GNU bug report logs - #55399
libgit2 1.4.3 directory owner validation breaks Guix

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: important; Reported by: André Batista <nandre@HIDDEN>; dated Fri, 13 May 2022 15:22:01 UTC; Maintainer for guix is bug-guix@HIDDEN.
Severity set to 'important' from 'normal' Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Changed bug title to 'libgit2 1.4.3 directory owner validation breaks Guix' from 'guix system reconfigure fails on channel validation' Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 23 May 2022 14:19:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 23 10:19:05 2022
Received: from localhost ([127.0.0.1]:49910 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nt8tk-0000sk-VC
	for submit <at> debbugs.gnu.org; Mon, 23 May 2022 10:19:05 -0400
Received: from eggs.gnu.org ([209.51.188.92]:50284)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1nt8th-0000sB-CV
 for 55399 <at> debbugs.gnu.org; Mon, 23 May 2022 10:19:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34906)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1nt8tb-0000TE-9u; Mon, 23 May 2022 10:18:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=T+JmCtPsjXVRZbsiaA9yaG/N1UzLZKm1lLqQicTqQVA=; b=JugF7Byc6CQ8Z/jv9w06
 nwpGshFHKx49oyYPTv5fQyq/il3aRiVJGN36zkbdGZFfK0Ry/VCpCGBAeXEfLtSjuDj2aAmDCAjjI
 d2z37/mdki+BBPMKuOm2byks66XhHgZHWyEzBZANkaC3Pvooq9uHkHfeYeyaZqS0vLP/T+Ntn2SWP
 srMHVsRkUjggy0UnMprRzsJzdKx7Rot/5/uSco8PrG+oO+HynnccairYXi+ELLBupX3z28dhSsEVc
 pmpV5YbgyHWdEXDfl1Wg/DvOMNIsB/Gt/Px5MilOgid+BGUuNeFYY4OIEslVXsSf4AQ5J3BrTQJbg
 xutV8SwGxcI8XQ==;
Received: from [193.50.110.143] (port=39852 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1nt8ta-0001Yq-TJ; Mon, 23 May 2022 10:18:55 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: =?utf-8?Q?Andr=C3=A9?= Batista <nandre@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
References: <Yn53d4GR+kohZh/b@andel>
 <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
 <YoUvHJ24iYDBrO9v@andel>
Date: Mon, 23 May 2022 16:18:52 +0200
In-Reply-To: <YoUvHJ24iYDBrO9v@andel> (=?utf-8?Q?=22Andr=C3=A9?= Batista"'s
 message of "Wed, 18 May 2022 14:38:36 -0300")
Message-ID: <87a6b85o37.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Andr=C3=A9,

Andr=C3=A9 Batista <nandre@HIDDEN> skribis:

> Anyway, the proper think to do is to update guile-git, so I'll be
> opening an issue there.

Yes please!  You pretty much already have the code, so we could put
together a new Guile-Git release instead of carrying these modifications
in Guix proper.

(For now commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab changes
Guile-Git in Guix to depend on libgit2 1.3 as a workaround.)

Thanks!

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 18 May 2022 17:38:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 18 13:38:56 2022
Received: from localhost ([127.0.0.1]:33436 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nrNdQ-0005Pf-75
	for submit <at> debbugs.gnu.org; Wed, 18 May 2022 13:38:56 -0400
Received: from mx0.riseup.net ([198.252.153.6]:34478)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@HIDDEN>) id 1nrNdN-0005PN-No
 for 55399 <at> debbugs.gnu.org; Wed, 18 May 2022 13:38:54 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx0.riseup.net (Postfix) with ESMTPS id 4L3KwR61yvz9s7d;
 Wed, 18 May 2022 10:38:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1652895527; bh=fSs5/fwayNjAHvWegiXT7W2GPI3W/VykORODsKHsfuw=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=AgqJUJj2LW8jqZirSFlXeo82OYOIQb+mRwbWUjje1wO6OQU40hP7LP+oUTF+Ngeqv
 E/dej6v6zQcvJoL28ZmKp85yqc/oeMmPsxSC5EiorExsfAwMirLEStzujFOueEZjII
 zrsSQoMDm5RWbVgyaJAZsbrJJGnJ97Up+zmmFsEk=
X-Riseup-User-ID: 002575DF375A5763B8CA8BF8DC280711774570187A6E4E21A089A840382E0E5F
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4L3KwQ5Q91z1xph;
 Wed, 18 May 2022 10:38:46 -0700 (PDT)
Date: Wed, 18 May 2022 14:38:36 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#55399: Temporary fix
Message-ID: <YoUvHJ24iYDBrO9v@andel>
References: <Yn53d4GR+kohZh/b@andel>
 <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="BW/eXf9dR20dld1M"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--BW/eXf9dR20dld1M
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Hi Maxime!

sex 13 mai 2022 s 17:28:29 (1652473709), maximedevos@HIDDEN enviou:
> Andr Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> > Any thoughts?
> 
> According to
> <https://github.com/libgit2/libgit2/pull/6267/commits/574b5ee7bb112987443916cdedcfc8e274121e9d>,
>  the ownership check can be relaxed by setting an option.  The guile-
> git library would need to be adjusted to support the option though.

Thanks for your pointers. I've only had a substitute* hammer and this
certainly seemed like a loose nail, so I've hammered my way through.

The patch bellow addresses the issue on guix side only and it was
applied/tested locally before b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab
So this later commit would need to be reverted, otherwise guix will
not use the new libgit2 v1.4.3 anyway.

Anyway, the proper think to do is to update guile-git, so I'll be
opening an issue there.

Happy hacking!



--BW/eXf9dR20dld1M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename="guile-git.patch"

From 370bf9bec714747244da00a7fd793da04c49c523 Mon Sep 17 00:00:00 2001
In-Reply-To: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
References: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>
Date: Tue, 17 May 2022 19:18:49 -0300
Subject: [PATCH] guix/git: Disable owner validation when updating cache.
To: 55399 <at> debbugs.gnu.org
Cc: maximedevos@HIDDEN

---
 gnu/packages/guile.scm | 40 +++++++++++++++++++++++++++++++++++++++-
 guix/git.scm           |  3 +++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 9d58c8d4cd..b120f3eefe 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -816,6 +816,44 @@ (define-public guile-git
               (sha256
                (base32
                 "11a51acibwi2hpaygmrpn6nwbr4lqalc87ihrgj3mhz6swbsk9n7"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (substitute* "git/settings.scm"
+                    (("set-user-agent!))")
+                     (string-append "set-user-agent!\n"
+                                    "            set-owner-validation!))"))
+                    (("GIT_OPT_ENABLE_STRICT_OBJECT_CREATION 14)" m)
+                     (string-append m "\n" "(define GIT_OPT_ENABLE_STRICT_SYMBOLIC_REF_CREATION 15)"))
+
+                    (("(GIT_OPT_SET_SSL_CIPHERS).*" _ m)
+                     (string-append m " 16)\n"))
+
+                    (("(GIT_OPT_GET_USER_AGENT).*" _ m)
+                     (string-append m " 17)\n"
+                       "(define GIT_OPT_ENABLE_OFS_DELTA 18)\n"
+                       "(define GIT_OPT_ENABLE_FSYNC_GITDIR 19)\n"
+                       "(define GIT_OPT_GET_WINDOWS_SHAREMODE 20)\n"
+                       "(define GIT_OPT_SET_WINDOWS_SHAREMODE 21)\n"
+                       "(define GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION 22)\n"
+                       "(define GIT_OPT_SET_ALLOCATOR 23)\n"
+                       "(define GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY 24)\n"
+                       "(define GIT_OPT_GET_PACK_MAX_OBJECTS 25)\n"
+                       "(define GIT_OPT_SET_PACK_MAX_OBJECTS 26)\n"
+                       "(define GIT_OPT_DISABLE_PACK_KEEP_FILE_CHECKS 27)\n"
+                       "(define GIT_OPT_ENABLE_HTTP_EXPECT_CONTINUE 28)\n"
+                       "(define GIT_OPT_GET_MWINDOW_FILE_LIMIT 29)\n"
+                       "(define GIT_OPT_SET_MWINDOW_FILE_LIMIT 30)\n"
+                       "(define GIT_OPT_SET_ODB_PACKED_PRIORITY 31)\n"
+                       "(define GIT_OPT_SET_ODB_LOOSE_PRIORITY 32)\n"
+                       "(define GIT_OPT_GET_EXTENSIONS 33)\n"
+                       "(define GIT_OPT_SET_EXTENSIONS 34)\n"
+                       "(define GIT_OPT_GET_OWNER_VALIDATION 35)\n"
+                       "(define GIT_OPT_SET_OWNER_VALIDATION 36)\n\n"
+                       "(define set-owner-validation!\n"
+                       "  (let  ((proc (libgit2->procedure* \"git_libgit2_opts\" (list int int))))\n"
+                       "    (lambda* (owner-validation)\n"
+                       "     (proc GIT_OPT_SET_OWNER_VALIDATION owner-validation))))\n")))))
               (patches (search-patches
                         "guile-git-adjust-for-libgit2-1.2.0.patch"))))
     (build-system gnu-build-system)
diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..ced6a9c62c 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -23,6 +23,7 @@
 (define-module (guix git)
   #:use-module (git)
   #:use-module (git object)
+  #:use-module (git settings)
   #:use-module (git submodule)
   #:use-module (guix i18n)
   #:use-module (guix base32)
@@ -463,6 +464,8 @@ (define canonical-ref
           (repository    (if cache-exists?
                              (repository-open cache-directory)
                              (clone/swh-fallback url ref cache-directory))))
+     ;; Disable owner validation for local repos see #55399
+     (set-owner-validation! 0)
      ;; Only fetch remote if it has not been cloned just before.
      (when (and cache-exists?
                 (not (reference-available? repository ref)))

--BW/eXf9dR20dld1M--




Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 13 May 2022 15:28:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:28:32 2022
Received: from localhost ([127.0.0.1]:44640 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1npXDU-0002sU-8z
	for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:28:32 -0400
Received: from xavier.telenet-ops.be ([195.130.132.52]:42970)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1npXDS-0002sI-Fr
 for 55399 <at> debbugs.gnu.org; Fri, 13 May 2022 11:28:30 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by xavier.telenet-ops.be with bizsmtp
 id WFUV2700J4UW6Th01FUVXQ; Fri, 13 May 2022 17:28:29 +0200
Message-ID: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
From: Maxime Devos <maximedevos@HIDDEN>
To: =?ISO-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>, 
 55399 <at> debbugs.gnu.org
Date: Fri, 13 May 2022 17:28:29 +0200
In-Reply-To: <Yn53d4GR+kohZh/b@andel>
References: <Yn53d4GR+kohZh/b@andel>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-A8/gSho3tij3TOCPSWT7"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1652455709; bh=6D4REXBID5X3x4CeWpE84/cJcITsTtguEKHnrG5RWNc=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=Usv4OKG7Rw+q8bacH/+D9FFGPd9Z65gTX4eWVtvDulUAqSquIb+q9RofOsMe/4wFf
 OlS+IOXtFgBgdIkChy6nnZOqo7QeeMlBGfXzqv9gnTp7ueYPST/4NImILyNey25uqg
 sW9KklX/S07+/iOCO8pfED8SS0sxONP31ZFHzifyMCX0J3jY56EPIOGS+TcJ9zw2nA
 P3e1oyBlUJAWrPKDGCUtTRlJfSI/vBn8VXsp1KhZTW9f2Et7ZQq67KEhJMvmEw8MeS
 T7CmT+xiTnbjRGe0Q9ureYIL8ajmBY34bHKTwqQKJWv7eaTfiSV2XmKsETu1p2mPty
 CR3FrxM4rdrlg==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55399
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-A8/gSho3tij3TOCPSWT7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Andr=C3=A9 Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> Any thoughts?

According to
<https://github.com/libgit2/libgit2/pull/6267/commits/574b5ee7bb11298744391=
6cdedcfc8e274121e9d>,
 the ownership check can be relaxed by setting an option.  The guile-
git library would need to be adjusted to support the option though.

Greetings,
Maxime.

--=-A8/gSho3tij3TOCPSWT7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYn55HRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7sCyAQDfwyWmtyToJRDlZV70quA6O2XJ
q55xtkI/mmttol638gEAr8O7Qb6uM7vbIM0oSQRHJgNiJVKatgfUAHipcnWC3Ak=
=Fxlz
-----END PGP SIGNATURE-----

--=-A8/gSho3tij3TOCPSWT7--





Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 13 May 2022 15:26:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:26:08 2022
Received: from localhost ([127.0.0.1]:44633 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1npXB9-0002n8-UK
	for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:26:08 -0400
Received: from xavier.telenet-ops.be ([195.130.132.52]:39514)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1npXB8-0002mz-Gl
 for 55399 <at> debbugs.gnu.org; Fri, 13 May 2022 11:26:06 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by xavier.telenet-ops.be with bizsmtp
 id WFS42700H4UW6Th01FS47t; Fri, 13 May 2022 17:26:05 +0200
Message-ID: <1f9a73621562c5fe96a0d254aef893f95ab33ff0.camel@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
From: Maxime Devos <maximedevos@HIDDEN>
To: =?ISO-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>, 
 55399 <at> debbugs.gnu.org
Date: Fri, 13 May 2022 17:26:04 +0200
In-Reply-To: <Yn53d4GR+kohZh/b@andel>
References: <Yn53d4GR+kohZh/b@andel>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-039nLV/U5R2BaD5o8stT"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1652455565; bh=r4KJmDLzooWn7y2oKdj6Gsg98yNLmvEYTGtvjlI+Lg4=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=bgzD8yHjdzZu+fu25xsZDCrKMeutsaVtMVmnIsTUsOGvMTtBUXalEh2jC/XR0BoxS
 rEMD/ynzc0fXY18oS1CEIHVbx/LCTjTyiKj9mAKnwKRrTevPpzUi/PkfPB4T0XzsT2
 aKI8eVilXaUrhY9dSu6Rw2oYhixft5+U9rr6OKNxZKys3/x2feVGvb+YCB3kBG/rNZ
 o2JmhfTL06I+H2b3vWK0gZ9qbNzVn8urKLssBOhc2Epw1YVFww0rnuEPbTk2nwZCyb
 97VlpSlWA+t1CM+prxmtwi38+dThPr/mVcw5D3KKuyqTLLYummj4tG2EvKpXoGNG3b
 KVwQfRkyAk6jw==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55399
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-039nLV/U5R2BaD5o8stT
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Andr=C3=A9 Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> Any thoughts?

For now, let 'guile-git' use the libgit2-1.3 variant, look into
relaxing the =E2=80=98is owned by=E2=80=99 check later?

Greetings,
Maxime

--=-039nLV/U5R2BaD5o8stT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYn54jBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7m4iAPoCZrJ2G9KOnpQMrRr0NRkW6KMp
d8HjPHGZlNWtk466eQD/ZG3OedO6KSPKmWu7im29bg1CI4Ntuo3DfL3YkwHakAo=
=VcFh
-----END PGP SIGNATURE-----

--=-039nLV/U5R2BaD5o8stT--





Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 13 May 2022 15:21:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:21:48 2022
Received: from localhost ([127.0.0.1]:44603 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1npX6x-0002bw-RA
	for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:21:48 -0400
Received: from lists.gnu.org ([209.51.188.17]:54204)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@HIDDEN>) id 1npX6w-0002bp-6z
 for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:21:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40810)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@HIDDEN>) id 1npX6w-00011H-26
 for bug-guix@HIDDEN; Fri, 13 May 2022 11:21:46 -0400
Received: from mx0.riseup.net ([198.252.153.6]:55370)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@HIDDEN>) id 1npX6t-0004kl-MD
 for bug-guix@HIDDEN; Fri, 13 May 2022 11:21:45 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx0.riseup.net (Postfix) with ESMTPS id 4L0C6X3PV8z9s7f
 for <bug-guix@HIDDEN>; Fri, 13 May 2022 08:21:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1652455300; bh=TMxbG2DvezrP8tFrRmR+pKDZpr+J8ZsAWihxQwEL6bE=;
 h=Date:From:To:Subject:From;
 b=YMf2cmxgV4RGFYTOunOe+nHWOG7piyvQDN/AK0tseiVCMzyfE2ZMCbhuhv5bd+v1e
 SXxA1DUbEymsD8qLE8usnjLK7XGs+j7cMwVQM9237MqBJLQWAJUVRaIJNrmC38fNjd
 NfegQob1J2JET9fEs3gmMvjdX4hGgZtbwk+hpdyI=
X-Riseup-User-ID: A422B65AA728CA59D5DC920278E4FA4F43FAD4E46B87EAC9E1140F38A1AE7074
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4L0C6V5dk9z1yBZ
 for <bug-guix@HIDDEN>; Fri, 13 May 2022 08:21:38 -0700 (PDT)
Date: Fri, 13 May 2022 12:21:27 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: bug-guix@HIDDEN
Subject: guix system reconfigure fails on channel validation
Message-ID: <Yn53d4GR+kohZh/b@andel>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@HIDDEN;
 helo=mx0.riseup.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Hello Guix!

Recently, I've not been able to reconfigure some of my guix systems
because guix fails to forward validate the commits in between the
current system deployment and the newer one. This appears to be
related to the new libgit2 version 1.4.3[1][2], which addressed CVE
2022-24765, since there was no change to the related guix routines
on the time lapse since the last deploy.

This is the error I'm getting:

$ sudo guix system --fallback -c 3 -M 3  reconfigure myconfig.scm
Backtrace:
          19 (primitive-load "/home/user/.config/guix/current/bin/g?")
In guix/ui.scm:
   2230:7 18 (run-guix . _)
  2193:10 17 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1752:10 16 (with-exception-handler _ _ #:unwind? _ # _)
In guix/status.scm:
    829:3 15 (_)
    809:4 14 (call-with-status-report _ _)
In guix/scripts/system.scm:
   1253:4 13 (_)
In ice-9/boot-9.scm:
  1752:10 12 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
   658:37 11 (thunk)
   1320:8 10 (call-with-build-handler #<procedure b445f18 at guix/u?> ?)
  2129:25  9 (run-with-store #<store-connection 256.99 b0934d8> _ # _ ?)
In guix/scripts/system.scm:
  1277:15  8 (_ _)
    819:5  7 (perform-action reconfigure #<<image> name: #f format:?> ?)
In guix/scripts/system/reconfigure.scm:
    345:3  6 (check-forward-update _ #:current-channels _)
In srfi/srfi-1.scm:
   691:23  5 (filter-map #<procedure ba4c460 at guix/scripts/syst?> . #)
In guix/scripts/system/reconfigure.scm:
   352:37  4 (_ #<<channel> name: guix url: "/src/guix.git" branch: ?>)
In guix/git.scm:
    469:7  3 (update-cached-checkout _ #:ref _ #:recursive? _ # _ # _ ?)
In git/bindings.scm:
     77:2  2 (raise-git-error _)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Git error: repository path '/src/guix.git/' is not owned by current user


-----

And these are the commits being compared:

$ guix system describe
Generation 214  May 06 2022 22:47:43    (current)
  file name: /var/guix/profiles/system-214-link
  canonical file name: /gnu/store/b0wrzz8sxqi9hywpqz29cm73l9adxjy9-system
  label: GNU with Linux-Libre-Atom 5.17.5
  bootloader: grub
  root device: label: "rootfs"
  kernel: /gnu/store/xmdskyk85sypr4wgf5iwg5iid08l4aiq-linux-libre-atom-5.17.5/bzImage
  channels:
    guix:
      repository URL: /src/guix.git
      branch: master
      commit: ee70ed5bf50e781a6a43985211aa763e28db62b9
  configuration file: /gnu/store/g653hksfz0iwnbpynaq2mx4nv7ayb7r7-configuration.scm


$ guix describe
Generation 200  May 12 2022 13:48:01    (current)
  guix a1cb645
    repository URL: /src/guix.git
    branch: master
    commit: a1cb645d83d085382eaf64f4c097642aa47c297a

Any thoughts?

1. https://github.com/libgit2/libgit2/blob/v1.4.3/docs/changelog.md
2. https://github.com/libgit2/libgit2/commit/0cc4a70db0942f65528f4877be14a6a987fe3c64
3. https://github.blog/2022-04-12-git-security-vulnerability-announced/




Acknowledgement sent to André Batista <nandre@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 23 May 2022 14:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.