GNU bug report logs - #41908
guix time-machine fails; XXXX is not related to introductory commit of channel 'guix'

Previous Next

Package: guix;

Reported by: Jan Nieuwenhuizen <janneke <at> gnu.org>

Date: Wed, 17 Jun 2020 09:29:01 UTC

Severity: serious

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41908 in the body.
You can then email your comments to 41908 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Wed, 17 Jun 2020 09:29:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jan Nieuwenhuizen <janneke <at> gnu.org>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Wed, 17 Jun 2020 09:29:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jan Nieuwenhuizen <janneke <at> gnu.org>
To: bug-guix <at> gnu.org
Subject: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Wed, 17 Jun 2020 11:27:53 +0200
Hi,

After pulling this morning, guix time-machine fails, look:

--8<---------------cut here---------------start------------->8---
$ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix      https://git.savannah.gnu.org/git/guix.git	559491e
[...]
hint: Run `guix pull --news' to read all the news.

11:23:19 janneke <at> dundal:~/src/guix/master
$ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'

[1]11:23:25 janneke <at> dundal:~/src/guix/master
git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
--8<---------------cut here---------------end--------------->8---

Am I missing something?

Greetings,
Janneke

-- 
Jan Nieuwenhuizen <janneke <at> gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Thu, 18 Jun 2020 22:30:01 GMT) Full text and rfc822 format available.

Message #8 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>, 41908 <at> debbugs.gnu.org
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Fri, 19 Jun 2020 00:29:39 +0200
Dear Janneke,

On Wed, 17 Jun 2020 at 11:27, Jan Nieuwenhuizen <janneke <at> gnu.org> wrote:

> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d'
> is not related to introductory commit of channel 'guix'

It seems related to the new machinery about authentication, i.e., I guess:

838ac881ec * time-machine: Add '--disable-authentication'.


On my machine:

--8<---------------cut here---------------start------------->8---
guix pull --commit= -p /tmp/bug
/tmp/bug/bin/guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
--8<---------------cut here---------------end--------------->8---

works as expected. I mean I get:

--8<---------------cut here---------------start------------->8---
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...
substitute: updating substitutes from
'https://ci.guix.gnu.org'... 100.0%
[...]
^C
--8<---------------cut here---------------end--------------->8---

Then I stopped before it completes.  And I re-run the same time-machine
command and I get the same error message:

--8<---------------cut here---------------start------------->8---
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

But with the new option "--disable-authentication", it works -- even it
is maybe not what you want.




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Thu, 18 Jun 2020 23:03:01 GMT) Full text and rfc822 format available.

Message #11 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>, 41908 <at> debbugs.gnu.org
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Fri, 19 Jun 2020 01:02:39 +0200
Sorry, I hit C-c C-c in the wrong buffer and sent the email before
finished it. :-)

CC: Ludo because I do not really understand all the new machinery and
what is the correct solution:
 - remove/tweak the file "~/.cache/guix/authentication/channels/guix""
or
 - use "--disable-authentication"
or
 - is it a real bug? :-)
? 

On Fri, 19 Jun 2020 at 00:29, zimoun <zimon.toutoune <at> gmail.com> wrote:

> It seems related to the new machinery about authentication, i.e., I guess:
>
> 838ac881ec * time-machine: Add '--disable-authentication'.

[...]

> But with the new option "--disable-authentication", it works -- even it
> is maybe not what you want.

What do you have in the file ~/.cache/guix/authentication/channels/guix?


Well, basically if I run with a fresh
~/.cache/guix/authentication/channels/guix, it works as expected:

--8<---------------cut here---------------start------------->8---
$ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...
Computing Guix derivation for 'x86_64-linux'... /
--8<---------------cut here---------------end--------------->8---

however, if I re-run the exact same command, it fails:

--8<---------------cut here---------------start------------->8---
$ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

and the file says:

--8<---------------cut here---------------start------------->8---
$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("36640207c9543e48cd6daa92930f023f80065a5d")
--8<---------------cut here---------------end--------------->8---

Well, I do not know if it does not come from 'start-commit',
'end-commit' and 'authenticated-commits' in guix/channels.scm:
(authenticate-channel).


All the best,
simon






Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Fri, 19 Jun 2020 21:19:01 GMT) Full text and rfc822 format available.

Message #14 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>
Cc: 41908 <at> debbugs.gnu.org, Marius Bakke <marius <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Fri, 19 Jun 2020 23:17:53 +0200
Hi,

(+Cc: Marius.)

Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:

> $ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> Building from this channel:
>   guix      https://git.savannah.gnu.org/git/guix.git	559491e
> [...]
> hint: Run `guix pull --news' to read all the news.
>
> 11:23:19 janneke <at> dundal:~/src/guix/master
> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
>
> [1]11:23:25 janneke <at> dundal:~/src/guix/master
> git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
> 36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.

I think ‘commit-relation’ is right: the two commits are unrelated.

AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
(May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
26).  Thus, they really existed in different branches, and they’re
unrelated.

So we probably need to choose another introductory commit, one on
‘master’, and that has to be the merge commit for ‘staging’
(8ab70bae52f8d4b6356ec3b8a88cebf9debe8520, June 13!).

That sucks because that means that any branch forked before that is not
mergeable.  That includes at least ‘core-updates’ (but there are few
commits there, so it can be rebased, I think.)

I don’t think we can relax the relation check with the introductory
commit or we’d allow jumping anywhere.

Thoughts?

Ludo’.




Severity set to 'serious' from 'normal' Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 19 Jun 2020 21:19:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Fri, 19 Jun 2020 23:23:01 GMT) Full text and rfc822 format available.

Message #19 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Jan Nieuwenhuizen
 <janneke <at> gnu.org>
Cc: 41908 <at> debbugs.gnu.org, Marius Bakke <marius <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Sat, 20 Jun 2020 01:22:17 +0200
Hi Ludo,

On Fri, 19 Jun 2020 at 23:17, Ludovic Courtès <ludo <at> gnu.org> wrote:

> (+Cc: Marius.)

Not sure you +CC'ed Marius. So I did.

> I think ‘commit-relation’ is right: the two commits are unrelated.
>
> AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
> (May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
> 26).  Thus, they really existed in different branches, and they’re
> unrelated.
>
> So we probably need to choose another introductory commit, one on
> ‘master’, and that has to be the merge commit for ‘staging’
> (8ab70bae52f8d4b6356ec3b8a88cebf9debe8520, June 13!).
>
> That sucks because that means that any branch forked before that is not
> mergeable.  That includes at least ‘core-updates’ (but there are few
> commits there, so it can be rebased, I think.)
>
> I don’t think we can relax the relation check with the introductory
> commit or we’d allow jumping anywhere.

I do not know if I add noise but below what I observed and it is not
what I am expecting.

For the record, the commit history.  Maybe I misread, well I think the
first 2 commits used for pulling and the 5 others used for time-machine
are/were each on the same branch, i.e. they are related (direct path),
and the 2 groups (pull vs time-machine) are/were not in the same branch.
And I do not think the issue comes from the branching.

--8<---------------cut here---------------start------------->8---
559491ea5b * gnu: Transmission: Clean up the package definition.
e7a7a483bc * gnu: papirus-icon-theme: Update to 20200602.
[...]
41a2d6a8b9 * gnu: emacs-evil: Update to 1.14.0.
[...]
e70e097882 * size: Document that positional arguments can be store items.
[...]
b56cbe8974 * syscalls: Properly match %HOST-TYPE.
36640207c9 * quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
60b81ec2f3 * gnu: emacs-2048-game: Update home page.
--8<---------------cut here---------------end--------------->8---

This first sequence appears expected:

--8<---------------cut here---------------start------------->8---
guix pull --commit=e7a7a483bc -p /tmp/a
cat ~/.cache/guix/authentication/channels/guix
cat: /home/simon/.cache/guix/authentication/channels/guix: No such file or directory

/tmp/a/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("36640207c9543e48cd6daa92930f023f80065a5d")

/tmp/a/bin/guix time-machine --commit=b56cbe8974 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to b56cbe8 (1 new commits)...
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("b56cbe8974c328a6c7bc28906478ef1b191ada4c"
 "36640207c9543e48cd6daa92930f023f80065a5d")
--8<---------------cut here---------------end--------------->8---

Then this one is not for me:

--8<---------------cut here---------------start------------->8---
/tmp/a/bin/guix time-machine --commit=60b81ec2f3 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '60b81ec2f324c18d026e9ae05199493bc644960b' is not related to introductory commit of channel 'guix'

/tmp/a/bin/guix time-machine --commit=b56cbe8974 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: 'b56cbe8974c328a6c7bc28906478ef1b191ada4c' is not related to introductory commit of channel 'guix'

/tmp/a/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

Why I cannot go to 60b81ec2f3?  I mean I cannot go before the first
time-machine I did which is unexpected for me.

Why I cannot re-do the same time-machine twice?


I pull again but it is not the point. :-)

--8<---------------cut here---------------start------------->8---
guix pull --commit=559491ea5b -p /tmp/b
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("b56cbe8974c328a6c7bc28906478ef1b191ada4c"
 "36640207c9543e48cd6daa92930f023f80065a5d")

/tmp/b/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'

/tmp/b/bin/guix time-machine --commit=41a2d6a8b9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 41a2d6a (7 new commits)...
cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "b56cbe8974c328a6c7bc28906478ef1b191ada4c"
 "36640207c9543e48cd6daa92930f023f80065a5d")

/tmp/b/bin/guix time-machine --commit=e70e097882 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
guix time-machine: error: 'e70e097882699865f63eabc5fb29b4fe4468a97b' is not related to introductory commit of channel 'guix'
--8<---------------cut here---------------end--------------->8---

Well, again it is not expected for me that 36640207c9 is not reachable
even it is already authenticated.  But it is similar than previously, I
guess.

However, because 41a2d6a8b9 is descendant, then it is reachable.  The
surprise to me is that e70e097882 which is in direct relation between
the two authenticated commits 41a2d6a8b9 and b56cbe8974 is not
reachable.

BTW, from a security perspective, it is easy to cheat by removing some
commits so the file ~/.cache/guix/authentication/channels/guix should be
protected: read-only and only writable by the daemon.


Cheers,
simon




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Sat, 20 Jun 2020 10:42:02 GMT) Full text and rfc822 format available.

Message #22 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 41908 <at> debbugs.gnu.org, Marius Bakke <marius <at> gnu.org>,
 Jan Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Sat, 20 Jun 2020 12:40:49 +0200
Hi,

Ah yes, what you observed is interesting.  If you first travel to a
current-ish commit, it gets properly authenticated and cached.

From then on, since 36640207c9543e48cd6daa92930f023f80065a5d is in the
closure of the commit you just pulled, it’s authenticated, and you can
travel back to it.  It makes perfect sense.

Conversely, if you try to go directly to
36640207c9543e48cd6daa92930f023f80065a5d (e.g., with an empty cache),
all we can say is that we can’t authenticate it because it’s unrelated
to the introductory commit.

So it’s logical, even if surprising.  It also means that the problem
sort of “goes away” by itself.

zimoun <zimon.toutoune <at> gmail.com> skribis:

> BTW, from a security perspective, it is easy to cheat by removing some
> commits so the file ~/.cache/guix/authentication/channels/guix should be
> protected: read-only and only writable by the daemon.

It’s 600 of course.  What we could do is ignore it if it’s not 600 when
we open it.

Crucially: we cannot and should not restrict what the user can do for
the sake of security.  Users can pass ‘--disable-authentication’, they
can run binaries taken from the net, whatever; it’s their machine.

Thanks,
Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Sat, 20 Jun 2020 13:59:01 GMT) Full text and rfc822 format available.

Message #25 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <marius <at> gnu.org>
To: Ludovic Courtès <ludo <at> gnu.org>, Jan Nieuwenhuizen
 <janneke <at> gnu.org>
Cc: 41908 <at> debbugs.gnu.org
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Sat, 20 Jun 2020 15:58:41 +0200
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi,
>
> (+Cc: Marius.)
>
> Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:
>
>> $ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> Building from this channel:
>>   guix      https://git.savannah.gnu.org/git/guix.git	559491e
>> [...]
>> hint: Run `guix pull --news' to read all the news.
>>
>> 11:23:19 janneke <at> dundal:~/src/guix/master
>> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
>>
>> [1]11:23:25 janneke <at> dundal:~/src/guix/master
>> git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
>> 36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
>
> I think ‘commit-relation’ is right: the two commits are unrelated.
>
> AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
> (May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
> 26).  Thus, they really existed in different branches, and they’re
> unrelated.
>
> So we probably need to choose another introductory commit, one on
> ‘master’, and that has to be the merge commit for ‘staging’
> (8ab70bae52f8d4b6356ec3b8a88cebf9debe8520, June 13!).
>
> That sucks because that means that any branch forked before that is not
> mergeable.  That includes at least ‘core-updates’ (but there are few
> commits there, so it can be rebased, I think.)
>
> I don’t think we can relax the relation check with the introductory
> commit or we’d allow jumping anywhere.
>
> Thoughts?

Uff, sorry for the incomplete 'staging' rebase.  I did not realize that
.guix-authorizations was missing completely in the earlier commits of
that branch; I only focused on getting Brice's commit authorized.

Yes core-updates needs to be rebased too because of this.  And yes, not
a lot of commits yet.  So let's move the introductory commit and rebase
core-updates on top, I can take care of the latter in a few days.
[signature.asc (application/pgp-signature, inline)]

Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Sun, 21 Jun 2020 15:44:03 GMT) Full text and rfc822 format available.

Notification sent to Jan Nieuwenhuizen <janneke <at> gnu.org>:
bug acknowledged by developer. (Sun, 21 Jun 2020 15:44:03 GMT) Full text and rfc822 format available.

Message #30 received at 41908-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Jan Nieuwenhuizen <janneke <at> gnu.org>
Cc: 41908-done <at> debbugs.gnu.org, Marius Bakke <marius <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Sun, 21 Jun 2020 17:43:17 +0200
Hi, Sunday hackers!

Ludovic Courtès <ludo <at> gnu.org> skribis:

> Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:
>
>> $ guix pull --commit=559491ea5b36b89b2a2f9d48dacf6a2d7e219910
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> Building from this channel:
>>   guix      https://git.savannah.gnu.org/git/guix.git	559491e
>> [...]
>> hint: Run `guix pull --news' to read all the news.
>>
>> 11:23:19 janneke <at> dundal:~/src/guix/master
>> $ guix time-machine --commit=36640207c9543e48cd6daa92930f023f80065a5d -- environment hello
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> guix time-machine: error: '36640207c9543e48cd6daa92930f023f80065a5d' is not related to introductory commit of channel 'guix'
>>
>> [1]11:23:25 janneke <at> dundal:~/src/guix/master
>> git log --pretty=oneline | grep 36640207c9543e48cd6daa92930f023f80065a5d
>> 36640207c9543e48cd6daa92930f023f80065a5d quirks: Build 'compute-guix-derivation' modules with 2.2 when needed.
>
> I think ‘commit-relation’ is right: the two commits are unrelated.
>
> AIUI, commit 36640207c9543e48cd6daa92930f023f80065a5d was made on master
> (May 29) after commit 9edb3f66fd807b096b48283debdcddccfea34bad (May
> 26).  Thus, they really existed in different branches, and they’re
> unrelated.

Thinking more about it, I think the test that leads to the error above
is in fact bogus (that’s what you were hinting at, Simon).  Namely, it
reads:

    (define commits
      ;; Commits to authenticate, excluding the closure of
      ;; AUTHENTICATED-COMMITS.
      (commit-difference end-commit start-commit
                         authenticated-commits))

     ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS
     ;; contains END-COMMIT or because END-COMMIT is not a descendant of
     ;; START-COMMIT.  Check that.

But that’s wrong: If START-COMMIT and END-COMMIT are unrelated, then
‘commit-difference’ will return a whole lot of commits (those who are
not both in the closure of START-COMMIT and that of END-COMMIT).

The difference between 36640207c9543e48cd6daa92930f023f80065a5d and
9edb3f66fd807b096b48283debdcddccfea34bad is a set of 664 commits, as
shown with “git log --oneline 9edb3f6..3664020 | wc -l” or by calling
‘commit-difference’.

Those 664 commits are those that were made on master between
9edb3f66fd807b096b48283debdcddccfea34bad’s parent on master, and
36640207c9543e48cd6daa92930f023f80065a5d.  They can be authenticated
just fine.

If someone passed ‘--allow-downgrades’ and tries to jump to an unrelated
commit, authentication will fail on some commit.  So I think the test
was just enforcing an additional restriction that was unnecessary.

I removed that test in e4a4287c5fb51c0e47431606df5ee78b953d71f8; we can
keep the introductory commit unchanged, all is good!  Let me know what
you think.

Thanks,
Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Sun, 21 Jun 2020 16:18:01 GMT) Full text and rfc822 format available.

Message #33 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 41908 <at> debbugs.gnu.org, Marius Bakke <marius <at> gnu.org>,
 Jan Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Sun, 21 Jun 2020 18:17:10 +0200
Hi Ludo,

On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo <at> gnu.org> wrote:
> zimoun <zimon.toutoune <at> gmail.com> skribis:

>> BTW, from a security perspective, it is easy to cheat by removing some
>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>> protected: read-only and only writable by the daemon.
>
> It’s 600 of course.  What we could do is ignore it if it’s not 600 when
> we open it.

This could help. :-)


> Crucially: we cannot and should not restrict what the user can do for
> the sake of security.  Users can pass ‘--disable-authentication’, they
> can run binaries taken from the net, whatever; it’s their machine.

Well, I have not thought deeply to an attack, but the point is to
protect the user when they runs "guix pull" alone i.e., they can trust
the server.  An attack could be for example an email with an attachment,
click, then boum: tweak ~/.config/guix/channels.scm and
~/.cache/guix/authentication/channels/guix, then the user runs "guix
pull" which the expectation that everything is checked and
authenticated and in fact no, they is talking to malicious server.


Cheers,
simon




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Sun, 21 Jun 2020 16:19:02 GMT) Full text and rfc822 format available.

Message #36 received at 41908-done <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Jan Nieuwenhuizen
 <janneke <at> gnu.org>
Cc: 41908-done <at> debbugs.gnu.org
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Sun, 21 Jun 2020 18:18:09 +0200
Hi Ludo,

On Sun, 21 Jun 2020 at 17:43, Ludovic Courtès <ludo <at> gnu.org> wrote:

> I removed that test in e4a4287c5fb51c0e47431606df5ee78b953d71f8; we can
> keep the introductory commit unchanged, all is good!  Let me know what
> you think.





Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Mon, 22 Jun 2020 08:02:01 GMT) Full text and rfc822 format available.

Message #39 received at 41908 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 41908 <at> debbugs.gnu.org, Marius Bakke <marius <at> gnu.org>,
 Jan Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Mon, 22 Jun 2020 10:01:29 +0200
Hi,

zimoun <zimon.toutoune <at> gmail.com> skribis:

> On Sat, 20 Jun 2020 at 12:40, Ludovic Courtès <ludo <at> gnu.org> wrote:
>> zimoun <zimon.toutoune <at> gmail.com> skribis:
>
>>> BTW, from a security perspective, it is easy to cheat by removing some
>>> commits so the file ~/.cache/guix/authentication/channels/guix should be
>>> protected: read-only and only writable by the daemon.
>>
>> It’s 600 of course.  What we could do is ignore it if it’s not 600 when
>> we open it.
>
> This could help. :-)

Done in 41939c374a3ef421d2d4c6453c327a9cd7af4ce5.

>> Crucially: we cannot and should not restrict what the user can do for
>> the sake of security.  Users can pass ‘--disable-authentication’, they
>> can run binaries taken from the net, whatever; it’s their machine.
>
> Well, I have not thought deeply to an attack, but the point is to
> protect the user when they runs "guix pull" alone i.e., they can trust
> the server.  An attack could be for example an email with an attachment,
> click, then boum: tweak ~/.config/guix/channels.scm and
> ~/.cache/guix/authentication/channels/guix, then the user runs "guix
> pull" which the expectation that everything is checked and
> authenticated and in fact no, they is talking to malicious server.

I don’t really see how the attachment would modify a local file, but
even if that’s a possibility, it’s beyond the scope of Guix: we cannot
prevent users from shooting themselves in the foot.

Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Mon, 22 Jun 2020 08:56:01 GMT) Full text and rfc822 format available.

Message #42 received at 41908-done <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Jan Nieuwenhuizen
 <janneke <at> gnu.org>
Cc: 41908-done <at> debbugs.gnu.org
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Mon, 22 Jun 2020 10:54:52 +0200
Hi Ludo,

On Sun, 21 Jun 2020 at 17:43, Ludovic Courtès <ludo <at> gnu.org> wrote:

> I removed that test in e4a4287c5fb51c0e47431606df5ee78b953d71f8; we can
> keep the introductory commit unchanged, all is good!  Let me know what
> you think.

Now the sequences never return an error. Nice!

For the record, the history is:

* 41a2d6a8b9 (newer)
* e70e097882 (between)
* 36640207c9 (older)

--8<---------------cut here---------------start------------->8---
$ guix pull --commit=e4a4287c5fb51c0e47431606df5ee78b953d71f8 -p /tmp/c
$ cat ~/.cache/guix/authentication/channels/guix
cat: /home/simon/.cache/guix/authentication/channels/guix: No such file or directory
--8<---------------cut here---------------end--------------->8---

Let consider this first sequence.

--8<---------------cut here---------------start------------->8---
$ /tmp/c/bin/guix time-machine --commit=e70e097882 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to e70e097 (668 new commits)...
$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("e70e097882699865f63eabc5fb29b4fe4468a97b")

$ /tmp/c/bin/guix time-machine --commit=41a2d6a8b9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 41a2d6a (4 new commits)...
$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "e70e097882699865f63eabc5fb29b4fe4468a97b")

$ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Usage: guix COMMAND ARGS...

$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "e70e097882699865f63eabc5fb29b4fe4468a97b")
--8<---------------cut here---------------end--------------->8---

However, the commit 36640207c9 is not considered as authenticated,
right?  So, the older authenticated commit is the first commit used by
time-machine, right?


Let consider this second sequence.

--8<---------------cut here---------------start------------->8---
$ rm ~/.cache/guix/authentication/channels/guix

$ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 3664020 (664 new commits)...

$ /tmp/c/bin/guix time-machine --commit=41a2d6a8b9 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Authenticating channel 'guix', commits 9edb3f6 to 41a2d6a (8 new commits)...

$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "36640207c9543e48cd6daa92930f023f80065a5d")

$ /tmp/c/bin/guix time-machine --commit=e70e097882 -- help
Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
Usage: guix COMMAND ARGS...

$ cat ~/.cache/guix/authentication/channels/guix
;; List of previously-authenticated commits.

("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
 "36640207c9543e48cd6daa92930f023f80065a5d")
--8<---------------cut here---------------end--------------->8---

The commit e70e097882 between 36640207c9 and 41a2d6a8b9 is not
considered as authenticated, right?


Cheers,
simon




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Tue, 23 Jun 2020 07:37:02 GMT) Full text and rfc822 format available.

Message #45 received at 41908-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 41908-done <at> debbugs.gnu.org, Jan Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Tue, 23 Jun 2020 09:35:59 +0200
Hi Simon,

zimoun <zimon.toutoune <at> gmail.com> skribis:

> $ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
> Usage: guix COMMAND ARGS...
>
> $ cat ~/.cache/guix/authentication/channels/guix
> ;; List of previously-authenticated commits.
>
> ("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
>  "e70e097882699865f63eabc5fb29b4fe4468a97b")
>
>
> However, the commit 36640207c9 is not considered as authenticated,
> right?  So, the older authenticated commit is the first commit used by
> time-machine, right?

Note that it’s the closure of the commits listed in the cache that’s
considered authenticated.  So not every commit is listed.

Does that make sense?

Ludo’.




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Tue, 23 Jun 2020 08:43:01 GMT) Full text and rfc822 format available.

Message #48 received at 41908-done <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 41908-done <at> debbugs.gnu.org, Jan Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Tue, 23 Jun 2020 10:42:25 +0200
Hi Ludo,

On Tue, 23 Jun 2020 at 09:35, Ludovic Courtès <ludo <at> gnu.org> wrote:
> Hi Simon,
>
> zimoun <zimon.toutoune <at> gmail.com> skribis:
>
>> $ /tmp/c/bin/guix time-machine --commit=36640207c9 -- help
>> Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
>> Usage: guix COMMAND ARGS...
>>
>> $ cat ~/.cache/guix/authentication/channels/guix
>> ;; List of previously-authenticated commits.
>>
>> ("41a2d6a8b9294a6eb8e97aaefd569e755f5f461e"
>>  "e70e097882699865f63eabc5fb29b4fe4468a97b")
>>
>>
>> However, the commit 36640207c9 is not considered as authenticated,
>> right?  So, the older authenticated commit is the first commit used by
>> time-machine, right?
>
> Note that it’s the closure of the commits listed in the cache that’s
> considered authenticated.  So not every commit is listed.
>
> Does that make sense?

Just to be sure to understand:

 1- * 41a2d6a8b9 (newer)
 2- * e70e097882 (between)
 3- * 36640207c9 (older)
 4- * xxxxxxxxxx (first authenticated commit)

From a fresh cache,

 a) if #2 is authenticated, because it is descendant of #4, it is stored
 and all the commits between (closure), i.e., #3 should be considered as
 authenticated.

 b) then if #1 is authenticated, because it is a descendant of the last
 authenticated i.e. #2, it is stored in the cache.

 c) now let try #3.  It is considered authenticated because in the closure
 of #4 and #2.

Yes it makes sense.  All is good. :-)

(And the assumption is: if Guix does not raise then it means that the
commit is authenticated.)


Cheers,
simon




Information forwarded to bug-guix <at> gnu.org:
bug#41908; Package guix. (Tue, 23 Jun 2020 08:54:01 GMT) Full text and rfc822 format available.

Message #51 received at 41908-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 41908-done <at> debbugs.gnu.org, Jan Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#41908: guix time-machine fails;
 XXXX is not related to introductory commit of channel 'guix'
Date: Tue, 23 Jun 2020 10:53:46 +0200
zimoun <zimon.toutoune <at> gmail.com> skribis:

> Just to be sure to understand:
>
>  1- * 41a2d6a8b9 (newer)
>  2- * e70e097882 (between)
>  3- * 36640207c9 (older)
>  4- * xxxxxxxxxx (first authenticated commit)
>
> From a fresh cache,
>
>  a) if #2 is authenticated, because it is descendant of #4, it is stored
>  and all the commits between (closure), i.e., #3 should be considered as
>  authenticated.
>
>  b) then if #1 is authenticated, because it is a descendant of the last
>  authenticated i.e. #2, it is stored in the cache.
>
>  c) now let try #3.  It is considered authenticated because in the closure
>  of #4 and #2.
>
> Yes it makes sense.  All is good. :-)

Yup, looks correct.  :-)

> (And the assumption is: if Guix does not raise then it means that the
> commit is authenticated.)

Exactly.  I know it’s disappointing, but it’s one of these features
that’s pretty much invisible until you run into troubles.

Ludo’.




bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 21 Jul 2020 11:24:05 GMT) Full text and rfc822 format available.

This bug report was last modified 3 years and 251 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.