From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UD/OC/F29V/oGAAA0tVLHw (envelope-from ) for ; Wed, 06 Jan 2021 08:38:09 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id SKiyB/F29V8+egAAB5/wlQ (envelope-from ) for ; Wed, 06 Jan 2021 08:38:09 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E4F8D940416 for ; Wed, 6 Jan 2021 08:38:08 +0000 (UTC) Received: from localhost ([::1]:33516 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kx4KV-00012p-UU for larch@yhetil.org; Wed, 06 Jan 2021 03:38:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:33084) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kx4KQ-00012f-4Y for guix-patches@gnu.org; Wed, 06 Jan 2021 03:38:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:60051) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kx4KP-0004tY-TV for guix-patches@gnu.org; Wed, 06 Jan 2021 03:38:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kx4KP-0008MI-Qs for guix-patches@gnu.org; Wed, 06 Jan 2021 03:38:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#45409] [PATCH v3 1/3] substitute: Untangle skipping authentication from valid-narinfo?. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 06 Jan 2021 08:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45409 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Baines Received: via spool by 45409-submit@debbugs.gnu.org id=B45409.160992224532070 (code B ref 45409); Wed, 06 Jan 2021 08:38:01 +0000 Received: (at 45409) by debbugs.gnu.org; 6 Jan 2021 08:37:25 +0000 Received: from localhost ([127.0.0.1]:43360 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kx4Jp-0008LB-2A for submit@debbugs.gnu.org; Wed, 06 Jan 2021 03:37:25 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39820) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kx4Jn-0008Ky-4r for 45409@debbugs.gnu.org; Wed, 06 Jan 2021 03:37:23 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55321) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kx4Jh-0004a2-RU; Wed, 06 Jan 2021 03:37:17 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=41264 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kx4Jh-0004a7-EK; Wed, 06 Jan 2021 03:37:17 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87y2hn9l8j.fsf@cbaines.net> <20210104211927.14959-1-mail@cbaines.net> <871rezt5cd.fsf@gnu.org> <878s97j8ja.fsf@cbaines.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 =?UTF-8?Q?Niv=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 06 Jan 2021 09:37:16 +0100 In-Reply-To: <878s97j8ja.fsf@cbaines.net> (Christopher Baines's message of "Tue, 05 Jan 2021 22:58:17 +0000") Message-ID: <87im8asbpf.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 45409@debbugs.gnu.org Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.84 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: E4F8D940416 X-Spam-Score: -2.84 X-Migadu-Scanner: scn0.migadu.com X-TUID: KSHmQUrJ+c8d Hi, Christopher Baines skribis: > Ludovic Court=C3=A8s writes: > >> Hi, >> >> Christopher Baines skribis: >> >>> Rather than having valid-narinfo? evaluate to #t if >>> %allow-unauthenticated-substitutes? is set to #t, just use (const #t) f= or >>> valid-narinfo? when %allow-unauthenticated-substitutes? is set to #t. = This >>> will allow moving valid-narinfo? in to a (guix substitutes) module. >>> >>> * guix/scripts/substitute.scm (process-query, process-substitution): Ch= ange >>> the authorized? argument to lookup-narinfo and lookup-narinfos/diverse = based >>> on %allow-unauthenticated-substitutes?. >>> (valid-narinfo?): Remove use of %allow-unauthenticated-substitutes?. >> >> Bummer that there are two call sites. >> >> What about doing away with =E2=80=98%allow-unauthenticated-substitutes?= =E2=80=99 and >> instead changing its only user, =E2=80=98tests/substitute.scm=E2=80=99, = like so: My bad, I missed that =E2=80=98test-env=E2=80=99 does: GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES=3Dyes So what I proposed won=E2=80=99t work. All in all, let=E2=80=99s just take the patch you proposed. Sorry for the confusion! > I don't know what's up with these tests in particular, adding peek in > places makes tests fail... not using Guile debugging helpers and > outputting to (current-error-port) seems to not change the result > though. Yeah that=E2=80=99s because (current-output-port) is used to communicate wi= th the daemon, so if you inadvertently write things there, it breaks. > I didn't really understand this code, but looking at it more, I'm > thinking now that what it actually does is affects all the tests, and > for some tests in the (tests substitute) module, the > %allow-unauthenticated-substitutes? behaviour is turned off. Yeah, I got the logic wrong. > Commenting out the relevant code in the script seems to support this, > the substitute tests still pass, but tests in the store, derivation and > guix-daemon modules fail. The substitute tests are actually fine, and > break if you disable substitute authentication. The mock approach is > probably feasible, but it would need to be done in those > modules/tests. I haven't looked at the details, but I'd be a little > concerned that it might require mocking in each of the individual 15 > failing tests, maybe that's good for being explicit though? > > Back to the use of %allow-unauthenticated-substitutes? in the code, > there are two call sites, for the two separate code paths, but it would > be pretty easy to move to one call site. Both process-query and > process-substitution take an acl, but they could instead take some > (valid? obj) procedure. That would either call (valid-narinfo? obj acl) > or just evaluate to #t in the allow unauthorized case. This effectively > moves the logic and call site to the command. Yeah but the patch you proposed is fine. Thanks and apologies for the back-and-forth! Ludo=E2=80=99.