From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id GN3FDYLQWGc4GwEA62LTzQ:P1 (envelope-from ) for ; Tue, 10 Dec 2024 23:36:34 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id GN3FDYLQWGc4GwEA62LTzQ (envelope-from ) for ; Wed, 11 Dec 2024 00:36:34 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=qbpjC3UM; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=R7DxHyhP; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1733873793; a=rsa-sha256; cv=none; b=B5nbcprK976sLSyB04JI/XmBQl899SoQvgVXIDauU10KYXXVYkS6jle9Mr5R19Ml85eZ8s ys3giPMZ4dvJVGy2TUSkviBMxPlCO5hdqAt/q8XbLGSEhskTXjo0ZMDsU+OJ5Tmar/Z0jL VekspAuDGTVAlJGwuSkrC8Q20CqNzmqJtkh82GSTGdhs9TUuXSHCYH1N/MkCVY1HfdJqW5 djhMu6I1ZFpNfhpQdwhRGygEoFl3KcojPy0WMdrBea0VTaFWYg2jWT+IGdNJ6vev0f9fsZ ctwzT6gDT6RowoafoC/sW6300AjVVIFA4+dXhhc8aDi0MN0nfsO2S+mgyUKF5w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=qbpjC3UM; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=R7DxHyhP; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1733873793; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ZpHBPYx5+heUxCw5fDOkvdOYuBiHXoqqcOLUWK8laCQ=; b=cQfXqU6jHf10jsLKEhoftu2RRkaZfMvUANqgNjeCAhSgziWjipWXq12IF1/YP5JHDLK26T JLjmko2/jCdCNcG7P94zzxtvfbpBX+wCGjLwewKyf+6mSmD5Z0ivgOBNM5jddSo31CEcxb MFuFI0kzi6zBxStIegBj5yL06lNsaMUrga5G8r/eGgeJIqvFSLBWOZUlhZxAMDTVIPWvoh oTyEJBLu0MZDASWrypOtYkzbQ4XT3ODK7ND6kVZDL7ft8l/UGjEn/8QOFb2+b8Kl1CDsYH oby9OdVG/TwOGhL3yOmSxakO8RfaLGbZAET7D5MIoCxaQfFPVmdtS3vQ5ttuVQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B7ED81AC02 for ; Wed, 11 Dec 2024 00:36:33 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tL9lw-0007qP-FN; Tue, 10 Dec 2024 18:36:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL9lu-0007pd-Hg for guix-patches@gnu.org; Tue, 10 Dec 2024 18:36:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tL9lu-0002eT-6X; Tue, 10 Dec 2024 18:36:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=ZpHBPYx5+heUxCw5fDOkvdOYuBiHXoqqcOLUWK8laCQ=; b=qbpjC3UM3afbvo+TlQgep117F0vMQNj70OQcl+o7ucQ8GnsMIVJLenjtn/+rzeNBihjhybIFH42/VtoJOhejZTdb2VhqBn0H3EjB7bWS+vzuinohHodywUSgqj7fT5KUVL37zED5ncTPeBj4tAFxDJWV7HYRXaJ40rZjOMhPwUQHUzRUYnlZqvLbXkSr5FDHBclry4lSBfZAcoES5l/UGbgCp4h5hXXsihRj6ZhKCSow+9WuEFpOI8cLsHyc/Pgu23rONao0msl2xjBNoUzd4eefOpGaT3aGqXZWYho4OKGKircWw2n/9h/U0FYg1xL3vw/8OuKXdo8BENuGeo6ojw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tL9ls-0005dv-9E; Tue, 10 Dec 2024 18:36:04 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74776] [PATCH 5/7] pull: Add =?UTF-8?Q?=E2=80=98--no-check-certificate=E2=80=99.?= Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, maxim.cournoyer@gmail.com, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Tue, 10 Dec 2024 23:36:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74776 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74776@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Maxim Cournoyer , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Maxim Cournoyer , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by 74776-submit@debbugs.gnu.org id=B74776.173387371221185 (code B ref 74776); Tue, 10 Dec 2024 23:36:04 +0000 Received: (at 74776) by debbugs.gnu.org; 10 Dec 2024 23:35:12 +0000 Received: from localhost ([127.0.0.1]:60062 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tL9l0-0005Ug-U4 for submit@debbugs.gnu.org; Tue, 10 Dec 2024 18:35:11 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39850) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tL9kw-0005Sg-1t for 74776@debbugs.gnu.org; Tue, 10 Dec 2024 18:35:06 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL9kq-0002Pq-Ra; Tue, 10 Dec 2024 18:35:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=ZpHBPYx5+heUxCw5fDOkvdOYuBiHXoqqcOLUWK8laCQ=; b=R7DxHyhPMbnv/VcGvNEA vxIsiK725/icdkMvKPAjPoWs0VOGVuyQzFh9e6SbC5EnnfKXKbbNk34ZQG5lP9UnHI/zEwIuGsnn2 JP1KvzXyCV/kUs4B+DSguwsbRAiolGWqwSYgSXqoVMzGJNHx7Yb6RvaZn7PLqJWF77f/7X+9hJLZR HKipzmkThr2mf3FGLUUktV+CRenZVLMxhmARkUrUMOkoNRcKOo7TcLELOiD+RWm0hYTvIvR5HjYlb ZqVjyulPBpPs6qI55MDMwBTzQVrT6bHK+q0Sx0EZt7EAHuODLRpp8gmPIrqK0kKUid5mXdF1TS9yB BzgcY7f2lQAiSg==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Wed, 11 Dec 2024 00:34:44 +0100 Message-ID: X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -0.86 X-Spam-Score: -0.86 X-Migadu-Queue-Id: B7ED81AC02 X-Migadu-Scanner: mx12.migadu.com X-TUID: 6dBuusJj7Dnm This can be tested with: guix shell libfaketime -- faketime 2019-01-01 \ guix pull -q --no-check-certificate -p /tmp/p * guix/scripts/pull.scm (%options, show-help): Add ‘--no-check-certificate’. (%default-options): Add ‘verify-certificate?’ key. (guix-pull): Honor it. * doc/guix.texi (Invoking guix pull): Document it. Change-Id: Ia9d7af1c64156b112e86027fb637e2e02dae6e3c --- doc/guix.texi | 8 ++++++++ guix/scripts/pull.scm | 16 +++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a2915de954..cad16a0660 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4635,6 +4635,14 @@ Invoking guix pull @option{--disable-authentication}. @end quotation +@item --no-check-certificate +Do not validate the X.509 certificates of HTTPS servers. + +When using this option, you have @emph{absolutely no guarantee} that you +are communicating with the authentic server responsible for the given +URL. Unless the channel is authenticated, this makes you vulnerable to +``man-in-the-middle'' attacks. + @item --system=@var{system} @itemx -s @var{system} Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index 58d3cd7e83..76aed0b5cc 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013-2015, 2017-2023 Ludovic Courtès +;;; Copyright © 2013-2015, 2017-2024 Ludovic Courtès ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice ;;; @@ -77,6 +77,7 @@ (define %default-options (debug . 0) (verbosity . 1) (authenticate-channels? . #t) + (verify-certificate? . #t) (validate-pull . ,ensure-forward-channel-update))) (define (show-help) @@ -98,6 +99,9 @@ (define (show-help) (display (G_ " --disable-authentication disable channel authentication")) + (display (G_ " + --no-check-certificate + do not validate the certificate of HTTPS servers")) (display (G_ " -N, --news display news compared to the previous generation")) (display (G_ " @@ -183,6 +187,9 @@ (define %options (option '("disable-authentication") #f #f (lambda (opt name arg result) (alist-cons 'authenticate-channels? #f result))) + (option '("no-check-certificate") #f #f + (lambda (opt name arg result) + (alist-cons 'verify-certificate? #f result))) (option '(#\p "profile") #t #f (lambda (opt name arg result) (alist-cons 'profile (canonicalize-profile arg) @@ -845,7 +852,8 @@ (define-command (guix-pull . args) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) (validate-pull (assoc-ref opts 'validate-pull)) - (authenticate? (assoc-ref opts 'authenticate-channels?))) + (authenticate? (assoc-ref opts 'authenticate-channels?)) + (verify-certificate? (assoc-ref opts 'verify-certificate?))) (cond ((assoc-ref opts 'query) (process-query opts profile)) @@ -877,7 +885,9 @@ (define-command (guix-pull . args) #:validate-pull validate-pull #:authenticate? - authenticate?))) + authenticate? + #:verify-certificate? + verify-certificate?))) (format (current-error-port) (N_ "Building from this channel:~%" "Building from these channels:~%" -- 2.46.0