020 20:30:20 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8012B940666 for ; Tue, 30 Jun 2020 20:30:19 +0000 (UTC) Received: from localhost ([::1]:48036 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqMtU-0004Cb-Q2 for larch@yhetil.org; Tue, 30 Jun 2020 16:30:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jqMtH-0004Bb-Tr for guix-patches@gnu.org; Tue, 30 Jun 2020 16:30:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:40181) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jqMtG-0000ST-S9 for guix-patches@gnu.org; Tue, 30 Jun 2020 16:30:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jqMtG-0005Zy-Lt for guix-patches@gnu.org; Tue, 30 Jun 2020 16:30:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Jun 2020 20:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42048 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ricardo Wurmus Cc: 42048@debbugs.gnu.org Received: via spool by 42048-submit@debbugs.gnu.org id=B42048.159354894621358 (code B ref 42048); Tue, 30 Jun 2020 20:30:02 +0000 Received: (at 42048) by debbugs.gnu.org; 30 Jun 2020 20:29:06 +0000 Received: from localhost ([127.0.0.1]:51727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqMsM-0005YQ-6I for submit@debbugs.gnu.org; Tue, 30 Jun 2020 16:29:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:46120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jqMsI-0005Xu-Be for 42048@debbugs.gnu.org; Tue, 30 Jun 2020 16:29:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55703) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jqMsC-0000LK-4M; Tue, 30 Jun 2020 16:28:56 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54834 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jqMsA-0002t9-E6; Tue, 30 Jun 2020 16:28:54 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200625211605.29316-1-ludo@gnu.org> <20200625211605.29316-6-ludo@gnu.org> <87v9j8mtx9.fsf@elephly.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 13 Messidor an 228 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 30 Jun 2020 22:28:52 +0200 In-Reply-To: <87v9j8mtx9.fsf@elephly.net> (Ricardo Wurmus's message of "Tue, 30 Jun 2020 17:53:38 +0200") Message-ID: <87imf847sr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: AP4eumPafobV Hi Ricardo, Ricardo Wurmus skribis: > I looked through the changes and while I don=E2=80=99t fully understand t= he need > for adding the introduction to the provenance data, it looks good to > me. Thank you! Overall the idea is that a channel spec should always come with its introduction; together they identify the channel and thus should not be separated. Adding the introduction to the provenance data allows =E2=80=98guix describ= e=E2=80=99 to show the introduction, to ensure it=E2=80=99s not lost in transit. Does that make sense? > One thing that I worry about is authentication of channels that are > added as dependencies of user-selected channels. Let=E2=80=99s say my ch= annel > =E2=80=9Cguix-bimsb=E2=80=9D depends on =E2=80=9Cguix-past=E2=80=9D. How= will users of =E2=80=9Cguix-bimsb=E2=80=9D > authenticate the commits of =E2=80=9Cguix-past=E2=80=9D when they don=E2= =80=99t know about > =E2=80=9Cguix-past=E2=80=9D (they only care about =E2=80=9Cguix-bimsb=E2= =80=9D), and don=E2=80=99t explicitly > add introduction information to their channels file? > > Is there something that the authors of =E2=80=9Cguix-bimsb=E2=80=9D can d= o to not only > indicate the dependency on =E2=80=9Cguix-past=E2=80=9D, but also to attac= h introduction > information? Will the format of the =E2=80=9C.guix-channel=E2=80=9D need= to be > adjusted? That=E2=80=99s a very good question and I had completely overlooked it. With this patch set, someone pulling guix-bimsb would just end up pulling guix-past unauthenticated; there=E2=80=99s not even a warning. (There=E2=80=99s currently a warning in (guix channels), but only when pull= ing an unauthenticated 'guix channel. It=E2=80=99s perhaps too early to have t= hat warning enabled for all channels. WDYT?) So yes, I suppose we would need to extend the =E2=80=98.guix-channel=E2=80= =99 format for dependencies. Luckily it should be quite simply because that format is extensible; older Guix versions would ignore the =E2=80=98introduction=E2= =80=99 field. It would look something like this: (channel (version 0) (dependencies (channel (name some-collection) (url "https://example.org/first-collection.git") (introduction (channel-introduction (version 0) (commit "=E2=80=A6") (signer "=E2=80=A6")))) (channel (name some-other-collection) (url "https://example.org/second-collection.git") (branch "testing")))) ;not an authenticated channel It does mean that a channel can indirectly trick you into turning off authentication for a dependent channel. But I think that=E2=80=99s within = the expectations for channels: when you choose a channel, you trust it enough to run its code. WDYT? Thanks for reviewing! Ludo=E2=80=99.