From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:403:478a::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms9.migadu.com with LMTPS
	id 6EKRL4w0/GRXkAAAauVa8A:P1
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 09 Sep 2023 11:02:04 +0200
Received: from aspmx1.migadu.com ([2001:41d0:403:478a::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id 6EKRL4w0/GRXkAAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sat, 09 Sep 2023 11:02:04 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 3D1CEAEB6
	for <larch@yhetil.org>; Sat,  9 Sep 2023 11:02:04 +0200 (CEST)
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=mZFsSFYu;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1694250124;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=NrhWBxDxxvXRe38ksc6MFNGDGsH9T2X0BKOowWvruj4=;
	b=kyT/w4GxHPkf06w0ggJG7pkddREAEmZ8PeNx3+Y3hhRVmpe5+2mMRR7HB9F4YlDs/GOMRz
	ND/eJH3hNUDXEPLec4jHCjzlUro7fXfFXkLPKIYwg19PMJhD+4iUdWX72fl0CEBefYmg1l
	wykg42DrfNf24WyeKNWULHTT1A7KOnmCA0BqxaNSvZy9IJ1/SbgHE9Ow0k+vwE9jX/yv6C
	Muk9NgTxbXJoQN+Hd37OYuizSFf4yLJYpBR1hmEntOLvKUMLebQ7R+0bI8HLEDCldqg6rT
	opQfdSPr3fYMkJiMog8tYkZyUo0hAA2+DP8DbEIPNfz7yyqemWmt2xmg0qcCJQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1694250124; a=rsa-sha256; cv=none;
	b=klmlVJBL9lmFkD/yLXZmTwr6neGt2ii/vOAuZpjzilK4HjkamI8ZhNkJ5ua45E88i6PZjh
	tL8UHrow+MJMhlV8ljS+B5tS0IB+LCn2JWouTRPOVZaQ2JT2adhlvMXjwwRlVrnnLBCW/b
	wgD/sKXyyRVLfML/ZN4p1d8C6XpS4F8AHcEtACJmR/O3bbAvgv93akSpWwfSivDeTKG3ld
	ugllE3emrj488o/S2r+7WQv1qmtGue+zSDOk9jjQ8Z/JNhs1oAo6msdyc12Cc+6SGQF600
	X6MWvNHREmi6l5aXNPYGX4T4cIk40k+LPfBhRBn7nLk6lpYNGYQ020jn1lWoTg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=mZFsSFYu;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gmail.com
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1qetqe-0002Pv-Dw; Sat, 09 Sep 2023 05:01:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <zimon.toutoune@gmail.com>)
 id 1qetqa-0002PS-NO
 for guix-devel@gnu.org; Sat, 09 Sep 2023 05:01:44 -0400
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <zimon.toutoune@gmail.com>)
 id 1qetqU-00057v-4M
 for guix-devel@gnu.org; Sat, 09 Sep 2023 05:01:44 -0400
Received: by mail-wm1-x335.google.com with SMTP id
 5b1f17b1804b1-401d61e9fecso7862495e9.0
 for <guix-devel@gnu.org>; Sat, 09 Sep 2023 02:01:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1694250096; x=1694854896; darn=gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=NrhWBxDxxvXRe38ksc6MFNGDGsH9T2X0BKOowWvruj4=;
 b=mZFsSFYupBhbk3a1r4KlVmfLKu4sX0mLOeWYgVda41Re4f+PUGmoOZWAreK5zltI9F
 kNDlm4WnE66kGeAgXZR9LlTZ8eMAGlJ/HSIasiusr4iOceLnHtMH1WtAyR2rN4oAEKJX
 Ee87upmZEEJoZ9rCbHUJIOGQ9w37GZ4DwdO1Zl+KtJK4GYcymvAdeHOsUdICJQecTuq4
 AscWghECzy9J9D1/lN1dkidxpidKpuG6NJgxOzX9V18VPlzPFXYOVpXn7h/3eMNmxfEx
 34tpsHqn5vStIOmvm66J5TRI9OiuoBrHWpLjPns91M/jzbNJPHmaAGGBoGjYWZDyhhDA
 y9Lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1694250096; x=1694854896;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=NrhWBxDxxvXRe38ksc6MFNGDGsH9T2X0BKOowWvruj4=;
 b=Beha/DtnUEpgnYV2vPaAZlo52KboSwo4EwVO/DZ+LlWFGi/hGIXFKhqZPFVagF3fIb
 3ZAdHILRzOtYrnyp5OIRtX+UajgmjmKfBSM1Cesm8GvByf+mDfRYwfZ39mGqjygd0xeR
 NStKEq15URjG+/6K4PaSbHQS3Mb45kSRXacVd3VgDo8F8wnkQZ6c9M45zV3zlJKHvOnT
 11s6XT1JwXs9VqsganvFhQQmrYPcrKO9PA0ozJJuMcgHs6wUq16JSh91FVuqNCE8pdV/
 JWj3SBPWzVRvTW64ueHJm+3CaW3reOe3Sg7Z5X+yoljFIyMOLSI/PUO1vE7QwVzNjpjp
 Dm5Q==
X-Gm-Message-State: AOJu0YxeOOeWNaqxopMB0YypCOI20uDr3F7iErM8c0f7ZeM/ZyIx3vm0
 MyjGNicyJOFQKrA82Vdf5PZTuQ4hzes=
X-Google-Smtp-Source: AGHT+IGPBSqBA4J3/wXqQ9Z6w56q7Q00TY59GWV0I8hLqDVw1z2Xl0fze1Q9nLiLeN36htRnL2P42Q==
X-Received: by 2002:a05:600c:1c01:b0:401:b9fb:5acd with SMTP id
 j1-20020a05600c1c0100b00401b9fb5acdmr4049490wms.3.1694250095766; 
 Sat, 09 Sep 2023 02:01:35 -0700 (PDT)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id
 c4-20020a5d4f04000000b0031ad5fb5a0fsm4214641wru.58.2023.09.09.02.01.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 09 Sep 2023 02:01:35 -0700 (PDT)
From: Simon Tournier <zimon.toutoune@gmail.com>
To: wolf <wolf@wolfsden.cz>
Cc: Nicolas =?utf-8?Q?D=C3=A9bonnaire?= <n.debonnaire@gmail.com>,
 guix-devel@gnu.org
Subject: Re: Building from git
In-Reply-To: <ZPoMOownmyo2ADhc@ws>
References: <CANOKM3d_O=9iPYc6yJ91XKKGKi4+Ei01Di4=tcv7G6_DaH3WNw@mail.gmail.com>
 <87ledikx1u.fsf@gmail.com> <ZPoMOownmyo2ADhc@ws>
Date: Thu, 07 Sep 2023 20:59:27 +0200
Message-ID: <86v8clajxs.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2a00:1450:4864:20::335;
 envelope-from=zimon.toutoune@gmail.com; helo=mail-wm1-x335.google.com
X-Spam_score_int: -7
X-Spam_score: -0.8
X-Spam_bar: /
X-Spam_report: (-0.8 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_24_48=1.34,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-Migadu-Scanner: mx0.migadu.com
X-Migadu-Spam-Score: -1.61
X-Spam-Score: -1.61
X-Migadu-Queue-Id: 3D1CEAEB6
X-TUID: qEJubrPQ/Wtc

Hi,

On Thu, 07 Sep 2023 at 19:45, wolf <wolf@wolfsden.cz> wrote:

>> The Makefile does not run =E2=80=98guix git authenticate=E2=80=99 using =
./pre-inst-env.
>> And that=E2=80=99s probably to ensure the source of trust.  If one corru=
pt the
>> commit that is built, then =E2=80=99make authenticate=E2=80=99 would aut=
henticate the
>> corruption because it would run the corrupted newly built guix command.
>> Currently, =E2=80=99make authenticate=E2=80=99 run one guix command that=
 had already
>> been authenticated.  Well, that=E2=80=99s my understanding.
>
> Hmm, but the recipe for the authenticate rule comes from the (possibly)
> compromised source, no?  So the attacker can just modify the recipe inste=
ad of
> the command going the authentication.  Am I missing something?

Yes, the corruption of Makefile.am can be the corruption I was talking abou=
t.

Well, for more explanations one can maybe read:

        [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from 'ins=
talling from git' docs
        Ludovic Court=C3=A8s <ludo@gnu.org>
        Sat, 24 Sep 2022 17:58:29 +0200
        id:87k05s7oii.fsf_-_@gnu.org
        https://issues.guix.gnu.org//57910
        https://issues.guix.gnu.org/msgid/87k05s7oii.fsf_-_@gnu.org
        https://yhetil.org/guix/87k05s7oii.fsf_-_@gnu.org

        [bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from 'ins=
talling from git' docs
        Maxime Devos <maximedevos@telenet.be>
        Sat, 24 Sep 2022 18:23:10 +0200
        id:ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
        https://issues.guix.gnu.org//57910
        https://issues.guix.gnu.org/msgid/ec49e6c2-a542-7d95-0d73-10b2816c5=
9d2@telenet.be
        https://yhetil.org/guix/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telene=
t.be

Cheers,
simon