GNU bug report logs -
#41870
[PATCH 0/2] Allow '.guix-channel' to advertise the primary URL
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Mon, 15 Jun 2020 15:13:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41870 in the body.
You can then email your comments to 41870 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#41870
; Package
guix-patches
.
(Mon, 15 Jun 2020 15:13:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Mon, 15 Jun 2020 15:13:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi!
As discussed in <https://issues.guix.gnu.org/issue/22883#69>, this
patch provides a way for channel authors to state what the primary
URL of their channel is. The goal here is simply to warn users
when they are pulling from a mirror so that they cannot be tricked
into pulling from a stale mirror.
This goes on top of <https://issues.guix.gnu.org/41767>.
Thoughts?
Ludo’.
Ludovic Courtès (2):
channels: Warn when pulling from a mirror.
.guix-channel: Add primary URL.
.guix-channel | 3 ++-
doc/guix.texi | 22 ++++++++++++++++++++++
guix/channels.scm | 29 +++++++++++++++++++++++++----
3 files changed, 49 insertions(+), 5 deletions(-)
--
2.26.2
Information forwarded
to
guix-patches <at> gnu.org
:
bug#41870
; Package
guix-patches
.
(Mon, 15 Jun 2020 15:22:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 41870 <at> debbugs.gnu.org (full text, mbox):
* guix/channels.scm (<channel-metadata>)[url]: New field.
(read-channel-metadata): Initialize it.
(read-channel-metadata-from-source): Likewise.
(channel-instance-primary-url): New procedure.
(latest-channel-instances): Compare CHANNEL's URL against it.
* doc/guix.texi (Channels)[Primary URL]: New subsection.
---
doc/guix.texi | 22 ++++++++++++++++++++++
guix/channels.scm | 29 +++++++++++++++++++++++++----
2 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 81a11c6756..16ef5bf42e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4153,6 +4153,28 @@ add a meta-data file @file{.guix-channel} that contains:
(directory "guix"))
@end lisp
+@cindex primary URL, channels
+@subsection Primary URL
+
+Channel authors can indicate the primary URL of their channel's Git
+repository in the @file{.guix-channel} file, like so:
+
+@lisp
+(channel
+ (version 0)
+ (url "https://example.org/guix.git"))
+@end lisp
+
+This allows @command{guix pull} to determine whether it is pulling code
+from a mirror of the channel; when that is the case, it warns the user
+that the mirror might be stale and displays the primary URL. That way,
+users cannot be tricked into fetching code from a stale mirror that does
+not receive security updates.
+
+This feature only makes sense for authenticated repositories, such as
+the official @code{guix} channel, for which @command{guix pull} ensures
+the code it fetches is authentic.
+
@cindex news, for channels
@subsection Writing Channel News
diff --git a/guix/channels.scm b/guix/channels.scm
index 38ec68fec1..7e4d6e4c84 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -182,12 +182,13 @@ introduction, add it."
(checkout channel-instance-checkout))
(define-record-type <channel-metadata>
- (channel-metadata directory dependencies news-file keyring-reference)
+ (channel-metadata directory dependencies news-file keyring-reference url)
channel-metadata?
(directory channel-metadata-directory) ;string with leading slash
(dependencies channel-metadata-dependencies) ;list of <channel>
(news-file channel-metadata-news-file) ;string | #f
- (keyring-reference channel-metadata-keyring-reference)) ;string
+ (keyring-reference channel-metadata-keyring-reference) ;string
+ (url channel-metadata-url)) ;string | #f
(define %default-keyring-reference
;; Default value of the 'keyring-reference' field.
@@ -209,6 +210,7 @@ if valid metadata could not be read from PORT."
(let ((directory (and=> (assoc-ref properties 'directory) first))
(dependencies (or (assoc-ref properties 'dependencies) '()))
(news-file (and=> (assoc-ref properties 'news-file) first))
+ (url (and=> (assoc-ref properties 'url) first))
(keyring-reference
(or (and=> (assoc-ref properties 'keyring-reference) first)
%default-keyring-reference)))
@@ -229,7 +231,8 @@ if valid metadata could not be read from PORT."
(commit (get 'commit))))))
dependencies)
news-file
- keyring-reference)))
+ keyring-reference
+ url)))
((and ('channel ('version version) _ ...) sexp)
(raise (condition
(&message (message "unsupported '.guix-channel' version"))
@@ -253,7 +256,7 @@ doesn't exist."
read-channel-metadata))
(lambda args
(if (= ENOENT (system-error-errno args))
- (channel-metadata "/" '() #f %default-keyring-reference)
+ (channel-metadata "/" '() #f %default-keyring-reference #f)
(apply throw args)))))
(define (channel-instance-metadata instance)
@@ -463,6 +466,11 @@ been tampered with and is trying to force a roll-back, preventing you from
getting the latest updates. If you think this is not the case, explicitly
allow non-forward updates."))))))))))
+(define (channel-instance-primary-url instance)
+ "Return the primary URL advertised for INSTANCE, or #f if there is no such
+information."
+ (channel-metadata-url (channel-instance-metadata instance)))
+
(define* (latest-channel-instances store channels
#:key
(current-channels '())
@@ -518,6 +526,19 @@ depending on the policy it implements."
validate-pull
#:starting-commit
current)))
+ (when authenticate?
+ ;; CHANNEL is authenticated so we can trust the
+ ;; primary URL advertised in its metadata and warn
+ ;; about possibly stale mirrors.
+ (let ((primary-url (channel-instance-primary-url
+ instance)))
+ (unless (or (not primary-url)
+ (channel-commit channel)
+ (string=? primary-url (channel-url channel)))
+ (warning (G_ "pulled channel '~a' from a mirror \
+of ~a, which might be stale~%")
+ (channel-name channel)
+ primary-url))))
(let-values (((new-instances new-channels)
(loop (channel-instance-dependencies instance)
--
2.26.2
Information forwarded
to
guix-patches <at> gnu.org
:
bug#41870
; Package
guix-patches
.
(Mon, 15 Jun 2020 15:22:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 41870 <at> debbugs.gnu.org (full text, mbox):
* .guix-channel: Add 'url'.
---
.guix-channel | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.guix-channel b/.guix-channel
index f4459f1de1..b852180cf2 100644
--- a/.guix-channel
+++ b/.guix-channel
@@ -3,4 +3,5 @@
(channel
(version 0)
(news-file "etc/news.scm")
- (keyring-reference "keyring"))
+ (keyring-reference "keyring")
+ (url "https://git.savannah.gnu.org/git/guix.git")) ;the primary URL
--
2.26.2
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Wed, 17 Jun 2020 17:35:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
bug acknowledged by developer.
(Wed, 17 Jun 2020 17:35:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 41870-done <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> skribis:
> channels: Warn when pulling from a mirror.
> .guix-channel: Add primary URL.
Pushed as 8b1f7c03d239ca703b56f2a6e5f228c79bc1857e.
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Thu, 16 Jul 2020 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 277 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.