From: "Ludovic Courtès" <ludo@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Cc: 41425@debbugs.gnu.org
Subject: [bug#41425] [PATCH 0/5] Have 'guix pull' protect against downgrade attacks
Date: Wed, 27 May 2020 18:32:17 +0200 [thread overview]
Message-ID: <87v9khjq3y.fsf@gnu.org> (raw)
In-Reply-To: <CAJ3okZ3RrEUKE-iGxf_Z-0Ce_TS-ArKY0Vzq9ddeKaFBsqoybw@mail.gmail.com> (zimoun's message of "Mon, 25 May 2020 16:36:52 +0200")
Hi,
zimoun <zimon.toutoune@gmail.com> skribis:
> (use-modules (guix git) (guix channels) (guix tests git) (git))
> (define url-cache-directory (@@ (guix git) url-cache-directory))
> (define dir (url-cache-directory (channel-url (car %default-channels))))
> (define merge (with-repository dir repo (find-commit repo "Merge")))
> merge
> ;; $1 = #<git-commit 4bdf4182fe080c3409f6ef9b410146b67cfa2595>
> (define left (car (commit-parents merge)))
> left
> ;; $2 = #<git-commit c81457a5883ea43950eb2ecdcbb58a5b144bcd11>
> (commit-relation left merge)
> Segmentation fault
It took me a while to notice, but the problem with the code above is
that ‘repo’ is closed when you call ‘commit-relation’, and thus the
commit objects are invalid. It works if you keep ‘repo’ alive:
--8<---------------cut here---------------start------------->8---
$ guix describe
Generacio 145 May 25 2020 00:37:58 (nuna)
guix 9744cc7
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 9744cc7b4636fafb772c94adb8f05961b5b39f16
$ guix repl
GNU Guile 3.0.2
Copyright (C) 1995-2020 Free Software Foundation, Inc.
Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.
Enter `,help' for help.
scheme@(guix-user)> (use-modules (guix git) (guix channels) (guix tests git) (git))
(define url-cache-directory (@@ (guix git) url-cache-directory))
(define dir (url-cache-directory (channel-url (car %default-channels))))
;;; <stdin>:2:0: warning: possibly unused local top-level variable `url-cache-directory'
;;; <stdin>:3:0: warning: possibly unused local top-level variable `dir'
scheme@(guix-user)> (define repo (repository-open dir))
;;; <stdin>:4:0: warning: possibly unused local top-level variable `repo'
scheme@(guix-user)> (define merge (find-commit repo "Merge"))
;;; <stdin>:5:0: warning: possibly unused local top-level variable `merge'
scheme@(guix-user)> merge
$1 = #<git-commit b4440de133401abc6ce8be6c1c2e720efd9b2ba3>
scheme@(guix-user)> (define left (car (commit-parents merge)))
left
;;; <stdin>:7:0: warning: possibly unused local top-level variable `left'
$2 = #<git-commit 141262f266ab702c856f634889d4130ae661e79f>
scheme@(guix-user)> (commit-relation left merge)
$3 = ancestor
scheme@(guix-user)> (gc)
scheme@(guix-user)> (commit-relation left merge)
$4 = ancestor
--8<---------------cut here---------------end--------------->8---
The solution in such cases is to synchronize the object lifetimes. In
this case, commits would keep a reference to the repository object to
prevent it from being GC’d, as is done with ‘%submodule-owners’ in (git
submodule).
Could you make an issue over at
<https://gitlab.com/guile-git/guile-git>?
Thanks,
Ludo’.
next prev parent reply other threads:[~2020-05-27 16:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 21:38 [bug#41425] [PATCH 0/5] Have 'guix pull' protect against downgrade attacks Ludovic Courtès
2020-05-20 21:47 ` [bug#41425] [PATCH 1/5] git: Add 'commit-relation' Ludovic Courtès
2020-05-20 21:47 ` [bug#41425] [PATCH 2/5] channels: 'latest-channel-instances' doesn't leak internal state Ludovic Courtès
2020-05-20 21:47 ` [bug#41425] [PATCH 3/5] git: 'update-cached-checkout' returns the commit relation Ludovic Courtès
2020-05-20 21:47 ` [bug#41425] [PATCH 4/5] channels: 'latest-channel-instances' guards against non-forward updates Ludovic Courtès
2020-05-20 21:47 ` [bug#41425] [PATCH 5/5] pull: Protect against downgrade attacks Ludovic Courtès
2020-05-21 14:06 ` [bug#41425] [PATCH 0/5] Have 'guix pull' protect " zimoun
2020-05-22 13:55 ` Ludovic Courtès
2020-05-25 14:36 ` zimoun
2020-05-27 16:32 ` Ludovic Courtès [this message]
2020-05-28 8:06 ` zimoun
2020-05-24 22:02 ` bug#41425: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v9khjq3y.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=41425@debbugs.gnu.org \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).