Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 15:58:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 11:58:13 2021
Received: from localhost ([127.0.0.1]:48325 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mcV1g-00070i-QF
for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:58:13 -0400
Received: from mail-ed1-f48.google.com ([209.85.208.48]:41485)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mcV1X-0006zJ-G6
for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:58:04 -0400
Received: by mail-ed1-f48.google.com with SMTP id a25so948013edx.8
for <50814 <at> debbugs.gnu.org>; Mon, 18 Oct 2021 08:58:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=+zDupLbRlsQC/k/BphcMTVNlMjLMZIWW6s00wMbOpVA=;
b=DF8XD6MmUFjYkB53jjSkm/Shub2nI9o5NooSxdnVgKMzoatGnyH4RyPGU7gKCOv0Kg
QSiOUcI85sIkWTz+3Woi+w7fU0yyVU7k7kRrOm/Q1yKyPhgN7njRRu95bNHQ0vJ2ZKFL
xIkVA5TELvFsWsdNFyfGFECg8P6EVxglufIBCQCaDdpVNYhEm+cE+XRejiotzT9hewQ6
OfmlYEdO0UG1onQBK4KXH4sY8Quz4QRrYtF5pCDBgjaINaWStzCTg1OXvYgDfW3HkpQE
XTZ8DO0UgRzPz3hHnAdTCnTLhtMEYIVI/umzEKRqhENRYh0Vg6supOL+fyqd+yTjOLJJ
G9Tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=+zDupLbRlsQC/k/BphcMTVNlMjLMZIWW6s00wMbOpVA=;
b=C5vIF+kQ8Z1poBeKGYWMGC8kZ125DwJ5TLZZ0PmNDIOaaagnSuWzV0cfto4eDlb9XH
FEetKNY+Yo4Xy1erak5RSEC5BoiUfr56T/Ad3qEwjU3YsXHnk+922ZiUHAhYkkaVGz1L
8bQLpRWiK3MAFg8BTbt+2yACKWLmqdUzkSnPhw1e6Xe3X6wNlzfCoCjzgwb+1bFxvzx+
0aRKgjhSjvX9pFGAdOcakSb087q13wG36XoxWCDrEy/SHLul4fCCFObxEQGC9QT4FNRC
Py0iPAo6Tfgg++4sMgHsOJhkU3rhC/y/xAsqT8TlWroRK3uz5koPGbB9z0U2fWBuXHgo
Kugw==
X-Gm-Message-State: AOAM5332Zor/Okm/e9V1BMJHC2TxDmLWuAniaGeTPBia0W1XKXEmAGs7
75hBd68zNSp2bXZFqINzdvDLlAWEmG8=
X-Google-Smtp-Source: ABdhPJxQqGcRAAm0Gd4G5NgAWhhpM7kw59klMMtwivFMIvOe9MCjNkphnTwhxo3Ptmhj7yYP5hCtzg==
X-Received: by 2002:a17:906:e85:: with SMTP id
p5mr30802289ejf.159.1634572672170;
Mon, 18 Oct 2021 08:57:52 -0700 (PDT)
Received: from localhost.localdomain
([2a02:ab88:3710:6480:8fb4:66e9:57c0:8a0a])
by smtp.gmail.com with ESMTPSA id n22sm8762059eja.120.2021.10.18.08.57.51
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 18 Oct 2021 08:57:51 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 5/5] tests: Add test for .guix-authorizations and channel
intro.
Date: Mon, 18 Oct 2021 17:57:34 +0200
Message-Id: <20211018155734.5175-5-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20211018155734.5175-1-attila@HIDDEN>
References: <20211018155734.5175-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
This test used to fail before a recent fix to authenticate-repository.
* tests/git-authenticate.scm: New test "signed commits, .guix-authorizations,
channel-introduction".
---
tests/git-authenticate.scm | 150 +++++++++++++++++++++++++++++++++++++
1 file changed, 150 insertions(+)
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index f66ef191b0..25b4962ea4 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -18,6 +18,7 @@
(define-module (test-git-authenticate)
#:use-module (git)
+ #:use-module (guix diagnostics)
#:use-module (guix git)
#:use-module (guix git-authenticate)
#:use-module (guix openpgp)
@@ -28,6 +29,10 @@ (define-module (test-git-authenticate)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-64)
#:use-module (rnrs bytevectors)
+ #:use-module ((rnrs conditions)
+ #:select (warning?))
+ #:use-module ((rnrs exceptions)
+ #:select (with-exception-handler))
#:use-module (rnrs io ports))
;; Test the (guix git-authenticate) tools.
@@ -226,6 +231,151 @@ (define (correct? c commit)
#:keyring-reference "master")
#f)))))))
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, channel-introduction"
+ (let* ((result #true)
+ (key1 %ed25519-public-key-file)
+ (key2 %ed25519-2-public-key-file)
+ (key3 %ed25519-3-public-key-file))
+ (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file
+ key2 %ed25519-2-secret-key-file
+ key3 %ed25519-3-secret-key-file)
+ (with-temporary-git-repository dir
+ `((checkout "keyring" orphan)
+ (add "signer1.key" ,(call-with-input-file key1 get-string-all))
+ (add "signer2.key" ,(call-with-input-file key2 get-string-all))
+ (add "signer3.key" ,(call-with-input-file key3 get-string-all))
+ (commit "keyring commit")
+
+ (checkout "main" orphan)
+ (add "noise0")
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ ;; Notice that key2 is not authorized at this point.
+ (,(key-fingerprint key3) (name "Charlie"))))))
+ (commit "commit 0" (signer ,(key-fingerprint key3)))
+ (add "noise1")
+ (commit "commit 1" (signer ,(key-fingerprint key1)))
+ (add "noise2")
+ (commit "commit 2" (signer ,(key-fingerprint key1))))
+ (with-repository dir repo
+ (let* ((commit-0 (find-commit repo "commit 0"))
+ (check-from
+ (lambda* (commit #:key (should-fail? #false) (key key1)
+ (historical-authorizations
+ ;; Let's mark key3 to be trusted
+ ;; unconditionally, so that it authorizes
+ ;; commit 0.
+ (list (key-fingerprint-vector key3))))
+ (guard (c ((unauthorized-commit-error? c)
+ (if should-fail?
+ c
+ (let ((port (current-output-port)))
+ (format port "FAILURE: Unexpected exception at commit '~s':~%"
+ commit)
+ (print-exception port (stack-ref (make-stack #t) 1)
+ c (exception-args c))
+ (set! result #false)
+ '()))))
+ (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%"
+ commit should-fail?)
+ ;; To be able to inspect git's state in the logs.
+ (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main")
+ (set! commit (find-commit repo commit))
+ (authenticate-repository repo
+ (commit-id commit)
+ (key-fingerprint-vector key)
+ #:historical-authorizations
+ historical-authorizations)
+ (when should-fail?
+ (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit)
+ (set! result #false))
+ '()))))
+ (check-from "commit 0" #:key key3)
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (with-git-repository dir
+ `((add "noise 3")
+ (commit "commit 3" (signer ,(key-fingerprint key2))))
+ ;; This should fail because it is signed by key2, i.e. an
+ ;; unauthorized key.
+ (check-from "commit 3" #:should-fail? #true)
+ ;; Specify commit 3 as a channel-introduction signed with
+ ;; key2. This is valid, but it should warn the user, because
+ ;; .guix-authorizations is not updated to include key2, which
+ ;; means that any subsequent commits with the same key will be
+ ;; rejected.
+ (set! result
+ (and (let ((signalled? #false))
+ (with-exception-handler
+ (lambda (c)
+ (cond
+ ((not (warning? c))
+ (raise c))
+ ((formatted-message? c)
+ (format #true "warning (expected): ~a~%"
+ (apply format #false
+ (formatted-message-string c)
+ (formatted-message-arguments c)))
+ (set! signalled? #true)))
+ '())
+ (lambda ()
+ (check-from "commit 3" #:key key2)
+ (unless signalled?
+ (format #t "FAILURE: No warning signalled for commit 3~%"))
+ signalled?)))
+ result)))
+ (with-git-repository dir
+ ;; Drop the faulty commit 3
+ `((reset ,(oid->string (commit-id (find-commit repo "commit 2"))))
+ (add "noise 4")
+ (add ".guix-authorizations"
+ ,(object->string
+ ;; Remove key3, add key2.
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ (,(key-fingerprint key2) (name "Bob"))))))
+ (commit "commit 4" (signer ,(key-fingerprint key2))))
+ ;; This should fail because even though commit 4 adds key2 to
+ ;; .guix-authorizations, but commit 1 was created prior to that,
+ ;; therefore it is not authorized.
+ (check-from "commit 1" #:should-fail? #true)
+ ;; This should pass, because it's a valid channel intro at commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 5")
+ (commit "commit 5" (signer ,(key-fingerprint key2))))
+ ;; It is not very intuitive why commit 1 and 2 should be trusted
+ ;; at this point: commit 4 has previously been used as a channel
+ ;; intro, thus it got marked as trusted in the ~/.cache/.
+ ;; Because commit 1 and 2 are among its parents, it should also
+ ;; be trusted at this point because of the cache. Note that
+ ;; it's debatable whether this semantics is a good idea, but
+ ;; this is how git-authenticate is and has been implemented for
+ ;; a while (modulo failing to update the cache in the past when
+ ;; taking certain code paths).
+ (check-from "commit 1")
+ (check-from "commit 2")
+ ;; Should still be fine, but only when starting from commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 6")
+ (commit "commit 6" (signer ,(key-fingerprint key1))))
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 7")
+ (commit "commit 7" (signer ,(key-fingerprint key3))))
+ ;; This should fail because key3 is not among the authorized
+ ;; keys anymore, and commit 7 is signed by it.
+ (check-from "commit 6" #:should-fail? #true))))))
+ result))
+
(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 15:58:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 11:58:12 2021
Received: from localhost ([127.0.0.1]:48323 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mcV1g-00070b-Em
for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:58:12 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50]:46839)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mcV1X-0006z8-1Y
for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:58:03 -0400
Received: by mail-ed1-f50.google.com with SMTP id z20so867796edc.13
for <50814 <at> debbugs.gnu.org>; Mon, 18 Oct 2021 08:58:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=L7y/+COJjYPaozopnnQ+sBjtLR+/Y2RyAcjzRtsyLQc=;
b=ibAfSRkNJk8HZXM0jK6b+ySD2dgUIF4xH9ZfyW4YGppNho1/Up0F1+uYlq1nyezmuL
672I+TgHjrfCAKsvtxU2sKM/F+mpDf00T9AOJ2zdfY6UN4zqrj2J3sNMlNTeBXnpJyqn
9fB4iNl3IejJFAZ7BHtTZVOyaboWak2KoVaL+CRRXZmX82zn7cmEd03zrBq0QfXsknvp
cQkrDlWbmV4mjlG/kvJqmwTR7ZYHZWJw5aMicp9HZ1MNhnIETMxHoZfF8ChP5Q8FcrOH
eolgW3S21dF3PI+0Evix6mgZXSN3cg54Id6x7qFLkMqIhIwPaeA6yYJRKpBtuJzKsWcH
0sgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=L7y/+COJjYPaozopnnQ+sBjtLR+/Y2RyAcjzRtsyLQc=;
b=dlNDy6al67AKVRK/yGp6ARazOO7w7buVnhFL1OWcyasis6Sc1dmxe+hTvyjDPAc+zM
hXSJb1q/MfMGv8KYFCN+JCKs00mQGcY4x9h6ykFx5ygN0wFb53itObZUM1pFk/18hq6a
wibm0gfj7wJ4P/pvi1AGm2bXW2h0Fs4io9B6uMCDS1TNzKC4NotvDhO1QkwzsXHkQFG/
uNtbSFG2dUlU5efAaDGXLREY0qIUAigASVxIHyUhUsYFw7G9Rf2OYxsjt2+bLdeekQxW
TXYawG1mjgEHfI+/MFlHIm1zUdhjLmTufkoCosv3Kz3VLhW8gq3y0sgrg2lMfR9s+HM5
atyg==
X-Gm-Message-State: AOAM532piEvBjc+UBntcRkpPtNomXk6LioYYVxvrteZ0YYMVa61joVws
JbzlxMYrk14O8Q4y9Gv8WES6kn0Zwsk=
X-Google-Smtp-Source: ABdhPJzUB2aXYgZtnQtRRDX6Jik7IT3O8L1Fol4X67mEaG2skpWxVJ/UdQEkH9jpa81GNMZqwUm0BA==
X-Received: by 2002:aa7:ccc1:: with SMTP id y1mr46457408edt.177.1634572666944;
Mon, 18 Oct 2021 08:57:46 -0700 (PDT)
Received: from localhost.localdomain
([2a02:ab88:3710:6480:8fb4:66e9:57c0:8a0a])
by smtp.gmail.com with ESMTPSA id n22sm8762059eja.120.2021.10.18.08.57.46
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 18 Oct 2021 08:57:46 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 3/5] guix: Prepare the UI for continuable &warning exceptions.
Date: Mon, 18 Oct 2021 17:57:32 +0200
Message-Id: <20211018155734.5175-3-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20211018155734.5175-1-attila@HIDDEN>
References: <20211018155734.5175-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
* guix/store.scm (call-with-store): Use dynamic-wind so that continuable
exceptions are not broken by being re-raised as non-continuable. This is
needed for a later commit that uses continuable exceptions from within
git-authenticate to signal warnings to the user. The reason for this is that
this way tests can explicitly check that a warning was signalled in certain
situations.
* guix/ui.scm (call-with-error-handling): Handle &warning type exceptions by
printing them to the user, and then continuing at the place they were
signalled at.
* guix/diagnostics.scm (emit-formatted-warning): New exported
function.
---
guix/diagnostics.scm | 4 ++++
guix/store.scm | 7 +++++--
guix/ui.scm | 11 ++++++++++-
3 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/guix/diagnostics.scm b/guix/diagnostics.scm
index 6a792febd4..343213fb45 100644
--- a/guix/diagnostics.scm
+++ b/guix/diagnostics.scm
@@ -48,6 +48,7 @@ (define-module (guix diagnostics)
formatted-message?
formatted-message-string
formatted-message-arguments
+ emit-formatted-warning
&fix-hint
fix-hint?
@@ -161,6 +162,9 @@ (define-syntax-rule (leave args ...)
(report-error args ...)
(exit 1)))
+(define* (emit-formatted-warning fmt . args)
+ (emit-diagnostic fmt args #:prefix (G_ "warning: ") #:colors %warning-color))
+
(define* (emit-diagnostic fmt args
#:key location (colors (color)) (prefix ""))
"Report diagnostic message FMT with the given ARGS and the specified
diff --git a/guix/store.scm b/guix/store.scm
index 89a719bcfc..1b177cc952 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -34,6 +34,8 @@ (define-module (guix store)
#:use-module (guix profiling)
#:autoload (guix build syscalls) (terminal-columns)
#:use-module (rnrs bytevectors)
+ #:use-module ((rnrs conditions) #:select (warning?))
+ #:use-module ((rnrs exceptions) #:select (raise-continuable))
#:use-module (ice-9 binary-ports)
#:use-module ((ice-9 control) #:select (let/ec))
#:use-module (ice-9 atomic)
@@ -661,8 +663,9 @@ (define (thunk)
(apply values results)))))
(with-exception-handler (lambda (exception)
- (close-connection store)
- (raise-exception exception))
+ (unless (warning? exception)
+ (close-connection store))
+ (raise-continuable exception))
thunk)))
(define-syntax-rule (with-store store exp ...)
diff --git a/guix/ui.scm b/guix/ui.scm
index 1428c254b3..88940f99ef 100644
--- a/guix/ui.scm
+++ b/guix/ui.scm
@@ -69,6 +69,8 @@ (define-module (guix ui)
#:use-module (srfi srfi-31)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
+ #:use-module ((rnrs conditions)
+ #:select (warning?))
#:autoload (ice-9 ftw) (scandir)
#:use-module (ice-9 match)
#:use-module (ice-9 format)
@@ -689,7 +691,14 @@ (define (port-filename* port)
(and (not (port-closed? port))
(port-filename port)))
- (guard* (c ((package-input-error? c)
+ (guard* (c ((warning? c)
+ (if (formatted-message? c)
+ (apply emit-formatted-warning
+ (formatted-message-string c)
+ (formatted-message-arguments c))
+ (emit-formatted-warning "~a" c))
+ '())
+ ((package-input-error? c)
(let* ((package (package-error-package c))
(input (package-error-invalid-input c))
(location (package-location package))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 15:58:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 11:58:12 2021
Received: from localhost ([127.0.0.1]:48321 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mcV1f-00070S-Cc
for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:58:12 -0400
Received: from mail-ed1-f47.google.com ([209.85.208.47]:36553)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mcV1S-0006yx-TU
for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:57:59 -0400
Received: by mail-ed1-f47.google.com with SMTP id d3so1096147edp.3
for <50814 <at> debbugs.gnu.org>; Mon, 18 Oct 2021 08:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=mssy46LG9pPfC05ohM4Vd1lxt6KHdiMy0L/zng1m38U=;
b=AnwPvnX+jdrfgo7FpAXZUHKCsSj9sKfjKm5lQDYj5uOF3sZiXxGT3yIGr4jbTJCKPG
luZJ6FOiBVP1tflbHZ44og/jcuSm2+ZMH+5guVyLbZFzjXC8itXSrnt0iLW1tMoUJSpT
K0lfuNgU5PZOr0qNLn3L4UcNUq3MXaXJ2qjzIpVdvgcKsBNZTKGgONjn7MQ3FG+DbyKN
5psWUSLtgNjC7S3qrW/r5+sujm/jmYOhSX2zhgAVMIjtpNifzKgQSWV9iEqHpYJJIRGc
hiOamz4YGVO9uM0RwrcyEeICtSZex48e9hxB4pOtkzJAVQeBvw/P324FWX1oZqofYm5K
9b3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=mssy46LG9pPfC05ohM4Vd1lxt6KHdiMy0L/zng1m38U=;
b=zw5zIOcGvJ/ZNRg4YsTdiN0212z4M1FLnPVCeK8HeKWHMJC1o2KnOTpTWaCsmpiTIZ
tHOxuvIqVMTqsfaOF8fRxvGMqT8I9cG/6idzBoEHPdfjLqlZndxnZlMkiAZ1dPjKLSUm
bylhpQ7xMvI7wRtVrEy1n3I/dlqd6jQzn7SgHDV6tauXpm4nyqs0cEj/ypoZpqlYnOUI
mwHLmMnPWP4YiVorFdJSXaQuLfIz0qNFJn+PvPN7K73HoFYVwYqY8yrX6yjevZkGmRF7
FZEQt4NIBGLp17VkaN7uToXEhvUzD3tvScjdd7SkdB4lJSbKiDB0GJ5DRumnocXLgOgD
QyMA==
X-Gm-Message-State: AOAM531dCLzBq3mHsfyEzU93+lB0V7aDiPCg9xFavblxSe4OludOSd8b
VM4RHtxegFiE0UMd96ezVHDwCxsjeVk=
X-Google-Smtp-Source: ABdhPJw58/43/P+URwtPfEa0NS9qndzH4pg8YLUju3JWKndadlofqrDOKHu+05TOp2VlVyyT0DcCDw==
X-Received: by 2002:a17:906:712:: with SMTP id
y18mr29707425ejb.408.1634572671460;
Mon, 18 Oct 2021 08:57:51 -0700 (PDT)
Received: from localhost.localdomain
([2a02:ab88:3710:6480:8fb4:66e9:57c0:8a0a])
by smtp.gmail.com with ESMTPSA id n22sm8762059eja.120.2021.10.18.08.57.50
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 18 Oct 2021 08:57:51 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 4/5] guix: git-authenticate: Fix authenticate-repository.
Date: Mon, 18 Oct 2021 17:57:33 +0200
Message-Id: <20211018155734.5175-4-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20211018155734.5175-1-attila@HIDDEN>
References: <20211018155734.5175-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
Always verify the channel introduction commit, so that no commit can slip
through that was signed with a different key.
Always update the cache, because it affects the behavior of later calls.
Signal a continuable compound-condition (with type &warning included) when a
channel introduction commit doesn't also update the '.guix-authentications'
file.
* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Eliminate optimizations to make the code path less
dependent on the input. Always trust the intro-commit itself. Always call
verify-introductory-commit.
(verify-introductory-commit): Check if the commit contains the key that was
used to sign it, and issue a warning otherwise. This is to avoid the confusion
caused by only the *second* commit yielding an error, because intro-commits
are always trusted.
(authenticate-commit): Clarify error message.
(authorized-keys-at-commit): Factored out to the toplevel from
commit-authorized-keys.
---
guix/channels.scm | 4 +-
guix/git-authenticate.scm | 158 +++++++++++++++++++++++---------------
2 files changed, 96 insertions(+), 66 deletions(-)
diff --git a/guix/channels.scm b/guix/channels.scm
index e4e0428eb5..b84064537f 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -347,8 +347,8 @@ (define (make-reporter start-commit end-commit commits)
(progress-reporter/bar (length commits)))
(define authentic-commits
- ;; Consider the currently-used commit of CHANNEL as authentic so
- ;; authentication can skip it and all its closure.
+ ;; Optimization: consider the currently-used commit of CHANNEL as
+ ;; authentic, so that authentication can skip it and all its closure.
(match (find (lambda (candidate)
(eq? (channel-name candidate) (channel-name channel)))
(current-channels))
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..a667863d65 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -30,6 +30,7 @@ (define-module (guix git-authenticate)
#:select (cache-directory with-atomic-file-output))
#:use-module ((guix build utils)
#:select (mkdir-p))
+ #:use-module (guix diagnostics)
#:use-module (guix progress)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
@@ -37,7 +38,10 @@ (define-module (guix git-authenticate)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (rnrs bytevectors)
+ #:use-module ((rnrs exceptions)
+ #:select (raise-continuable))
#:use-module (rnrs io ports)
+ #:use-module (ice-9 exceptions)
#:use-module (ice-9 match)
#:autoload (ice-9 pretty-print) (pretty-print)
#:export (read-authorizations
@@ -159,11 +163,12 @@ (define (read-authorizations port)
(string-downcase (string-filter char-set:graphic fingerprint))))
fingerprints))))
-(define* (commit-authorized-keys repository commit
- #:optional (default-authorizations '()))
- "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
-authorizations listed in its parent commits. If one of the parent commits
-does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
+(define (authorized-keys-at-commit repository commit default-value)
+ "Return the list of authorized key fingerprints in REPOSITORY as encoded in
+the '.guix-authorizations' file at the point denoted by COMMIT. If the file is
+not present, then assert that it has never been there (i.e. do not allow
+its removal), and return DEFAULT-VALUE."
+
(define (parents-have-authorizations-file? commit)
;; Return true if at least one of the parents of COMMIT has the
;; '.guix-authorizations' file.
@@ -185,28 +190,35 @@ (define (assert-parents-lack-authorizations commit)
to remove '.guix-authorizations' file")
(oid->string (commit-id commit)))))))
- (define (commit-authorizations commit)
- (catch 'git-error
- (lambda ()
- (let* ((tree (commit-tree commit))
- (entry (tree-entry-bypath tree ".guix-authorizations"))
- (blob (blob-lookup repository (tree-entry-id entry))))
- (read-authorizations
- (open-bytevector-input-port (blob-content blob)))))
- (lambda (key error)
- (if (= (git-error-code error) GIT_ENOTFOUND)
- (begin
- ;; Prevent removal of '.guix-authorizations' since it would make
- ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
- (assert-parents-lack-authorizations commit)
- default-authorizations)
- (throw key error)))))
+ (catch 'git-error
+ (lambda ()
+ (let* ((tree (commit-tree commit))
+ (entry (tree-entry-bypath tree ".guix-authorizations"))
+ (blob (blob-lookup repository (tree-entry-id entry))))
+ (read-authorizations
+ (open-bytevector-input-port (blob-content blob)))))
+ (lambda (key error)
+ (if (= (git-error-code error) GIT_ENOTFOUND)
+ (begin
+ ;; Prevent removal of '.guix-authorizations' since it would make
+ ;; it trivial to force a fallback to DEFAULT-VALUE.
+ (assert-parents-lack-authorizations commit)
+ default-value)
+ (throw key error)))))
+(define* (commit-authorized-keys repository commit
+ #:optional (default-authorizations '()))
+ "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
+authorizations listed in its parent commits. If one of the parent commits
+does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(match (commit-parents commit)
(() default-authorizations)
(parents
(apply lset-intersection bytevector=?
- (map commit-authorizations parents)))))
+ (map (lambda (commit)
+ (authorized-keys-at-commit repository commit
+ default-authorizations))
+ parents)))))
(define* (authenticate-commit repository commit keyring
#:key (default-authorizations '()))
@@ -236,8 +248,8 @@ (define signing-key
(condition
(&unauthorized-commit-error (commit id)
(signing-key signing-key)))
- (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+ (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
(oid->string id)
(openpgp-format-fingerprint
(openpgp-public-key-fingerprint
@@ -356,7 +368,8 @@ (define (repository-cache-key repository)
(base64-encode
(sha256 (string->utf8 (repository-directory repository))))))
-(define (verify-introductory-commit repository keyring commit expected-signer)
+(define (verify-introductory-commit repository commit expected-signer keyring
+ authorizations)
"Look up COMMIT in REPOSITORY, and raise an exception if it is not signed by
EXPECTED-SIGNER."
(define actual-signer
@@ -364,13 +377,26 @@ (define actual-signer
(commit-signing-key repository (commit-id commit) keyring)))
(unless (bytevector=? expected-signer actual-signer)
- (raise (formatted-message (G_ "initial commit ~a is signed by '~a' \
+ (raise (make-compound-condition
+ (condition (&unauthorized-commit-error (commit (commit-id commit))
+ (signing-key actual-signer)))
+ (formatted-message (G_ "initial commit ~a is signed by '~a' \
instead of '~a'")
- (oid->string (commit-id commit))
- (openpgp-format-fingerprint actual-signer)
- (openpgp-format-fingerprint expected-signer)))))
-
-(define* (authenticate-repository repository start signer
+ (oid->string (commit-id commit))
+ (openpgp-format-fingerprint actual-signer)
+ (openpgp-format-fingerprint expected-signer)))))
+ (unless (member actual-signer
+ (authorized-keys-at-commit repository commit authorizations)
+ bytevector=?)
+ (raise-continuable
+ (make-compound-condition
+ (condition (&warning))
+ (formatted-message (G_ "initial commit ~a does not add \
+the key it is signed with (~a) to the '.guix-authorizations' file.")
+ (oid->string (commit-id commit))
+ (openpgp-format-fingerprint actual-signer))))))
+
+(define* (authenticate-repository repository intro-commit-hash intro-signer
#:key
(keyring-reference "keyring")
(cache-key (repository-cache-key repository))
@@ -380,11 +406,12 @@ (define* (authenticate-repository repository start signer
(historical-authorizations '())
(make-reporter
(const progress-reporter/silent)))
- "Authenticate REPOSITORY up to commit END, an OID. Authentication starts
-with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case. Commits listed in AUTHENTIC-COMMITS and their
-closure are considered authentic. Return an alist mapping OpenPGP public keys
-to the number of commits signed by that key that have been traversed.
+ "Authenticate REPOSITORY up to commit END, an OID. Authentication starts with
+commit INTRO-COMMIT-HASH, an OID, which must be signed by INTRO-SIGNER; an
+exception is raised if that is not the case. Commits listed in
+AUTHENTIC-COMMITS and their closure are considered authentic. Return an
+alist mapping OpenPGP public keys to the number of commits signed by that
+key that have been traversed.
The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
KEYRING-REFERENCE is the name of a branch. The list of authenticated commits
@@ -393,8 +420,10 @@ (define* (authenticate-repository repository start signer
HISTORICAL-AUTHORIZATIONS must be a list of OpenPGP fingerprints (bytevectors)
denoting the authorized keys for commits whose parent lack the
'.guix-authorizations' file."
- (define start-commit
- (commit-lookup repository start))
+
+ (define intro-commit
+ (commit-lookup repository intro-commit-hash))
+
(define end-commit
(commit-lookup repository end))
@@ -404,36 +433,37 @@ (define keyring
(define authenticated-commits
;; Previously-authenticated commits that don't need to be checked again.
(filter-map (lambda (id)
+ ;; We need to tolerate when cached commits disappear due to
+ ;; --allow-downgrades.
(false-if-git-not-found
(commit-lookup repository (string->oid id))))
(append (previously-authenticated-commits cache-key)
- authentic-commits)))
+ authentic-commits
+ ;; The intro commit is unconditionally trusted.
+ (list (oid->string intro-commit-hash)))))
(define commits
;; Commits to authenticate, excluding the closure of
;; AUTHENTICATED-COMMITS.
- (commit-difference end-commit start-commit
- authenticated-commits))
-
- ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
- ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
- ;; be authentic already.
- (if (null? commits)
- '()
- (let ((reporter (make-reporter start-commit end-commit commits)))
- ;; If it's our first time, verify START-COMMIT's signature.
- (when (null? authenticated-commits)
- (verify-introductory-commit repository keyring
- start-commit signer))
-
- (let ((stats (call-with-progress-reporter reporter
- (lambda (report)
- (authenticate-commits repository commits
- #:keyring keyring
- #:default-authorizations
- historical-authorizations
- #:report-progress report)))))
- (cache-authenticated-commit cache-key
- (oid->string (commit-id end-commit)))
-
- stats))))
+ (commit-difference end-commit intro-commit
+ authenticated-commits))
+
+ (verify-introductory-commit repository intro-commit
+ intro-signer keyring
+ historical-authorizations)
+
+ (let* ((reporter (make-reporter intro-commit end-commit commits))
+ (stats (call-with-progress-reporter reporter
+ (lambda (report)
+ (authenticate-commits repository commits
+ #:keyring keyring
+ #:default-authorizations
+ historical-authorizations
+ #:report-progress report)))))
+ ;; Note that this will make the then current end commit of any channel,
+ ;; that has been used/trusted in the past with a channel introduction,
+ ;; remain trusted until the cache is cleared.
+ (cache-authenticated-commit cache-key
+ (oid->string (commit-id end-commit)))
+
+ stats))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 15:58:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 11:58:11 2021
Received: from localhost ([127.0.0.1]:48315 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mcV1T-0006zQ-TF
for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:58:11 -0400
Received: from mail-ed1-f47.google.com ([209.85.208.47]:43608)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mcV1R-0006yv-A0
for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:57:59 -0400
Received: by mail-ed1-f47.google.com with SMTP id i20so946654edj.10
for <50814 <at> debbugs.gnu.org>; Mon, 18 Oct 2021 08:57:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=8qHZbo8hTAzZI1w0pEUIclE9I3EZ8GGjjP4O25GQ0VU=;
b=KJ3xrUr0dtnadjcmPKIMvKSO2mOoqQZYian5GPwSMcyqm5u96cjW2xPOvlUE0jD+gS
ke3cSS1EU4h1BQgbXPT9QOw41iqNfi26siJn3kqsCqpmll8bOcLZgrEk/DN9kGDkhBB9
OGOMnV2HTNPbSjgEmQmBb3MgqzR3cQWj1LCTpeJDULA2itj3x9+HrSetjgIrE/2alhoN
0G5aagtcwb5E29Vtt1jL0CnvCdo+SBxo6a5rW9M6HNrP70jifUnN0J1TIa6kF4axs0jt
Lywld/YlmnUujSfOznqpZikIdYLtKbay9jfkmsmG5+Uoo4IexPnPMKeZWeVsSUFIRX+O
fLYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=8qHZbo8hTAzZI1w0pEUIclE9I3EZ8GGjjP4O25GQ0VU=;
b=b0k0cOiXWD5GQnuuJPUeWZKV5gj20hmODuocVVhf/QFPBs4EP/YoyYvL2hk3ODIlCk
M+og6oh8/mCKZOMbWVsw+M4L+jKzD5WdnWvNesO0TNX2zdF4KBWrIxLlIiFtjVsrlnvt
x6mwHwbeQpA825N9fWjjJjt1qx86rCGJKfHRuuF/eQCoWBSukYfyW73DLMn9uEUfz1/h
gxBGs1VBtOBPCb5T8iMYpoB2Rhr0HjlJJipqA9N6IC1jsXbFo4R2c/H9gkXylhIYHqKV
NxcGTb77jSchX+mMfTEvK9SiIAiGlTzmIM6xIGnyDdCY1B5H6h1RY4Ktr8oFkAlSrX9E
eMPA==
X-Gm-Message-State: AOAM532tMf9ZJPRPQQGsxj3G/2RswJuckGYsXeAV+OlQ1s/FmLQ0i01e
kUwGVtCnyqvtwcwT4W3Bs/Pliki2GMg=
X-Google-Smtp-Source: ABdhPJxFrs9cnFHmXwYo6nPZb37NvBVTJ4DogQHD0AV80mi2FG+k/5htKa9jJNZmt5iExR6r7ILz9g==
X-Received: by 2002:a17:906:35cc:: with SMTP id
p12mr31050002ejb.351.1634572666160;
Mon, 18 Oct 2021 08:57:46 -0700 (PDT)
Received: from localhost.localdomain
([2a02:ab88:3710:6480:8fb4:66e9:57c0:8a0a])
by smtp.gmail.com with ESMTPSA id n22sm8762059eja.120.2021.10.18.08.57.45
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 18 Oct 2021 08:57:45 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 2/5] tests: Move keys into ./tests/keys/ and add a third
ed25519 key.
Date: Mon, 18 Oct 2021 17:57:31 +0200
Message-Id: <20211018155734.5175-2-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20211018155734.5175-1-attila@HIDDEN>
References: <20211018155734.5175-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.6 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)
The third key will be used in an upcoming commit.
Rename public keys to .pub.
* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.
---
Makefile.am | 20 +++++-----
build-aux/test-env.in | 6 +--
guix/tests/gnupg.scm | 22 ++++++----
tests/channels.scm | 18 ++++-----
tests/git-authenticate.scm | 23 +++++------
tests/guix-authenticate.sh | 4 +-
tests/{civodul.key => keys/civodul.pub} | 0
tests/{dsa.key => keys/dsa.pub} | 0
tests/{ed25519bis.key => keys/ed25519-2.pub} | 0
tests/{ed25519bis.sec => keys/ed25519-2.sec} | 0
tests/keys/ed25519-3.pub | 9 +++++
tests/keys/ed25519-3.sec | 10 +++++
tests/{ed25519.key => keys/ed25519.pub} | 0
tests/{ => keys}/ed25519.sec | 0
tests/{rsa.key => keys/rsa.pub} | 0
tests/{ => keys}/signing-key.pub | 0
tests/{ => keys}/signing-key.sec | 0
tests/openpgp.scm | 42 +++++++++++---------
18 files changed, 93 insertions(+), 61 deletions(-)
rename tests/{civodul.key => keys/civodul.pub} (100%)
rename tests/{dsa.key => keys/dsa.pub} (100%)
rename tests/{ed25519bis.key => keys/ed25519-2.pub} (100%)
rename tests/{ed25519bis.sec => keys/ed25519-2.sec} (100%)
create mode 100644 tests/keys/ed25519-3.pub
create mode 100644 tests/keys/ed25519-3.sec
rename tests/{ed25519.key => keys/ed25519.pub} (100%)
rename tests/{ => keys}/ed25519.sec (100%)
rename tests/{rsa.key => keys/rsa.pub} (100%)
rename tests/{ => keys}/signing-key.pub (100%)
rename tests/{ => keys}/signing-key.sec (100%)
diff --git a/Makefile.am b/Makefile.am
index 635147efc1..95c6597c17 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -645,16 +645,18 @@ EXTRA_DIST += \
build-aux/update-guix-package.scm \
build-aux/update-NEWS.scm \
tests/test.drv \
- tests/signing-key.pub \
- tests/signing-key.sec \
tests/cve-sample.json \
- tests/civodul.key \
- tests/rsa.key \
- tests/dsa.key \
- tests/ed25519.key \
- tests/ed25519.sec \
- tests/ed25519bis.key \
- tests/ed25519bis.sec \
+ tests/keys/signing-key.pub \
+ tests/keys/signing-key.sec \
+ tests/keys/civodul.pub \
+ tests/keys/rsa.pub \
+ tests/keys/dsa.pub \
+ tests/keys/ed25519.pub \
+ tests/keys/ed25519.sec \
+ tests/keys/ed25519-2.pub \
+ tests/keys/ed25519-2.sec \
+ tests/keys/ed25519-3.pub \
+ tests/keys/ed25519-3.sec \
build-aux/config.rpath \
bootstrap \
doc/build.scm \
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
# Copy the keys so that the secret key has the right permissions (the
# daemon errors out when this is not the case.)
mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
- cp "@abs_top_srcdir@/tests/signing-key.sec" \
- "@abs_top_srcdir@/tests/signing-key.pub" \
- "$GUIX_CONFIGURATION_DIRECTORY"
+ cp "@abs_top_srcdir@/tests/keys/signing-key.sec" \
+ "@abs_top_srcdir@/tests/keys/signing-key.pub" \
+ "$GUIX_CONFIGURATION_DIRECTORY"
chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
fi
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index c7630db912..09f02a2b67 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@ (define-module (guix tests gnupg)
%ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file
+ %ed25519-3-public-key-file
+ %ed25519-3-secret-key-file
read-openpgp-packet
key-fingerprint
@@ -64,13 +66,17 @@ (define-syntax-rule (with-fresh-gnupg-setup imported exp ...)
(call-with-fresh-gnupg-setup imported (lambda () exp ...)))
(define %ed25519-public-key-file
- (search-path %load-path "tests/ed25519.key"))
+ (search-path %load-path "tests/keys/ed25519.pub"))
(define %ed25519-secret-key-file
- (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
- (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
- (search-path %load-path "tests/ed25519bis.sec"))
+ (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+ (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+ (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-3.sec"))
(define (read-openpgp-packet file)
(get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@ (define (find-commit* message)
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -507,7 +507,7 @@ (define (find-commit* message)
(commit-id-string commit1)
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file)))) ;different key
+ %ed25519-2-public-key-file)))) ;different key
(channel (channel (name 'example)
(url (string-append "file://" directory))
(introduction intro))))
@@ -519,7 +519,7 @@ (define (find-commit* message)
(oid->string (commit-id commit1))
(key-fingerprint %ed25519-public-key-file)
(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit2)
#:keyring-reference-prefix "")
@@ -530,8 +530,8 @@ (define (find-commit* message)
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -552,12 +552,12 @@ (define (find-commit* message)
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(branch "channel-keyring")
(checkout "channel-keyring")
(add "signer.key" ,(call-with-input-file %ed25519-public-key-file
get-string-all))
- (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+ (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(commit "keyring commit")
(checkout "master"))
@@ -588,7 +588,7 @@ (define (find-commit* message)
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit3)
#:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@ (define (gpg+git-available?)
(test-assert "signed commits, .guix-authorizations, unauthorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -184,7 +184,7 @@ (define (gpg+git-available?)
(checkout "devel")
(add "devel/1.txt" "1")
(commit "first devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -203,7 +203,7 @@ (define (correct? c commit)
(openpgp-public-key-fingerprint
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
- (read-openpgp-packet %ed25519bis-public-key-file)))))
+ (read-openpgp-packet %ed25519-2-public-key-file)))))
(and (authenticate-commits repository (list master1 master2)
#:keyring-reference "master")
@@ -230,14 +230,14 @@ (define (correct? c commit)
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -258,12 +258,12 @@ (define (correct? c commit)
%ed25519-public-key-file)
(name "Alice"))
(,(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(commit "first devel commit"
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "devel/2.txt" "2")
(commit "second devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -273,7 +273,7 @@ (define (correct? c commit)
;; After the merge, the second signer is authorized.
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file))))
(with-repository directory repository
(let ((master1 (find-commit repository "first commit"))
(master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@ (define (correct? c commit)
'failed)))))))
(test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
trap 'rm -f "$sig" "$hash"' EXIT
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
key_len="`echo -n $key | wc -c`"
# A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
| LC_ALL=C grep "hash sha256 \"$latin1_cafe"
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
similarity index 100%
rename from tests/civodul.key
rename to tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
similarity index 100%
rename from tests/dsa.key
rename to tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
similarity index 100%
rename from tests/ed25519bis.key
rename to tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
similarity index 100%
rename from tests/ed25519bis.sec
rename to tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
similarity index 100%
rename from tests/ed25519.key
rename to tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
similarity index 100%
rename from tests/ed25519.sec
rename to tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
similarity index 100%
rename from tests/rsa.key
rename to tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
similarity index 100%
rename from tests/signing-key.pub
rename to tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
similarity index 100%
rename from tests/signing-key.sec
rename to tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ (define %binary-sample
(define %civodul-fingerprint
"3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5")
-(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.key
-
-;; Test keys. They were generated in a container along these lines:
-;; guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;; mkdir ~/.gnupg
-;; echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;; gpg --quick-gen-key '<ludo+test-rsa@HIDDEN>' rsa
-;; or similar.
-(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.key
-(define %dsa-key-id #x587918047BE8BD2C) ;dsa.key
-(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub
+
+#|
+Test keys in ./tests/keys. They were generated in a container along these lines:
+ guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+ mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+ gpg --batch --passphrase '' --quick-gen-key '<example@HIDDEN>' ed25519
+ gpg --armor --export example@HIDDEN
+ gpg --armor --export-secret-key example@HIDDEN
+ # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub
+(define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub
+(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub
(define %rsa-key-fingerprint
(base16-string->bytevector
@@ -168,7 +172,7 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1
(not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
(test-assert "get-openpgp-keyring"
- (let* ((key (search-path %load-path "tests/civodul.key"))
+ (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
(keyring (get-openpgp-keyring
(open-bytevector-input-port
(call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1
(verify-openpgp-signature signature keyring
(open-input-string "Hello!\n"))))
(list status (openpgp-public-key-id key)))))
- (list "tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+ (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub")
(list %hello-signature/rsa %hello-signature/dsa
%hello-signature/ed25519/sha256
%hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1
(call-with-input-file key read-radix-64))
keyring)))
%empty-keyring
- '("tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key"
- "tests/ed25519.key"))))
+ '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"))))
(map (lambda (signature)
(let ((signature (string->openpgp-packet signature)))
(let-values (((status key)
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 15:57:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 11:57:56 2021
Received: from localhost ([127.0.0.1]:48311 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mcV1Q-0006z7-Ja
for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:57:56 -0400
Received: from mail-ed1-f42.google.com ([209.85.208.42]:44804)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mcV1O-0006yr-60
for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:57:56 -0400
Received: by mail-ed1-f42.google.com with SMTP id w14so1051501edv.11
for <50814 <at> debbugs.gnu.org>; Mon, 18 Oct 2021 08:57:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=Q1LEPb2GaMgwANKUBjTAL73fLUg/TR6v/7o6kLsZRSs=;
b=A5pLJmG3KfYlHjWfBcUMi3IPYHtchncQtJlbEa9Ok+5bgFlvsH79sBQ3ZIvMM7tBwm
Yy/QNDXny84Kgd8ml6TPOY67m0c9KrGyObTqVFVzb7WnmCIayzJ3GOZrTvM7bl42WLfS
u2aI8RpLYFjD2AAuom2ermAEAXPL1jgAVbEmYYFqfcgtvJP4qYGeh9AefRyRJrsgpQtm
kRvLkVzIZ1tNAnd27/SZcLIvaqkhtaGC0Rzb0GypO8f16CQXi4ECNTRMrsTxRtXvopnw
w/WO+RwZyotjNrO3mZ3s+b8YQ4HnoCmFzLKeqrrtT8h940tR40e7TLlpSDrhLK4nowTO
kRFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:mime-version:content-transfer-encoding;
bh=Q1LEPb2GaMgwANKUBjTAL73fLUg/TR6v/7o6kLsZRSs=;
b=OWQmecmC43bJkeLVjIEIS+3IVmJWIK36zJaXOqpXGlDj5BF6WlWXsLDVPRgXI56RU1
UNnhA47pIZgEBnRMixDq9JVJ0F6ILhibj1CBBzxoTHwFNr8N12M6exCUzLJrAGofL3NR
Z2ZRbaUzntGsImW4rcmM7jTBQeVMYCEGpt++U7f/6ouAlnST6v40hUmn9S4YqOsz4F1L
PqR0MECzxxaA+kyvdGDUqVrNEZSgy6Ki1q4EpiumrPs4mm9eBaqt6oD7keTeJseh9V2N
P4tze68o68FCChTloyIZLIxN9CFPfZPH8m+y7NZ+SX84LQ37I0Bn26d21+HSHGqJGUxw
rZIw==
X-Gm-Message-State: AOAM531tTEgoYiLBGlE/a92HG/2xx8AH+kF/65TYOK24TCaz0g/a6RP1
7fJZIDkvGNHUWRZuHW+0bfrIxUswlck=
X-Google-Smtp-Source: ABdhPJyB2Lt2gJih99l5w9bmq1lCsYS+VsaE9J4bAVK+1puO0r5n0SW5lXUMIAeSqifLnWyr2JPtjQ==
X-Received: by 2002:a17:906:7a50:: with SMTP id
i16mr31606213ejo.507.1634572665483;
Mon, 18 Oct 2021 08:57:45 -0700 (PDT)
Received: from localhost.localdomain
([2a02:ab88:3710:6480:8fb4:66e9:57c0:8a0a])
by smtp.gmail.com with ESMTPSA id n22sm8762059eja.120.2021.10.18.08.57.44
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 18 Oct 2021 08:57:44 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 1/5] tests: Smarten up git repository testing framework.
Date: Mon, 18 Oct 2021 17:57:30 +0200
Message-Id: <20211018155734.5175-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
* guix/tests/git.scm (with-git-repository): New macro that can be used in
a nested way under a with-temporary-git-repository.
(populate-git-repository): Extend the DSL with (add "some-noise"), (reset
"[commit hash]"), (checkout "branch" orphan).
* guix/tests/gnupg.scm (key-fingerprint-vector): New function.
---
guix/tests/git.scm | 23 +++++++++++++++++++++--
guix/tests/gnupg.scm | 8 ++++++--
2 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/guix/tests/git.scm b/guix/tests/git.scm
index 69960284d9..76f5a8b937 100644
--- a/guix/tests/git.scm
+++ b/guix/tests/git.scm
@@ -26,6 +26,7 @@ (define-module (guix tests git)
#:use-module (ice-9 control)
#:export (git-command
with-temporary-git-repository
+ with-git-repository
find-commit))
(define git-command
@@ -59,8 +60,9 @@ (define (git command . args)
(apply invoke (git-command) "-C" directory
command args)))))
- (mkdir-p directory)
- (git "init")
+ (unless (directory-exists? (string-append directory "/.git"))
+ (mkdir-p directory)
+ (git "init"))
(let loop ((directives directives))
(match directives
@@ -78,6 +80,9 @@ (define (git command . args)
port)))
(git "add" file)
(loop rest)))
+ ((('add file-name-and-content) rest ...)
+ (loop (cons `(add ,file-name-and-content ,file-name-and-content)
+ rest)))
((('remove file) rest ...)
(git "rm" "-f" file)
(loop rest))
@@ -99,12 +104,18 @@ (define (git command . args)
((('checkout branch) rest ...)
(git "checkout" branch)
(loop rest))
+ ((('checkout branch 'orphan) rest ...)
+ (git "checkout" "--orphan" branch)
+ (loop rest))
((('merge branch message) rest ...)
(git "merge" branch "-m" message)
(loop rest))
((('merge branch message ('signer fingerprint)) rest ...)
(git "merge" branch "-m" message
(string-append "--gpg-sign=" fingerprint))
+ (loop rest))
+ ((('reset to) rest ...)
+ (git "reset" "--hard" to)
(loop rest)))))
(define (call-with-temporary-git-repository directives proc)
@@ -121,6 +132,14 @@ (define-syntax-rule (with-temporary-git-repository directory
(lambda (directory)
exp ...)))
+(define-syntax-rule (with-git-repository directory
+ directives exp ...)
+ "Evaluate EXP in a context where DIRECTORY is (further) populated as
+per DIRECTIVES."
+ (begin
+ (populate-git-repository directory directives)
+ exp ...))
+
(define (find-commit repository message)
"Return the commit in REPOSITORY whose message includes MESSAGE, a string."
(let/ec return
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..c7630db912 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -33,6 +33,7 @@ (define-module (guix tests gnupg)
read-openpgp-packet
key-fingerprint
+ key-fingerprint-vector
key-id))
(define gpg-command
@@ -76,7 +77,10 @@ (define (read-openpgp-packet file)
(open-bytevector-input-port
(call-with-input-file file read-radix-64))))
+(define key-fingerprint-vector
+ (compose openpgp-public-key-fingerprint
+ read-openpgp-packet))
+
(define key-fingerprint
(compose openpgp-format-fingerprint
- openpgp-public-key-fingerprint
- read-openpgp-packet))
+ key-fingerprint-vector))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 15:27:20 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 11:27:20 2021 Received: from localhost ([127.0.0.1]:48291 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mcUXo-00069E-DU for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:27:20 -0400 Received: from mail-4323.proton.ch ([185.70.43.23]:11072) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mcUXi-00068v-JG for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 11:27:19 -0400 Date: Mon, 18 Oct 2021 15:27:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1634570827; bh=C43fa0MHvmfpRFh1Q1gqHfZXs2vdWvw0WVJmQiCNk4U=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=JQ59H86Z4HqwKm2nzqYfp87UJ8HTAdN7G7oF1wg6RY5O4iwiHszzncpownsH3ywuL QPhoP/yVAkd55xNS1NYAtw+zk+lSE+zUsqVaGmYgBbzvr+mYvJ8Qyg9x2tCAgP4QUZ 5HMAbhuVn3G66NwRAQJQ8iTLGxf2OgOiGuyx0knxDvRWaswXC0yIsHTN/jYUDdWpsV Sbu1blYCHuDnWGtP04Z3SB30p19G1P1wh9ku6P4jxgaMyv1HpQMbEPGFBanE1nOKkd FCrGksVjq7hH7Ny0RO1GM1WrScSwhJ7loct4cFaaRhpYI37UNrn7yXdhnD+tXN3FQw NfCS2EWvxVY7g== To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <HYmFugT4oHoOLRIfzLRZyEtR3aJeuSjmKed_5Okw0HqRj6pP8A6ITOV_6Ut55WzXhtxilgUeVoqlWQXSfRPvi89xdZnUOKiloJlk-MaPF1A=@lendvai.name> In-Reply-To: <878ryqbsvk.fsf@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> <878rz2xq23.fsf@HIDDEN> <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> <RQVMMoKLN91IL7OY4XhljYSCt4hyEDqgKIcY9kOpNk6OHBTK46-oU78I6WzxpldpaaUSExfyl1vVXXpCaw0orq5fEYRhQOflzH1xM-snJU8=@lendvai.name> <878ryqbsvk.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) hi Ludo, > > i ran the test without my fix, and indeed it fails at two points: > > Sorry, which test is failing? Is that part of the patches you sent? > > I need more context. :-) i have sent 5 patches. three of them are prefixed with 'test:', and two of those are test idempotent test infrastructure changes. the third of them adds a new test that tests git-authenticate. this is the test that i'm talking about. if you apply only these 3 test related commits, and run the new test on the unpatched codebase, then you'll see the two failures that i'm talking about in my previous mail. search the test log for 'FAILURE' (the test runs fully, but fails in case any of the tests fail). one of the two failures is a more serious issue because a channel intro commit is accepted while it shouldn't be. > > > Alright. Please next time open one issue per topic: that=E2=80=99s a = good > > > way to maximize the chances that review happens in a timely fashion. > > > > > > :-) > > > > can i mark dependencies between issues/patchsets? > > because all that i could do here is split this into two sets of > > commits (because of the dependencies between the commits): > > > > 1. the 3 test commits, and > > 2. the 2 guix commits. > > > > i thought that separating the test that is exhibiting the bug, from > > the fix that fixes it, would only hinder the process. > > Yes, in general it=E2=80=99s best to have the test and the fix in the sam= e > commit. i cut the fix and the test in separate commits (but sent them in the same patchset/issue), so that it's possible to partially apply only the test commits, and study its behavior on the current codebase. > However, at this point, I=E2=80=99m not sure which =E2=80=9Cbug=E2=80= =9D we=E2=80=99re talking about. > > What you described in your initial message is not a bug in my view: > > https://issues.guix.gnu.org/50814#28 the bug is described, formally, by the test that i have added (unless the test itself is wrong, that is). IIRC, i started putting together this new test to expose the bugs that i have suspected while reviewing the implementation of git-authenticate, and then to support my effort to fix them afterwards. i think the best next-action is for someone qualified to take a look at the test that i have added, and see if any of the assumptions encoded in it is wrong. i think i understand this part of the codebase pretty well now, but i may have erred. if the test seems to be valid, then proceed to review the rest of the commits. > I=E2=80=99m not saying that we should not change anything, but rather tha= t it=E2=80=99s > not like a simple usability/UX issue. > > I hope this makes sense! yes, it does! actually, i welcome the reluctance to haphazardly apply patches to this part of the codebase. i was kinda expecting this, and that's why i have prepared the commits so that the test can be applied and tried separately. hope this clarifies the situation, -- =E2=80=A2 attila lendvai =E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39 -- =E2=80=9CEverything can be taken from a man but one thing: the last of the = human freedoms=E2=80=94to choose one=E2=80=99s attitude in any given set of= circumstances, to choose one=E2=80=99s own way.=E2=80=9D =09=E2=80=94 Viktor E. Frankl (1905=E2=80=931997), 'Man's Search for Meanin= g' (1946)
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 18 Oct 2021 09:10:53 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Oct 18 05:10:53 2021 Received: from localhost ([127.0.0.1]:46006 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mcOfU-0004QQ-UB for submit <at> debbugs.gnu.org; Mon, 18 Oct 2021 05:10:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41984) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1mcOfS-0004QB-AX for 50814 <at> debbugs.gnu.org; Mon, 18 Oct 2021 05:10:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60634) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1mcOfM-0002cb-Ox; Mon, 18 Oct 2021 05:10:44 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=50988 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1mcOfJ-0008RK-NG; Mon, 18 Oct 2021 05:10:44 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Attila Lendvai <attila@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. References: <20210926101928.3877-1-attila@HIDDEN> <878rz2xq23.fsf@HIDDEN> <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> <RQVMMoKLN91IL7OY4XhljYSCt4hyEDqgKIcY9kOpNk6OHBTK46-oU78I6WzxpldpaaUSExfyl1vVXXpCaw0orq5fEYRhQOflzH1xM-snJU8=@lendvai.name> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 27 =?utf-8?Q?Vend=C3=A9miaire?= an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 18 Oct 2021 11:10:39 +0200 In-Reply-To: <RQVMMoKLN91IL7OY4XhljYSCt4hyEDqgKIcY9kOpNk6OHBTK46-oU78I6WzxpldpaaUSExfyl1vVXXpCaw0orq5fEYRhQOflzH1xM-snJU8=@lendvai.name> (Attila Lendvai's message of "Sun, 17 Oct 2021 10:09:24 +0000") Message-ID: <878ryqbsvk.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Attila, Attila Lendvai <attila@HIDDEN> skribis: >> i'll investigate again later by running the test without the fix, and wr= ite >> up my results here, or better yet, in a better commit message. > > i ran the test without my fix, and indeed it fails at two points: Sorry, which test is failing? Is that part of the patches you sent? I need more context. :-) [...] >> Alright. Please next time open one issue per topic: that=E2=80=99s a go= od >> way to maximize the chances that review happens in a timely fashion. >> :-) > > > can i mark dependencies between issues/patchsets? > > because all that i could do here is split this into two sets of > commits (because of the dependencies between the commits): > > 1) the 3 test commits, and > 2) the 2 guix commits. > > i thought that separating the test that is exhibiting the bug, from > the fix that fixes it, would only hinder the process. Yes, in general it=E2=80=99s best to have the test and the fix in the same commit. However, at this point, I=E2=80=99m not sure which =E2=80=9Cbug=E2=80=9D we= =E2=80=99re talking about. What you described in your initial message is not a bug in my view: https://issues.guix.gnu.org/50814#28 >> I understand the behavior was surprising to you, but I=E2=80=99d like to= see >> if we can pinpoint why. Can you think of anything that could be >> added to the documentation? > > > if we assume that everyone reads and internalizes every page of the > documentation of every software that they use, then i guess nothing > needs to be added. > > but if our goal is to maximize the effectiveness of the users, then no > amount of static, free-flowing text can compete with a warning that is > signalled in close context to the issue. Sure, I agree. However, you=E2=80=99re clearly a power user at this point :-), and we=E2= =80=99re talking about one of the most sensitive pieces of code in Guix. I think it=E2=80=99s important to make sure we=E2=80=99re on the same level of unde= rstanding of the design and current implementation; I also think it=E2=80=99s not unreasonable to expect channel writers to pay attention to documentation on these matters. I=E2=80=99m not saying that we should not change anything, but rather that = it=E2=80=99s not like a simple usability/UX issue. I hope this makes sense! Ludo=E2=80=99.
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 17 Oct 2021 10:09:36 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 17 06:09:36 2021 Received: from localhost ([127.0.0.1]:43613 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mc36m-0006aB-EA for submit <at> debbugs.gnu.org; Sun, 17 Oct 2021 06:09:36 -0400 Received: from mail-40136.proton.ch ([185.70.40.136]:29402) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mc36j-0006Zw-4z for 50814 <at> debbugs.gnu.org; Sun, 17 Oct 2021 06:09:35 -0400 Date: Sun, 17 Oct 2021 10:09:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1634465366; bh=OzxsZWf5Kc06WmW9OxoymrXdagJZnIC61y1n6rzwjsI=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=iSBy50HaoWazjbgPcA/yQf6qrSGvR80+trzUxpsGvaSIIaxRYhs6kT1IPBLRvpDBj Wok0xdznl9tox+p1kdfUUrprNojEhGAbz3raDtyXLrfg89jjCTtyXpouni/3Sbto3c 1rvyMzqcSThfZry4cRhNBNJHqYqTsu2S4Wd760OEQuIU/A+ytJityEIbHahfn/et49 K3P6o2PsO2lyJA/TtxRQAade4HFTfym0JNx+SzmyksEBgbf1M1I0ILMg9Haq7ceke0 PML9g9xb/LeQeVSCbWowa4L2wQqJtoRdFtMQqJZJgUbtR71yNFXRrg/Ek6Ne5nu4a+ Tn/VMprd9qEMg== To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <RQVMMoKLN91IL7OY4XhljYSCt4hyEDqgKIcY9kOpNk6OHBTK46-oU78I6WzxpldpaaUSExfyl1vVXXpCaw0orq5fEYRhQOflzH1xM-snJU8=@lendvai.name> In-Reply-To: <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> References: <20210926101928.3877-1-attila@HIDDEN> <878rz2xq23.fsf@HIDDEN> <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) > i'll investigate again later by running the test without the fix, and wri= te > up my results here, or better yet, in a better commit message. i ran the test without my fix, and indeed it fails at two points: 1) ;; Should fail because it is signed with key2, not key1 (check-from "commit 3" #:should-fail? #true) 2) ;; It is not very intuitive why commit 1 and 2 should be trusted ;; at this point: commit 4 has previously been used as a channel ;; intro, thus it got marked as trusted in the ~/.cache/. ;; Because commit 1 and 2 are among its parents, it should also ;; be trusted at this point because of the cache. Note that ;; it's debatable whether this semantics is a good idea, but ;; this is how git-authenticate is and has been implemented for ;; a while (modulo failing to update the cache in the past when ;; taking certain code paths). (check-from "commit 1") (check-from "commit 2") note that i have extended the above comments compared to what's in the commits that i have sent previously (and i also fixed the check for the warning). i suspect there are still things to discuss, so i'll wait for any feedback before i resend the patches. i did not touch the test code itself, so you can easily find these points in it. > Yes please. In general, please start by reporting the bug: what you > get, what you expected, and how to reproduce. That makes it easier > to understand and evaluate proposed fixes. understood. the problem is that it all started out as adding a warning, and the rest were just side-quests... :) > Alright. Please next time open one issue per topic: that=E2=80=99s a goo= d > way to maximize the chances that review happens in a timely fashion. > :-) can i mark dependencies between issues/patchsets? because all that i could do here is split this into two sets of commits (because of the dependencies between the commits): 1) the 3 test commits, and 2) the 2 guix commits. i thought that separating the test that is exhibiting the bug, from the fix that fixes it, would only hinder the process. > I understand the behavior was surprising to you, but I=E2=80=99d like to = see > if we can pinpoint why. Can you think of anything that could be > added to the documentation? if we assume that everyone reads and internalizes every page of the documentation of every software that they use, then i guess nothing needs to be added. but if our goal is to maximize the effectiveness of the users, then no amount of static, free-flowing text can compete with a warning that is signalled in close context to the issue. i think the right question to ask here is how often would this warning be superfluous. my assumption is that very rarely, if ever, but i may not be aware of some use-cases. looking forward to any feedback on how to improve this. -- =E2=80=A2 attila lendvai =E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39 -- If the source of fear is the unknown, and fear is the only way to be contro= lled, then knowledge is the only way to be free.
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 12 Oct 2021 15:17:48 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Oct 12 11:17:48 2021 Received: from localhost ([127.0.0.1]:48718 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1maJXI-0000P6-9j for submit <at> debbugs.gnu.org; Tue, 12 Oct 2021 11:17:48 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:36337) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1maJXA-0000Hr-FX for 50814 <at> debbugs.gnu.org; Tue, 12 Oct 2021 11:17:47 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id B3E593200E91; Tue, 12 Oct 2021 11:17:34 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Tue, 12 Oct 2021 11:17:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-transfer-encoding:in-reply-to; s=mesmtp; bh=yek4jBPx9U+oHygLvGgLvVVEW0tao84o5D07VCSXehs=; b=GLm8ypm6edp0 PEW1s9lSXJuTL9phvu141gLPn7Y7dEja00WQqrMUhWWtOEdLtK7GYh4Dy0Oeh680 +P7517wk5/G5doF+C5DyiZz46P09Q0UCGzD4Hj89fv2Qzg1fgHO8sPzkOLXWkJxK OH8ewBPpVJGMa5bIxwoziqEVqS7dQPI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=yek4jBPx9U+oHygLvGgLvVVEW0tao84o5D07VCSXe hs=; b=ChdL93yUqIkecVCKpDE+/3tMN+p/uq/JfxgrB/WePqUn+Y2YnCVKaEiUT Quft1hDjbJCMnhLyecD/w1lC17JdJlot8OurTOn2IGbD635F/y+AArvG6n3Q3Z0C IO143WiAFNlyTii4900JJuTU7weMnkYTFMdH+BU1C1PI6k0No3u5VYufnRVftmUF 6FyqPgEFxMrYcW1AW5ICAUOLgKM1w02jz6DM7dvTfYdyfcrNgWwrfEU7Cnm8FNrR 2Nv4PHyuj7wF70gXql8uMDn0NqSOR4kr6SfAq6BaNabuZZwrYPPtp//sml6lyWm7 NatpJNpKkGz7ITCAkIIG7RqrwazjQ== X-ME-Sender: <xms:DqdlYUXiXfJhzrw4KmzVx9IQqBrqsmSYDxdHLBPyFS2dFoLOyctkjw> <xme:DqdlYYlx1UCyKzpSXcvAKz69w7gLnzcgHmPhtgEqBnKzdSi5rpbioeqYzSg6N3t6_ NTgh6ZbJvdtg8hIiQ> X-ME-Received: <xmr:DqdlYYbFjs5INjOuFQjGTDbz04jovOW3xuDmrpeoIaUVSTfzu4vMHcC1F5IBlUwFAZxgS8JFkyp2OjwUptctykcJqg> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddtkedgkeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtugfgjgesthekredttddtjeenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepgeejgeeghedtudfgffdutddvffefffejkeffffevffehgedvvdeutdffkeej jeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh gvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: <xmx:DqdlYTXqq8hKeyxwYFfTgMlNIGw6rpvc5cSMWPXqH7Fkc_BAhdIPPw> <xmx:DqdlYekavgDqrCGSL5strVNoKGF_3P2K60H_T03QkMRxrqf7WAPRGg> <xmx:DqdlYYdn0Xr1nHYlIdlTV_Pva9Wz4TGYDy5caqr83IqThGZHiccB2g> <xmx:DqdlYTw8sIIvpW7fGANsOKCme6bGUO8juYubELl_ojpvqIHbsjvzyQ> Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 12 Oct 2021 11:17:34 -0400 (EDT) Date: Tue, 12 Oct 2021 11:17:32 -0400 From: Leo Famulari <leo@HIDDEN> To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <YWWnDFynmZ8TmgHX@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> <YVC1pWYSF7ccbSs9@HIDDEN> <87k0imxqgn.fsf_-_@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87k0imxqgn.fsf_-_@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org, Attila Lendvai <attila@HIDDEN>, guix-security@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) On Sat, Oct 09, 2021 at 03:44:40PM +0200, Ludovic Courtès wrote: > This had the unfortunate effect that this patch would not show up in > Emacs debbugs.el, which, for some reason, doesn’t know about “grave”. > > I’ve changed to “important” and I’d suggest not going beyond “serious”, > which is already grave enough. :-) Noted!
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 12 Oct 2021 09:40:00 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Oct 12 05:40:00 2021 Received: from localhost ([127.0.0.1]:33521 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1maEGO-0000fh-76 for submit <at> debbugs.gnu.org; Tue, 12 Oct 2021 05:40:00 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41650) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1maEGM-0000fU-9u for 50814 <at> debbugs.gnu.org; Tue, 12 Oct 2021 05:39:58 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57240) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1maEGG-0007eg-Bs; Tue, 12 Oct 2021 05:39:52 -0400 Received: from [193.50.110.91] (port=34608 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1maEGE-00020K-G6; Tue, 12 Oct 2021 05:39:51 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Attila Lendvai <attila@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. References: <20210926101928.3877-1-attila@HIDDEN> <878rz2xq23.fsf@HIDDEN> <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 21 =?utf-8?Q?Vend=C3=A9miaire?= an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 12 Oct 2021 11:39:48 +0200 In-Reply-To: <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> (Attila Lendvai's message of "Sat, 09 Oct 2021 15:31:08 +0000") Message-ID: <87r1cqwpi3.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, Attila Lendvai <attila@HIDDEN> skribis: > there are three main topics of this patchset: > > 1) adding a (hopefully helpful) warning. the primary goal. > 2) general cleanups > 3) IIRC, fixing some actual bugs in the process Alright. Please next time open one issue per topic: that=E2=80=99s a good = way to maximize the chances that review happens in a timely fashion. :-) > as for 1): > > what i did was fork guix master, and now i'm pulling my own > authenticated branch from my own local git checkout, where every once > in a while i merge my various topic branches into my branch, and guix > pull it. > > when i added my second commit i have spent a disproportionate amount > of time trying to figure out what was happening: the first commit was > accepted, and i thought it's set up all fine. then who knows how much > later, when i added my second commit, i was staring at the screen > without a clue why pulling doesn't work anymore. > > then i ventured into quickly adding warning, so that others won't > waste their time on this, and went down the rabbit hole, which > resulted in fixing actual bugs, i believe. IIRC, they are exposed by > the test that i have added when run on the current codebase. I understand the behavior was surprising to you, but I=E2=80=99d like to se= e if we can pinpoint why. Can you think of anything that could be added to the documentation? https://guix.gnu.org/manual/en/html_node/Specifying-Channel-Authorization= s.html > as for 3), any actual bugs: > > i'll investigate again later by running the test without the fix, and wri= te > up my results here, or better yet, in a better commit message. Yes please. In general, please start by reporting the bug: what you get, what you expected, and how to reproduce. That makes it easier to understand and evaluate proposed fixes. Thanks! Ludo=E2=80=99.
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 10 Oct 2021 14:20:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 10 10:20:55 2021
Received: from localhost ([127.0.0.1]:55636 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mZZh8-0005Uj-Tr
for submit <at> debbugs.gnu.org; Sun, 10 Oct 2021 10:20:55 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50]:35338)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mZZh6-0005UV-L5
for 50814 <at> debbugs.gnu.org; Sun, 10 Oct 2021 10:20:53 -0400
Received: by mail-ed1-f50.google.com with SMTP id b8so56667866edk.2
for <50814 <at> debbugs.gnu.org>; Sun, 10 Oct 2021 07:20:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=jRHhBJQc/zMoGYglb8xQ7CKaQgrbMLn3rdJkm7wyXq4=;
b=ZLibIMVR2OhDo0s22xn5EWBm6jClBxXt6iB+BMI6wp3iatiRZKpvxXA4j7X3dEsmYi
UEPLe+wDVg0bvAv5bxB0Mt2N2yn5qahC6Rc6PQnlZFI5O3mIT10NOufQj0k+0mN4+aoH
cY36R4RtY0koTwBOEOLolYQdtWi4N//7bVfmwrVTl0D3YTKKB8Kb0KV/CL6c2KsIsmDT
if4RUKMUioDQfE3LM3NCZ7GnkulN3H4tt02azNJ8XdMQnEChDCBfsoADFBwYe45aChPg
sZrUhwQ+X/DOBlo2uPblGy3E/uqQ31PunlFz+1oCnLi30l8Z+0uYv/sOK18MFgYRFVRN
x+gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:mime-version:content-transfer-encoding;
bh=jRHhBJQc/zMoGYglb8xQ7CKaQgrbMLn3rdJkm7wyXq4=;
b=LaN7MJcWOV7fSSyVFY4fK2obAZ7hpUv/x0aFoOGkIRtdJSW33IfcumhS2piLusRgNO
jbhusCaYiBcvrjF6J2vGGtMWWrqiOi5nRsaxgY5puRAXcCVrenRc/qyOWQZ4EwCpYVrZ
vjl1n4D+JDrkxzsVwhvIq6RVL/sgNvDxbwcTnduWXuNIxdZ3ckYZFCpYulALqOs/f2k7
/y+G8D6S+mXxLqqTvDNJDhQSXmeZGEwkK+5+4nGhnxRTwobiIF8U3NSRCIwjVgbxi6HZ
2Vfprz50QiNh/h4ig1wYIsi+uiu/DeWYPHbEZYMLKvuQQsZPW2yh0XXFTfvFp4T9Nb5s
dXfw==
X-Gm-Message-State: AOAM530hE5dIKzVnHUKgAQusGiBPybTSPKWPTHFINCOQYg7JzE/zfUKL
0OoLOTmZWfr0BY+1feRgmiqo8dnOiAw=
X-Google-Smtp-Source: ABdhPJwDu1dGRPhwYdC3e4WL+XZomWyRibEXZKRtBaVuvNDyBIYA8lfYMcLQL7qmxHDVpB3vBE1AYg==
X-Received: by 2002:a17:906:2816:: with SMTP id
r22mr19229183ejc.158.1633875646625;
Sun, 10 Oct 2021 07:20:46 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id c17sm2584699edu.11.2021.10.10.07.20.45
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 10 Oct 2021 07:20:45 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH] tests: Add test for .guix-authorizations and channel intro.
Date: Sun, 10 Oct 2021 16:15:03 +0200
Message-Id: <20211010141502.15716-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
This test used to fail before a recent fix to authenticate-repository.
* tests/git-authenticate.scm: New test "signed commits, .guix-authorizations,
channel-introduction".
---
reseding the patch that adds the test (i have extended the comments where the
test fails, and also fixed the check for the warning).
> i'll investigate again later by running the test without the fix, and write
> up my results here, or better yet, in a better commit message.
i ran the test without my fix commit, and indeed it fails at two points:
1)
;; Should fail because it is signed with key2, not key1
(check-from "commit 3" #:should-fail? #true)
2)
;; It is not very intuitive why commit 1 and 2 should be trusted
;; at this point: commit 4 has previously been used as a channel
;; intro, thus it got marked as trusted in the ~/.cache/.
;; Because commit 1 and 2 are among its parents, it should also
;; be trusted at this point because of the cache. Note that
;; it's debatable whether this semantics is a good idea, but
;; this is how git-authenticate is and has been implemented for
;; a while (modulo failing to update the cache in the past when
;; taking certain code paths).
(check-from "commit 1")
please take a look at the test, and let me know if any of the
assumptions encoded into the test is wrong, or if anything
else needs clarification.
- attila
tests/git-authenticate.scm | 139 +++++++++++++++++++++++++++++++++++++
1 file changed, 139 insertions(+)
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index f66ef191b0..7989f46924 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -18,6 +18,7 @@
(define-module (test-git-authenticate)
#:use-module (git)
+ #:use-module (guix diagnostics)
#:use-module (guix git)
#:use-module (guix git-authenticate)
#:use-module (guix openpgp)
@@ -28,6 +29,10 @@
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-64)
#:use-module (rnrs bytevectors)
+ #:use-module ((rnrs conditions)
+ #:select (warning?))
+ #:use-module ((rnrs exceptions)
+ #:select (with-exception-handler))
#:use-module (rnrs io ports))
;; Test the (guix git-authenticate) tools.
@@ -226,6 +231,140 @@
#:keyring-reference "master")
#f)))))))
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, channel-introduction"
+ (let* ((result #true)
+ (key1 %ed25519-public-key-file)
+ (key2 %ed25519-2-public-key-file)
+ (key3 %ed25519-3-public-key-file))
+ (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file
+ key2 %ed25519-2-secret-key-file
+ key3 %ed25519-3-secret-key-file)
+ (with-temporary-git-repository dir
+ `((checkout "keyring" orphan)
+ (add "signer1.key" ,(call-with-input-file key1 get-string-all))
+ (add "signer2.key" ,(call-with-input-file key2 get-string-all))
+ (add "signer3.key" ,(call-with-input-file key3 get-string-all))
+ (commit "keyring commit")
+
+ (checkout "main" orphan)
+ (add "noise0")
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ (,(key-fingerprint key3) (name "Charlie"))))))
+ (commit "commit 0" (signer ,(key-fingerprint key3)))
+ (add "noise1")
+ (commit "commit 1" (signer ,(key-fingerprint key1)))
+ (add "noise2")
+ (commit "commit 2" (signer ,(key-fingerprint key1))))
+ (with-repository dir repo
+ (let* ((commit-0 (find-commit repo "commit 0"))
+ (check-from
+ (lambda* (commit #:key (should-fail? #false) (key key1)
+ (historical-authorizations
+ ;; key3 is trusted to authorize commit 0
+ (list (key-fingerprint-vector key3))))
+ (guard (c ((unauthorized-commit-error? c)
+ (if should-fail?
+ c
+ (let ((port (current-output-port)))
+ (format port "FAILURE: Unexpected exception at commit '~s':~%"
+ commit)
+ (print-exception port (stack-ref (make-stack #t) 1)
+ c (exception-args c))
+ (set! result #false)
+ '()))))
+ (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%"
+ commit should-fail?)
+ ;; to be able to inspect in the logs
+ (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main")
+ (set! commit (find-commit repo commit))
+ (authenticate-repository
+ repo
+ (commit-id commit)
+ (key-fingerprint-vector key)
+ #:historical-authorizations historical-authorizations)
+ (when should-fail?
+ (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit)
+ (set! result #false))
+ '()))))
+ (check-from "commit 0" #:key key3)
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (with-git-repository dir
+ `((add "noise 3")
+ ;; a commit with key2
+ (commit "commit 3" (signer ,(key-fingerprint key2))))
+ ;; Should fail because it is signed with key2, not key1
+ (check-from "commit 3" #:should-fail? #true)
+ ;; Specify commit 3 as a channel-introduction signed with
+ ;; key2. This is valid, but it should warn the user, because
+ ;; .guix-authorizations is not updated to include key2, which
+ ;; means that any subsequent commits with the same key will be
+ ;; rejected.
+ (set! result
+ (and (let ((signalled? #false))
+ (with-exception-handler
+ (lambda (c)
+ (cond
+ ((not (warning? c))
+ (raise c))
+ ((formatted-message? c)
+ (format #true "warning (expected): ~a~%"
+ (apply format #false
+ (formatted-message-string c)
+ (formatted-message-arguments c)))
+ (set! signalled? #true)))
+ '())
+ (lambda ()
+ (check-from "commit 3" #:key key2)
+ (unless signalled?
+ (format #t "FAILURE: No warning signalled for commit 3~%"))
+ signalled?)))
+ result)))
+ (with-git-repository dir
+ `((reset ,(oid->string (commit-id (find-commit repo "commit 2"))))
+ (add "noise 4")
+ ;; set it up properly
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ (,(key-fingerprint key2) (name "Bob"))))))
+ (commit "commit 4" (signer ,(key-fingerprint key2))))
+ ;; This should fail because even though commit 4 adds key2 to
+ ;; .guix-authorizations, the commit itself is not authorized.
+ (check-from "commit 1" #:should-fail? #true)
+ ;; This should pass, because it's a valid channel intro at commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 5")
+ (commit "commit 5" (signer ,(key-fingerprint key2))))
+ ;; It is not very intuitive why commit 1 and 2 should be trusted
+ ;; at this point: commit 4 has previously been used as a channel
+ ;; intro, thus it got marked as trusted in the ~/.cache/.
+ ;; Because commit 1 and 2 are among its parents, it should also
+ ;; be trusted at this point because of the cache. Note that
+ ;; it's debatable whether this semantics is a good idea, but
+ ;; this is how git-authenticate is and has been implemented for
+ ;; a while (modulo failing to update the cache in the past when
+ ;; taking certain code paths).
+ (check-from "commit 1")
+ (check-from "commit 2")
+ ;; Should still be fine, but only when starting from commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 6")
+ (commit "commit 6" (signer ,(key-fingerprint key1))))
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (check-from "commit 4" #:key key2))))))
+ result))
+
(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 9 Oct 2021 15:31:21 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 09 11:31:20 2021 Received: from localhost ([127.0.0.1]:54009 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mZEJk-0000R3-M0 for submit <at> debbugs.gnu.org; Sat, 09 Oct 2021 11:31:20 -0400 Received: from mail-4317.proton.ch ([185.70.43.17]:26470) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mZEJh-0000Qp-Uv for 50814 <at> debbugs.gnu.org; Sat, 09 Oct 2021 11:31:19 -0400 Date: Sat, 09 Oct 2021 15:31:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1633793471; bh=cWGe46mUxTt8gIBDDZ/4+8IOcnj3B/GSw34YCSH+2VY=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=tGjUyAfButZus/sEMFtFYbCJa4Hp5/nIykXPewZa2ifJ1IW5xOJNSHKAyFTs4h453 01w3gSWIz5ZfWMClPZlkkIwCVTRUfxP00iDZbn1z10zCth0aZpsw7BmKlR/inB6vF7 q2w6/vq5c1Vm5DXzJeQj87+tDjF1tkU2fYmH4BuBaxdWKTSl6wjyLjRgTwyIdgtWDp zkBdZEzLu3NeIqogMHmV84x55ayhW0gQettLxkVS6WevXPjGQIwnTcdpchzXKJh+vF Er9Kvk/WVJczUuY36nNt64rQZnyujdsDukZR45ZavKYAuAZIU02/EGbMoM/Gsdz49G zMLjbcuCA8vZw== To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <wd2szjiaeLK46fkuZuw5593yUyqo_N18oULu7hsDbGrZzHWTQw2H2cwlFs7-CemTb5CzENsmcrGKwB0yN2k8od--1tUTIsP-7rvxrAbq-Js=@lendvai.name> In-Reply-To: <878rz2xq23.fsf@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> <878rz2xq23.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) > Does that make sense? there are three main topics of this patchset: 1) adding a (hopefully helpful) warning. the primary goal. 2) general cleanups 3) IIRC, fixing some actual bugs in the process as for 1): what i did was fork guix master, and now i'm pulling my own authenticated branch from my own local git checkout, where every once in a while i merge my various topic branches into my branch, and guix pull it. when i added my second commit i have spent a disproportionate amount of time trying to figure out what was happening: the first commit was accepted, and i thought it's set up all fine. then who knows how much later, when i added my second commit, i was staring at the screen without a clue why pulling doesn't work anymore. then i ventured into quickly adding warning, so that others won't waste their time on this, and went down the rabbit hole, which resulted in fixing actual bugs, i believe. IIRC, they are exposed by the test that i have added when run on the current codebase. as for 3), any actual bugs: i'll investigate again later by running the test without the fix, and write up my results here, or better yet, in a better commit message. -- =E2=80=A2 attila lendvai =E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39 -- It should be a grammatical if not legal offense to ascribe thoughts, opinio= ns and decisions to "we" without a signed power of attorney.
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 9 Oct 2021 13:53:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 09 09:53:34 2021
Received: from localhost ([127.0.0.1]:52511 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mZCn7-00063C-QX
for submit <at> debbugs.gnu.org; Sat, 09 Oct 2021 09:53:34 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34574)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1mZCn6-00062x-0K
for 50814 <at> debbugs.gnu.org; Sat, 09 Oct 2021 09:53:32 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:55238)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1mZCn0-00085Q-Np; Sat, 09 Oct 2021 09:53:26 -0400
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59224
helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1mZCn0-00086Z-D6; Sat, 09 Oct 2021 09:53:26 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>
Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate
the channel intro commit.
References: <20210926101928.3877-1-attila@HIDDEN>
Date: Sat, 09 Oct 2021 15:53:24 +0200
In-Reply-To: <20210926101928.3877-1-attila@HIDDEN> (Attila Lendvai's
message of "Sun, 26 Sep 2021 12:19:29 +0200")
Message-ID: <878rz2xq23.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Attila,
Attila Lendvai <attila@HIDDEN> skribis:
> * guix/git-authenticate.scm (authenticate-commit): Reword and extend the =
error
> message to point to the relevant part of the manual.
> (authenticate-repository): Explicitly authenticate the channel introducti=
on
> commit, so that it's also rejected unless it is signed by an authorized
> key. Otherwise only the second commit would yield an error, which
> is confusing.
This behavior is intentional and documented (info "(guix) Specifying
Channel Authorizations"):
Channel introductions answer these questions by describing the first
commit of a channel that should be authenticated. The first time a
channel is fetched with =E2=80=98guix pull=E2=80=99 or =E2=80=98guix time=
-machine=E2=80=99, the command
looks up the introductory commit and verifies that it is signed by the
specified OpenPGP key. From then on, it authenticates commits according
to the rule above.
[=E2=80=A6]
The channel introduction, as we saw above, is the commit/key
pair=E2=80=94i.e., the commit that introduced =E2=80=98.guix-authoriza=
tions=E2=80=99, and
the fingerprint of the OpenPGP used to sign it.
By definition, parent commits of the introduction do not (not
necessarily) provide =E2=80=98.guix-authorizations=E2=80=99. So there=E2=
=80=99s nothing to be
done here, other than checking that the introductory commit is indeed
signed by the key specified in the introduction.
Does that make sense?
(Other patches you posted in this thread might be useful though, but we
can discuss them independently.)
Thanks,
Ludo=E2=80=99.
PS: If you haven=E2=80=99t already, you can take a look at the following pa=
ges
for more on the design rationale:
https://guix.gnu.org/en/blog/2020/securing-updates/
https://issues.guix.gnu.org/22883#69
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 9 Oct 2021 13:44:57 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 09 09:44:57 2021 Received: from localhost ([127.0.0.1]:52506 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mZCem-0005oA-Ue for submit <at> debbugs.gnu.org; Sat, 09 Oct 2021 09:44:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:32882) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1mZCek-0005nx-D5 for 50814 <at> debbugs.gnu.org; Sat, 09 Oct 2021 09:44:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55092) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1mZCee-0001TQ-W8; Sat, 09 Oct 2021 09:44:49 -0400 Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59222 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1mZCeY-0007KN-Bn; Sat, 09 Oct 2021 09:44:48 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Leo Famulari <leo@HIDDEN> Subject: Re: bug#50814: [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. References: <20210926101928.3877-1-attila@HIDDEN> <YVC1pWYSF7ccbSs9@HIDDEN> Date: Sat, 09 Oct 2021 15:44:40 +0200 In-Reply-To: <YVC1pWYSF7ccbSs9@HIDDEN> (Leo Famulari's message of "Sun, 26 Sep 2021 14:02:13 -0400") Message-ID: <87k0imxqgn.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org, Attila Lendvai <attila@HIDDEN>, guix-security@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi! Leo Famulari <leo@HIDDEN> skribis: > I've marked the severity as "grave", which in Debbugs parlance means > "makes the package in question unusable or mostly so, or causes data > loss, or introduces a security hole allowing access to the accounts of > users who use the package." This had the unfortunate effect that this patch would not show up in Emacs debbugs.el, which, for some reason, doesn=E2=80=99t know about =E2=80= =9Cgrave=E2=80=9D. I=E2=80=99ve changed to =E2=80=9Cimportant=E2=80=9D and I=E2=80=99d suggest= not going beyond =E2=80=9Cserious=E2=80=9D, which is already grave enough. :-) Ludo=E2=80=99.
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 23:14:54 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 19:14:54 2021 Received: from localhost ([127.0.0.1]:50949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVims-0002F5-EO for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 19:14:54 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:41180) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1mVimq-0002Ew-K9 for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 19:14:53 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by michel.telenet-ops.be with bizsmtp id zzEq250080mfAB406zEqNf; Thu, 30 Sep 2021 01:14:50 +0200 Message-ID: <bf6e3898a0df95edd777027767e791fbb91f7cdb.camel@HIDDEN> Subject: Re: [bug#50814] [PATCH 5/5] guix: git-authenticate: Fix authenticate-repository. From: Maxime Devos <maximedevos@HIDDEN> To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org Date: Thu, 30 Sep 2021 01:14:44 +0200 In-Reply-To: <20210928162406.27205-5-attila@HIDDEN> References: <20210928162406.27205-1-attila@HIDDEN> <20210928162406.27205-5-attila@HIDDEN> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-bw1GYLABH7zY1e7MLO6/" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1632957291; bh=lZHk8pZgUEyrOGgC/rByi1ZlvHRjWfnUx6VspRoW6fE=; h=Subject:From:To:Date:In-Reply-To:References; b=K7QBne2ZJrCe1D2FArpaknC5GsrTtpyyOPiKF+87kQTf72gzg1SiFZL03c3LfwGPx gBOC9af3FqgnLJEYkWsJi/vt3T7kJhiy40987COYyZBa8W1hIqzFh5YBEAgsiK0ZD0 95mMsFh2qXgCXcQRYfPKqh6o1lR341TlWOa1+1CMlorGWCHUOglSnxTa0VcEYbmLO4 1FM29V4frNCccOu0ac9xR4iTavE1y2bbUGT5kBBP7KYsM5Fo4pLXOtQjx6NqZhxkFx v7lrYWg17oWppw4zd36x2nSv78JhMI5hHWQM0hNMRSmmAc/Pw/eWT9B+SvxCQvnwve xsYzYT1moxFaA== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-bw1GYLABH7zY1e7MLO6/ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op di 28-09-2021 om 18:24 [+0200]: > [...] > -(define* (commit-authorized-keys repository commit > - #:optional (default-authorizations '())= ) > - "Return the list of OpenPGP fingerprints authorized to sign COMMIT, ba= sed on > -authorizations listed in its parent commits. If one of the parent commi= ts > -does not specify anything, fall back to DEFAULT-AUTHORIZATIONS." > +(define (authorized-keys-at-commit repository commit default-authorizati= ons) > + "Return the list of authorized key fingerprints from the '.guix-author= izations' > +file at the given commit." Could 'default-authorizations' still be documented? Anyway, I don't see any problems with this patch (ignoring the warning and = the docstrings), but I'm completely unfamiliar with the internals of channel authentication, so I don't know what to look for. You'll need to find some= one else to review this. Greetings, Maxime --=-bw1GYLABH7zY1e7MLO6/ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVTzZBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7r1sAPwPBMrVj2xf2/3+qRc2vCdJ99mL KGQv4vjiAmGOHRA6zAD9FPycoQ3VFncbi4+HCqt6WplEYsgLkw5Nneps9E4mYgU= =LpmA -----END PGP SIGNATURE----- --=-bw1GYLABH7zY1e7MLO6/--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 22:03:49 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 18:03:49 2021 Received: from localhost ([127.0.0.1]:50528 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVhg4-00009U-UU for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 18:03:49 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:53470) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1mVhg0-00009J-Dh for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 18:03:48 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by laurent.telenet-ops.be with bizsmtp id zy3i250030mfAB401y3ih5; Thu, 30 Sep 2021 00:03:42 +0200 Message-ID: <7a5b17dc857d92520df599bcbc592cd416ad71a2.camel@HIDDEN> Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions. From: Maxime Devos <maximedevos@HIDDEN> To: Attila Lendvai <attila@HIDDEN> Date: Thu, 30 Sep 2021 00:03:36 +0200 In-Reply-To: <FUwKtKPCBTmnvR7XMsNnfXkl-TyoK-YNruBr7HrCoVYZgwcAJUTmQ187kmE28sip2FXjtY17cBMVPT0WVhGgjUjbl2OsHtTDgqIVDEW6PLI=@lendvai.name> References: <20210928162406.27205-1-attila@HIDDEN> <20210928162406.27205-4-attila@HIDDEN> <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN> <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name> <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN> <FUwKtKPCBTmnvR7XMsNnfXkl-TyoK-YNruBr7HrCoVYZgwcAJUTmQ187kmE28sip2FXjtY17cBMVPT0WVhGgjUjbl2OsHtTDgqIVDEW6PLI=@lendvai.name> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-RsXiQPOkDr9MlkfvjaZJ" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1632953022; bh=qiqjP3zbA/FaGu7htsX+CknU0csunBPUmyPDGjzYD0c=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=nB1X/X0pX0+N/tMWanPXuFt6IZIFcSnBSBGJNNGJqfj80S1Il/XLEZbGpPrI+LdAT sFwjVj04V6nnvGpsf9jh6cC67U4s+1o35KHF8amHb83tBalrDUXuWbWU7D6Zrx6nEo AVaC6QHRvNSWnbZtb+vzpqSgDJEH8gsFbDMesyB0bH+gPnwAosLcpLYfQROQIRvLJv G05Rpl/1ZYne6bTFZgpQeI1MeB7TUwDhCIKblKbMdzyqqUgh8bKmGNXM4A09p06Jlv ucpLNk/tD0Fntu6d/Z1Fjy3rdC9D2igvtvuSTsDV8MVRxfhI7YBwjas3/mjAhYAdUb d6w4crhy/tsgw== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-RsXiQPOkDr9MlkfvjaZJ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op wo 29-09-2021 om 21:22 [+0000]: > >=20 [...] >=20 > > Conventionally, to emit warnings, the procedure 'warning' from > > (guix diagnostics) is used. See e.g. (guix ci), (guix deprecation), (gu= ix gexp), > > (guix import ...), various modules under (guix scripts ...), (guix upst= ream) ... > >=20 > > Is there any reason not to use this pre-existing procedure? >=20 > in a more advanced UI it might be a different story, but in the > current setup the only reason is to be able to assert for the warning > in the tests. >=20 > is that worth it? shall i just user WARNING and forget about the test? Testing a warning is emitted seems nice. You could parameterise guix-warni= ng-port and use call-with-output-sting to capture the warning, and use (not (string= -null? ...)) to verify a warning has been emitted. From a quick grep, it appears tests/transformations.scm and tests/substitute.scm are doing things like th= is. Greetings, Maxime. --=-RsXiQPOkDr9MlkfvjaZJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVTiuBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7oSWAPwLHsXLqm2umA08K19ScaFaJKFI gsGMA29dbbdd6ghqKQEAknynqmSt4jLhzkr8HlbM3fhhbaJTtSJFNm1GU+7PQwI= =D2oU -----END PGP SIGNATURE----- --=-RsXiQPOkDr9MlkfvjaZJ--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 21:22:46 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 17:22:46 2021 Received: from localhost ([127.0.0.1]:50476 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVh2M-0007Yh-49 for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 17:22:46 -0400 Received: from mail-4317.protonmail.ch ([185.70.43.17]:59462) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mVh2H-0007YO-IP for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 17:22:45 -0400 Date: Wed, 29 Sep 2021 21:22:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1632950553; bh=xIZ983uEEPBKPYoKYhZ8gUvI3b915/T7DvQfvhGKLwE=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=CKi+DSP0Y/GPgI/uosTU/J8G4fDVhCqOsYBGNjq8mM9jTxWQUzD/qErx1J0a8Kffr GqfraV6kC53L+uHfk6yvpRnfS+DnQ4VHy1n5lRGFqi4kpUBcfdeMj90rfMJhhD9i8A l+r3GrKKV4xRORqTrrD26qG5CkDHeaWAULAZL8PjheTg6pMcIRkVxqOTDxMSmHFh9O 8wW7YPzBe9JTK9sw24K6kf/k2xgG44XNYbDIzDmRR3K1zb+nGzXIcLBpL553UjA+Ba ql59uxWH57V2q5Axranl1jKS/qBvK7CqFn7tkX/aAEJh+cj8GxC7t2KgZnEDat5WtV BuJZX15hpCQYQ== To: Maxime Devos <maximedevos@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions. Message-ID: <FUwKtKPCBTmnvR7XMsNnfXkl-TyoK-YNruBr7HrCoVYZgwcAJUTmQ187kmE28sip2FXjtY17cBMVPT0WVhGgjUjbl2OsHtTDgqIVDEW6PLI=@lendvai.name> In-Reply-To: <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN> References: <20210928162406.27205-1-attila@HIDDEN> <20210928162406.27205-4-attila@HIDDEN> <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN> <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name> <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) > About 1): which 'wind part' of dynamic-wind are you referring to? > > The in-guard or the out-guard? > > If the out-guard is empty, then the reference to the old connection will > be overwritten when the fiber is paused and resumed, so the old connectio= n > will eventually be GC'ed, thus the daemon forgets some GC roots, leading > to a rare GC bug. > > If the in-guard is empty, then the after pausing the fiber and resuming i= t, > the connection will be closed while the fiber might still need it. ok, so this is a no-go. thanks for the clarification! > Conventionally, to emit warnings, the procedure 'warning' from > (guix diagnostics) is used. See e.g. (guix ci), (guix deprecation), (guix= gexp), > (guix import ...), various modules under (guix scripts ...), (guix upstre= am) ... > > Is there any reason not to use this pre-existing procedure? in a more advanced UI it might be a different story, but in the current setup the only reason is to be able to assert for the warning in the tests. is that worth it? shall i just user WARNING and forget about the test? - attila PGP:=C2=A05D5F 45C7 DFCD 0A39
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 20:36:39 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 16:36:39 2021 Received: from localhost ([127.0.0.1]:50381 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVgJj-0006MX-0Y for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 16:36:39 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:40284) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1mVgJe-0006MJ-SY for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 16:36:37 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by albert.telenet-ops.be with bizsmtp id zwcY2500H0mfAB406wcYHA; Wed, 29 Sep 2021 22:36:33 +0200 Message-ID: <929da16ca45605a5bed718dea5d76db7176cf985.camel@HIDDEN> Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions. From: Maxime Devos <maximedevos@HIDDEN> To: Attila Lendvai <attila@HIDDEN> Date: Wed, 29 Sep 2021 22:36:14 +0200 In-Reply-To: <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name> References: <20210928162406.27205-1-attila@HIDDEN> <20210928162406.27205-4-attila@HIDDEN> <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN> <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-V/4MxGN70x5Z6s40eva8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1632947793; bh=GI22FkuoFEqBMKujaz1eIZPoiDfNNAwOM3ycosZJuQ8=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=ELC9mLpRPPdOSh/RFotimQhzBrHJPPvu3F94UnWASdQEhPdHj++D645V5MsfJsVfx rfH2fD+YrBX0O8UToRpJvWFbSOA28VvywXLhSF/Vc3yUnN/pXTfrVvtnwIv9YLKN5W 2hZt0P4Zr43zk/pr/xNOYtjv9CFTtAlPFuTvareheQ7u9I8wkImdDUqI0cq/oKiGq9 Jnv1vSppUHVQMVKdhnuZnukloteVVH5NZvefpT8gzQklQPpM6go08zRES9ustJJRmH 3HPjL9xtr4CaJ9t82v2JLrvVq3aJEeIR+/jKbhNL/BcvGEkac9ncy6L9cJbPnOw/sB nitTNGO3sitvg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-V/4MxGN70x5Z6s40eva8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op wo 29-09-2021 om 14:50 [+0000]: > > Do we really need to close and open the connection again every time > > a continuation is made and resumed? This seems inefficient if a threadi= ng > > mechanism implemented by continuations is used (such as guile-fibers), > > and there are two threads (=E2=80=98fibers=E2=80=99) communicating and = waiting with/for > > each other in a loop, causing many =E2=80=98context switches=E2=80=99 (= i.e., many captured > > and resumed continuations). > >=20 > > Also note that a connection has some state: to the guix-daemon, it acts= as > > a GC root for everything built with the connection, and everything adde= d to > > the store (with add-to-store & friends) with that connection ... Simply > > reconnecting isn't sufficient. >=20 > pardon my ignorance wrt dynamic-wind and call/cc, but does that^ mean > that 1) i should simply leave the wind part of the dynamic-wind empty > and move back the open-connection call into the let... or that 2) the > entire idea of replacing the exception handler with an unwind-protect > is flawed? About 1): which 'wind part' of dynamic-wind are you referring to? The in-guard or the out-guard? If the out-guard is empty, then the reference to the old connection will be overwritten when the fiber is paused and resumed, so the old connection will eventually be GC'ed, thus the daemon forgets some GC roots, leading to a rare GC bug. If the in-guard is empty, then the after pausing the fiber and resuming it, the connection will be closed while the fiber might still need it. > if 2) then i'll try to smarten up the handler to use raise-continuable > if the exception is of type &warning. That should work. Or simpler: always use raise-continuable. > or any better ideas? Conventionally, to emit warnings, the procedure 'warning' from (guix diagnostics) is used. See e.g. (guix ci), (guix deprecation), (guix = gexp), (guix import ...), various modules under (guix scripts ...), (guix upstream= ) ... Is there any reason not to use this pre-existing procedure? Greetings, Maxime --=-V/4MxGN70x5Z6s40eva8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVTOPhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kuAAQCi8x1NRBBbbxHyFXbLl61sG0ss PuW6GDFBYCce02bXJQD+KB6Al9UEmjJL54d0ZSqL5GHacy/U1mFVBHwJVrwxFQA= =C9qm -----END PGP SIGNATURE----- --=-V/4MxGN70x5Z6s40eva8--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 14:50:54 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 10:50:53 2021 Received: from localhost ([127.0.0.1]:49809 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVav7-0006wG-M4 for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:50:53 -0400 Received: from mail-40131.protonmail.ch ([185.70.40.131]:30734) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mVav2-0006vj-OT for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:50:51 -0400 Date: Wed, 29 Sep 2021 14:50:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1632927038; bh=ht3REuv6VmcGMLY4mX52yeI26rlq6/P5sLr1HfPS4jA=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=pro0HByhPC+bAOSTYG2319hfOFO1n6qNw8JWAqLDq3kfW6RvphzCeOYvrVKk05Pjz QabnJgkV/LKg/J7jchr+3fYzmoothCRKgPsLxU9ZNkrU0XnIBtWywBQBspkF++Rs1H C1y1DlRy04GyxkLnDxCarZ/5A0tByiFAM7Fi01fyYS/oona5gzoUvSh8NCopP05HYg K7hAgaf8c83dAYfkTryRkFiWmJ+y8dQbqXwNDlpeezCR8LDWUg4t+qgevQePDDqPof 3wNEqLvAnFnttr9Fx/zJRZpSbKxwF0dx6puph3QXUXN+E08nCQIFhBtd2w2JNBHtsx SWeBrXTJbU/Yw== To: Maxime Devos <maximedevos@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions. Message-ID: <KXhKsjTN2gmW0wKMEmBlxgJN40WGeWtZBwW2Pi9T1QJXVdrbM7bG-7xx0gWCTf5uN1wGgSbx8nARju9N8-oV8roXtPM2gQgTi13XwLpIWvc=@lendvai.name> In-Reply-To: <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN> References: <20210928162406.27205-1-attila@HIDDEN> <20210928162406.27205-4-attila@HIDDEN> <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) > Do we really need to close and open the connection again every time > a continuation is made and resumed? This seems inefficient if a threading > mechanism implemented by continuations is used (such as guile-fibers), > and there are two threads (=E2=80=98fibers=E2=80=99) communicating and wa= iting with/for > each other in a loop, causing many =E2=80=98context switches=E2=80=99 (i.= e., many captured > and resumed continuations). > > Also note that a connection has some state: to the guix-daemon, it acts a= s > a GC root for everything built with the connection, and everything added = to > the store (with add-to-store & friends) with that connection ... Simply > reconnecting isn't sufficient. pardon my ignorance wrt dynamic-wind and call/cc, but does that^ mean that 1) i should simply leave the wind part of the dynamic-wind empty and move back the open-connection call into the let... or that 2) the entire idea of replacing the exception handler with an unwind-protect is flawed? if 2) then i'll try to smarten up the handler to use raise-continuable if the exception is of type &warning. or any better ideas? - attila PGP:=C2=A05D5F 45C7 DFCD 0A39
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 14:13:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 10:13:55 2021 Received: from localhost ([127.0.0.1]:49667 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVaLL-0003iQ-5O for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:13:55 -0400 Received: from andre.telenet-ops.be ([195.130.132.53]:44186) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1mVaLG-0003iE-Lk for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 10:13:53 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by andre.telenet-ops.be with bizsmtp id zqDo2500b0mfAB401qDoYM; Wed, 29 Sep 2021 16:13:49 +0200 Message-ID: <9c093db2d9019ef2fe9b27979a3b51848f179a3b.camel@HIDDEN> Subject: Re: [bug#50814] [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions. From: Maxime Devos <maximedevos@HIDDEN> To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org Date: Wed, 29 Sep 2021 16:13:42 +0200 In-Reply-To: <20210928162406.27205-4-attila@HIDDEN> References: <20210928162406.27205-1-attila@HIDDEN> <20210928162406.27205-4-attila@HIDDEN> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-fwnIi1rQ1JgQz8m0OazP" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1632924829; bh=5Ffj+pQ3MovUAxbPyulRYK4eGVoJqKAIe75r1CDU1+U=; h=Subject:From:To:Date:In-Reply-To:References; b=NFYv/8D+VxkVevOjOmV83HQa6DBrDMQYCYDJfVV9giBkstHoYPfjb0dndQwfUhYM5 IHzsgEm6Y8RnCLC4pcu0CKiThnfFetiVjpP8gV7eFeSUJ1AcLQzrU0beM5pD+gN9H/ 8g8TIQTDiP9m38jmyNBPERJN4GHrWE1Ns2GanX/quBll0rCWxtVb4kiqFZymVe3smf iRsUrtmkuCi3fIS15Lsy/hJuSFe9B4iMyOv9aAZjtkaKDeIrVziREh8y4CUDM8US/I CX/aN2Y7yb66iZDXitgCcsNgwPjLGSxETN6qYOdY6GNJAUPVBJxXpvfcp6oqF+V0he dsZSOk9Y4brGw== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-fwnIi1rQ1JgQz8m0OazP Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op di 28-09-2021 om 18:24 [+0200]: > (define (call-with-store proc) > "Call PROC with an open store connection." > - (let ((store (open-connection))) > + (let ((store '())) > (define (thunk) > (parameterize ((current-store-protocol-version > (store-connection-version store))) > (call-with-values (lambda () (proc store)) > (lambda results > - (close-connection store) > (apply values results))))) > =20 > - (with-exception-handler (lambda (exception) > - (close-connection store) > - (raise-exception exception)) > - thunk))) > + (dynamic-wind > + (lambda () > + (set! store (open-connection))) > + thunk > + (lambda () > + (close-connection store) > + (set! store '()))))) Do we really need to close and open the connection again every time a continuation is made and resumed? This seems inefficient if a threading mechanism implemented by continuations is used (such as guile-fibers), and there are two threads (=E2=80=98fibers=E2=80=99) communicating and wait= ing with/for each other in a loop, causing many =E2=80=98context switches=E2=80=99 (i.e.= , many captured and resumed continuations). Also note that a connection has some state: to the guix-daemon, it acts as a GC root for everything built with the connection, and everything added to the store (with add-to-store & friends) with that connection ... Simply reconnecting isn't sufficient. Greetings, Maxime --=-fwnIi1rQ1JgQz8m0OazP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVR0lhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7pHcAP90sSXgTCFgHHH0TfD2dUDxQjys 03G/1Cix0O9jBBSZ2wD+KVvjBBduVO0t/RijZwAYoRDaykNRGY8suWjYft5TKgY= =887w -----END PGP SIGNATURE----- --=-fwnIi1rQ1JgQz8m0OazP--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 29 Sep 2021 13:58:16 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 29 09:58:16 2021 Received: from localhost ([127.0.0.1]:49641 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mVa6C-0003Jt-70 for submit <at> debbugs.gnu.org; Wed, 29 Sep 2021 09:58:16 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:46724) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1mVa67-0003Jg-9Z for 50814 <at> debbugs.gnu.org; Wed, 29 Sep 2021 09:58:14 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by baptiste.telenet-ops.be with bizsmtp id zpy82500D0mfAB401py86Z; Wed, 29 Sep 2021 15:58:08 +0200 Message-ID: <f9e5cc572e6495e2b2a4bd88ef81f84efabda31f.camel@HIDDEN> Subject: Re: [bug#50814] [PATCH 3/4] tests: Add failing test for .guix-authorizations and channel intro. From: Maxime Devos <maximedevos@HIDDEN> To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org Date: Wed, 29 Sep 2021 15:58:08 +0200 In-Reply-To: <20210928010537.4241-3-attila@HIDDEN> References: <20210928010537.4241-1-attila@HIDDEN> <20210928010537.4241-3-attila@HIDDEN> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-NM6Ajykp1VsLUt3Z5qKU" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1632923888; bh=XcjIjwrPSED3o0y7LRGYFAjoPTDbqJEe5Jgk7yX7FtQ=; h=Subject:From:To:Date:In-Reply-To:References; b=JExjVBZsz/pYkk6B5Iq+A1LH6Eq7eCePVvtB71cgG3R+FGJbsGdZfzJvFhCYvieIs clEV8AJXwlkz/+B2F2txHEX21FVrnF/pxrTnA+Z/e2fiq9pxSi1m8YZyNzwxGcD5zF CREp737GOUdFG3OwrpysXVg4NI6INOplOf+Do+aFRojvggaJF2wkvfnTvAJNLyVlKD Pm3vAeLZc7iFX71vQftlomwkIuVoTjZU3Q6/+gDIMNpZ4ejk15Vh1+nWDeSVpYmyCV nNIODHVN+JcE+VaEnz99+JD8e2ocC368ndER2o+L4AuxzDwLjibcpjsxN9VIeWcazv 0n6sIQRdHNPbA== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-NM6Ajykp1VsLUt3Z5qKU Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op di 28-09-2021 om 03:05 [+0200]: > Will be fixed in a subsequent commit. >=20 > * tests/git-authenticate.scm: New test "signed commits, .guix-authorizati= ons, > channel-introduction". I recommend placing the patch fixing the error before the test, to aid bisection. Greetings, Maxime. --=-NM6Ajykp1VsLUt3Z5qKU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVRw8BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qXtAQDO2jsIOIrH3f4Ura6HrvtHRr2b oairs5IUDmZsMdu37AD+JTr9JPVQWZT5As535QQm0O2i1cBYigwF7hFQ5hz9OAs= =VqJm -----END PGP SIGNATURE----- --=-NM6Ajykp1VsLUt3Z5qKU--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:28:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:28:05 2021
Received: from localhost ([127.0.0.1]:46800 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mVFxc-0005cy-B6
for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:28:04 -0400
Received: from mail-ed1-f41.google.com ([209.85.208.41]:36655)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mVFxY-0005cD-GS
for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:28:02 -0400
Received: by mail-ed1-f41.google.com with SMTP id y35so34379300ede.3
for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:28:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=K3gV4fd7UNLEYp1WYaFYa5vcbIbwtvEpYeiR+CxFaIY=;
b=qGwXbsdTK0YeIShJIQJvxxn2CJZovHDAOTE9jz9xGn2aJNVA0gb6zR0isBV7/ug+Q6
NPpMJp3MaUa8FuqixBQm8/wpNsWVNafDPwEHsSbv6JN0Xt6z+N41p+W9klnDJviqem9E
kpmeVNDIVKzO/GYjlpZnvTpT5W25BmR6ISgyZ+c+Pz4Bgqfx6VEGUyoLHkSUcyEQ8WNC
qdqtbFC7pYMr4aOQcShpgRy/ojJiURfLH3LBhxkXOrm3uwxIUD020mPIYTx42Ox/I4cY
aNLoRaFoQUP7qJKPTFcYXeTlElSh8uTjdVlp4CySnTXTSHCs2dlGcyI9wo3yduHYc8lE
2+0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=K3gV4fd7UNLEYp1WYaFYa5vcbIbwtvEpYeiR+CxFaIY=;
b=Ju3S+yEzdHL90bDfZoK1W6/atcnDiFNJ9UrMl5zK1nOjtyhNQscKkLv20wH80G0RCz
Qk238JNMw+gsGNcv09P8hnKIrl4Se5K8XWZM5B4pNI6u7csaC65UnpqjLph1H/LqsZNx
JxO5I4b1DHmw/4+ib4zjZFMzYaNTcBnFLUJq+T9LnBMfgvjAsja2w//UUHrmqzc3v6m0
FRG1Jl+omlz2FwdhGatlNzX6FCp09/7J8lTjltJdM8/lQf/NR2Wh547kqa4krauykMTc
4RbreXU7sILPVtdE87xMMgZtTYijhSien48xRn8mi9VrWmkiySrdTcStvY3vPUpklZN5
HHLA==
X-Gm-Message-State: AOAM532CtXHXJrB7UGVoRwETc9TvEhVGIckrhpNWgFYAF17JrVH3ZrO+
xwjKayMypGBlnox6P1AO+azIadq6CpY=
X-Google-Smtp-Source: ABdhPJzXlVtjKkjrYVmpU/HVspvBWphxDTyKjx1wi5PCfOfV9O/YA8ssXLqYcX/ZWEN/iYVkAed+IA==
X-Received: by 2002:aa7:cd41:: with SMTP id v1mr8494871edw.393.1632846473009;
Tue, 28 Sep 2021 09:27:53 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.27.52
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Sep 2021 09:27:52 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 5/5] guix: git-authenticate: Fix authenticate-repository.
Date: Tue, 28 Sep 2021 18:24:08 +0200
Message-Id: <20210928162406.27205-5-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
Always verify the channel introduction commit, so that no commit can slip
through that was signed with a different key.
Always update the cache, because it affects the behavior of later calls.
Signal a continuable compound-condition (with type &warning included) when a
channel introduction commit doesn't also update the '.guix-authentications'
file.
* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Eliminate optimizations to make the code path less
dependent on the input. Always trust the intro-commit itself. Always call
verify-introductory-commit.
(verify-introductory-commit): Check if the commit contains the key that was
used to sign it, and issue a warning otherwise. This is to avoid the confusion
caused by only the *second* commit yielding an error, because intro-commits
are always trusted.
(authenticate-commit): Clarify error message.
(authorized-keys-at-commit): Factored out to the toplevel from
commit-authorized-keys.
---
An example output with this patch:
$ ./pre-inst-env guix pull --allow-downgrades
Updating channel 'guix' from Git repository at '/path/guix'...
guix pull: warning: moving channel 'guix' from 26a979105a58e99c6e0fbb51cb1500dfa2bc2cec to unrelated commit 17fc5e35699d2219e6fae1f0583bb8c2ec3deb25
guix pull: warning: initial commit 17fc5e35699d2219e6fae1f0583bb8c2ec3deb25 does not add the key it is signed with (2E4F C7F5 07AB F022 36D3 D51F 31EE D3BE 74EC 3A1F) to the '.guix-authorizations' file.
Authenticating channel 'guix', commits 17fc5e3 to 17fc5e3 (0 new commits)...
[...]
guix/channels.scm | 4 +-
guix/git-authenticate.scm | 156 ++++++++++++++++++++++----------------
2 files changed, 94 insertions(+), 66 deletions(-)
diff --git a/guix/channels.scm b/guix/channels.scm
index e4e0428eb5..b84064537f 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -347,8 +347,8 @@ commits)...~%")
(progress-reporter/bar (length commits)))
(define authentic-commits
- ;; Consider the currently-used commit of CHANNEL as authentic so
- ;; authentication can skip it and all its closure.
+ ;; Optimization: consider the currently-used commit of CHANNEL as
+ ;; authentic, so that authentication can skip it and all its closure.
(match (find (lambda (candidate)
(eq? (channel-name candidate) (channel-name channel)))
(current-channels))
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..b2821a45ad 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -30,6 +30,7 @@
#:select (cache-directory with-atomic-file-output))
#:use-module ((guix build utils)
#:select (mkdir-p))
+ #:use-module (guix diagnostics)
#:use-module (guix progress)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
@@ -37,7 +38,10 @@
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (rnrs bytevectors)
+ #:use-module ((rnrs exceptions)
+ #:select (raise-continuable))
#:use-module (rnrs io ports)
+ #:use-module (ice-9 exceptions)
#:use-module (ice-9 match)
#:autoload (ice-9 pretty-print) (pretty-print)
#:export (read-authorizations
@@ -159,11 +163,10 @@ return a list of authorized fingerprints."
(string-downcase (string-filter char-set:graphic fingerprint))))
fingerprints))))
-(define* (commit-authorized-keys repository commit
- #:optional (default-authorizations '()))
- "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
-authorizations listed in its parent commits. If one of the parent commits
-does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
+(define (authorized-keys-at-commit repository commit default-authorizations)
+ "Return the list of authorized key fingerprints from the '.guix-authorizations'
+file at the given commit."
+
(define (parents-have-authorizations-file? commit)
;; Return true if at least one of the parents of COMMIT has the
;; '.guix-authorizations' file.
@@ -185,28 +188,35 @@ does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
to remove '.guix-authorizations' file")
(oid->string (commit-id commit)))))))
- (define (commit-authorizations commit)
- (catch 'git-error
- (lambda ()
- (let* ((tree (commit-tree commit))
- (entry (tree-entry-bypath tree ".guix-authorizations"))
- (blob (blob-lookup repository (tree-entry-id entry))))
- (read-authorizations
- (open-bytevector-input-port (blob-content blob)))))
- (lambda (key error)
- (if (= (git-error-code error) GIT_ENOTFOUND)
- (begin
- ;; Prevent removal of '.guix-authorizations' since it would make
- ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
- (assert-parents-lack-authorizations commit)
- default-authorizations)
- (throw key error)))))
+ (catch 'git-error
+ (lambda ()
+ (let* ((tree (commit-tree commit))
+ (entry (tree-entry-bypath tree ".guix-authorizations"))
+ (blob (blob-lookup repository (tree-entry-id entry))))
+ (read-authorizations
+ (open-bytevector-input-port (blob-content blob)))))
+ (lambda (key error)
+ (if (= (git-error-code error) GIT_ENOTFOUND)
+ (begin
+ ;; Prevent removal of '.guix-authorizations' since it would make
+ ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
+ (assert-parents-lack-authorizations commit)
+ default-authorizations)
+ (throw key error)))))
+(define* (commit-authorized-keys repository commit
+ #:optional (default-authorizations '()))
+ "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
+authorizations listed in its parent commits. If one of the parent commits
+does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(match (commit-parents commit)
(() default-authorizations)
(parents
(apply lset-intersection bytevector=?
- (map commit-authorizations parents)))))
+ (map (lambda (commit)
+ (authorized-keys-at-commit repository commit
+ default-authorizations))
+ parents)))))
(define* (authenticate-commit repository commit keyring
#:key (default-authorizations '()))
@@ -236,8 +246,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(condition
(&unauthorized-commit-error (commit id)
(signing-key signing-key)))
- (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+ (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
(oid->string id)
(openpgp-format-fingerprint
(openpgp-public-key-fingerprint
@@ -356,7 +366,8 @@ authenticated (only COMMIT-ID is written to cache, though)."
(base64-encode
(sha256 (string->utf8 (repository-directory repository))))))
-(define (verify-introductory-commit repository keyring commit expected-signer)
+(define (verify-introductory-commit repository commit expected-signer keyring
+ authorizations)
"Look up COMMIT in REPOSITORY, and raise an exception if it is not signed by
EXPECTED-SIGNER."
(define actual-signer
@@ -364,13 +375,26 @@ EXPECTED-SIGNER."
(commit-signing-key repository (commit-id commit) keyring)))
(unless (bytevector=? expected-signer actual-signer)
- (raise (formatted-message (G_ "initial commit ~a is signed by '~a' \
+ (raise (make-compound-condition
+ (condition (&unauthorized-commit-error (commit (commit-id commit))
+ (signing-key actual-signer)))
+ (formatted-message (G_ "initial commit ~a is signed by '~a' \
instead of '~a'")
- (oid->string (commit-id commit))
- (openpgp-format-fingerprint actual-signer)
- (openpgp-format-fingerprint expected-signer)))))
-
-(define* (authenticate-repository repository start signer
+ (oid->string (commit-id commit))
+ (openpgp-format-fingerprint actual-signer)
+ (openpgp-format-fingerprint expected-signer)))))
+ (unless (member actual-signer
+ (authorized-keys-at-commit repository commit authorizations)
+ bytevector=?)
+ (raise-continuable
+ (make-compound-condition
+ (condition (&warning))
+ (formatted-message (G_ "initial commit ~a does not add \
+the key it is signed with (~a) to the '.guix-authorizations' file.")
+ (oid->string (commit-id commit))
+ (openpgp-format-fingerprint actual-signer))))))
+
+(define* (authenticate-repository repository intro-commit-hash intro-signer
#:key
(keyring-reference "keyring")
(cache-key (repository-cache-key repository))
@@ -380,11 +404,12 @@ instead of '~a'")
(historical-authorizations '())
(make-reporter
(const progress-reporter/silent)))
- "Authenticate REPOSITORY up to commit END, an OID. Authentication starts
-with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case. Commits listed in AUTHENTIC-COMMITS and their
-closure are considered authentic. Return an alist mapping OpenPGP public keys
-to the number of commits signed by that key that have been traversed.
+ "Authenticate REPOSITORY up to commit END, an OID. Authentication starts with
+commit INTRO-COMMIT-HASH, an OID, which must be signed by INTRO-SIGNER; an
+exception is raised if that is not the case. Commits listed in
+AUTHENTIC-COMMITS and their closure are considered authentic. Return an
+alist mapping OpenPGP public keys to the number of commits signed by that
+key that have been traversed.
The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
KEYRING-REFERENCE is the name of a branch. The list of authenticated commits
@@ -393,8 +418,10 @@ is cached in the authentication cache under CACHE-KEY.
HISTORICAL-AUTHORIZATIONS must be a list of OpenPGP fingerprints (bytevectors)
denoting the authorized keys for commits whose parent lack the
'.guix-authorizations' file."
- (define start-commit
- (commit-lookup repository start))
+
+ (define intro-commit
+ (commit-lookup repository intro-commit-hash))
+
(define end-commit
(commit-lookup repository end))
@@ -404,36 +431,37 @@ denoting the authorized keys for commits whose parent lack the
(define authenticated-commits
;; Previously-authenticated commits that don't need to be checked again.
(filter-map (lambda (id)
+ ;; We need to tolerate when cached commits disappear due to
+ ;; --allow-downgrades.
(false-if-git-not-found
(commit-lookup repository (string->oid id))))
(append (previously-authenticated-commits cache-key)
- authentic-commits)))
+ authentic-commits
+ ;; The intro commit is unconditionally trusted.
+ (list (oid->string intro-commit-hash)))))
(define commits
;; Commits to authenticate, excluding the closure of
;; AUTHENTICATED-COMMITS.
- (commit-difference end-commit start-commit
- authenticated-commits))
-
- ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
- ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
- ;; be authentic already.
- (if (null? commits)
- '()
- (let ((reporter (make-reporter start-commit end-commit commits)))
- ;; If it's our first time, verify START-COMMIT's signature.
- (when (null? authenticated-commits)
- (verify-introductory-commit repository keyring
- start-commit signer))
-
- (let ((stats (call-with-progress-reporter reporter
- (lambda (report)
- (authenticate-commits repository commits
- #:keyring keyring
- #:default-authorizations
- historical-authorizations
- #:report-progress report)))))
- (cache-authenticated-commit cache-key
- (oid->string (commit-id end-commit)))
-
- stats))))
+ (commit-difference end-commit intro-commit
+ authenticated-commits))
+
+ (verify-introductory-commit repository intro-commit
+ intro-signer keyring
+ historical-authorizations)
+
+ (let* ((reporter (make-reporter intro-commit end-commit commits))
+ (stats (call-with-progress-reporter reporter
+ (lambda (report)
+ (authenticate-commits repository commits
+ #:keyring keyring
+ #:default-authorizations
+ historical-authorizations
+ #:report-progress report)))))
+ ;; Note that this will make the then current end commit of any channel,
+ ;; that has been used/trusted in the past with a channel introduction,
+ ;; remain trusted until the cache is cleared.
+ (cache-authenticated-commit cache-key
+ (oid->string (commit-id end-commit)))
+
+ stats))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:27:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:27:01 2021
Received: from localhost ([127.0.0.1]:46787 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mVFwb-0005a8-1h
for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:27:01 -0400
Received: from mail-ed1-f52.google.com ([209.85.208.52]:38784)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mVFwY-0005Zi-SN
for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:59 -0400
Received: by mail-ed1-f52.google.com with SMTP id dj4so85972042edb.5
for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=Rjf4e4gbvvXnkiZqzq7K+EMEhoVB7jqYYfKwKV96M0c=;
b=fqUOctpvf5IRH2IolRHtaz3SHCv80Syj88dNvRMOdW0Y42GLX4vG/2Ij7TPk/1c0Li
eiSpdfQRNFkv7Bpvdj92qcHmdLOcMsRp4lBOx7hzdxsrJOjlXYX1sNiyK8L5wQTqRkI+
WjFxLhyP50vQaEAYOsFDG/Eh92OPETXN7XKNi1R9T0WlI8wdOXAfkQhBqwnxXR96d/CX
9TJpXz2mT0R+4if0ZrnvlMTlkXb+O0/fp39u+BDuVS7qRr/fI+C3qQQeEaRxdmsje9y8
txxueQGT4/Tnp4T6qXDK9FJQINSDJUiC+dQZcaXg5+flczSQ5Fs5zfQwlXIq10+2B4BG
KKlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=Rjf4e4gbvvXnkiZqzq7K+EMEhoVB7jqYYfKwKV96M0c=;
b=kabtJJkdTf+Vrut+xdjVG6T7dmXzVVeKMZ5eJ6sZyOTEusYYdM/8M7adV8DfEc4KFu
RRJLLE8gGr3RE6TYkmmR44kQ651YrhKeG+B9OqAK3kYkRHC8ttJoBTC8TRU46gKvzmbs
NuLULefZsGpKDeLpo2HM96C153XlggtOgu1/tsctBswDmU3PLi62p0La2TpfeSpEf1Zg
fwWrOUwUB92mL/D22UvWloWsnB9VFRiz3vOEETYPkV+WT2GXxV4ecKaGCdc6Z0tSlTjr
BdxBN+q2Col5nQyf+7BZKbk5QvnpAD/M4id04GVwMz9OArSczPIcgCFVeYXevCRw3RNB
H+aA==
X-Gm-Message-State: AOAM531AYyBHa97Eo3xKsUcDxvLBQZ/ayFifYlbrENVnOvjnXbjio59L
mjlqGWFlS9eKqcIMPT9yO4hU991hV9o=
X-Google-Smtp-Source: ABdhPJxt5u2NcW+1G+w8vC2WZMhZkHv9OkpLEjcrel8aMhjMkgMFT5x0lvJD8G4zCzphwBz0xAHwOg==
X-Received: by 2002:a17:907:9686:: with SMTP id
hd6mr3608988ejc.331.1632846412631;
Tue, 28 Sep 2021 09:26:52 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.26.51
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Sep 2021 09:26:52 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 4/5] guix: Prepare the UI for continuable &warning exceptions.
Date: Tue, 28 Sep 2021 18:24:06 +0200
Message-Id: <20210928162406.27205-4-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
* guix/store.scm (call-with-store): Use dynamic-wind so that continuable
exceptions are not broken by being re-raised as non-continuable. This is
needed for a later commit that uses continuable exceptions from within
git-authenticate to signal warnings to the user. The reason for this is that
this way tests can explicitly check that a warning was signalled in certain
situations.
* guix/ui.scm (call-with-error-handling): Handle &warning type exceptions by
printing them to the user, and then continuing at the place they were
signalled at.
* guix/diagnostics.scm (emit-formatted-warning): New exported
function.
---
guix/diagnostics.scm | 4 ++++
guix/store.scm | 16 ++++++++++------
guix/ui.scm | 11 ++++++++++-
3 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/guix/diagnostics.scm b/guix/diagnostics.scm
index 6a792febd4..343213fb45 100644
--- a/guix/diagnostics.scm
+++ b/guix/diagnostics.scm
@@ -48,6 +48,7 @@
formatted-message?
formatted-message-string
formatted-message-arguments
+ emit-formatted-warning
&fix-hint
fix-hint?
@@ -161,6 +162,9 @@ messages."
(report-error args ...)
(exit 1)))
+(define* (emit-formatted-warning fmt . args)
+ (emit-diagnostic fmt args #:prefix (G_ "warning: ") #:colors %warning-color))
+
(define* (emit-diagnostic fmt args
#:key location (colors (color)) (prefix ""))
"Report diagnostic message FMT with the given ARGS and the specified
diff --git a/guix/store.scm b/guix/store.scm
index 89a719bcfc..33d4039037 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -45,6 +45,8 @@
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (srfi srfi-39)
+ #:use-module ((rnrs conditions)
+ #:select (warning?))
#:use-module (ice-9 match)
#:use-module (ice-9 vlist)
#:use-module (ice-9 popen)
@@ -651,19 +653,21 @@ connection. Use with care."
(define (call-with-store proc)
"Call PROC with an open store connection."
- (let ((store (open-connection)))
+ (let ((store '()))
(define (thunk)
(parameterize ((current-store-protocol-version
(store-connection-version store)))
(call-with-values (lambda () (proc store))
(lambda results
- (close-connection store)
(apply values results)))))
- (with-exception-handler (lambda (exception)
- (close-connection store)
- (raise-exception exception))
- thunk)))
+ (dynamic-wind
+ (lambda ()
+ (set! store (open-connection)))
+ thunk
+ (lambda ()
+ (close-connection store)
+ (set! store '())))))
(define-syntax-rule (with-store store exp ...)
"Bind STORE to an open connection to the store and evaluate EXPs;
diff --git a/guix/ui.scm b/guix/ui.scm
index 1428c254b3..88940f99ef 100644
--- a/guix/ui.scm
+++ b/guix/ui.scm
@@ -69,6 +69,8 @@
#:use-module (srfi srfi-31)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
+ #:use-module ((rnrs conditions)
+ #:select (warning?))
#:autoload (ice-9 ftw) (scandir)
#:use-module (ice-9 match)
#:use-module (ice-9 format)
@@ -689,7 +691,14 @@ evaluating the tests and bodies of CLAUSES."
(and (not (port-closed? port))
(port-filename port)))
- (guard* (c ((package-input-error? c)
+ (guard* (c ((warning? c)
+ (if (formatted-message? c)
+ (apply emit-formatted-warning
+ (formatted-message-string c)
+ (formatted-message-arguments c))
+ (emit-formatted-warning "~a" c))
+ '())
+ ((package-input-error? c)
(let* ((package (package-error-package c))
(input (package-error-invalid-input c))
(location (package-location package))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:26:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:26:54 2021
Received: from localhost ([127.0.0.1]:46784 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mVFwS-0005Zc-SY
for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:53 -0400
Received: from mail-ed1-f48.google.com ([209.85.208.48]:40505)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mVFwA-0005Yq-VL
for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:45 -0400
Received: by mail-ed1-f48.google.com with SMTP id g8so85616091edt.7
for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=ehPXitTA4IgX56axlK+Gjj8Y8tVcsNgNkZrYKPg+/D8=;
b=NS3hgsDHYRnLx0UGOdIjj5rlxxiSjcd91R+HQyZ7xyegTyqaRwpJ/JaWLd1UT4nN39
08C/W9BEMryBz5lv1jgDiK4OiHpXC+iGjxfTd/6avSfWkNZvd2ugnttTFlxMh8/9h98P
pSzuu6Ymwg5olr7bXjl/JMmbeUyeXMnmbaaiQMPiDPEwPWTV2LFGmRO2mxKIuSzRg2Pj
qTD4vWTHGAiImZgrmNWH+gWnIHkQDAvPUn8Iu8haSUBYD89MgV+AaW8KwZSqHLE/iWI/
38szv2Qa67KHXVEZ5W6iQ6Ku1AOQbuHpe8bZn3WtLi9SGNtAX7VRmUT7iT2z25edDR+A
FieQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=ehPXitTA4IgX56axlK+Gjj8Y8tVcsNgNkZrYKPg+/D8=;
b=F3ijefci5STuIEJ+pkgYYvdI7BRbUkvqpmkyhs70IlCZDMuaT1prNihytuMWM8DaEP
mwSomf6IaOKZ7hBxJGJW+fgqwPMKMTmFYSVECnGE2/xmfnW90lP4WhV6QLYWJS7zjaYX
FMaOD1XrI0XGNpTrzZxFeb/zp7LasNAyMl0KvVw4NKieqKuCNMb2dCkmjeGl5tUtPVxG
CnnCEB+EJu1ePdrYGY19KtLxAO4qQlMWTFE8f1nP6LcCgC4AeP+D6UvgUO8nxAZI1yYI
h5BwQEbagBJ89il1sEaHLbCqmXo/IoZYblSjdLZk5osKRvT3VndXhAjtV1ZmsJjtMLFI
U0SQ==
X-Gm-Message-State: AOAM530jsuHeXc6HxYF6b2xoO02/Ty0fzmTRI1rrTL8VElhVXvB+/Itc
4ao7gf/3R9eIlAKvw2W4CZhESjpV8S8=
X-Google-Smtp-Source: ABdhPJzhmQ5AhYja/d9vS+L6sc0uPIY4LJakLIi1lYUS4XERsaSsrRZ5SpYbeI+A2V3CJcUkTOniBg==
X-Received: by 2002:a05:6402:1503:: with SMTP id
f3mr8670227edw.24.1632846388247;
Tue, 28 Sep 2021 09:26:28 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.26.27
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Sep 2021 09:26:27 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 2/5] tests: Move keys into ./tests/keys/ and add a third
ed25519 key.
Date: Tue, 28 Sep 2021 18:24:04 +0200
Message-Id: <20210928162406.27205-2-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.6 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)
The third key will be used in an upcoming commit.
Rename public keys to .pub.
* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.
---
Makefile.am | 20 +++++-----
build-aux/test-env.in | 6 +--
guix/tests/gnupg.scm | 22 ++++++----
tests/channels.scm | 18 ++++-----
tests/git-authenticate.scm | 23 +++++------
tests/guix-authenticate.sh | 4 +-
tests/{civodul.key => keys/civodul.pub} | 0
tests/{dsa.key => keys/dsa.pub} | 0
tests/{ed25519bis.key => keys/ed25519-2.pub} | 0
tests/{ed25519bis.sec => keys/ed25519-2.sec} | 0
tests/keys/ed25519-3.pub | 9 +++++
tests/keys/ed25519-3.sec | 10 +++++
tests/{ed25519.key => keys/ed25519.pub} | 0
tests/{ => keys}/ed25519.sec | 0
tests/{rsa.key => keys/rsa.pub} | 0
tests/{ => keys}/signing-key.pub | 0
tests/{ => keys}/signing-key.sec | 0
tests/openpgp.scm | 42 +++++++++++---------
18 files changed, 93 insertions(+), 61 deletions(-)
rename tests/{civodul.key => keys/civodul.pub} (100%)
rename tests/{dsa.key => keys/dsa.pub} (100%)
rename tests/{ed25519bis.key => keys/ed25519-2.pub} (100%)
rename tests/{ed25519bis.sec => keys/ed25519-2.sec} (100%)
create mode 100644 tests/keys/ed25519-3.pub
create mode 100644 tests/keys/ed25519-3.sec
rename tests/{ed25519.key => keys/ed25519.pub} (100%)
rename tests/{ => keys}/ed25519.sec (100%)
rename tests/{rsa.key => keys/rsa.pub} (100%)
rename tests/{ => keys}/signing-key.pub (100%)
rename tests/{ => keys}/signing-key.sec (100%)
diff --git a/Makefile.am b/Makefile.am
index b66789fa0b..00604f2f93 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -643,16 +643,18 @@ EXTRA_DIST += \
build-aux/update-guix-package.scm \
build-aux/update-NEWS.scm \
tests/test.drv \
- tests/signing-key.pub \
- tests/signing-key.sec \
tests/cve-sample.json \
- tests/civodul.key \
- tests/rsa.key \
- tests/dsa.key \
- tests/ed25519.key \
- tests/ed25519.sec \
- tests/ed25519bis.key \
- tests/ed25519bis.sec \
+ tests/keys/signing-key.pub \
+ tests/keys/signing-key.sec \
+ tests/keys/civodul.pub \
+ tests/keys/rsa.pub \
+ tests/keys/dsa.pub \
+ tests/keys/ed25519.pub \
+ tests/keys/ed25519.sec \
+ tests/keys/ed25519-2.pub \
+ tests/keys/ed25519-2.sec \
+ tests/keys/ed25519-3.pub \
+ tests/keys/ed25519-3.sec \
build-aux/config.rpath \
bootstrap \
doc/build.scm \
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
# Copy the keys so that the secret key has the right permissions (the
# daemon errors out when this is not the case.)
mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
- cp "@abs_top_srcdir@/tests/signing-key.sec" \
- "@abs_top_srcdir@/tests/signing-key.pub" \
- "$GUIX_CONFIGURATION_DIRECTORY"
+ cp "@abs_top_srcdir@/tests/keys/signing-key.sec" \
+ "@abs_top_srcdir@/tests/keys/signing-key.pub" \
+ "$GUIX_CONFIGURATION_DIRECTORY"
chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
fi
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index c7630db912..09f02a2b67 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@
%ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file
+ %ed25519-3-public-key-file
+ %ed25519-3-secret-key-file
read-openpgp-packet
key-fingerprint
@@ -64,13 +66,17 @@ process is terminated afterwards."
(call-with-fresh-gnupg-setup imported (lambda () exp ...)))
(define %ed25519-public-key-file
- (search-path %load-path "tests/ed25519.key"))
+ (search-path %load-path "tests/keys/ed25519.pub"))
(define %ed25519-secret-key-file
- (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
- (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
- (search-path %load-path "tests/ed25519bis.sec"))
+ (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+ (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+ (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-3.sec"))
(define (read-openpgp-packet file)
(get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -507,7 +507,7 @@
(commit-id-string commit1)
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file)))) ;different key
+ %ed25519-2-public-key-file)))) ;different key
(channel (channel (name 'example)
(url (string-append "file://" directory))
(introduction intro))))
@@ -519,7 +519,7 @@
(oid->string (commit-id commit1))
(key-fingerprint %ed25519-public-key-file)
(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit2)
#:keyring-reference-prefix "")
@@ -530,8 +530,8 @@
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -552,12 +552,12 @@
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(branch "channel-keyring")
(checkout "channel-keyring")
(add "signer.key" ,(call-with-input-file %ed25519-public-key-file
get-string-all))
- (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+ (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(commit "keyring commit")
(checkout "master"))
@@ -588,7 +588,7 @@
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit3)
#:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@
(test-assert "signed commits, .guix-authorizations, unauthorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -184,7 +184,7 @@
(checkout "devel")
(add "devel/1.txt" "1")
(commit "first devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -203,7 +203,7 @@
(openpgp-public-key-fingerprint
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
- (read-openpgp-packet %ed25519bis-public-key-file)))))
+ (read-openpgp-packet %ed25519-2-public-key-file)))))
(and (authenticate-commits repository (list master1 master2)
#:keyring-reference "master")
@@ -230,14 +230,14 @@
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -258,12 +258,12 @@
%ed25519-public-key-file)
(name "Alice"))
(,(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(commit "first devel commit"
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "devel/2.txt" "2")
(commit "second devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -273,7 +273,7 @@
;; After the merge, the second signer is authorized.
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file))))
(with-repository directory repository
(let ((master1 (find-commit repository "first commit"))
(master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@
'failed)))))))
(test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
trap 'rm -f "$sig" "$hash"' EXIT
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
key_len="`echo -n $key | wc -c`"
# A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
| LC_ALL=C grep "hash sha256 \"$latin1_cafe"
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
similarity index 100%
rename from tests/civodul.key
rename to tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
similarity index 100%
rename from tests/dsa.key
rename to tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
similarity index 100%
rename from tests/ed25519bis.key
rename to tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
similarity index 100%
rename from tests/ed25519bis.sec
rename to tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
similarity index 100%
rename from tests/ed25519.key
rename to tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
similarity index 100%
rename from tests/ed25519.sec
rename to tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
similarity index 100%
rename from tests/rsa.key
rename to tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
similarity index 100%
rename from tests/signing-key.pub
rename to tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
similarity index 100%
rename from tests/signing-key.sec
rename to tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ vBSFjNSiVHsuAA==
(define %civodul-fingerprint
"3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5")
-(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.key
-
-;; Test keys. They were generated in a container along these lines:
-;; guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;; mkdir ~/.gnupg
-;; echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;; gpg --quick-gen-key '<ludo+test-rsa@HIDDEN>' rsa
-;; or similar.
-(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.key
-(define %dsa-key-id #x587918047BE8BD2C) ;dsa.key
-(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub
+
+#|
+Test keys in ./tests/keys. They were generated in a container along these lines:
+ guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+ mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+ gpg --batch --passphrase '' --quick-gen-key '<example@HIDDEN>' ed25519
+ gpg --armor --export example@HIDDEN
+ gpg --armor --export-secret-key example@HIDDEN
+ # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub
+(define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub
+(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub
(define %rsa-key-fingerprint
(base16-string->bytevector
@@ -168,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
(test-assert "get-openpgp-keyring"
- (let* ((key (search-path %load-path "tests/civodul.key"))
+ (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
(keyring (get-openpgp-keyring
(open-bytevector-input-port
(call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(verify-openpgp-signature signature keyring
(open-input-string "Hello!\n"))))
(list status (openpgp-public-key-id key)))))
- (list "tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+ (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub")
(list %hello-signature/rsa %hello-signature/dsa
%hello-signature/ed25519/sha256
%hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(call-with-input-file key read-radix-64))
keyring)))
%empty-keyring
- '("tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key"
- "tests/ed25519.key"))))
+ '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"))))
(map (lambda (signature)
(let ((signature (string->openpgp-packet signature)))
(let-values (((status key)
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:26:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:26:52 2021
Received: from localhost ([127.0.0.1]:46782 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mVFwL-0005ZL-1B
for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:52 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50]:34582)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mVFwJ-0005Z8-29
for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:43 -0400
Received: by mail-ed1-f50.google.com with SMTP id g7so25673236edv.1
for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=iyVyh8aNQhO1YnroHwnFh+hZH3qqySXJk9STUCbsOLI=;
b=oJpmnnky8u3ixED27vsi0xQpEsvmlm3nZHzfXwX+Tq0iQHIfxArnuZCpuMRrZrbn3X
teBJRCtYXavs7DeoMW5izs8rvRwRnrRjvNZEKbvQbIowwrNGHQ7pafa5qLVhGBXTKbkb
BCKnE+59zH+yKgDrlc3tD3vfvDiDy/HIG4B5SdjEtyt7iiz0MfLYPB9ktpC56rGaUPV4
Sy1vf26bONv5hEXwyZ5DQSXLfBy1+e0TysXYHbbMgpwB9/O7hoWX/WqDTtqFRMSLfzjo
ZxfnVy4dwyVJ1NiNv1hkWDvmv7p8Hr4eFXsMNH6t7eNWsJhsujoHDrf75hhFK2Qa13Rd
I0Lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=iyVyh8aNQhO1YnroHwnFh+hZH3qqySXJk9STUCbsOLI=;
b=MNCEK4rtZpfrtdENA0I5LHTKvA1jaRB7mrfVd1/H6wneBX+Lqe8AWIzI7nUENQw33R
lmxo4jeILkWig+VymCDtXM+TQxcn/EuaEpUPA58fXIv41qiarneokZY+CEiIIm0a/ky9
tDCPVPZEQ4c9V9zNSIkfy10ca/JlRF4IThXG6jfK3yPTKk2YDzX6AmZKXUByYi9sGtnn
++H6WZUhHgkmttgt+B6mk5w7ALnWqZwZLxjB6uTe67OkcxGriadKazWCMqH8f/oD5TKY
26YFRKwucAF93o1bvb1N3fKgoKBTi7uVPuvtwXtCCkXS8wDoj51YFiy3afu/cROAuz9k
4xTA==
X-Gm-Message-State: AOAM533NrixhSiEzoPgwGD+sxQYHU0pdD6jzPWEQCIc6+BfuZvUuQzEz
GW0qzI6q252UfXiMv0zC4yG3Tk+8c/s=
X-Google-Smtp-Source: ABdhPJzFQaLBwPVpFX6MoMGcme8mjn8JK0mmJq/K6l00Y+57wBCsTTnLQ8Y5bojNxHf6mLlkKsefdQ==
X-Received: by 2002:aa7:d78e:: with SMTP id s14mr8334007edq.171.1632846395045;
Tue, 28 Sep 2021 09:26:35 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.26.34
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Sep 2021 09:26:34 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 3/5] tests: Add failing test for .guix-authorizations and
channel intro.
Date: Tue, 28 Sep 2021 18:24:05 +0200
Message-Id: <20210928162406.27205-3-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928162406.27205-1-attila@HIDDEN>
References: <20210928162406.27205-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
Will be fixed in a subsequent commit.
* tests/git-authenticate.scm: New test "signed commits, .guix-authorizations,
channel-introduction".
---
tests/git-authenticate.scm | 132 +++++++++++++++++++++++++++++++++++++
1 file changed, 132 insertions(+)
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index f66ef191b0..745a6d6dbe 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -18,6 +18,7 @@
(define-module (test-git-authenticate)
#:use-module (git)
+ #:use-module (guix diagnostics)
#:use-module (guix git)
#:use-module (guix git-authenticate)
#:use-module (guix openpgp)
@@ -28,6 +29,10 @@
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-64)
#:use-module (rnrs bytevectors)
+ #:use-module ((rnrs conditions)
+ #:select (warning?))
+ #:use-module ((rnrs exceptions)
+ #:select (with-exception-handler))
#:use-module (rnrs io ports))
;; Test the (guix git-authenticate) tools.
@@ -226,6 +231,133 @@
#:keyring-reference "master")
#f)))))))
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, channel-introduction"
+ (let* ((result #true)
+ (key1 %ed25519-public-key-file)
+ (key2 %ed25519-2-public-key-file)
+ (key3 %ed25519-3-public-key-file))
+ (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file
+ key2 %ed25519-2-secret-key-file
+ key3 %ed25519-3-secret-key-file)
+ (with-temporary-git-repository dir
+ `((checkout "keyring" orphan)
+ (add "signer1.key" ,(call-with-input-file key1 get-string-all))
+ (add "signer2.key" ,(call-with-input-file key2 get-string-all))
+ (add "signer3.key" ,(call-with-input-file key3 get-string-all))
+ (commit "keyring commit")
+
+ (checkout "main" orphan)
+ (add "noise0")
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ (,(key-fingerprint key3) (name "Charlie"))))))
+ (commit "commit 0" (signer ,(key-fingerprint key3)))
+ (add "noise1")
+ (commit "commit 1" (signer ,(key-fingerprint key1)))
+ (add "noise2")
+ (commit "commit 2" (signer ,(key-fingerprint key1))))
+ (with-repository dir repo
+ (let* ((commit-0 (find-commit repo "commit 0"))
+ (check-from
+ (lambda* (commit #:key (should-fail? #false) (key key1)
+ (historical-authorizations
+ ;; key3 is trusted to authorize commit 0
+ (list (key-fingerprint-vector key3))))
+ (guard (c ((unauthorized-commit-error? c)
+ (if should-fail?
+ c
+ (let ((port (current-output-port)))
+ (format port "FAILURE: Unexpected exception at commit '~s':~%"
+ commit)
+ (print-exception port (stack-ref (make-stack #t) 1)
+ c (exception-args c))
+ (set! result #false)
+ '()))))
+ (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%"
+ commit should-fail?)
+ ;; to be able to inspect in the logs
+ (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main")
+ (set! commit (find-commit repo commit))
+ (authenticate-repository
+ repo
+ (commit-id commit)
+ (key-fingerprint-vector key)
+ #:historical-authorizations historical-authorizations)
+ (when should-fail?
+ (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit)
+ (set! result #false))
+ '()))))
+ (check-from "commit 0" #:key key3)
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (with-git-repository dir
+ `((add "noise 3")
+ ;; a commit with key2
+ (commit "commit 3" (signer ,(key-fingerprint key2))))
+ ;; Should fail because it is signed with key2, not key1
+ (check-from "commit 3" #:should-fail? #true)
+ ;; Specify commit 3 as a channel-introduction signed with
+ ;; key2. This is valid, but it should warn the user, because
+ ;; .guix-authorizations is not updated to include key2, which
+ ;; means that any subsequent commits with the same key will be
+ ;; rejected.
+ (set! result
+ (and result
+ (let ((signalled? #false))
+ (with-exception-handler
+ (lambda (c)
+ (cond
+ ((not (warning? c))
+ (raise c))
+ ((formatted-message? c)
+ (format #true "warning (expected): ~a~%"
+ (apply format #false
+ (formatted-message-string c)
+ (formatted-message-arguments c)))
+ (set! signalled? #true)))
+ '())
+ (lambda ()
+ (check-from "commit 3" #:key key2)
+ signalled?))))))
+ (with-git-repository dir
+ `((reset ,(oid->string (commit-id (find-commit repo "commit 2"))))
+ (add "noise 4")
+ ;; set it up properly
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ (,(key-fingerprint key2) (name "Bob"))))))
+ (commit "commit 4" (signer ,(key-fingerprint key2))))
+ ;; This should fail because even though commit 4 adds key2 to
+ ;; .guix-authorizations, the commit itself is not authorized.
+ (check-from "commit 1" #:should-fail? #true)
+ ;; This should pass, because it's a valid channel intro at commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 5")
+ (commit "commit 5" (signer ,(key-fingerprint key2))))
+ ;; This is not very intuitive: because commit 4 has once been
+ ;; used as a channel intro, it got marked as trusted in the
+ ;; ~/.cache/, and because commit 1 is one of its parent, it is
+ ;; also trusted.
+ (check-from "commit 1")
+ (check-from "commit 2")
+ ;; Should still be fine, but only when starting from commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 6")
+ (commit "commit 6" (signer ,(key-fingerprint key1))))
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (check-from "commit 4" #:key key2))))))
+ result))
+
(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 16:26:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 12:26:07 2021
Received: from localhost ([127.0.0.1]:46778 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mVFvj-0005YF-KJ
for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:07 -0400
Received: from mail-ed1-f49.google.com ([209.85.208.49]:40789)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mVFvf-0005Xh-Qh
for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 12:26:06 -0400
Received: by mail-ed1-f49.google.com with SMTP id g8so85609665edt.7
for <50814 <at> debbugs.gnu.org>; Tue, 28 Sep 2021 09:26:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=7kd0E7PC/LNXP+KlKpXFrhoFwEqqFjwgJX8oTvH5C64=;
b=Ih2wHg8CHn1lhLlWDj4wv35zanKpD5kefzDPZch+y/5g4cGcp16z6Qkno8Xvpq5At/
u/yk1k4pmg59tcz6GUrVbOkp58WTLgm1wIPmMnB24551CbNMzMoBneXqZwIhAD2xWyog
Y29wqsespsBKm5Lh2FXbKhTdekxgvTB9PGv8luRcqfp9tsNQ2PgEdPCXoISvNoNu10RQ
lBAjvGWU07t/zHEs0ZD/h0j5/XfvPxQ73g36TCqNzFxiVW58+MXhlgtN3dzocovxpKC/
X3PkAi8529q1Ga7Lis+CDG76PDByqzy5FgnQz3xe12hJAK/Y1s6OqqILTMCcsbSZN0TN
VHMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:mime-version:content-transfer-encoding;
bh=7kd0E7PC/LNXP+KlKpXFrhoFwEqqFjwgJX8oTvH5C64=;
b=x//0CgCRE8HYs5v/uiPGTOi1mYvZxwnxFZSLVRzSu/z7kLbOlpkMG/Tk6V4OZHt0JJ
oiBmi/yNLszkkxlh2IvpnaQRufOA2qyumUG/sBu7ZSLvcprgaPRUYHnCRq/KHqbXnYnv
Aj7moPy2OEVLv6ZlW2tCBoV7aaNI1Znl31xQSI9NcV6qBMr7EfXg29IwDGL6gjacqacL
X0HIqkf+WoKq08YxIfiI1DmAlloh9KPST7BeYvbVCJ2Fp0QaPp5IqyENgKSaqcxuGPBN
16xpMTfeRSeKb3apfkSp8q8ODjz2yyQLYnb8Bj4q3TlTdHuciQ3+aHuyghVf1OVMTiBV
pg8Q==
X-Gm-Message-State: AOAM532u+iXkwtkqpFnoQlcq0qZT9coZ8YUQmD80LvDHgaIfTWPs2AgE
/rS2Iznb5W7eRjMIYL1HOSyI6z52oXI=
X-Google-Smtp-Source: ABdhPJzk6fMCtMSz4Ae3hjL+ui28Rud1Do1YtMuW0C/f3f1ZXfwd0UJDf8p/xHu1XX6Rzyq/wR0Nvg==
X-Received: by 2002:a17:906:308d:: with SMTP id
13mr7747940ejv.570.1632846356871;
Tue, 28 Sep 2021 09:25:56 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id f4sm3147720ejq.125.2021.09.28.09.25.55
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Sep 2021 09:25:56 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 1/5] tests: Smarten up git repository testing framework.
Date: Tue, 28 Sep 2021 18:24:03 +0200
Message-Id: <20210928162406.27205-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
* guix/tests/git.scm (with-git-repository): New macro that can be used in
a nested way under a with-temporary-git-repository.
(populate-git-repository): Extend the DSL with (add "some-noise"), (reset
"[commit hash]"), (checkout "branch" orphan).
* guix/tests/gnupg.scm (key-fingerprint-vector): New function.
---
guix/tests/git.scm | 23 +++++++++++++++++++++--
guix/tests/gnupg.scm | 8 ++++++--
2 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/guix/tests/git.scm b/guix/tests/git.scm
index 69960284d9..76f5a8b937 100644
--- a/guix/tests/git.scm
+++ b/guix/tests/git.scm
@@ -26,6 +26,7 @@
#:use-module (ice-9 control)
#:export (git-command
with-temporary-git-repository
+ with-git-repository
find-commit))
(define git-command
@@ -59,8 +60,9 @@ Return DIRECTORY on success."
(apply invoke (git-command) "-C" directory
command args)))))
- (mkdir-p directory)
- (git "init")
+ (unless (directory-exists? (string-append directory "/.git"))
+ (mkdir-p directory)
+ (git "init"))
(let loop ((directives directives))
(match directives
@@ -78,6 +80,9 @@ Return DIRECTORY on success."
port)))
(git "add" file)
(loop rest)))
+ ((('add file-name-and-content) rest ...)
+ (loop (cons `(add ,file-name-and-content ,file-name-and-content)
+ rest)))
((('remove file) rest ...)
(git "rm" "-f" file)
(loop rest))
@@ -99,12 +104,18 @@ Return DIRECTORY on success."
((('checkout branch) rest ...)
(git "checkout" branch)
(loop rest))
+ ((('checkout branch 'orphan) rest ...)
+ (git "checkout" "--orphan" branch)
+ (loop rest))
((('merge branch message) rest ...)
(git "merge" branch "-m" message)
(loop rest))
((('merge branch message ('signer fingerprint)) rest ...)
(git "merge" branch "-m" message
(string-append "--gpg-sign=" fingerprint))
+ (loop rest))
+ ((('reset to) rest ...)
+ (git "reset" "--hard" to)
(loop rest)))))
(define (call-with-temporary-git-repository directives proc)
@@ -121,6 +132,14 @@ per DIRECTIVES."
(lambda (directory)
exp ...)))
+(define-syntax-rule (with-git-repository directory
+ directives exp ...)
+ "Evaluate EXP in a context where DIRECTORY is (further) populated as
+per DIRECTIVES."
+ (begin
+ (populate-git-repository directory directives)
+ exp ...))
+
(define (find-commit repository message)
"Return the commit in REPOSITORY whose message includes MESSAGE, a string."
(let/ec return
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..c7630db912 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -33,6 +33,7 @@
read-openpgp-packet
key-fingerprint
+ key-fingerprint-vector
key-id))
(define gpg-command
@@ -76,7 +77,10 @@ process is terminated afterwards."
(open-bytevector-input-port
(call-with-input-file file read-radix-64))))
+(define key-fingerprint-vector
+ (compose openpgp-public-key-fingerprint
+ read-openpgp-packet))
+
(define key-fingerprint
(compose openpgp-format-fingerprint
- openpgp-public-key-fingerprint
- read-openpgp-packet))
+ key-fingerprint-vector))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 10:02:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 28 06:02:36 2021
Received: from localhost ([127.0.0.1]:43931 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mV9wZ-0007pN-Q7
for submit <at> debbugs.gnu.org; Tue, 28 Sep 2021 06:02:36 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:55306)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maximedevos@HIDDEN>) id 1mV9wX-0007pC-6o
for 50814 <at> debbugs.gnu.org; Tue, 28 Sep 2021 06:02:34 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
by albert.telenet-ops.be with bizsmtp
id zN2X250060mfAB406N2XMB; Tue, 28 Sep 2021 12:02:31 +0200
Message-ID: <7f921c26c445cfe034ad73bfbd7a9b45e810d673.camel@HIDDEN>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate
the channel intro commit.
From: Maxime Devos <maximedevos@HIDDEN>
To: Attila Lendvai <attila@HIDDEN>
Date: Tue, 28 Sep 2021 12:02:23 +0200
In-Reply-To: <XYPPxjyGCdWp4mrarRj4nrI4iZiANxHu1TJEVMd_d2PGw4OmD0yr7HMLd9NXEljnm5TSox8pm75D-alHyaiu29Wre4spahCrmuqZCvkSql8=@lendvai.name>
References: <20210926101928.3877-1-attila@HIDDEN>
<2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN>
<XYPPxjyGCdWp4mrarRj4nrI4iZiANxHu1TJEVMd_d2PGw4OmD0yr7HMLd9NXEljnm5TSox8pm75D-alHyaiu29Wre4spahCrmuqZCvkSql8=@lendvai.name>
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-lK3AFsR2GbSbojWApjCh"
User-Agent: Evolution 3.34.2
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
t=1632823351; bh=7fk4nEnJmsGOX4sQyFMqJRBtJSi14BR/2ZASpVgFltE=;
h=Subject:From:To:Cc:Date:In-Reply-To:References;
b=YVjQd40wjfrV5VhZWls6KYXY3FoaymJ6t5clwK6Ikp3OEaCTNmMtQqelcr+KRWP8J
v8tjJawkju6rEYYYzfXlu0Ii1dLyRRp8fdHgeLG22nQEUGsTAhGhPB4WNO9QjKkEGm
9vdZxMKQz30xYeR6RWr6lEZBnVOPbyZvPpZ7fgd9kdRaO+BVEPBf3WAn06I1MxFNud
TZmjJtRk7bi8xSUcst1+D/B9S0ZPenrXuAi/OkPfPOBNfwni/rywyF0cNSh563LgFY
z6MJyiLnpZK/zdLLK5m3ErjepnATzVFRUTGA1vn2R9yfPgCM1sdnRN/AIHstTzFfHr
qQhIZNeMA9Svw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
Cc: 50814 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
--=-lK3AFsR2GbSbojWApjCh
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Attila Lendvai schreef op ma 27-09-2021 om 18:45 [+0000]:
>=20
[...]
> using `(warning ...)` will just print something to stderr.
>=20
> i was hoping to raise a continuable condition of type &warning, that i ca=
n even check for in the tests,
> but i have failed to put that together. the scheme/guile condition system=
is a bit messy/convoluted.
Technically, Scheme supports continuable exceptions with 'raise-continuable=
'
and with-exception-hander. E.g., the following Racket example:
(use-modules (rnrs exceptions) (rnrs conditions))
(with-exception-handler
(lambda (con)
(cond
((not (warning? con))
(raise con))
((message-condition? con)
(display (condition-message con)))
(else
(display "a warning has been issued")))
42)
(lambda ()
(+ (raise-continuable
(condition
(make-warning)
(make-message-condition
"should be a number")))
23)))
prints: should be a number
=E2=87=92 65
(from https://docs.racket-lang.org/r6rs/r6rs-lib-std/r6rs-lib-Z-H-8.html#no=
de_idx_378)
works in Guile
You might need to modify 'call-with-error-handling' in (guix ui) to recogni=
se
&warning though, such that the &warning exception will be properly handled.
Alternatively, you can use the procedure 'warning' from (guix diagnostics).
To detect the error in this case, you can use parameterise, guix-warning-po=
rt
and procedures like call-with-output-string. You may need to reset the loc=
ale
first (with dynamic-wind?).
Greetings,
Maxime.
--=-lK3AFsR2GbSbojWApjCh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVLoMBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o1fAP4pI9fNojskAkSV/vzDIlIvl9Wl
MPxbt8VHva965NcEjgEAlEMvuk7E/od4vvL6lQxqzIE+XhzhFrDCd2YAVjmWxQY=
=sQuQ
-----END PGP SIGNATURE-----
--=-lK3AFsR2GbSbojWApjCh--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:08:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:08:00 2021
Received: from localhost ([127.0.0.1]:43239 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mV1bD-0006Ty-FC
for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:08:00 -0400
Received: from mail-ed1-f53.google.com ([209.85.208.53]:38688)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mV1b4-0006T8-3U
for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:51 -0400
Received: by mail-ed1-f53.google.com with SMTP id dj4so76755775edb.5
for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=mdIJMSb08/N6jn3/GOoHTOPAty75QQndyymNsi1Yjno=;
b=S439MBXK99p1HGsxxjM2/tUsoVMTRRLTyFBYWUHjJYARk9Wihp1KypP3/SfdJUxccG
WpJPgacnvVC6k+r4Jzzi1xlIjqYIC+ZABHJ0YdRWSsFlLgW+70w9Z9Bda6nFNVYwUDN9
/htiNYENFkOHk28664zdDCGpeyvIIAeRz9u5mltkGWck60pbVgrnBHsRQbkr9f8CS6Y4
w1uy0O+9BN5PYVImXFGc+gdAHYOqLg9sgoQYkdjDxLPiCCAMgd/lxaCLKvVHnmPUePJa
QPVbgq8nyQ4iEQLmcwq1Pu/E0gAgdd2R0zZppDGEVw/8EPkTSjOqgc98uvvnWkt/sVv5
4b/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=mdIJMSb08/N6jn3/GOoHTOPAty75QQndyymNsi1Yjno=;
b=lfjGOrzSB6wt9SEySehwFsVEt2ul6YcqobNGfFEToiKBDEi5qBOUHf8j9ezgc+ZVus
jpWPFrHo/Wbbfbqez8r6iRykE8WxoxFAbyTR6yGPa/bK7rDqg07U+JavTt0efvep7gcO
rwSIU1SyD+cfA9AQcPnDd4lYNMvrZMOzRc8jSMUaEnTJ1+2ZEBgYWpsxoKlTb5r/vCfA
vvRSjXQyZfuZPj7pygC5RLXs0sfGkweK4C5YPiZ/kkxOFDy/ecd0fE/jq6E2uGqSHqLD
8o9KbEGrfxYDd//UnWnZPXWVGUgq0gYs+XVg2iapiQgy7TuJ/LwEfSyCGc4/dL1bIROH
yXhQ==
X-Gm-Message-State: AOAM533lkmRs/0Wz/LbHgAzMRlxJuNkfQaeEAbMgI+jWGVlb9j9lsXGn
UdqzTHsgg935grLjzFIOhGuBzix5ca0=
X-Google-Smtp-Source: ABdhPJyjVj29BzTey75QS9dsq124QnoecePIN7jp2QpA+tXtRp6aBcn0qDKzZZXmDlDuT4XjmkSEOQ==
X-Received: by 2002:a17:906:3ce2:: with SMTP id
d2mr3753066ejh.410.1632791264570;
Mon, 27 Sep 2021 18:07:44 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.43
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 27 Sep 2021 18:07:44 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 4/4] guix: git-authenticate: Fix authenticate-repository.
Date: Tue, 28 Sep 2021 03:05:38 +0200
Message-Id: <20210928010537.4241-4-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928010537.4241-1-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
Always verify the channel introduction commit, so that no commit can slip
through that was signed with a different key.
Always update the cache, because it affects the behavior of later calls.
Warn when a channel introduction commit doesn't also update the
'.guix-authentications' file.
* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Eliminate optimizations to make the code path less
dependent on the input. Always trust the intro-commit itself. Always call
verify-introductory-commit.
(verify-introductory-commit): Check if the commit contains the key that was
used to sign it, and issue a warning otherwise. This is to avoid the confusion
caused by only the *second* commit yielding an error, because intro-commits
are always trusted.
(authenticate-commit): Clarify error message.
(authorized-keys-at-commit): Factored out to the toplevel from
commit-authorized-keys.
---
guix/channels.scm | 4 +-
guix/git-authenticate.scm | 153 ++++++++++++++++++++++----------------
2 files changed, 91 insertions(+), 66 deletions(-)
diff --git a/guix/channels.scm b/guix/channels.scm
index e4e0428eb5..b84064537f 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -347,8 +347,8 @@ commits)...~%")
(progress-reporter/bar (length commits)))
(define authentic-commits
- ;; Consider the currently-used commit of CHANNEL as authentic so
- ;; authentication can skip it and all its closure.
+ ;; Optimization: consider the currently-used commit of CHANNEL as
+ ;; authentic, so that authentication can skip it and all its closure.
(match (find (lambda (candidate)
(eq? (channel-name candidate) (channel-name channel)))
(current-channels))
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..713642d2ea 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -30,6 +30,7 @@
#:select (cache-directory with-atomic-file-output))
#:use-module ((guix build utils)
#:select (mkdir-p))
+ #:use-module (guix diagnostics)
#:use-module (guix progress)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
@@ -38,6 +39,7 @@
#:use-module (srfi srfi-35)
#:use-module (rnrs bytevectors)
#:use-module (rnrs io ports)
+ #:use-module (ice-9 exceptions)
#:use-module (ice-9 match)
#:autoload (ice-9 pretty-print) (pretty-print)
#:export (read-authorizations
@@ -159,11 +161,10 @@ return a list of authorized fingerprints."
(string-downcase (string-filter char-set:graphic fingerprint))))
fingerprints))))
-(define* (commit-authorized-keys repository commit
- #:optional (default-authorizations '()))
- "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
-authorizations listed in its parent commits. If one of the parent commits
-does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
+(define (authorized-keys-at-commit repository commit default-authorizations)
+ "Return the list of authorized key fingerprints from the '.guix-authorizations'
+file at the given commit."
+
(define (parents-have-authorizations-file? commit)
;; Return true if at least one of the parents of COMMIT has the
;; '.guix-authorizations' file.
@@ -185,28 +186,35 @@ does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
to remove '.guix-authorizations' file")
(oid->string (commit-id commit)))))))
- (define (commit-authorizations commit)
- (catch 'git-error
- (lambda ()
- (let* ((tree (commit-tree commit))
- (entry (tree-entry-bypath tree ".guix-authorizations"))
- (blob (blob-lookup repository (tree-entry-id entry))))
- (read-authorizations
- (open-bytevector-input-port (blob-content blob)))))
- (lambda (key error)
- (if (= (git-error-code error) GIT_ENOTFOUND)
- (begin
- ;; Prevent removal of '.guix-authorizations' since it would make
- ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
- (assert-parents-lack-authorizations commit)
- default-authorizations)
- (throw key error)))))
+ (catch 'git-error
+ (lambda ()
+ (let* ((tree (commit-tree commit))
+ (entry (tree-entry-bypath tree ".guix-authorizations"))
+ (blob (blob-lookup repository (tree-entry-id entry))))
+ (read-authorizations
+ (open-bytevector-input-port (blob-content blob)))))
+ (lambda (key error)
+ (if (= (git-error-code error) GIT_ENOTFOUND)
+ (begin
+ ;; Prevent removal of '.guix-authorizations' since it would make
+ ;; it trivial to force a fallback to DEFAULT-AUTHORIZATIONS.
+ (assert-parents-lack-authorizations commit)
+ default-authorizations)
+ (throw key error)))))
+(define* (commit-authorized-keys repository commit
+ #:optional (default-authorizations '()))
+ "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
+authorizations listed in its parent commits. If one of the parent commits
+does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(match (commit-parents commit)
(() default-authorizations)
(parents
(apply lset-intersection bytevector=?
- (map commit-authorizations parents)))))
+ (map (lambda (commit)
+ (authorized-keys-at-commit repository commit
+ default-authorizations))
+ parents)))))
(define* (authenticate-commit repository commit keyring
#:key (default-authorizations '()))
@@ -236,8 +244,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(condition
(&unauthorized-commit-error (commit id)
(signing-key signing-key)))
- (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+ (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
(oid->string id)
(openpgp-format-fingerprint
(openpgp-public-key-fingerprint
@@ -356,7 +364,8 @@ authenticated (only COMMIT-ID is written to cache, though)."
(base64-encode
(sha256 (string->utf8 (repository-directory repository))))))
-(define (verify-introductory-commit repository keyring commit expected-signer)
+(define (verify-introductory-commit repository commit expected-signer keyring
+ authorizations)
"Look up COMMIT in REPOSITORY, and raise an exception if it is not signed by
EXPECTED-SIGNER."
(define actual-signer
@@ -364,13 +373,25 @@ EXPECTED-SIGNER."
(commit-signing-key repository (commit-id commit) keyring)))
(unless (bytevector=? expected-signer actual-signer)
- (raise (formatted-message (G_ "initial commit ~a is signed by '~a' \
+ (raise (make-compound-condition
+ (condition (&unauthorized-commit-error (commit (commit-id commit))
+ (signing-key actual-signer)))
+ (formatted-message (G_ "initial commit ~a is signed by '~a' \
instead of '~a'")
- (oid->string (commit-id commit))
- (openpgp-format-fingerprint actual-signer)
- (openpgp-format-fingerprint expected-signer)))))
-
-(define* (authenticate-repository repository start signer
+ (oid->string (commit-id commit))
+ (openpgp-format-fingerprint actual-signer)
+ (openpgp-format-fingerprint expected-signer)))))
+ (unless (member actual-signer
+ (authorized-keys-at-commit repository commit authorizations)
+ bytevector=?)
+ ;; FIXME Is this the right way to tell the user about this situation? It
+ ;; would also be nice if the tests could assert for this warning.
+ (warning (G_ "initial commit ~a does not add \
+the key it is signed with (~a) to the '.guix-authorizations' file.")
+ (oid->string (commit-id commit))
+ (openpgp-format-fingerprint actual-signer))))
+
+(define* (authenticate-repository repository intro-commit-hash intro-signer
#:key
(keyring-reference "keyring")
(cache-key (repository-cache-key repository))
@@ -380,11 +401,12 @@ instead of '~a'")
(historical-authorizations '())
(make-reporter
(const progress-reporter/silent)))
- "Authenticate REPOSITORY up to commit END, an OID. Authentication starts
-with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case. Commits listed in AUTHENTIC-COMMITS and their
-closure are considered authentic. Return an alist mapping OpenPGP public keys
-to the number of commits signed by that key that have been traversed.
+ "Authenticate REPOSITORY up to commit END, an OID. Authentication starts with
+commit INTRO-COMMIT-HASH, an OID, which must be signed by INTRO-SIGNER; an
+exception is raised if that is not the case. Commits listed in
+AUTHENTIC-COMMITS and their closure are considered authentic. Return an
+alist mapping OpenPGP public keys to the number of commits signed by that
+key that have been traversed.
The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
KEYRING-REFERENCE is the name of a branch. The list of authenticated commits
@@ -393,8 +415,10 @@ is cached in the authentication cache under CACHE-KEY.
HISTORICAL-AUTHORIZATIONS must be a list of OpenPGP fingerprints (bytevectors)
denoting the authorized keys for commits whose parent lack the
'.guix-authorizations' file."
- (define start-commit
- (commit-lookup repository start))
+
+ (define intro-commit
+ (commit-lookup repository intro-commit-hash))
+
(define end-commit
(commit-lookup repository end))
@@ -404,36 +428,37 @@ denoting the authorized keys for commits whose parent lack the
(define authenticated-commits
;; Previously-authenticated commits that don't need to be checked again.
(filter-map (lambda (id)
+ ;; We need to tolerate when cached commits disappear due to
+ ;; --allow-downgrades.
(false-if-git-not-found
(commit-lookup repository (string->oid id))))
(append (previously-authenticated-commits cache-key)
- authentic-commits)))
+ authentic-commits
+ ;; The intro commit is unconditionally trusted.
+ (list (oid->string intro-commit-hash)))))
(define commits
;; Commits to authenticate, excluding the closure of
;; AUTHENTICATED-COMMITS.
- (commit-difference end-commit start-commit
- authenticated-commits))
-
- ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
- ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
- ;; be authentic already.
- (if (null? commits)
- '()
- (let ((reporter (make-reporter start-commit end-commit commits)))
- ;; If it's our first time, verify START-COMMIT's signature.
- (when (null? authenticated-commits)
- (verify-introductory-commit repository keyring
- start-commit signer))
-
- (let ((stats (call-with-progress-reporter reporter
- (lambda (report)
- (authenticate-commits repository commits
- #:keyring keyring
- #:default-authorizations
- historical-authorizations
- #:report-progress report)))))
- (cache-authenticated-commit cache-key
- (oid->string (commit-id end-commit)))
-
- stats))))
+ (commit-difference end-commit intro-commit
+ authenticated-commits))
+
+ (verify-introductory-commit repository intro-commit
+ intro-signer keyring
+ historical-authorizations)
+
+ (let* ((reporter (make-reporter intro-commit end-commit commits))
+ (stats (call-with-progress-reporter reporter
+ (lambda (report)
+ (authenticate-commits repository commits
+ #:keyring keyring
+ #:default-authorizations
+ historical-authorizations
+ #:report-progress report)))))
+ ;; Note that this will make the then current end commit of any channel,
+ ;; that has been used/trusted in the past with a channel introduction,
+ ;; remain trusted until the cache is cleared.
+ (cache-authenticated-commit cache-key
+ (oid->string (commit-id end-commit)))
+
+ stats))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:07:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:07:59 2021
Received: from localhost ([127.0.0.1]:43237 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mV1bD-0006Tv-23
for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:59 -0400
Received: from mail-ed1-f53.google.com ([209.85.208.53]:44660)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mV1b2-0006T6-Lc
for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:49 -0400
Received: by mail-ed1-f53.google.com with SMTP id v18so41281268edc.11
for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=+TV6SG8Rdqg0pRcyGxLHQ8Vfm+XO1c9ZH3Grd+sdLlY=;
b=QQniLNoKAioxFwkN8hCUr5qQZ3PPCEERmJqmjH8dmqaP6YMaNUkcYeKOeGiebmQjJM
+nO0fNmF2yjbqzWcRIz5CuhEsNmTrU8ndjKdOEU/zUMRVs+QNPIVG+kp11j7sG/EgTTN
k0pPm/Z4Bbidlat03J0+JSYM7aWTp61LCJGlXjLknN6DMq7F/jLBcnpR5btUSCHFG0Yb
yLDRkc5oU2gHKYUE7pEJKrmCfbQZW+TYuE1+K5I9U1NhvFMX5kLijQ3sYFFYFgqb7c8q
pGlTT+fvIInS6wkvDsKVDfL8u+9NoJDxFLuJZ4yR6DepRStvDvdyz2OE/ELpRJV+7xqT
i49g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=+TV6SG8Rdqg0pRcyGxLHQ8Vfm+XO1c9ZH3Grd+sdLlY=;
b=MSq7NgrZr2dvy3DjlMYHAX8CxHGaspkqlCD0FmkJX1ipkHwN0ZmxPsnUzcSuySQRib
yQYDjA7LwEOJ6w6BSkiWYnhlixQBYve1mANRwGuM5OouNxz4FmeJd4wVRvbuAl7edVy+
GV9+K0olmkCz0G14NDp50NiHIWhBfDDt5fCZRX1ck8dBg1aLd7McJNzibc10985PEKCt
lhjh0ab9XPr+xQ4goimAHu6/cWtqptTuCAi0d13sjsPNsREbJ5Wirno3+OpFdGCoVFZP
9c8OdE7UlIuMpMOybqVQHwJGsAkL/8/m/zFjdR+ymUdfJKccFESMLBHEIRXFB550S8Ev
sESw==
X-Gm-Message-State: AOAM531QtBN1U/z7ABIFPA1Rj4fVoEI/+jyX7goAV+M5kRb6gCiVW8dz
KLGAmJbdMWV6ys996EmqrpsKzld3SaY=
X-Google-Smtp-Source: ABdhPJzVwBLZHAkfeRhdEnbeDLyLZKcOkTiHuwBm/j3QFg7kUorFXEPlg+VYPfTEFFiMLTIF3tut/A==
X-Received: by 2002:a17:906:fc7:: with SMTP id
c7mr3675665ejk.333.1632791262992;
Mon, 27 Sep 2021 18:07:42 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.42
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 27 Sep 2021 18:07:42 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 3/4] tests: Add failing test for .guix-authorizations and
channel intro.
Date: Tue, 28 Sep 2021 03:05:37 +0200
Message-Id: <20210928010537.4241-3-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928010537.4241-1-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
Will be fixed in a subsequent commit.
* tests/git-authenticate.scm: New test "signed commits, .guix-authorizations,
channel-introduction".
---
tests/git-authenticate.scm | 111 +++++++++++++++++++++++++++++++++++++
1 file changed, 111 insertions(+)
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index f66ef191b0..672aff2177 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -226,6 +226,117 @@
#:keyring-reference "master")
#f)))))))
+(unless (gpg+git-available?) (test-skip 1))
+(test-assert "signed commits, .guix-authorizations, channel-introduction"
+ (let* ((result #true)
+ (key1 %ed25519-public-key-file)
+ (key2 %ed25519-2-public-key-file)
+ (key3 %ed25519-3-public-key-file))
+ (with-fresh-gnupg-setup (list key1 %ed25519-secret-key-file
+ key2 %ed25519-2-secret-key-file
+ key3 %ed25519-3-secret-key-file)
+ (with-temporary-git-repository dir
+ `((checkout "keyring" orphan)
+ (add "signer1.key" ,(call-with-input-file key1 get-string-all))
+ (add "signer2.key" ,(call-with-input-file key2 get-string-all))
+ (add "signer3.key" ,(call-with-input-file key3 get-string-all))
+ (commit "keyring commit")
+
+ (checkout "main" orphan)
+ (add "noise0")
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))))))
+ (commit "commit 0" (signer ,(key-fingerprint key3)))
+ (add "noise1")
+ (commit "commit 1" (signer ,(key-fingerprint key1)))
+ (add "noise2")
+ (commit "commit 2" (signer ,(key-fingerprint key1))))
+ (with-repository dir repo
+ (let* ((commit-0 (find-commit repo "commit 0"))
+ (check-from
+ (lambda* (commit #:key (should-fail? #false) (key key1)
+ (historical-authorizations
+ ;; key3 is trusted to authorize commit 0
+ (list (key-fingerprint-vector key3))))
+ (guard (c ((unauthorized-commit-error? c)
+ (if should-fail?
+ c
+ (let ((port (current-output-port)))
+ (format port "FAILURE: Unexpected exception at commit '~s':~%"
+ commit)
+ (print-exception port (stack-ref (make-stack #t) 1)
+ c (exception-args c))
+ (set! result #false)
+ '()))))
+ (format #true "~%~%Checking ~s, should-fail? ~s, repo commits:~%"
+ commit should-fail?)
+ ;; to be able to inspect in the logs
+ (invoke "git" "-C" dir "log" "--reverse" "--pretty=oneline" "main")
+ (set! commit (find-commit repo commit))
+ (authenticate-repository
+ repo
+ (commit-id commit)
+ (key-fingerprint-vector key)
+ #:historical-authorizations historical-authorizations)
+ (when should-fail?
+ (format #t "FAILURE: Authenticating commit '~s' should have failed.~%" commit)
+ (set! result #false))
+ '()))))
+ (check-from "commit 0" #:key key3)
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (with-git-repository dir
+ `((add "noise 3")
+ ;; a commit with key2
+ (commit "commit 3" (signer ,(key-fingerprint key2))))
+ ;; Should fail because it is signed with key2, not key1
+ (check-from "commit 3" #:should-fail? #true)
+ ;; Specify commit 3 as a channel-introduction signed with
+ ;; key2. This is valid, but it should warn the user, because
+ ;; .guix-authorizations is not updated to include key2, which
+ ;; means that any subsequent commits with the same key will be
+ ;; rejected.
+ ;;
+ ;; TODO we should check somehow that a warning is issued
+ (check-from "commit 3" #:key key2))
+ (with-git-repository dir
+ `((reset ,(oid->string (commit-id (find-commit repo "commit 2"))))
+ (add "noise 4")
+ ;; set it up properly
+ (add ".guix-authorizations"
+ ,(object->string
+ `(authorizations
+ (version 0)
+ ((,(key-fingerprint key1) (name "Alice"))
+ (,(key-fingerprint key2) (name "Bob"))))))
+ (commit "commit 4" (signer ,(key-fingerprint key2))))
+ ;; This should fail because even though commit 4 adds key2 to
+ ;; .guix-authorizations, the commit itself is not authorized.
+ (check-from "commit 1" #:should-fail? #true)
+ ;; This should pass, because it's a valid channel intro at commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 5")
+ (commit "commit 5" (signer ,(key-fingerprint key2))))
+ ;; This is not very intuitive: because commit 4 has once been
+ ;; used as a channel intro, it got marked as trusted in the
+ ;; ~/.cache/, and because commit 1 is one of its parent, it is
+ ;; also trusted.
+ (check-from "commit 1")
+ (check-from "commit 2")
+ ;; Should still be fine, but only when starting from commit 4
+ (check-from "commit 4" #:key key2))
+ (with-git-repository dir
+ `((add "noise 6")
+ (commit "commit 6" (signer ,(key-fingerprint key1))))
+ (check-from "commit 1")
+ (check-from "commit 2")
+ (check-from "commit 4" #:key key2))))))
+ result))
+
(unless (gpg+git-available?) (test-skip 1))
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:07:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:07:59 2021
Received: from localhost ([127.0.0.1]:43233 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mV1b2-0006TP-Lz
for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:58 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50]:38673)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mV1b0-0006T2-CF
for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:47 -0400
Received: by mail-ed1-f50.google.com with SMTP id dj4so76755381edb.5
for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding;
bh=aJEoCIEEpzageVMJefshkaispmlhREh+N3ffEi8R0Qk=;
b=dNOhEz/CMOLDaZVvl5VPtyzykFGqA9p0NYqMI29NU2HTnUtgk+j8kSXmOzaqVawDOx
/i6dIRyfLJ95HJtjvrFsdPWHIymdivwvLM4K/aj7MGfGV1sTBEWlwSGJO0pJYpjo6Xv/
lMfDcYPOmBdy2HblLeYUyUSzW8R12tA2Mugep5fbazX7LDpAvWvRhjM7b9Ub+HTzYAlL
MIU6/TT6lmTER8AA8y4QyMDxBzCEH4asVjeYYzzc9hvljj5086RD5l1nQRDTziqOtKUW
WQHSBIpzBpwXPkQ7j3cOXvqxxjg44vSxkVkuplIwIE9hNN/3wrfyFD4M3NQGn5nY3mHm
3ZPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:in-reply-to:references:mime-version:content-transfer-encoding;
bh=aJEoCIEEpzageVMJefshkaispmlhREh+N3ffEi8R0Qk=;
b=sp7lCoMayN0hPijH2Hv/YE7w+Sk0gNfTltOUJvRtFpxwwcp/1wJaqFVmRCa7dTPIRi
sLAEsGbEvLDMsIdLKvazHfsjCCGVhCFjd9EWEmicN4kybstlpq8dxm4jsdiqwmMTbCKJ
I6TQSCPswyLvLI6qljEeUaW+hGC0ah7iP9xcfbY2lvGuxm33ITL/Bx+E4MMY6w33Yk32
l914kieNQ6lhielJFP5b15LWzod7tFaug+rvOPeZadJQcAnBy04xqXkCn9Y59KT9p2t1
trItr8+C7JE7JJ6KNX8LNAmw/xXHIOIkjR/0b1UC2JB0NIbfYrx/ml8AWbHd//0hhRNN
H+qQ==
X-Gm-Message-State: AOAM530NQHdjRDTYtkjntolCDwicubs0VM9H9O5zK8TkUnttpJSZ/WLm
QtZWs166T0Jga0nKC1LnB3zkYzUhAmQ=
X-Google-Smtp-Source: ABdhPJy9tX7Pjj2dPvJm63TR4NsLdVZpkfGdMsD44UUyWqpYpoF6jUizxlQDRfhPqhTLnKtRx58jTA==
X-Received: by 2002:a05:6402:3128:: with SMTP id
dd8mr4010947edb.383.1632791260694;
Mon, 27 Sep 2021 18:07:40 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.40
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 27 Sep 2021 18:07:40 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 2/4] tests: Move keys into ./tests/keys/ and add a third
ed25519 key.
Date: Tue, 28 Sep 2021 03:05:36 +0200
Message-Id: <20210928010537.4241-2-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
In-Reply-To: <20210928010537.4241-1-attila@HIDDEN>
References: <20210928010537.4241-1-attila@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.6 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)
The third key will be used in an upcoming commit.
Rename public keys to .pub.
* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.
---
Makefile.am | 20 +++++-----
build-aux/test-env.in | 6 +--
guix/tests/gnupg.scm | 22 ++++++----
tests/channels.scm | 18 ++++-----
tests/git-authenticate.scm | 23 +++++------
tests/guix-authenticate.sh | 4 +-
tests/{civodul.key => keys/civodul.pub} | 0
tests/{dsa.key => keys/dsa.pub} | 0
tests/{ed25519bis.key => keys/ed25519-2.pub} | 0
tests/{ed25519bis.sec => keys/ed25519-2.sec} | 0
tests/keys/ed25519-3.pub | 9 +++++
tests/keys/ed25519-3.sec | 10 +++++
tests/{ed25519.key => keys/ed25519.pub} | 0
tests/{ => keys}/ed25519.sec | 0
tests/{rsa.key => keys/rsa.pub} | 0
tests/{ => keys}/signing-key.pub | 0
tests/{ => keys}/signing-key.sec | 0
tests/openpgp.scm | 42 +++++++++++---------
18 files changed, 93 insertions(+), 61 deletions(-)
rename tests/{civodul.key => keys/civodul.pub} (100%)
rename tests/{dsa.key => keys/dsa.pub} (100%)
rename tests/{ed25519bis.key => keys/ed25519-2.pub} (100%)
rename tests/{ed25519bis.sec => keys/ed25519-2.sec} (100%)
create mode 100644 tests/keys/ed25519-3.pub
create mode 100644 tests/keys/ed25519-3.sec
rename tests/{ed25519.key => keys/ed25519.pub} (100%)
rename tests/{ => keys}/ed25519.sec (100%)
rename tests/{rsa.key => keys/rsa.pub} (100%)
rename tests/{ => keys}/signing-key.pub (100%)
rename tests/{ => keys}/signing-key.sec (100%)
diff --git a/Makefile.am b/Makefile.am
index 042cf28464..c0a5b14f02 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -640,16 +640,18 @@ EXTRA_DIST += \
build-aux/update-guix-package.scm \
build-aux/update-NEWS.scm \
tests/test.drv \
- tests/signing-key.pub \
- tests/signing-key.sec \
tests/cve-sample.json \
- tests/civodul.key \
- tests/rsa.key \
- tests/dsa.key \
- tests/ed25519.key \
- tests/ed25519.sec \
- tests/ed25519bis.key \
- tests/ed25519bis.sec \
+ tests/keys/signing-key.pub \
+ tests/keys/signing-key.sec \
+ tests/keys/civodul.pub \
+ tests/keys/rsa.pub \
+ tests/keys/dsa.pub \
+ tests/keys/ed25519.pub \
+ tests/keys/ed25519.sec \
+ tests/keys/ed25519-2.pub \
+ tests/keys/ed25519-2.sec \
+ tests/keys/ed25519-3.pub \
+ tests/keys/ed25519-3.sec \
build-aux/config.rpath \
bootstrap \
doc/build.scm \
diff --git a/build-aux/test-env.in b/build-aux/test-env.in
index 7efc43206c..ca786437e9 100644
--- a/build-aux/test-env.in
+++ b/build-aux/test-env.in
@@ -73,9 +73,9 @@ then
# Copy the keys so that the secret key has the right permissions (the
# daemon errors out when this is not the case.)
mkdir -p "$GUIX_CONFIGURATION_DIRECTORY"
- cp "@abs_top_srcdir@/tests/signing-key.sec" \
- "@abs_top_srcdir@/tests/signing-key.pub" \
- "$GUIX_CONFIGURATION_DIRECTORY"
+ cp "@abs_top_srcdir@/tests/keys/signing-key.sec" \
+ "@abs_top_srcdir@/tests/keys/signing-key.pub" \
+ "$GUIX_CONFIGURATION_DIRECTORY"
chmod 400 "$GUIX_CONFIGURATION_DIRECTORY/signing-key.sec"
fi
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index c7630db912..09f02a2b67 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -28,8 +28,10 @@
%ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file
+ %ed25519-3-public-key-file
+ %ed25519-3-secret-key-file
read-openpgp-packet
key-fingerprint
@@ -64,13 +66,17 @@ process is terminated afterwards."
(call-with-fresh-gnupg-setup imported (lambda () exp ...)))
(define %ed25519-public-key-file
- (search-path %load-path "tests/ed25519.key"))
+ (search-path %load-path "tests/keys/ed25519.pub"))
(define %ed25519-secret-key-file
- (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
- (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
- (search-path %load-path "tests/ed25519bis.sec"))
+ (search-path %load-path "tests/keys/ed25519.sec"))
+(define %ed25519-2-public-key-file
+ (search-path %load-path "tests/keys/ed25519-2.pub"))
+(define %ed25519-2-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-2.sec"))
+(define %ed25519-3-public-key-file
+ (search-path %load-path "tests/keys/ed25519-3.pub"))
+(define %ed25519-3-secret-key-file
+ (search-path %load-path "tests/keys/ed25519-3.sec"))
(define (read-openpgp-packet file)
(get-openpgp-packet
diff --git a/tests/channels.scm b/tests/channels.scm
index 3e82315b0c..d45c450241 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -480,8 +480,8 @@
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -507,7 +507,7 @@
(commit-id-string commit1)
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file)))) ;different key
+ %ed25519-2-public-key-file)))) ;different key
(channel (channel (name 'example)
(url (string-append "file://" directory))
(introduction intro))))
@@ -519,7 +519,7 @@
(oid->string (commit-id commit1))
(key-fingerprint %ed25519-public-key-file)
(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit2)
#:keyring-reference-prefix "")
@@ -530,8 +530,8 @@
#t
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add ".guix-channel"
,(object->string
@@ -552,12 +552,12 @@
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(branch "channel-keyring")
(checkout "channel-keyring")
(add "signer.key" ,(call-with-input-file %ed25519-public-key-file
get-string-all))
- (add "other.key" ,(call-with-input-file %ed25519bis-public-key-file
+ (add "other.key" ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(commit "keyring commit")
(checkout "master"))
@@ -588,7 +588,7 @@
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
(read-openpgp-packet
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(authenticate-channel channel directory
(commit-id-string commit3)
#:keyring-reference-prefix "")
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index d87eacc659..f66ef191b0 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -161,14 +161,14 @@
(test-assert "signed commits, .guix-authorizations, unauthorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -184,7 +184,7 @@
(checkout "devel")
(add "devel/1.txt" "1")
(commit "first devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -203,7 +203,7 @@
(openpgp-public-key-fingerprint
(unauthorized-commit-error-signing-key c))
(openpgp-public-key-fingerprint
- (read-openpgp-packet %ed25519bis-public-key-file)))))
+ (read-openpgp-packet %ed25519-2-public-key-file)))))
(and (authenticate-commits repository (list master1 master2)
#:keyring-reference "master")
@@ -230,14 +230,14 @@
(test-assert "signed commits, .guix-authorizations, authorized merge"
(with-fresh-gnupg-setup (list %ed25519-public-key-file
%ed25519-secret-key-file
- %ed25519bis-public-key-file
- %ed25519bis-secret-key-file)
+ %ed25519-2-public-key-file
+ %ed25519-2-secret-key-file)
(with-temporary-git-repository directory
`((add "signer1.key"
,(call-with-input-file %ed25519-public-key-file
get-string-all))
(add "signer2.key"
- ,(call-with-input-file %ed25519bis-public-key-file
+ ,(call-with-input-file %ed25519-2-public-key-file
get-string-all))
(add ".guix-authorizations"
,(object->string
@@ -258,12 +258,12 @@
%ed25519-public-key-file)
(name "Alice"))
(,(key-fingerprint
- %ed25519bis-public-key-file))))))
+ %ed25519-2-public-key-file))))))
(commit "first devel commit"
(signer ,(key-fingerprint %ed25519-public-key-file)))
(add "devel/2.txt" "2")
(commit "second devel commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file)))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file)))
(checkout "master")
(add "b.txt" "B")
(commit "second commit"
@@ -273,7 +273,7 @@
;; After the merge, the second signer is authorized.
(add "c.txt" "C")
(commit "third commit"
- (signer ,(key-fingerprint %ed25519bis-public-key-file))))
+ (signer ,(key-fingerprint %ed25519-2-public-key-file))))
(with-repository directory repository
(let ((master1 (find-commit repository "first commit"))
(master2 (find-commit repository "second commit"))
@@ -328,4 +328,3 @@
'failed)))))))
(test-end "git-authenticate")
-
diff --git a/tests/guix-authenticate.sh b/tests/guix-authenticate.sh
index 3a05b232c1..0de6da1878 100644
--- a/tests/guix-authenticate.sh
+++ b/tests/guix-authenticate.sh
@@ -28,7 +28,7 @@ rm -f "$sig" "$hash"
trap 'rm -f "$sig" "$hash"' EXIT
-key="$abs_top_srcdir/tests/signing-key.sec"
+key="$abs_top_srcdir/tests/keys/signing-key.sec"
key_len="`echo -n $key | wc -c`"
# A hexadecimal string as long as a sha256 hash.
@@ -67,7 +67,7 @@ test "$code" -ne 0
# encoded independently of the current locale: <https://bugs.gnu.org/43421>.
hash="636166e9636166e9636166e9636166e9636166e9636166e9636166e9636166e9"
latin1_cafe="caf$(printf '\351')"
-echo "sign 21:tests/signing-key.sec 64:$hash" | guix authenticate \
+echo "sign 26:tests/keys/signing-key.sec 64:$hash" | guix authenticate \
| LC_ALL=C grep "hash sha256 \"$latin1_cafe"
# Test for <http://bugs.gnu.org/17312>: make sure 'guix authenticate' produces
diff --git a/tests/civodul.key b/tests/keys/civodul.pub
similarity index 100%
rename from tests/civodul.key
rename to tests/keys/civodul.pub
diff --git a/tests/dsa.key b/tests/keys/dsa.pub
similarity index 100%
rename from tests/dsa.key
rename to tests/keys/dsa.pub
diff --git a/tests/ed25519bis.key b/tests/keys/ed25519-2.pub
similarity index 100%
rename from tests/ed25519bis.key
rename to tests/keys/ed25519-2.pub
diff --git a/tests/ed25519bis.sec b/tests/keys/ed25519-2.sec
similarity index 100%
rename from tests/ed25519bis.sec
rename to tests/keys/ed25519-2.sec
diff --git a/tests/keys/ed25519-3.pub b/tests/keys/ed25519-3.pub
new file mode 100644
index 0000000000..72f311984c
--- /dev/null
+++ b/tests/keys/ed25519-3.pub
@@ -0,0 +1,9 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldm0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiWBBMWCAA+FiEEjO6M85jMSK68
+7tINGBzA7NyoagkFAmFR/+8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AACgkQGBzA7Nyoagl3lgEAw6yqIlX11lTqwxBGhZk/Oy34O13cbJSZCGv+m0ja
++hcA/3DCNOmT+oXjgO/w6enQZUQ1m/d6dUjCc2wOLlLz+ZoG
+=+r3i
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/keys/ed25519-3.sec b/tests/keys/ed25519-3.sec
new file mode 100644
index 0000000000..04128a4131
--- /dev/null
+++ b/tests/keys/ed25519-3.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEYVH/7xYJKwYBBAHaRw8BAQdALMLeUhjEG2/UPCJj2j/debFwwAK5gT3G0l5d
+ILfFldkAAP92goSbbzQ0ttElr9lr5Cm6rmQtqUZ2Cu/Jk9fvfZROwxI0tBU8ZXhh
+bXBsZUBleGFtcGxlLmNvbT6IlgQTFggAPhYhBIzujPOYzEiuvO7SDRgcwOzcqGoJ
+BQJhUf/vAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBgcwOzc
+qGoJd5YBAMOsqiJV9dZU6sMQRoWZPzst+Dtd3GyUmQhr/ptI2voXAP9wwjTpk/qF
+44Dv8Onp0GVENZv3enVIwnNsDi5S8/maBg==
+=EmOt
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/keys/ed25519.pub
similarity index 100%
rename from tests/ed25519.key
rename to tests/keys/ed25519.pub
diff --git a/tests/ed25519.sec b/tests/keys/ed25519.sec
similarity index 100%
rename from tests/ed25519.sec
rename to tests/keys/ed25519.sec
diff --git a/tests/rsa.key b/tests/keys/rsa.pub
similarity index 100%
rename from tests/rsa.key
rename to tests/keys/rsa.pub
diff --git a/tests/signing-key.pub b/tests/keys/signing-key.pub
similarity index 100%
rename from tests/signing-key.pub
rename to tests/keys/signing-key.pub
diff --git a/tests/signing-key.sec b/tests/keys/signing-key.sec
similarity index 100%
rename from tests/signing-key.sec
rename to tests/keys/signing-key.sec
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index c2be26fa49..1f20466772 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -59,18 +59,22 @@ vBSFjNSiVHsuAA==
(define %civodul-fingerprint
"3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5")
-(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.key
-
-;; Test keys. They were generated in a container along these lines:
-;; guix environment -CP --ad-hoc gnupg pinentry
-;; then, within the container:
-;; mkdir ~/.gnupg
-;; echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
-;; gpg --quick-gen-key '<ludo+test-rsa@HIDDEN>' rsa
-;; or similar.
-(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.key
-(define %dsa-key-id #x587918047BE8BD2C) ;dsa.key
-(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.key
+(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub
+
+#|
+Test keys in ./tests/keys. They were generated in a container along these lines:
+ guix environment -CP --ad-hoc gnupg pinentry coreutils
+then, within the container:
+ mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
+ gpg --batch --passphrase '' --quick-gen-key '<example@HIDDEN>' ed25519
+ gpg --armor --export example@HIDDEN
+ gpg --armor --export-secret-key example@HIDDEN
+ # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
+or similar.
+|#
+(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub
+(define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub
+(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub
(define %rsa-key-fingerprint
(base16-string->bytevector
@@ -168,7 +172,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
(test-assert "get-openpgp-keyring"
- (let* ((key (search-path %load-path "tests/civodul.key"))
+ (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
(keyring (get-openpgp-keyring
(open-bytevector-input-port
(call-with-input-file key read-radix-64)))))
@@ -228,8 +232,10 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(verify-openpgp-signature signature keyring
(open-input-string "Hello!\n"))))
(list status (openpgp-public-key-id key)))))
- (list "tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+ (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub")
(list %hello-signature/rsa %hello-signature/dsa
%hello-signature/ed25519/sha256
%hello-signature/ed25519/sha512
@@ -248,9 +254,9 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
(call-with-input-file key read-radix-64))
keyring)))
%empty-keyring
- '("tests/rsa.key" "tests/dsa.key"
- "tests/ed25519.key" "tests/ed25519.key"
- "tests/ed25519.key"))))
+ '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
+ "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
+ "tests/keys/ed25519.pub"))))
(map (lambda (signature)
(let ((signature (string->openpgp-packet signature)))
(let-values (((status key)
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
Received: (at 50814) by debbugs.gnu.org; 28 Sep 2021 01:07:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 21:07:48 2021
Received: from localhost ([127.0.0.1]:43231 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mV1b2-0006TM-C8
for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:48 -0400
Received: from mail-ed1-f49.google.com ([209.85.208.49]:35807)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mV1ay-0006Sz-Id
for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 21:07:47 -0400
Received: by mail-ed1-f49.google.com with SMTP id l8so28956665edw.2
for <50814 <at> debbugs.gnu.org>; Mon, 27 Sep 2021 18:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=4C6uXvPkgyWTKcARbKHq7ZaLxV3UyjfBBjr9wtyCgyE=;
b=R1cogpYPPRAr4Ev2EvZI62NivazpiI39TYQj6/PnfluEgI2xEaDGiDSaUcr9uGdkjY
vZF7a8/8AfavTMQWmBjzSZOOJfFvzx6PdU37kJ++Oxo8XGmZYYd5+6KtLrmSRY23pJT5
ETO0BE0LUjZP3Y69NxGgT4gvwyTUVuYf/p5+kI2MjlXVvw/QlXsNMvi7HYd1PsM2/IOk
q+2xdq3iNXieiL7OQ+j+MyrveYZpRAoYa/Y67s5tGiIIKD0NOUmIxCYZbq18OwWGH7Mh
6Z0RLbXLs1aOjegB1+Yhmb2Ille/UPFK9Kkteda5qwxRwTDT2JjHvGTpMowZJn8lxdSc
7QtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:mime-version:content-transfer-encoding;
bh=4C6uXvPkgyWTKcARbKHq7ZaLxV3UyjfBBjr9wtyCgyE=;
b=mOfBj72qeXXxanxtdqdGdye+N26AMGJ+bFonof98tSwXCnXuFrgVdCrJ/ro00wN0OB
gIkt7Tqz1ntlcJj7IquwuQxx72AeexTt3nNKdC1+5iXKiG6VYe6Yv5U4Zk27ZwUv73Gq
N0VnJpsxaKersGc2rusOSK73Xq7+cf9XRDnppAfCEZb4q1lRfHRV0TZZVKmm449Btl8s
5ieK4kM7URPK3PLLp78ZvO8dTEVnk17py4oc2ShIn0JQPA/aTVT6brtjWB2+h+O4v4y1
sa4iDhHA/LkoXViNa+fjIwm2/jjnHSFH9mk1rgxGtRPp+cqA/p1+vDW5knr9tidYJ9k7
ZS1Q==
X-Gm-Message-State: AOAM531Ovpu7RcuoCOqoiQQLxHG5tkIGoSLYLcJYFuYRV4rN7vjxI+Nm
MIXgtL2KWYqCypfN3vJHrc1qkpMUazA=
X-Google-Smtp-Source: ABdhPJyZVxIbrPvx58WDmQaFMt/bkn5gwh7ikbnRyzbVaDbZuvLYh/BBpfOimsbo6S3n6xry6p5EHg==
X-Received: by 2002:aa7:c2d3:: with SMTP id m19mr4137555edp.267.1632791258731;
Mon, 27 Sep 2021 18:07:38 -0700 (PDT)
Received: from lelap.lan (catv-213-222-131-28.catv.broadband.hu.
[213.222.131.28])
by smtp.gmail.com with ESMTPSA id c5sm11989558edx.81.2021.09.27.18.07.36
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 27 Sep 2021 18:07:37 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: 50814 <at> debbugs.gnu.org
Subject: [PATCH 1/4] tests: Smarten up git repository testing framework.
Date: Tue, 28 Sep 2021 03:05:35 +0200
Message-Id: <20210928010537.4241-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 50814
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
* guix/tests/git.scm (with-git-repository): New macro that can be used in
a nested way under a with-temporary-git-repository.
(populate-git-repository): Extend the DSL with (add "some-noise"), (reset
"[commit hash]"), (checkout "branch" orphan).
* guix/tests/gnupg.scm (key-fingerprint-vector): New function.
---
Ready for merging modulo possible feedback, and one TODO
regarding the UI of giving feedback to the user.
guix/tests/git.scm | 23 +++++++++++++++++++++--
guix/tests/gnupg.scm | 8 ++++++--
2 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/guix/tests/git.scm b/guix/tests/git.scm
index 69960284d9..76f5a8b937 100644
--- a/guix/tests/git.scm
+++ b/guix/tests/git.scm
@@ -26,6 +26,7 @@
#:use-module (ice-9 control)
#:export (git-command
with-temporary-git-repository
+ with-git-repository
find-commit))
(define git-command
@@ -59,8 +60,9 @@ Return DIRECTORY on success."
(apply invoke (git-command) "-C" directory
command args)))))
- (mkdir-p directory)
- (git "init")
+ (unless (directory-exists? (string-append directory "/.git"))
+ (mkdir-p directory)
+ (git "init"))
(let loop ((directives directives))
(match directives
@@ -78,6 +80,9 @@ Return DIRECTORY on success."
port)))
(git "add" file)
(loop rest)))
+ ((('add file-name-and-content) rest ...)
+ (loop (cons `(add ,file-name-and-content ,file-name-and-content)
+ rest)))
((('remove file) rest ...)
(git "rm" "-f" file)
(loop rest))
@@ -99,12 +104,18 @@ Return DIRECTORY on success."
((('checkout branch) rest ...)
(git "checkout" branch)
(loop rest))
+ ((('checkout branch 'orphan) rest ...)
+ (git "checkout" "--orphan" branch)
+ (loop rest))
((('merge branch message) rest ...)
(git "merge" branch "-m" message)
(loop rest))
((('merge branch message ('signer fingerprint)) rest ...)
(git "merge" branch "-m" message
(string-append "--gpg-sign=" fingerprint))
+ (loop rest))
+ ((('reset to) rest ...)
+ (git "reset" "--hard" to)
(loop rest)))))
(define (call-with-temporary-git-repository directives proc)
@@ -121,6 +132,14 @@ per DIRECTIVES."
(lambda (directory)
exp ...)))
+(define-syntax-rule (with-git-repository directory
+ directives exp ...)
+ "Evaluate EXP in a context where DIRECTORY is (further) populated as
+per DIRECTIVES."
+ (begin
+ (populate-git-repository directory directives)
+ exp ...))
+
(define (find-commit repository message)
"Return the commit in REPOSITORY whose message includes MESSAGE, a string."
(let/ec return
diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index eb8ff63a43..c7630db912 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -33,6 +33,7 @@
read-openpgp-packet
key-fingerprint
+ key-fingerprint-vector
key-id))
(define gpg-command
@@ -76,7 +77,10 @@ process is terminated afterwards."
(open-bytevector-input-port
(call-with-input-file file read-radix-64))))
+(define key-fingerprint-vector
+ (compose openpgp-public-key-fingerprint
+ read-openpgp-packet))
+
(define key-fingerprint
(compose openpgp-format-fingerprint
- openpgp-public-key-fingerprint
- read-openpgp-packet))
+ key-fingerprint-vector))
--
2.33.0
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 27 Sep 2021 18:45:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 14:45:38 2021 Received: from localhost ([127.0.0.1]:42843 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mUvdC-00010k-0x for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:45:38 -0400 Received: from mail-40136.protonmail.ch ([185.70.40.136]:33655) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mUvd9-00010T-4I for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:45:36 -0400 Date: Mon, 27 Sep 2021 18:45:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1632768328; bh=iPL5ldy2H+WYgs0Qz39B/IKLS5p+uw26vP6r+9YIhyA=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=dcqFoRKqfaT1Z9ccUTHPwdhWr1dOQ9mR/rK35wcpAsLN3VH/5W4EDRu3GH0ouaN/x jqmDvqys2n3k1jafaaU6sYDDkH279Td4+3R5CunLvy2gP0230q5it5pjJ+d91lnG7y oLiNnZixiIfDTHiOyuLZ92OV82I/AMU00Z2+tCF3Onlq6eLJPIJb2bXdBUxXwRuYvW H4ncDX+676tyqKRMKr/yn2yLSyXFr3w9s/4GSwxSd5wAHNwfO6kDmmAcDWTIVAmsU9 fBO3E/a6IzI6NiRT8w5nSC1gX2T4nSokqquy1CKsmjBp1/iXULlYlgOflJ6z6uar9D B74+0IhZp4opQ== To: Maxime Devos <maximedevos@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <XYPPxjyGCdWp4mrarRj4nrI4iZiANxHu1TJEVMd_d2PGw4OmD0yr7HMLd9NXEljnm5TSox8pm75D-alHyaiu29Wre4spahCrmuqZCvkSql8=@lendvai.name> In-Reply-To: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) what should happen if a channel-introduction commit does not update the .gu= ix-authorizations file? this means that this single commit will get through the authentication (cha= nnel intro commits are always trusted), but any later commits signed with t= he same key will be rejected. this is the situation that got me confused, and thrust me into attempting t= o fix this (trying to `guix pull` from a local git checkout of guix contain= ing my patches). i wrote the code for this, but i don't know what should be its UI. how shou= ld this be reported to the user? using `(warning ...)` will just print something to stderr. i was hoping to raise a continuable condition of type &warning, that i can = even check for in the tests, but i have failed to put that together. the sc= heme/guile condition system is a bit messy/convoluted. can someone help me out with a hint/outline about how to report this that b= est fits the rest of guix? note that it's not really an error, because until another commit is added w= ith the new key, this channel is valid. - attila PGP:=C2=A05D5F 45C7 DFCD 0A39
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 27 Sep 2021 18:01:32 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 27 14:01:32 2021 Received: from localhost ([127.0.0.1]:42751 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mUuwW-0008Ih-3n for submit <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:01:32 -0400 Received: from mail-40131.protonmail.ch ([185.70.40.131]:47484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <attila@HIDDEN>) id 1mUuwS-0008IO-TC for 50814 <at> debbugs.gnu.org; Mon, 27 Sep 2021 14:01:30 -0400 Date: Mon, 27 Sep 2021 18:01:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail2; t=1632765678; bh=picSrt/spDdNBOxn0BjlTYSHMd7AEv74CVbXlQ0G7OA=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=xCz31ht5aICuiFBxkBfxGDVI6J0qNAi8D/hzERFRlakTErFhXRTXrGxDiX8HxPUkv WUCb+5VBHxuvqM9Zmv3dGBOnHNQy7JZaUPlwTESonto1szXKIRB9FFlGn6V2lygJx+ iNA0OFa1+3tKBsiU1/FBioR3Y26PlSF9n6TrCrqR+BZEGUYtZPqBq25HjELtm7MAQ1 a6p0oCJFHz3Xd71GhYFxAjyZgp0EYz8ZX0T+T/EhbZEJPtrARMCITqpTUEOiZMLcVe Be5s45gJAUAlOVprzpeVMN+qYIz9gVYuhBocYeLZCPIb+1uxY5PGMXStK4g5jWmxLF /gPgaLqFT2qFw== To: Maxime Devos <maximedevos@HIDDEN> From: Attila Lendvai <attila@HIDDEN> Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <MlwY6eiUOkCgaEkZpM6XICOnF_c4o-I_YSlLPKysM412Chnv8lfK1x_AodHD1QZUAgy46Zk3LYfa7Et5QGDH9pOzo6KcEw9SweC7L57f1os=@lendvai.name> In-Reply-To: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: Attila Lendvai <attila@HIDDEN> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) just a quick update that i'm working on putting together an extensive test = for this, and a fix. - attila PGP:=C2=A05D5F 45C7 DFCD 0A39
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 26 Sep 2021 18:15:07 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 26 14:15:07 2021 Received: from localhost ([127.0.0.1]:38756 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mUYg7-0001A1-Bj for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:15:07 -0400 Received: from baptiste.telenet-ops.be ([195.130.132.51]:44558) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1mUYg5-00016L-4C for 50814 <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:15:06 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by baptiste.telenet-ops.be with bizsmtp id yiF3250030mfAB401iF3VW; Sun, 26 Sep 2021 20:15:03 +0200 Message-ID: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@HIDDEN> Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. From: Maxime Devos <maximedevos@HIDDEN> To: Attila Lendvai <attila@HIDDEN>, 50814 <at> debbugs.gnu.org In-Reply-To: <20210926101928.3877-1-attila@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-T0Rmxvr6JckLDOp1J0l6" Date: Sun, 26 Sep 2021 20:14:41 +0200 MIME-Version: 1.0 User-Agent: Evolution 3.34.2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1632680103; bh=zxVmm4eG/ck84kdFcjH5tFLJ0LwR2202hAvXv07WDRg=; h=Subject:From:To:In-Reply-To:References:Date; b=cV6qyMECT7m0d20FcLiv8Pjc9r5O3ksXeD2SS/Q+5rLFopHf/lVtDRvjjELsJXRjU MI7aZsJt8ib3laqa6q4sBFRaZ9ELdMLRquB0xpwbJ+9PdFBM4cK289vz6Gb9LSuxCN so33Cp9rUdM5Vy+aeKVECktAM9WF0L8OfHeRYTVbW7cxDwx3Jgp2JFuzBp5F6VX3LH YFLTAsPot7dsFieCuKCPs1IYI3fyhBl7zMMwNcFOcraQhfTaKL6lx2SAxAMTGFXR8c SZnVnnoxOOqAgnZGnYRCg6Nz3A8VUXuVJOhmwIHHGYUBrIt3R/3bP6u94rm8scVjTp 81Olo6d3Mx7pw== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --=-T0Rmxvr6JckLDOp1J0l6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op zo 26-09-2021 om 12:19 [+0200]: > * guix/git-authenticate.scm (authenticate-commit): Reword and extend the = error > message to point to the relevant part of the manual. > (authenticate-repository): Explicitly authenticate the channel introducti= on > commit, so that it's also rejected unless it is signed by an authorized > key. Otherwise only the second commit would yield an error, which > is confusing. > --- >=20 > here's how i tested this: >=20 > i set up pulling from a local checkout of guix. > in that branch i created a signed dummy commit, and added it as a channel > introduction, replacing guix in my /etc/guix/channels.scm. then tried to > guix pull, which worked. >=20 > then i added another dummy commit, which resulted in an error when pullin= g. >=20 > then i reset the branch back to only contain the first commit, and added > this code that then resulted in an error even with a single commit. >=20 > i have encountered it while i was trying to set up my local checkout to > test my patches on my live guix, and i was utterly confused why my commit > was rejected as unauthenticated (i misunderstood how git-authenticate > works). >=20 > guix/git-authenticate.scm | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) >=20 > diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm > index ab3fcd8b2f..7d66bf0754 100644 > --- a/guix/git-authenticate.scm > +++ b/guix/git-authenticate.scm > @@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZAT= IONS." > (condition > (&unauthorized-commit-error (commit id) > (signing-key signing-key))) > - (formatted-message (G_ "commit ~a not signed by an authorize= d \ > -key: ~a") > + (formatted-message (G_ "commit ~a is signed by an unauthoriz= ed \ > +key: ~a\nSee info guix \"Specifying Channel Authorizations\".") > (oid->string id) > (openpgp-format-fingerprint > (openpgp-public-key-fingerprint > @@ -424,7 +424,12 @@ denoting the authorized keys for commits whose paren= t lack the > ;; If it's our first time, verify START-COMMIT's signature. > (when (null? authenticated-commits) > (verify-introductory-commit repository keyring > - start-commit signer)) > + start-commit signer) > + ;; Explicitly authenticate the channel introduction commit, so= that > + ;; it's also rejected unless it's signed by an authorized > + ;; key. Otherwise only the second commit would yield an error,= which > + ;; is confusing. > + (authenticate-commits repository (list start-commit))) Could you add a test to tests/git-authenticate.scm, verifying the right com= it is reported? (Maybe use unauthorized-commit-error?, guard and authenticate-repository.) I'm not sure explicitely validating the start commit is sufficient. What h= appens in the following scenario: (Order of commits) 0. start commit 1. valid (already authenticated?) commit 2. invalid commit 3. invalid commit Is commit 2 reported, or commit 3 reported? I think commit 2 should be rep= orted, but from your messages on IRC, I think you saw commit 3 being reported? Greetings, Maxime. --=-T0Rmxvr6JckLDOp1J0l6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYVC4iRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qZjAQDP3PxstiQvdEIYogONKEK5cV7Y S23cCMA+zr00wECX8wD/XEJ4PwOOlWjmfQV/hRD+r63hwNgnMXiUr4JTHicpRwc= =F26d -----END PGP SIGNATURE----- --=-T0Rmxvr6JckLDOp1J0l6--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Received: (at 50814) by debbugs.gnu.org; 26 Sep 2021 18:02:21 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 26 14:02:21 2021 Received: from localhost ([127.0.0.1]:38740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mUYTk-0000lm-Rt for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:02:21 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:50217) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1mUYTj-0000lQ-RI for 50814 <at> debbugs.gnu.org; Sun, 26 Sep 2021 14:02:20 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id BA3FB5C0080; Sun, 26 Sep 2021 14:02:14 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 26 Sep 2021 14:02:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=UYXSE2YONwSIe6c8Gs052eIH PTKX64d0b1D0GkEOcqY=; b=eirpM7vX1hbCo47niPp0Yf5w6gwORhTacS0tzMi9 2UuM8vxBX8T5ejZ5xOcPzAoqFghHoyeHC8CfKTiePc+O5sIyI+ukXX590HsPdK+S sgUuDZ6vkmcoK0bweMT8dhTrLCe7eZcnzQo3boc5ZDAzcaLL1aJevNsMShbKO/Ti AgI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=UYXSE2 YONwSIe6c8Gs052eIHPTKX64d0b1D0GkEOcqY=; b=L3MElmI3Z4MMzU4l7L+Z/I 9gUZ8ME1CEbYew3+Mc19FVWUc3yPR4IbLwCl1oRCApVa12kwKVhACFc27769gXOU oYV9auHzebfcBtziOV2stYjZBAx1UeXowqz6cSc62whY0u/wyp+im5Ag/+uIzzzz egrK2UpCbOL3OC1dnhysvD0BrUkq4Cw4AqEH16Yo/XDSp2yJO83qcBJ7Gk11N+Io J2oxuM0YhQG7Vgx4W0R2h5o0ci1O5DH0B7ue3n5hmymwEoyIfTpmxN8c+zZu0RFn nKsD0xf7RgT4lkuqu9hXUE6LlJf6ZEhftelAG9kOWbv+tXX9EMTMyHJa6FzBhXWA == X-ME-Sender: <xms:prVQYRAmOevu1L_njT-1apd7sK3-BgaRhGoh8Hp5fqYtbXqi6EhECQ> <xme:prVQYfiwPb4C2q4lyblOGy1wbfunM1_haSB_52AwDAE1BKru1HBaRFL_FCFreKPpw J4NYgNz6G4u4XxRbw> X-ME-Received: <xmr:prVQYcmBQ5nvrosYJtIE2bWvrtIJNm4Na5cW--WdqU65QF04J-IeqQD0BFj_ni694R9a1AsNyIyJD8eor5Eus_FD8g> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudejiedguddukecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepvdevgeekudeivdeileduveekuefgueeuleehtdffgefftdefkeevleffueef udeknecuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: <xmx:prVQYbxEiCC7JIzC8Ej8Z20mzOxtO4ATpg8ZfhSnCaJo-qosPbTZKw> <xmx:prVQYWTwWeko9px9OFIy6EJ8KRgkWnzTKaxm4hfDF-Bs3ESvwmrLRg> <xmx:prVQYebOW_46hTJfdDNtNAB7d0Ye2N3xIrQvs26Mo5H1QEkdH-79pQ> <xmx:prVQYZKrxKIKetpeif5EkEgPYCv-vNCGvQD_fWHYcqBjdGsue-fBsA> Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 26 Sep 2021 14:02:14 -0400 (EDT) Date: Sun, 26 Sep 2021 14:02:13 -0400 From: Leo Famulari <leo@HIDDEN> To: Attila Lendvai <attila@HIDDEN> Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the channel intro commit. Message-ID: <YVC1pWYSF7ccbSs9@HIDDEN> References: <20210926101928.3877-1-attila@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sZ19UVFReu3CFEXp" Content-Disposition: inline In-Reply-To: <20210926101928.3877-1-attila@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 50814 Cc: 50814 <at> debbugs.gnu.org, guix-security@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) --sZ19UVFReu3CFEXp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 26, 2021 at 12:19:29PM +0200, Attila Lendvai wrote: > * guix/git-authenticate.scm (authenticate-commit): Reword and extend the = error > message to point to the relevant part of the manual. > (authenticate-repository): Explicitly authenticate the channel introducti= on > commit, so that it's also rejected unless it is signed by an authorized > key. Otherwise only the second commit would yield an error, which > is confusing. > --- >=20 > here's how i tested this: >=20 > i set up pulling from a local checkout of guix. > in that branch i created a signed dummy commit, and added it as a channel > introduction, replacing guix in my /etc/guix/channels.scm. then tried to > guix pull, which worked. >=20 > then i added another dummy commit, which resulted in an error when pullin= g. >=20 > then i reset the branch back to only contain the first commit, and added > this code that then resulted in an error even with a single commit. >=20 > i have encountered it while i was trying to set up my local checkout to > test my patches on my live guix, and i was utterly confused why my commit > was rejected as unauthenticated (i misunderstood how git-authenticate > works). Thanks for your report. I've marked the severity as "grave", which in Debbugs parlance means "makes the package in question unusable or mostly so, or causes data loss, or introduces a security hole allowing access to the accounts of users who use the package." https://debbugs.gnu.org/Developer.html#severities I'm not sure if that's justified or not but this patch should be prioritized. --sZ19UVFReu3CFEXp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmFQtaEACgkQJkb6MLrK fwiStg/8D7IUgkR/RBfYkEhlrIbZbOFfx/Iwo9vPZonbtGREFlbCtzJKLtmZjE8/ SfDdEseCOHiRqVD6wO026A52zUyyrLywiw54bgAwYHn+AE6iy6i2+dh/Dv3H4sGA qVEt2M1Oh1Fu7Hd+CwXjpE94OCvX/qjn/mOX6S56TkbN5CU5C9VnTsLFux0HvXbQ TUpRgOxoe3MyGnA2GAk6gjNI4gOVRSEFf86Zl6id5136yxDDucPt5yptbNFSgwZ2 wUvgnxWXpQRAK5QoMLTRZPiJoNk5wo8qAKxcJci6q+t1h5af9AttdDh1Lg2YUe/J JQPa4C7LpcIKTqRdV1EEgZz0PG7qeyIFz3JpDi0AhkmUUoWZuPSuBlBesGP/sJtA IkQcKp7Tka8dy04ID+MXqU9i/nyB+4tXe8jOPp8sG8fblT58uFNb66LEoXvrhW3A ffiUZuvf1qDixE2lu9dRhNDjPMLjALffapuxHMLd689Vjp/7lTv0+Kj5JF0iSIr0 a29vDtP/hro1J0eOdSMUlVQ7Np7ubY3CIJMk811WbR9pVHOmCSV5HGCmeoYkLeb7 k8BGhCdTSIvQFdzs8kQW4GCBfVnnw+mAFov9MntGPRVTe9N1puzEtAzwnZmElKZp 0TD6D8c6j2vuGo66pQXlOOc30DuueHBdphW49G4Tp7nFanuo+Js= =mvsg -----END PGP SIGNATURE----- --sZ19UVFReu3CFEXp--
guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.Leo Famulari <leo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at submit) by debbugs.gnu.org; 26 Sep 2021 10:25:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 26 06:25:23 2021
Received: from localhost ([127.0.0.1]:35981 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mURLX-00015r-5C
for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 06:25:23 -0400
Received: from lists.gnu.org ([209.51.188.17]:33704)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <attila.lendvai@HIDDEN>) id 1mURLV-00015k-G5
for submit <at> debbugs.gnu.org; Sun, 26 Sep 2021 06:25:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60722)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <attila.lendvai@HIDDEN>)
id 1mURLO-0000HA-PG
for guix-patches@HIDDEN; Sun, 26 Sep 2021 06:25:17 -0400
Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]:45029)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <attila.lendvai@HIDDEN>)
id 1mURLL-000141-3U
for guix-patches@HIDDEN; Sun, 26 Sep 2021 06:25:12 -0400
Received: by mail-ed1-x531.google.com with SMTP id v18so20606511edc.11
for <guix-patches@HIDDEN>; Sun, 26 Sep 2021 03:25:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=sender:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=;
b=NE5MAxP/Zg288tkwzt/6F/uey5dKmPTmsNJUFzdJ0j8pU9cgX4G+VJGVjdoBHMqC9/
SAUojM7tu96Jo1ZZeb1R263lo7t6kgRwKfGijQCQpBaJZY3zJmjyxjfZLkjx38AMXj1T
AGVqvDUBixR+2WxRV3b160oLWu+GGytzp0lKv/l9lSo0OXoLCFKi3mJ/UE+tgWpKW7DB
5SKPxeBqzlXOiBDwCoA+6w/ZqsMMte+VvsJapLGU0JAy/ym5sSL0bNJ1oXOKkRzHjDph
IUf85m9PjM4DRrNE+I1OGfDgJfyiq3qUkV3EGDS3m28hihQGB3YmWzp8GRl3BNeoVILH
kZog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
:mime-version:content-transfer-encoding;
bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=;
b=4gbSyeAaiILawwoUPAA7M0k+wAsKtAaoVjk9btLyWhIVhP+eSUmevCMs9RTZeNulnC
Sl0rsEU2b2mdYnsQBpPdDnPt71GOMgxwxBWd+zCNBdIU6t5/LQ/JoKmuCTaEZYoEDEIw
jN6dLRknHThdKTMaI9IXsnolIkJqI8rNAzt8c4IbLqQwm3xERL8LqXHwZO9cUEj5Quxi
upc00JQbdzHVP/4Hj+JYIPgUU6XY1QkKgaMPhe/4lQmQcfto0rfAkBsC+79RQz1ITRkr
1UdEkFWjN9GBM5fWcdREkY5TBjqkOCT0QnALa09ttCpbLiJ9rt3yCXrJ8VJFii+asJAL
bYxw==
X-Gm-Message-State: AOAM530asKAkPxFJUo5CvBUPWiCgYzelEKez09+cCKctm1jF94zlIYH8
1GmF7unTLeIQP4jag3QPMSWNQ9L5TkY=
X-Google-Smtp-Source: ABdhPJwYCuFtAvjJctMQyP3m/ZxTPRkBfe7AePmKpc4vLW2iCLba+VZSXIPLDF2246z0G5q2afW5Fg==
X-Received: by 2002:a05:6402:6d6:: with SMTP id
n22mr16850262edy.257.1632651908356;
Sun, 26 Sep 2021 03:25:08 -0700 (PDT)
Received: from localhost.localdomain
([2a02:ab88:370d:c380:4c15:c040:7494:7502])
by smtp.gmail.com with ESMTPSA id o5sm4059852eds.26.2021.09.26.03.25.07
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 26 Sep 2021 03:25:07 -0700 (PDT)
From: Attila Lendvai <attila@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] guix: git-authenticate: Also authenticate the channel intro
commit.
Date: Sun, 26 Sep 2021 12:19:29 +0200
Message-Id: <20210926101928.3877-1-attila@HIDDEN>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::531;
envelope-from=attila.lendvai@HIDDEN; helo=mail-ed1-x531.google.com
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248,
FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.8 (/)
X-Debbugs-Envelope-To: submit
Cc: Attila Lendvai <attila@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.8 (-)
* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Explicitly authenticate the channel introduction
commit, so that it's also rejected unless it is signed by an authorized
key. Otherwise only the second commit would yield an error, which
is confusing.
---
here's how i tested this:
i set up pulling from a local checkout of guix.
in that branch i created a signed dummy commit, and added it as a channel
introduction, replacing guix in my /etc/guix/channels.scm. then tried to
guix pull, which worked.
then i added another dummy commit, which resulted in an error when pulling.
then i reset the branch back to only contain the first commit, and added
this code that then resulted in an error even with a single commit.
i have encountered it while i was trying to set up my local checkout to
test my patches on my live guix, and i was utterly confused why my commit
was rejected as unauthenticated (i misunderstood how git-authenticate
works).
guix/git-authenticate.scm | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..7d66bf0754 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
(condition
(&unauthorized-commit-error (commit id)
(signing-key signing-key)))
- (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+ (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
(oid->string id)
(openpgp-format-fingerprint
(openpgp-public-key-fingerprint
@@ -424,7 +424,12 @@ denoting the authorized keys for commits whose parent lack the
;; If it's our first time, verify START-COMMIT's signature.
(when (null? authenticated-commits)
(verify-introductory-commit repository keyring
- start-commit signer))
+ start-commit signer)
+ ;; Explicitly authenticate the channel introduction commit, so that
+ ;; it's also rejected unless it's signed by an authorized
+ ;; key. Otherwise only the second commit would yield an error, which
+ ;; is confusing.
+ (authenticate-commits repository (list start-commit)))
(let ((stats (call-with-progress-reporter reporter
(lambda (report)
--
2.33.0
Attila Lendvai <attila@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#50814; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.