From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 7/BnHITO5F9xEAAA0tVLHw (envelope-from ) for ; Thu, 24 Dec 2020 17:23:16 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 8E2bF4TO5F+dZgAAbx9fmQ (envelope-from ) for ; Thu, 24 Dec 2020 17:23:16 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C509F94011C for ; Thu, 24 Dec 2020 17:23:15 +0000 (UTC) Received: from localhost ([::1]:39886 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ksUKY-0006hI-Jc for larch@yhetil.org; Thu, 24 Dec 2020 12:23:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:46150) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ksUKM-0006Uz-9U for guix-patches@gnu.org; Thu, 24 Dec 2020 12:23:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:44419) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ksUKL-0007c6-VR for guix-patches@gnu.org; Thu, 24 Dec 2020 12:23:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ksUKL-0003hl-S2 for guix-patches@gnu.org; Thu, 24 Dec 2020 12:23:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#45409] [PATCH 2/3] guix: Untangle (guix narinfo) from (guix scripts substitute). Resent-From: Christopher Baines Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 24 Dec 2020 17:23:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45409 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 45409@debbugs.gnu.org Received: via spool by 45409-submit@debbugs.gnu.org id=B45409.160883054714165 (code B ref 45409); Thu, 24 Dec 2020 17:23:01 +0000 Received: (at 45409) by debbugs.gnu.org; 24 Dec 2020 17:22:27 +0000 Received: from localhost ([127.0.0.1]:55961 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ksUJm-0003gJ-5J for submit@debbugs.gnu.org; Thu, 24 Dec 2020 12:22:27 -0500 Received: from mira.cbaines.net ([212.71.252.8]:56756) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ksUJk-0003g9-O2 for 45409@debbugs.gnu.org; Thu, 24 Dec 2020 12:22:25 -0500 Received: from localhost (188.29.98.108.threembb.co.uk [188.29.98.108]) by mira.cbaines.net (Postfix) with ESMTPSA id C0ED127BC05 for <45409@debbugs.gnu.org>; Thu, 24 Dec 2020 17:22:23 +0000 (GMT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id d37596f4 for <45409@debbugs.gnu.org>; Thu, 24 Dec 2020 17:22:21 +0000 (UTC) From: Christopher Baines Date: Thu, 24 Dec 2020 17:22:20 +0000 Message-Id: <20201224172221.21057-2-mail@cbaines.net> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201224172221.21057-1-mail@cbaines.net> References: <20201224172221.21057-1-mail@cbaines.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: 0.18 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: C509F94011C X-Spam-Score: 0.18 X-Migadu-Scanner: scn1.migadu.com X-TUID: S19zP5lunyJp Moving the code left the %allow-unauthenticated-substitutes? parameter working across both modules, which isn't very clear. Instead just use %allow-unauthenticated-substitutes? in the substitute module. * guix/scripts/substitute.scm (process-query, process-substitution): Change the authorized? argument to lookup-narinfo and lookup-narinfos/diverse based on %allow-unauthenticated-substitutes?. * guix/narinfo.scm (valid-narinfo?): Remove use of %allow-unauthenticated-substitutes?. --- guix/narinfo.scm | 63 ++++++++++++++++++------------------- guix/scripts/substitute.scm | 16 +++++++--- 2 files changed, 42 insertions(+), 37 deletions(-) diff --git a/guix/narinfo.scm b/guix/narinfo.scm index 3ecb2f039e..8aa9e53ebd 100644 --- a/guix/narinfo.scm +++ b/guix/narinfo.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2014 Nikita Karetnikov ;;; Copyright © 2018 Kyle Meyer +;;; Copyright © 2020 Christopher Baines ;;; ;;; This file is part of GNU Guix. ;;; @@ -26,7 +27,6 @@ #:use-module (guix base64) #:use-module (guix records) #:use-module (guix diagnostics) - #:use-module (guix scripts substitute) #:use-module (gcrypt hash) #:use-module (gcrypt pk-crypto) #:use-module (rnrs bytevectors) @@ -209,38 +209,37 @@ No authentication and authorization checks are performed here!" (define* (valid-narinfo? narinfo #:optional (acl (current-acl)) #:key verbose?) "Return #t if NARINFO's signature is not valid." - (or (%allow-unauthenticated-substitutes?) - (let ((hash (narinfo-sha256 narinfo)) - (signature (narinfo-signature narinfo)) - (uri (uri->string (first (narinfo-uris narinfo))))) - (and hash signature - (signature-case (signature hash acl) - (valid-signature #t) - (invalid-signature - (when verbose? - (format (current-error-port) - "invalid signature for substitute at '~a'~%" - uri)) - #f) - (hash-mismatch - (when verbose? - (format (current-error-port) - "hash mismatch for substitute at '~a'~%" - uri)) - #f) - (unauthorized-key - (when verbose? - (format (current-error-port) - "substitute at '~a' is signed by an \ + (let ((hash (narinfo-sha256 narinfo)) + (signature (narinfo-signature narinfo)) + (uri (uri->string (first (narinfo-uris narinfo))))) + (and hash signature + (signature-case (signature hash acl) + (valid-signature #t) + (invalid-signature + (when verbose? + (format (current-error-port) + "invalid signature for substitute at '~a'~%" + uri)) + #f) + (hash-mismatch + (when verbose? + (format (current-error-port) + "hash mismatch for substitute at '~a'~%" + uri)) + #f) + (unauthorized-key + (when verbose? + (format (current-error-port) + "substitute at '~a' is signed by an \ unauthorized party~%" - uri)) - #f) - (corrupt-signature - (when verbose? - (format (current-error-port) - "corrupt signature for substitute at '~a'~%" - uri)) - #f)))))) + uri)) + #f) + (corrupt-signature + (when verbose? + (format (current-error-port) + "corrupt signature for substitute at '~a'~%" + uri)) + #f))))) (define (write-narinfo narinfo port) "Write NARINFO to PORT." diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm index 72242b73f1..e2d30f1760 100755 --- a/guix/scripts/substitute.scm +++ b/guix/scripts/substitute.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès ;;; Copyright © 2014 Nikita Karetnikov ;;; Copyright © 2018 Kyle Meyer +;;; Copyright © 2020 Christopher Baines ;;; ;;; This file is part of GNU Guix. ;;; @@ -692,11 +693,14 @@ expected by the daemon." "Reply to COMMAND, a query as written by the daemon to this process's standard input. Use ACL as the access-control list against which to check authorized substitutes." - (define (valid? obj) - (valid-narinfo? obj acl)) + (define valid? + (if (%allow-unauthenticated-substitutes?) + (begin + (warn-about-missing-authentication) - (when (%allow-unauthenticated-substitutes?) - (warn-about-missing-authentication)) + (const #t)) + (lambda (obj) + (valid-narinfo? obj acl)))) (match (string-tokenize command) (("have" paths ..1) @@ -797,7 +801,9 @@ DESTINATION is in the store, deduplicate its files. Print a status line on the current output port." (define narinfo (lookup-narinfo cache-urls store-item - (cut valid-narinfo? <> acl))) + (if (%allow-unauthenticated-substitutes?) + (const #t) + (cut valid-narinfo? <> acl)))) (define destination-in-store? (string-prefix? (string-append (%store-prefix) "/") -- 2.29.2