all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: zimoun <zimon.toutoune@gmail.com>
To: "Ludovic Courtès" <ludo@gnu.org>, "Ricardo Wurmus" <rekado@elephly.net>
Cc: 42048@debbugs.gnu.org
Subject: [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions.
Date: Wed, 01 Jul 2020 10:51:14 +0200	[thread overview]
Message-ID: <86lfk3aa9p.fsf@gmail.com> (raw)
In-Reply-To: <87imf847sr.fsf@gnu.org>

Hi,

On Tue, 30 Jun 2020 at 22:28, Ludovic Courtès <ludo@gnu.org> wrote:

>> One thing that I worry about is authentication of channels that are
>> added as dependencies of user-selected channels.  Let’s say my channel
>> “guix-bimsb” depends on “guix-past”.  How will users of “guix-bimsb”
>> authenticate the commits of “guix-past” when they don’t know about
>> “guix-past” (they only care about “guix-bimsb”), and don’t explicitly
>> add introduction information to their channels file?
>>
>> Is there something that the authors of “guix-bimsb” can do to not only
>> indicate the dependency on “guix-past”, but also to attach introduction
>> information?  Will the format of the “.guix-channel” need to be
>> adjusted?
>
> That’s a very good question and I had completely overlooked it.

Héhé, yet I had the same question one month ago. :-)

--8<---------------cut here---------------start------------->8---
> The question about recursive still applies. ;-)
> Currently, if the local channel file points to a channel A which
> contains the file '.guix-channel' which points to another channel B,
> then when one runs "guix pull" well the channel A will be pulled and
> then the channel B, even if this channel B is not explicit in the
> initial local channel.  (Even, there is bug about recursive implicit
> pulls, see http://issues.guix.gnu.org/issue/41069; well another
> story.)
>What happens for such situation?

Nothing special, I guess: each channel would be authenticated (or not,if
it’s an unsigned channel).  I think it’s completely orthogonal.
--8<---------------cut here---------------end--------------->8---

http://issues.guix.gnu.org/issue/22883#75


> With this patch set, someone pulling guix-bimsb would just end up
> pulling guix-past unauthenticated; there’s not even a warning.
>
> (There’s currently a warning in (guix channels), but only when pulling
> an unauthenticated 'guix channel.  It’s perhaps too early to have that
> warning enabled for all channels.  WDYT?)

Enable the warning appears to me a good idea because this dependency is
like "doing something I am not necessary aware in my back".

For example, the first time I pulled the channel "guix-bimsb-non-free" which
depends on "guix-bimsb", it took me some time to understand why
"guix-bimsb" was pulled twice and once with a name I do not have in my
local channels.scm file.  Anyway.

> So yes, I suppose we would need to extend the ‘.guix-channel’ format for
> dependencies.  Luckily it should be quite simply because that format is
> extensible; older Guix versions would ignore the ‘introduction’ field.
> It would look something like this:
>
>      (channel
>       (version 0)
>       (dependencies
>        (channel
>         (name some-collection)
>         (url "https://example.org/first-collection.git")
>         (introduction (channel-introduction
>                         (version 0)
>                         (commit "…")
>                         (signer "…"))))
>        (channel
>         (name some-other-collection)
>         (url "https://example.org/second-collection.git")
>         (branch "testing"))))   ;not an authenticated channel
>
> It does mean that a channel can indirectly trick you into turning off
> authentication for a dependent channel.  But I think that’s within the
> expectations for channels: when you choose a channel, you trust it
> enough to run its code.

Sound good to me.

When I choose a channel, I trust the people enough to run their code.
But I do not trust the URL which serves it.  I mean, it is the point of
all this new authentication mechanism, isn't it?

However, I agree.  Channel should stay easy to fork and add something
(then maybe send a pull-request) without going in all the GPG signature
dance and/or running the options --allow-downgrades or
--disable-authentication (I do not remember the exact name).


Cheers,
simon




  reply	other threads:[~2020-07-01  8:52 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-25 21:04 [bug#42048] [PATCH 0/6] Authenticated channels for everyone! Ludovic Courtès
2020-06-25 21:16 ` [bug#42048] [PATCH 1/6] channels: Add 'openpgp-fingerprint->bytevector' Ludovic Courtès
2020-06-25 21:16   ` [bug#42048] [PATCH 2/6] channels: Make channel introductions public Ludovic Courtès
2020-06-25 22:32     ` Kyle Meyer
2020-06-26  8:17       ` Ludovic Courtès
2020-06-27 17:07       ` Ludovic Courtès
2020-06-25 21:16   ` [bug#42048] [PATCH 3/6] channels: Remove 'signature' from <channel-introduction> Ludovic Courtès
2020-06-30 14:35     ` Ricardo Wurmus
2020-06-30 15:15       ` Ludovic Courtès
2020-06-25 21:16   ` [bug#42048] [PATCH 4/6] channels: Save and interpret 'introduction' field in provenance data Ludovic Courtès
2020-06-25 21:16   ` [bug#42048] [PATCH 5/6] guix describe: Display channel introductions and add 'channels-sans-intro' Ludovic Courtès
2020-06-25 21:16   ` [bug#42048] [PATCH 6/6] services: provenance: Save channel introductions Ludovic Courtès
2020-06-30 15:53     ` Ricardo Wurmus
2020-06-30 20:28       ` Ludovic Courtès
2020-07-01  8:51         ` zimoun [this message]
2020-07-01 12:12           ` Ludovic Courtès
2020-07-01 12:49             ` zimoun
2020-07-01 17:05               ` Ludovic Courtès
2020-07-01 12:25         ` Ricardo Wurmus
2020-07-01 21:50           ` bug#42048: " Ludovic Courtès
2020-07-01  9:35 ` [bug#42048] [PATCH 0/6] Authenticated channels for everyone! zimoun
2020-07-01 12:17   ` Ludovic Courtès
2020-07-01 13:09     ` zimoun
2020-07-01 15:54       ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=86lfk3aa9p.fsf@gmail.com \
    --to=zimon.toutoune@gmail.com \
    --cc=42048@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    --cc=rekado@elephly.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.