From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 4KaGEOG1UGGX0gAAgWs5BA (envelope-from ) for ; Sun, 26 Sep 2021 20:03:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id EHYTDOG1UGE3DgAAbx9fmQ (envelope-from ) for ; Sun, 26 Sep 2021 18:03:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 109CD2EA72 for ; Sun, 26 Sep 2021 20:03:12 +0200 (CEST) Received: from localhost ([::1]:36720 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mUYUY-0001vg-Hv for larch@yhetil.org; Sun, 26 Sep 2021 14:03:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54094) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mUYUP-0001vK-W6 for guix-patches@gnu.org; Sun, 26 Sep 2021 14:03:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55429) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mUYUP-0003sO-Mg for guix-patches@gnu.org; Sun, 26 Sep 2021 14:03:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mUYUP-0000ml-Jy; Sun, 26 Sep 2021 14:03:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 26 Sep 2021 18:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50814 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Attila Lendvai Cc: 50814@debbugs.gnu.org, guix-security@gnu.org Received: via spool by 50814-submit@debbugs.gnu.org id=B50814.16326793412966 (code B ref 50814); Sun, 26 Sep 2021 18:03:01 +0000 Received: (at 50814) by debbugs.gnu.org; 26 Sep 2021 18:02:21 +0000 Received: from localhost ([127.0.0.1]:38740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mUYTk-0000lm-Rt for submit@debbugs.gnu.org; Sun, 26 Sep 2021 14:02:21 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:50217) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mUYTj-0000lQ-RI for 50814@debbugs.gnu.org; Sun, 26 Sep 2021 14:02:20 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id BA3FB5C0080; Sun, 26 Sep 2021 14:02:14 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 26 Sep 2021 14:02:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=UYXSE2YONwSIe6c8Gs052eIH PTKX64d0b1D0GkEOcqY=; b=eirpM7vX1hbCo47niPp0Yf5w6gwORhTacS0tzMi9 2UuM8vxBX8T5ejZ5xOcPzAoqFghHoyeHC8CfKTiePc+O5sIyI+ukXX590HsPdK+S sgUuDZ6vkmcoK0bweMT8dhTrLCe7eZcnzQo3boc5ZDAzcaLL1aJevNsMShbKO/Ti AgI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=UYXSE2 YONwSIe6c8Gs052eIHPTKX64d0b1D0GkEOcqY=; b=L3MElmI3Z4MMzU4l7L+Z/I 9gUZ8ME1CEbYew3+Mc19FVWUc3yPR4IbLwCl1oRCApVa12kwKVhACFc27769gXOU oYV9auHzebfcBtziOV2stYjZBAx1UeXowqz6cSc62whY0u/wyp+im5Ag/+uIzzzz egrK2UpCbOL3OC1dnhysvD0BrUkq4Cw4AqEH16Yo/XDSp2yJO83qcBJ7Gk11N+Io J2oxuM0YhQG7Vgx4W0R2h5o0ci1O5DH0B7ue3n5hmymwEoyIfTpmxN8c+zZu0RFn nKsD0xf7RgT4lkuqu9hXUE6LlJf6ZEhftelAG9kOWbv+tXX9EMTMyHJa6FzBhXWA == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudejiedguddukecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepvdevgeekudeivdeileduveekuefgueeuleehtdffgefftdefkeevleffueef udeknecuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 26 Sep 2021 14:02:14 -0400 (EDT) Date: Sun, 26 Sep 2021 14:02:13 -0400 From: Leo Famulari Message-ID: References: <20210926101928.3877-1-attila@lendvai.name> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sZ19UVFReu3CFEXp" Content-Disposition: inline In-Reply-To: <20210926101928.3877-1-attila@lendvai.name> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632679392; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=UYXSE2YONwSIe6c8Gs052eIHPTKX64d0b1D0GkEOcqY=; b=NIlwt3w12gx7VbjJYn+F5NIwRE2aQ3TlKNnO/KgZnfsMWKLok7OZZz31k2/cOKaw0Vp78r gaHb8zE8pHNrUWYhpnymEOWsLQ4elge/60yGBFwEgf0lyQ7/GM2zDEZRvLg4hFcLbEoFUs NW61TSbgPrZewbXrJv8l77nKkOh+6XS346o+aZDkNWUfbEVFmiRXKsPuFZhn5z3BjR+qpZ fejnj2P44QaCyoN6QgdYWj4/v7XDB8vgCDj720DU7Lxg8tmIa77yGrReiUMykvqMswpKBl m1kpFAuIVT4Ms9GwgARukVOD9AxGpAWmvrQ+VUZHshzMhMetU5lEhyzAkarnBw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632679392; a=rsa-sha256; cv=none; b=TFafC+x8sDOi9Fa2q9RavT9XK7N7//q1QcWyYuCk+1dLSm5Qq8bo7DrmLKJvzUY+8qy41G 78efD587pvWvpopdpIfQsTIIPf8glk9KRqqlivTs1kcLfEzAXfD8iWBwOD2FWtG+gE6mMQ Midn2k8sZbIm4k/CZI/8r6vBGxrFc+lajmr3i0aZGO9bv76ByVaBm3E8LoF60w+JrMUhbx /yE0R+RQPmw9PtxQ1l2L2M/+zrgON3OtHGaQfvvwUTe2IEbDUadQkeNdigs9JTQHm0ZqGl QZSSXXpuoozY8twBBpudpj1iMoSQDkXT1XOS5xTvo9+uZlIXWIlqMEFAi1wr5Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=eirpM7vX; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=L3MElmI3; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -3.99 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=eirpM7vX; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=L3MElmI3; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 109CD2EA72 X-Spam-Score: -3.99 X-Migadu-Scanner: scn1.migadu.com X-TUID: +SGKYn22ltAz --sZ19UVFReu3CFEXp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 26, 2021 at 12:19:29PM +0200, Attila Lendvai wrote: > * guix/git-authenticate.scm (authenticate-commit): Reword and extend the = error > message to point to the relevant part of the manual. > (authenticate-repository): Explicitly authenticate the channel introducti= on > commit, so that it's also rejected unless it is signed by an authorized > key. Otherwise only the second commit would yield an error, which > is confusing. > --- >=20 > here's how i tested this: >=20 > i set up pulling from a local checkout of guix. > in that branch i created a signed dummy commit, and added it as a channel > introduction, replacing guix in my /etc/guix/channels.scm. then tried to > guix pull, which worked. >=20 > then i added another dummy commit, which resulted in an error when pullin= g. >=20 > then i reset the branch back to only contain the first commit, and added > this code that then resulted in an error even with a single commit. >=20 > i have encountered it while i was trying to set up my local checkout to > test my patches on my live guix, and i was utterly confused why my commit > was rejected as unauthenticated (i misunderstood how git-authenticate > works). Thanks for your report. I've marked the severity as "grave", which in Debbugs parlance means "makes the package in question unusable or mostly so, or causes data loss, or introduces a security hole allowing access to the accounts of users who use the package." https://debbugs.gnu.org/Developer.html#severities I'm not sure if that's justified or not but this patch should be prioritized. --sZ19UVFReu3CFEXp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmFQtaEACgkQJkb6MLrK fwiStg/8D7IUgkR/RBfYkEhlrIbZbOFfx/Iwo9vPZonbtGREFlbCtzJKLtmZjE8/ SfDdEseCOHiRqVD6wO026A52zUyyrLywiw54bgAwYHn+AE6iy6i2+dh/Dv3H4sGA qVEt2M1Oh1Fu7Hd+CwXjpE94OCvX/qjn/mOX6S56TkbN5CU5C9VnTsLFux0HvXbQ TUpRgOxoe3MyGnA2GAk6gjNI4gOVRSEFf86Zl6id5136yxDDucPt5yptbNFSgwZ2 wUvgnxWXpQRAK5QoMLTRZPiJoNk5wo8qAKxcJci6q+t1h5af9AttdDh1Lg2YUe/J JQPa4C7LpcIKTqRdV1EEgZz0PG7qeyIFz3JpDi0AhkmUUoWZuPSuBlBesGP/sJtA IkQcKp7Tka8dy04ID+MXqU9i/nyB+4tXe8jOPp8sG8fblT58uFNb66LEoXvrhW3A ffiUZuvf1qDixE2lu9dRhNDjPMLjALffapuxHMLd689Vjp/7lTv0+Kj5JF0iSIr0 a29vDtP/hro1J0eOdSMUlVQ7Np7ubY3CIJMk811WbR9pVHOmCSV5HGCmeoYkLeb7 k8BGhCdTSIvQFdzs8kQW4GCBfVnnw+mAFov9MntGPRVTe9N1puzEtAzwnZmElKZp 0TD6D8c6j2vuGo66pQXlOOc30DuueHBdphW49G4Tp7nFanuo+Js= =mvsg -----END PGP SIGNATURE----- --sZ19UVFReu3CFEXp--