From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id wKvyFILQWGcfFAAAe85BDQ:P1 (envelope-from ) for ; Tue, 10 Dec 2024 23:36:34 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id wKvyFILQWGcfFAAAe85BDQ (envelope-from ) for ; Wed, 11 Dec 2024 00:36:34 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=uC0PWMnw; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=qnQO+c4j; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1733873794; a=rsa-sha256; cv=none; b=Xxa1ZXCP6FNM9rlx7uV6tQcuD/ebqNrdHmcT8RAERM6XquuzHVG7crXvcdpUKgJj921ifS p5s/lxuU1obxRIAecWyD24LUZkjBRsgNnLoUNVV3bi1TyP2mQUbz70f5mFaWKJF90WfwLs szy0D+6crxZIqHCcQAHlyBZUVLyMswPM1i1MYju528y3MdVI08xQ9A6yw5rEaAb+RAvS2t mDmdFbrd51MikmWVYhWipFZljX1iTpJgDR/Uwpa7tgSZVPkTR7XYCILlGC0G/RQI0xq1LT wMJPP5cVU4QESMNUPnhXUTsKSt0V7IiT/v/HDfDyTI7kas/uXX+y1s7XkE1mtQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=uC0PWMnw; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=qnQO+c4j; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1733873794; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=lgOCsVTfZNd/lxKNLlV7JkSB2c8g32K+RXStQk+5hmE=; b=ApjQDhFI0a23if9AvFss2ekxzSR1ORvLPv3IN02R8bTe2vVGkLoaCnsNjaop7Ys9oN7xQy knluKQPewMr9tpZiuMsbcrCmPs5zi5icQ6U0BInQxkMOsVUXOQKSXgCwQCOpHdbKcX5kcJ BYA7pmziUoOMRvPoqgDqRB6PlI1hqJSl1NIZUT1yhS2ZK0tV0XpyMHMLS8Zp2JxEL3Vqt/ LF+mSYeV++CeA9lt+y9+lcGKko2O1xXJWBCXBKnFlO3TR0BzgALQhoewPl8uB/KM6Tti8/ JHpohyqucopReRSGfbAVodkpXoMIl9ctsdqhti5+ugDhwYLxr70l9ZtGmcyneQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 06E1886056 for ; Wed, 11 Dec 2024 00:36:34 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tL9lv-0007qK-Cs; Tue, 10 Dec 2024 18:36:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL9lt-0007oq-9J for guix-patches@gnu.org; Tue, 10 Dec 2024 18:36:05 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tL9ls-0002eC-Ty; Tue, 10 Dec 2024 18:36:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=lgOCsVTfZNd/lxKNLlV7JkSB2c8g32K+RXStQk+5hmE=; b=uC0PWMnwtIkhObCgq/M2Aldc29Ogxizn2uA6igBi8sfyK1vul0j1EYskBFUgF8Ok83Fw4kMqrbNxyqsmgBaww1vF0dgfLd9oZNKdHnP/B1TSPEjJ+a0jA+vfVXnxSqfbo0VwSX0eXMosymeDu7IBO/5e9QTPuXbzVpdeLPYMRHfsxvDZ1WFEiIHxbfLekYlEAweExdOKO8WJrrREupod0kITb4hshAw6g9HQnfp0u2XFcg6tb5rBv42uzZBldgFHcjPG5sp1wl9QSmVmlrUbRLIH9HnvUs5uISrESu4yYF+gkOsMHAEWcI1YEJ3PBE/v9URR8OVOOrvUnFuJIQBuuQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tL9lq-0005dJ-Pj; Tue, 10 Dec 2024 18:36:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74776] [PATCH 2/7] git: Allow X.509 certificate verification to be disabled. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Tue, 10 Dec 2024 23:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74776 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74776@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by 74776-submit@debbugs.gnu.org id=B74776.173387370821089 (code B ref 74776); Tue, 10 Dec 2024 23:36:02 +0000 Received: (at 74776) by debbugs.gnu.org; 10 Dec 2024 23:35:08 +0000 Received: from localhost ([127.0.0.1]:60052 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tL9kx-0005U4-Gh for submit@debbugs.gnu.org; Tue, 10 Dec 2024 18:35:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52844) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tL9kt-0005SU-2D for 74776@debbugs.gnu.org; Tue, 10 Dec 2024 18:35:03 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL9kn-0002PH-Sc; Tue, 10 Dec 2024 18:34:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=lgOCsVTfZNd/lxKNLlV7JkSB2c8g32K+RXStQk+5hmE=; b=qnQO+c4jb58pqLzkWOpz h9J+fleWknnbREeZQzmcQUChvgP1xdnlLus6NI9CK3GBSrQJbB+MJ/vlIwUR+EkPp2Ao7R1X1h5y3 Xx4v8dDC8oSPlTl+C4KAwmbZzuLW4Po1zEcBrXWOMGCmHT4jXBZIm8h9SlWC65txZ3VyFS9oQx88T X7L9g9/JqK/yQaIPPi+7EPEYYBBHlJgRlaqmIVIJlzGqo93jpi1sKC+GH2klJ6iKD90EOabYb17Hy ejdg7P8sVQtM5QS827e19Rt3Q1hDBm0MbXl8ljiQgBnpxzp3JJBpuxFOVPwAhxjIUTO7PIBbph80l 1zT4mXDPb5Xh7g==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Wed, 11 Dec 2024 00:34:41 +0100 Message-ID: X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 06E1886056 X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -3.06 X-Spam-Score: -3.06 X-TUID: VL8DHKZ9W2rd * guix/git.scm (make-default-fetch-options): Add #:verify-certificate? and honor it. Define ‘warn-for-invalid-certificate’. (clone*): Add #:verify-certificate? and pass it on. (clone/swh-fallback): Likewise. (update-cached-checkout): Likewise. (latest-repository-commit): Likewise. Change-Id: Ibf535a4a8d2a7e0c4026a896da9d4ab72e85401a --- guix/git.scm | 66 ++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 49 insertions(+), 17 deletions(-) diff --git a/guix/git.scm b/guix/git.scm index 1b0839b1e3..6ac6e4e3a2 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -182,16 +182,29 @@ (define (show-progress progress) ;; Return true to indicate that we should go on. #t) -(define (make-default-fetch-options) - "Return the default fetch options." - (let ((auth-method (%make-auth-ssh-agent))) - (make-fetch-options auth-method - ;; Guile-Git doesn't distinguish between these. - #:proxy-url (or (getenv "http_proxy") - (getenv "https_proxy")) - #:transfer-progress - (and (isatty? (current-error-port)) - show-progress)))) +(define* (make-default-fetch-options #:key (verify-certificate? #t)) + "Return the default fetch options. VERIFY-CERTIFICATE? determines whether +to verify X.509 host certificates." + (define (warn-for-invalid-certificate host valid?) + (unless valid? + (warning (G_ "ignoring invalid certificate for '~a'~%") host))) + + (let* ((auth-method (%make-auth-ssh-agent)) + (options + (make-fetch-options auth-method + ;; Guile-Git doesn't distinguish between these. + #:proxy-url (or (getenv "http_proxy") + (getenv "https_proxy")) + #:transfer-progress + (and (isatty? (current-error-port)) + show-progress)))) + ;; When VERIFY-CERTIFICATE? is true, keep the default libgit2 behavior, + ;; which is to raise an exception upon invalid certificates. + (unless verify-certificate? + (let ((callbacks (fetch-options-remote-callbacks options))) + (set-remote-callbacks-certificate-check! callbacks + warn-for-invalid-certificate))) + options)) (define GITERR_HTTP ;; Guile-Git <= 0.5.2 lacks this constant. @@ -213,7 +226,7 @@ (define (set-git-timeouts connection-timeout read-timeout) read-timeout) (set-server-timeout! read-timeout))) -(define (clone* url directory) +(define* (clone* url directory #:key (verify-certificate? #t)) "Clone git repository at URL into DIRECTORY. Upon failure, make sure no empty directory is left behind." (with-throw-handler #t @@ -222,7 +235,8 @@ (define (clone* url directory) (clone url directory (make-clone-options - #:fetch-options (make-default-fetch-options)))) + #:fetch-options (make-default-fetch-options + #:verify-certificate? verify-certificate?)))) (lambda _ (false-if-exception (rmdir directory))))) @@ -445,7 +459,8 @@ (define (clone-from-swh url tag-or-commit output) (remote-set-url! repository "origin" url) repository))))) -(define (clone/swh-fallback url ref cache-directory) +(define* (clone/swh-fallback url ref cache-directory + #:key (verify-certificate? #t)) "Like 'clone', but fallback to Software Heritage if the repository cannot be found at URL." (define (inaccessible-url-error? err) @@ -456,7 +471,8 @@ (define (clone/swh-fallback url ref cache-directory) (catch 'git-error (lambda () - (clone* url cache-directory)) + (clone* url cache-directory + #:verify-certificate? verify-certificate?)) (lambda (key err) (match ref (((or 'commit 'tag-or-commit) . commit) @@ -526,6 +542,7 @@ (define* (update-cached-checkout url (check-out? #t) starting-commit (log-port (%make-void-port "w")) + (verify-certificate? #t) (cache-directory (url-cache-directory url (%repository-cache-directory) @@ -544,6 +561,9 @@ (define* (update-cached-checkout url When CHECK-OUT? is true, reset the cached working tree to REF; otherwise leave it unchanged. +When VERIFY-CERTIFICATE? is true, raise an error when encountering an invalid +X.509 host certificate; otherwise, warn about the problem and keep going. + Wait for up to CONNECTION-TIMEOUT milliseconds when establishing connection to the remote server, and for up to READ-TIMEOUT milliseconds when reading from it. When zero, use the system defaults for these timeouts; when false, leave @@ -573,15 +593,22 @@ (define* (update-cached-checkout url (let* ((cache-exists? (openable-repository? cache-directory)) (repository (if cache-exists? (repository-open cache-directory) - (clone/swh-fallback url ref cache-directory)))) + (clone/swh-fallback url ref cache-directory + #:verify-certificate? + verify-certificate?)))) ;; Only fetch remote if it has not been cloned just before. (when (and cache-exists? (not (reference-available? repository ref))) (remote-fetch (remote-lookup repository "origin") - #:fetch-options (make-default-fetch-options))) + #:fetch-options (make-default-fetch-options + #:verify-certificate? + verify-certificate?))) (when recursive? (update-submodules repository #:log-port log-port - #:fetch-options (make-default-fetch-options))) + #:fetch-options + (make-default-fetch-options + #:verify-certificate? + verify-certificate?))) ;; Note: call 'commit-relation' from here because it's more efficient ;; than letting users re-open the checkout later on. @@ -632,6 +659,7 @@ (define* (latest-repository-commit store url #:key recursive? (log-port (%make-void-port "w")) + (verify-certificate? #t) (cache-directory (%repository-cache-directory)) (ref '())) @@ -644,6 +672,9 @@ (define* (latest-repository-commit store url When RECURSIVE? is true, check out submodules as well, if any. +When VERIFY-CERTIFICATE? is true, raise an error when encountering an invalid +X.509 host certificate; otherwise, warn about the problem and keep going. + Git repositories are kept in the cache directory specified by %repository-cache-directory parameter. @@ -668,6 +699,7 @@ (define* (latest-repository-commit store url (url-cache-directory url cache-directory #:recursive? recursive?) + #:verify-certificate? verify-certificate? #:log-port log-port)) ((name) (url+commit->name url commit))) -- 2.46.0