Maxime Devos <maximedevos@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 55399) by debbugs.gnu.org; 28 Aug 2022 11:02:53 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 28 07:02:53 2022 Received: from localhost ([127.0.0.1]:57700 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oSG45-0001Lr-4G for submit <at> debbugs.gnu.org; Sun, 28 Aug 2022 07:02:53 -0400 Received: from albert.telenet-ops.be ([195.130.137.90]:54464) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1oSG43-0001Lj-Sq for 55399 <at> debbugs.gnu.org; Sun, 28 Aug 2022 07:02:52 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by albert.telenet-ops.be with bizsmtp id Cz2o2800A20ykKC06z2oU5; Sun, 28 Aug 2022 13:02:49 +0200 Message-ID: <7db0f45d-b2ff-5ff9-691b-26775b0cf3c6@HIDDEN> Date: Sun, 28 Aug 2022 13:02:48 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: [PATCH 1/2] guix: Disable owner validation. Content-Language: en-US To: 55399 <at> debbugs.gnu.org References: <20220828105827.26161-1-maximedevos@HIDDEN> From: Maxime Devos <maximedevos@HIDDEN> In-Reply-To: <20220828105827.26161-1-maximedevos@HIDDEN> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------lVDrBYTJ0BJwQ4O0Y52t9WMn" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1661684569; bh=Sw4GIw4lqGz6099fkyTH+qNAn40rhcA8PvolgJA8AyU=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=iDLXPkryf/5KcMoLtNklJoFOHXKctnF/4Tp2mXaF1uLJgQaWmDlQK8f6Q7rBJJZCg S8olJWs1bNKbBDvgwzqA0WkRIWUt861fVClYwik2zCKDxexlGvx2lPp/IMstjyQtYg hC3lWzaPRD8YW8PhWWFkrZdEQaesQ5gtEsGXO135pWNf4vBUGX+y+tMhiFV6FlUq53 NF/EJ7P30I2mV/aEbrDiBSRkUTRF2Q9aZE+CHi4U5U3EJ9kw0zoW3iY6z5zPcGpf8C UgK2YpMAYRS+q76z0J6/bWPaX6dghz4oKVr4vZf031qJu3OcK0vV+thI1A+GpN8TQM yQOvFp06Zl4xA== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 55399 Cc: =?UTF-8?Q?Andr=c3=a9_Batista?= <nandre@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------lVDrBYTJ0BJwQ4O0Y52t9WMn Content-Type: multipart/mixed; boundary="------------lUDgrx0MshKoZuNYOGnl8rDb"; protected-headers="v1" From: Maxime Devos <maximedevos@HIDDEN> To: 55399 <at> debbugs.gnu.org Cc: =?UTF-8?Q?Andr=c3=a9_Batista?= <nandre@HIDDEN> Message-ID: <7db0f45d-b2ff-5ff9-691b-26775b0cf3c6@HIDDEN> Subject: Re: [PATCH 1/2] guix: Disable owner validation. References: <20220828105827.26161-1-maximedevos@HIDDEN> In-Reply-To: <20220828105827.26161-1-maximedevos@HIDDEN> --------------lUDgrx0MshKoZuNYOGnl8rDb Content-Type: multipart/mixed; boundary="------------r3TpuF4Rv5u6mRtneIOrc09H" --------------r3TpuF4Rv5u6mRtneIOrc09H Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T29wcywgdGhlIHRlc3QgSSBkaWQgaW4gdGhlIHNlY29uZCB0ZXN0IGlzIGJvZ3VzIChJIGRp ZG4ndCB0ZXN0IGFzIHJvb3QpLg0KDQpIb3dldmVyLCBpdCBhcHBlYXJzIHRoYXQgb3duZXIg dmFsaWRhdGlvbiBpcyBwcm9wZXJseSBkaXNhYmxlZDoNCg0KW2luc2lkZSB0aGUgcHVsbGVk IGd1aXhdDQoNCj4gc2NoZW1lQChndWl4LXVzZXIpPiAsbSAoZ3VpeCBnaXQpDQo+IHNjaGVt ZUAoZ3VpeCBnaXQpPiAob3duZXItdmFsaWRhdGlvbj8pIC0tPiAjdHJ1ZQ0KPiBzY2hlbWVA KGd1aXggZ2l0KT4gKHdpdGgtbGliZ2l0MiAob3duZXItdmFsaWRhdGlvbj8pKSAtLT4gI2Zh bHNlDQpHcmVldGluZ3MsDQpNYXhpbWUuDQoNCg== --------------r3TpuF4Rv5u6mRtneIOrc09H Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------r3TpuF4Rv5u6mRtneIOrc09H-- --------------lUDgrx0MshKoZuNYOGnl8rDb-- --------------lVDrBYTJ0BJwQ4O0Y52t9WMn Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYwtLWAUDAAAAAAAKCRBJ4+4iGRcl7pVR AP9HKKWE7eFOHE0Kj/WscnOnJXgcWX0YCwr8siZDCjYyEgEAxnydDOzuCaCop6u4gBbE6FhTd2KB Me7lfHEAukxDtQ8= =dc5F -----END PGP SIGNATURE----- --------------lVDrBYTJ0BJwQ4O0Y52t9WMn--
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.
Received: (at 55399) by debbugs.gnu.org; 28 Aug 2022 10:58:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 28 06:58:39 2022
Received: from localhost ([127.0.0.1]:57683 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oSFzz-0001Da-4X
for submit <at> debbugs.gnu.org; Sun, 28 Aug 2022 06:58:39 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:53150)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maximedevos@HIDDEN>) id 1oSFzr-0001D7-S8
for 55399 <at> debbugs.gnu.org; Sun, 28 Aug 2022 06:58:34 -0400
Received: from localhost.localdomain
([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
by baptiste.telenet-ops.be with bizsmtp
id CyyV2800920ykKC01yyVDt; Sun, 28 Aug 2022 12:58:30 +0200
From: Maxime Devos <maximedevos@HIDDEN>
To: 55399 <at> debbugs.gnu.org
Subject: [PATCH 1/2] guix: Disable owner validation.
Date: Sun, 28 Aug 2022 12:58:26 +0200
Message-Id: <20220828105827.26161-1-maximedevos@HIDDEN>
X-Mailer: git-send-email 2.37.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
t=1661684310; bh=AlGgcz12DhwPIjv9mFcEnpDVWGLLooc+fGUhx/H3O5g=;
h=From:To:Cc:Subject:Date;
b=MWMOyMri8l4NalXrQwfthFpRO4pi3Y+A4aEENWLYRtknEIZHqdUXPlHWS9760GvDb
zhXnDkC3AH3aJN0mPkCRYFuOMPTQxbnGndikVxJ9cxlIAiq6KQo+twnqNhlIGEC9vq
Kb+mSq2GfHF7LYmkyctyJppNm4/Ucuf3qT3ujS74TgjZUdGJiGF1no7M+WM4TSVDnp
VocZoqWo+O8OQyop4j1gn1lF7MLnFuVg61aqyRs7kRnR21loqqDrrL7tmAOBVBA+Y5
Fr0wRv/vwlCKEBa3WhEDVMkHVr3gMdIofxpHAH5n63QjQVmQ9dGINaH/IY2jaV2zbv
BXtNhKrU3Etfw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>,
Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
The original patch disabled it only when updating cached checkouts, but the
disabling persisted afterwards, making it stateful. To avoid statefulness, it
is disabled during with-libgit2 instead.
For compatibility with guile-git versions that do not yet have
set-owner-validation!, the setting is skipped when set-owner-validation! does
not exist.
* guix/git.scm (update-cached-checkout): Disable owner validation checks.
Co-Authored-By: André Batista <nandre@HIDDEN>
---
guix/git.scm | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..0fe6e65549 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2021 Kyle Meyer <kyle@HIDDEN>
;;; Copyright © 2021 Marius Bakke <marius@HIDDEN>
;;; Copyright © 2022 Maxime Devos <maximedevos@HIDDEN>
+;;; Copyright © 2022 André Batista <nandre@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -23,6 +24,7 @@
(define-module (guix git)
#:use-module (git)
#:use-module (git object)
+ #:use-module (git settings)
#:use-module (git submodule)
#:use-module (guix i18n)
#:use-module (guix base32)
@@ -117,6 +119,16 @@ (define-syntax-rule (with-libgit2 thunk ...)
;; but pointer finalizers used in guile-git may be called after shutdown,
;; resulting in a segfault. Hence, let's skip shutdown call for now.
(libgit2-init!)
+ ;; libgit2@HIDDEN ‘fixed’ a git CVE it never shared, breaking some uses
+ ;; of Guix channels (see <https://issues.guix.gnu.org/55399>). Disable
+ ;; the owner validation that does not fit in the security model in Guix.
+ ;;
+ ;; For compatibility with old guile-git that do not have
+ ;; 'set-owner-validation!', do nothing if 'set-owner-validation!'
+ ;; does not exist.
+ ((catch 'unbound-variable
+ (lambda () set-owner-validation!)
+ (lambda _ identity)) #false)
(unless %certificates-initialized?
(honor-system-x509-certificates!)
(set! %certificates-initialized? #t))
base-commit: d519305d83d08058e4def2c4d72fe62102d9599d
prerequisite-patch-id: 62949e6148bb8aae2f792aaf4d54f2a136351d28
prerequisite-patch-id: 72191ec47cb3876c5fcd6233880dea7dfc1b165f
prerequisite-patch-id: bbfd96d673e491ddd684e8270c90347547dceaa5
prerequisite-patch-id: fbdac7446d0c3f529f313f89cb9ba975d469d7ac
prerequisite-patch-id: d0a5804a92d868c5ee6726e6e0555a8af25e442c
--
2.37.1
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.
Received: (at 55399) by debbugs.gnu.org; 28 Aug 2022 10:58:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 28 06:58:35 2022
Received: from localhost ([127.0.0.1]:57681 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oSFzu-0001DM-68
for submit <at> debbugs.gnu.org; Sun, 28 Aug 2022 06:58:35 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:53158)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <maximedevos@HIDDEN>) id 1oSFzr-0001D8-Ru
for 55399 <at> debbugs.gnu.org; Sun, 28 Aug 2022 06:58:33 -0400
Received: from localhost.localdomain
([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
by baptiste.telenet-ops.be with bizsmtp
id CyyV2800920ykKC01yyWDz; Sun, 28 Aug 2022 12:58:30 +0200
From: Maxime Devos <maximedevos@HIDDEN>
To: 55399 <at> debbugs.gnu.org
Subject: [PATCH 2/2] gnu: guile-git: Add patches to support owner validation,
and use libgit2@HIDDEN
Date: Sun, 28 Aug 2022 12:58:27 +0200
Message-Id: <20220828105827.26161-2-maximedevos@HIDDEN>
X-Mailer: git-send-email 2.37.1
In-Reply-To: <20220828105827.26161-1-maximedevos@HIDDEN>
References: <20220828105827.26161-1-maximedevos@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
t=1661684310; bh=yb5KY9eI13aJJQUMtwUpM+jPaOxtHUJR0zmiHjoKwrE=;
h=From:To:Cc:Subject:Date:In-Reply-To:References;
b=aGSBt+XjFL2QiFIcjxWSmt/7ZnDhNj4rvEjEFRjzlNPRv3J317RqxWFO0BUsqHs99
y+SB/121dLKFjaSpkvd4qGluHzlr4UVhcMbL4W2J3cBLDIIBs5NSqLbYI5+XvoPTKE
AKPZXBeNXSh9n9xzwll3nhvvupPFAY8Qm2WJtXXrbwg8aQb4GxBgoly3QwDc+OKfPb
kTF9/51CELK1aD+i0Ht/qea5e7UWFvxb7KTsCNQmds6xTVQ8X7ralUa4Dddq6Ld+5Z
6/Il1k30YazxZ6ix9Dca20jwQgQ0GBsuC5d4pqZemGO8BG+S8EMO7A2odayTDDxnUM
mrGV8gRW+yd2Q==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
These two changes have to be done at the same time -- if the libgit2
dependency is updated first, then we would have a commit during which
"guix pull" is broken when using local channels (see:
<https://issues.guix.gnu.org/55399>). And if the patches are added first,
then the build of guile-git breaks because the tests assume a new libgit2.
Together with the previous commit, this fixes
<https://issues.guix.gnu.org/55399>.
Tested with (first step):
$ ./pre-inst-env guix pull --url=$PWD
--commit=b22ddb51d8dfa4ab7f683c99ffc1fa6f44e0dc6b
--profile=../guix-with-libgit2 --disable-authentication
--channels=../channels.scm
where b22ddb51d8dfa4ab7f683c99ffc1fa6f44e0dc6b is the commit after applying
these two patches. Make sure to only put the Guix channel in ../channels.scm,
because of --disable-authentication. This builds a Guix that uses the new
libgit2 and patched guile-git. Then, it is tested that pulling still works
from a local checkout:
$ ../guix-with-libgit2/bin/guix pull --url=$PWD
--commit=c3d9ddbf3d34b58261ab9e03c794f5fbad34142d --channels=../channels.scm
--disable-authentication -p../another-guix
where c3d9ddbf3d34b58261ab9e03c794f5fbad34142d is a commit that hasn't been
seen before by the "guix pull" machinery.
* gnu/packages/patches/guile-git-fix-git-opt.patch: New patch.
* gnu/packages/patches/guile-git-set-owner-validation.patch: New patch.
* gnu/packages/patches/guile-git-test-owner-validation.patch: New patch.
* gnu/packages/guile.scm (guile-git)[source]{patches}: Add new patches.
* gnu/local.mk (dist_patch_DATA): Register new patches.
---
gnu/local.mk | 3 +
gnu/packages/guile.scm | 15 +-
.../patches/guile-git-fix-git-opt.patch | 57 +++++++
.../guile-git-set-owner-validation.patch | 41 +++++
.../guile-git-test-owner-validation.patch | 153 ++++++++++++++++++
5 files changed, 264 insertions(+), 5 deletions(-)
create mode 100644 gnu/packages/patches/guile-git-fix-git-opt.patch
create mode 100644 gnu/packages/patches/guile-git-set-owner-validation.patch
create mode 100644 gnu/packages/patches/guile-git-test-owner-validation.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 412d512775..081f240157 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1244,6 +1244,9 @@ dist_patch_DATA = \
%D%/packages/patches/guile-fibers-wait-for-io-readiness.patch \
%D%/packages/patches/guile-gdbm-ffi-support-gdbm-1.14.patch \
%D%/packages/patches/guile-git-adjust-for-libgit2-1.2.0.patch \
+ %D%/packages/patches/guile-git-fix-git-opt.patch \
+ %D%/packages/patches/guile-git-set-owner-validation.patch \
+ %D%/packages/patches/guile-git-test-owner-validation.patch \
%D%/packages/patches/guile-present-coding.patch \
%D%/packages/patches/guile-rsvg-pkgconfig.patch \
%D%/packages/patches/guile-emacs-fix-configure.patch \
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index d320763a61..87b35e2db2 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -16,7 +16,7 @@
;;; Copyright © 2018 Eric Bavier <bavier@HIDDEN>
;;; Copyright © 2019 Taylan Kammer <taylan.kammer@HIDDEN>
;;; Copyright © 2020, 2021, 2022 Efraim Flashner <efraim@HIDDEN>
-;;; Copyright © 2021 Maxime Devos <maximedevos@HIDDEN>
+;;; Copyright © 2021, 2022 Maxime Devos <maximedevos@HIDDEN>
;;; Copyright © 2021 Timothy Sample <samplet@HIDDEN>
;;;
;;; This file is part of GNU Guix.
@@ -817,7 +817,14 @@ (define-public guile-git
(base32
"11a51acibwi2hpaygmrpn6nwbr4lqalc87ihrgj3mhz6swbsk9n7"))
(patches (search-patches
- "guile-git-adjust-for-libgit2-1.2.0.patch"))))
+ "guile-git-adjust-for-libgit2-1.2.0.patch"
+ ;; These three patches from
+ ;; <https://gitlab.com/guile-git/guile-git/-/issues/26>
+ ;; together add procedures to disable/enable owner validation,
+ ;; which is required for fixing <https://issues.guix.gnu.org/55399>.
+ "guile-git-fix-git-opt.patch"
+ "guile-git-set-owner-validation.patch"
+ "guile-git-test-owner-validation.patch"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags '("GUILE_AUTO_COMPILE=0") ; to prevent guild warnings
@@ -833,9 +840,7 @@ (define-public guile-git
(native-inputs
(list pkg-config autoconf automake texinfo guile-3.0 guile-bytestructures))
(inputs
- ;; libgit2@HIDDEN ‘fixed’ a git CVE it never shared, breaking Guix. Use
- ;; 1.3 for now; see <https://issues.guix.gnu.org/55399> for alternatives.
- (list guile-3.0 libgit2-1.3))
+ (list guile-3.0 libgit2))
(propagated-inputs
(list guile-bytestructures))
(synopsis "Guile bindings for libgit2")
diff --git a/gnu/packages/patches/guile-git-fix-git-opt.patch b/gnu/packages/patches/guile-git-fix-git-opt.patch
new file mode 100644
index 0000000000..050c72818a
--- /dev/null
+++ b/gnu/packages/patches/guile-git-fix-git-opt.patch
@@ -0,0 +1,57 @@
+From 99054837c6616e06c48c944094114ae8c9b628f3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>
+Date: Thu, 19 May 2022 09:35:25 -0300
+To: incoming+guile-git-guile-git-1792500-1ffl9ys3eg9dz7xscimedvf7n-merge-request@HIDDEN
+Subject: Update GIT_OPT definitions to match upstream enum
+
+* git/settings.scm: Update definitions to match libgit2 v. 1.4.3.
+
+---
+ git/settings.scm | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/git/settings.scm b/git/settings.scm
+index 83e2483..4621f43 100644
+--- a/git/settings.scm
++++ b/git/settings.scm
+@@ -1,5 +1,6 @@
+ ;;; Guile-Git --- GNU Guile bindings of libgit2
+ ;;; Copyright © 2017 Ludovic Courtès <ludo@HIDDEN>
++;;; Copyright © 2022 André Batista <nandre@HIDDEN>
+ ;;;
+ ;;; This file is part of Guile-Git.
+ ;;;
+@@ -38,8 +39,28 @@
+ (define GIT_OPT_SET_SSL_CERT_LOCATIONS 12)
+ (define GIT_OPT_SET_USER_AGENT 13)
+ (define GIT_OPT_ENABLE_STRICT_OBJECT_CREATION 14)
+-(define GIT_OPT_SET_SSL_CIPHERS 15)
+-(define GIT_OPT_GET_USER_AGENT 16)
++(define GIT_OPT_ENABLE_STRICT_SYMBOLIC_REF_CREATION 15)
++(define GIT_OPT_SET_SSL_CIPHERS 16)
++(define GIT_OPT_GET_USER_AGENT 17)
++(define GIT_OPT_ENABLE_OFS_DELTA 18)
++(define GIT_OPT_ENABLE_FSYNC_GITDIR 19)
++(define GIT_OPT_GET_WINDOWS_SHAREMODE 20)
++(define GIT_OPT_SET_WINDOWS_SHAREMODE 21)
++(define GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION 22)
++(define GIT_OPT_SET_ALLOCATOR 23)
++(define GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY 24)
++(define GIT_OPT_GET_PACK_MAX_OBJECTS 25)
++(define GIT_OPT_SET_PACK_MAX_OBJECTS 26)
++(define GIT_OPT_DISABLE_PACK_KEEP_FILE_CHECKS 27)
++(define GIT_OPT_ENABLE_HTTP_EXPECT_CONTINUE 28)
++(define GIT_OPT_GET_MWINDOW_FILE_LIMIT 29)
++(define GIT_OPT_SET_MWINDOW_FILE_LIMIT 30)
++(define GIT_OPT_SET_ODB_PACKED_PRIORITY 31)
++(define GIT_OPT_SET_ODB_LOOSE_PRIORITY 32)
++(define GIT_OPT_GET_EXTENSIONS 33)
++(define GIT_OPT_SET_EXTENSIONS 34)
++(define GIT_OPT_GET_OWNER_VALIDATION 35)
++(define GIT_OPT_SET_OWNER_VALIDATION 36)
+
+ (define set-tls-certificate-locations!
+ (let ((proc (libgit2->procedure* "git_libgit2_opts" (list int '* '*))))
+--
+2.36.0
+
diff --git a/gnu/packages/patches/guile-git-set-owner-validation.patch b/gnu/packages/patches/guile-git-set-owner-validation.patch
new file mode 100644
index 0000000000..becef644ad
--- /dev/null
+++ b/gnu/packages/patches/guile-git-set-owner-validation.patch
@@ -0,0 +1,41 @@
+From 88091a17f8276b03c95837b422adf5b0b7eda79e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>
+Date: Thu, 19 May 2022 09:47:36 -0300
+Subject: [PATCH] settings: Add 'set-owner-validation!'.
+To: guile-git@HIDDEN
+
+* git/settings.scm: (set-owner-validation!): New procedure.
+---
+ git/settings.scm | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/git/settings.scm b/git/settings.scm
+index 4621f43..f6857d5 100644
+--- a/git/settings.scm
++++ b/git/settings.scm
+@@ -20,7 +20,8 @@
+ (define-module (git settings)
+ #:use-module (system foreign)
+ #:use-module (git bindings)
+- #:export (set-tls-certificate-locations!
++ #:export (set-owner-validation!
++ set-tls-certificate-locations!
+ set-user-agent!))
+
+ ;; 'git_libgit2_opt_t' enum defined in <git2/common.h>.
+@@ -62,6 +63,12 @@
+ (define GIT_OPT_GET_OWNER_VALIDATION 35)
+ (define GIT_OPT_SET_OWNER_VALIDATION 36)
+
++(define set-owner-validation!
++ (let ((proc (libgit2->procedure* "git_libgit2_opts" (list int int))))
++ (lambda (owner-validation)
++ "Boolean: enable/disable owner validation checks. See CVE 2022-24765."
++ (proc GIT_OPT_SET_OWNER_VALIDATION (if owner-validation 1 0)))))
++
+ (define set-tls-certificate-locations!
+ (let ((proc (libgit2->procedure* "git_libgit2_opts" (list int '* '*))))
+ (lambda* (directory #:optional file)
+--
+2.36.0
+
diff --git a/gnu/packages/patches/guile-git-test-owner-validation.patch b/gnu/packages/patches/guile-git-test-owner-validation.patch
new file mode 100644
index 0000000000..3ef2fa3557
--- /dev/null
+++ b/gnu/packages/patches/guile-git-test-owner-validation.patch
@@ -0,0 +1,153 @@
+From 4a2a6d3723afc05b93edfe430c7f95abbe6db021 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>
+Date: Tue, 14 Jun 2022 23:00:07 -0300
+Subject: [PATCH] settings: Add 'owner-validation?'.
+To: guile-git@HIDDEN
+
+* git/settings.scm: (owner-validation?): New procedure.
+* tests/settings.scm: Add owner-validation? tests.
+---
+ Makefile.am | 1 +
+ git/settings.scm | 13 ++++++++++++-
+ git/types.scm | 11 +++++++++++
+ tests/settings.scm | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 69 insertions(+), 1 deletion(-)
+ create mode 100644 tests/settings.scm
+
+diff --git a/Makefile.am b/Makefile.am
+index 0f92d4c..033033d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -95,6 +95,7 @@ TESTS = \
+ tests/remote.scm \
+ tests/rev-parse.scm \
+ tests/status.scm \
++ tests/settings.scm \
+ tests/submodule.scm \
+ tests/tag.scm \
+ tests/tree.scm
+diff --git a/git/settings.scm b/git/settings.scm
+index 5022945..582f519 100644
+--- a/git/settings.scm
++++ b/git/settings.scm
+@@ -1,6 +1,7 @@
+ ;;; Guile-Git --- GNU Guile bindings of libgit2
+ ;;; Copyright © 2017 Ludovic Courtès <ludo@HIDDEN>
+ ;;; Copyright © 2022 André Batista <nandre@HIDDEN>
++;;; Copyright © 2022 Maxime Devos <maximedevos@HIDDEN>
+ ;;;
+ ;;; This file is part of Guile-Git.
+ ;;;
+@@ -20,7 +21,9 @@
+ (define-module (git settings)
+ #:use-module (system foreign)
+ #:use-module (git bindings)
+- #:export (set-owner-validation!
++ #:use-module (git types)
++ #:export (owner-validation?
++ set-owner-validation!
+ set-tls-certificate-locations!
+ set-user-agent!))
+
+@@ -63,6 +66,14 @@
+ (define GIT_OPT_GET_OWNER_VALIDATION 35)
+ (define GIT_OPT_SET_OWNER_VALIDATION 36)
+
++(define owner-validation?
++ (let ((proc (libgit2->procedure* "git_libgit2_opts" (list int '*))))
++ (lambda ()
++ "Boolean: Return owner validation setting."
++ (let ((out (make-int-pointer)))
++ (proc GIT_OPT_GET_OWNER_VALIDATION out)
++ (if (equal? (pointer->int out) 0) #f #t)))))
++
+ (define set-owner-validation!
+ (let ((proc (libgit2->procedure* "git_libgit2_opts" (list int int))))
+ (lambda (owner-validation)
+diff --git a/git/types.scm b/git/types.scm
+index 3503ccf..7609a8a 100644
+--- a/git/types.scm
++++ b/git/types.scm
+@@ -46,7 +46,9 @@
+ tree? pointer->tree tree->pointer
+ tree-entry? pointer->tree-entry tree-entry->pointer
+ submodule? pointer->submodule submodule->pointer
++ pointer->int
+ pointer->size_t
++ make-int-pointer
+ make-size_t-pointer
+ make-double-pointer))
+
+@@ -102,9 +104,18 @@
+ (define (make-double-pointer)
+ (bytevector->pointer (make-bytevector (sizeof '*))))
+
++(define (make-int-pointer)
++ (bytevector->pointer (make-bytevector (sizeof int))))
++
+ (define (make-size_t-pointer)
+ (bytevector->pointer (make-bytevector (sizeof size_t))))
+
++(define (pointer->int ptr)
++ (bytevector-sint-ref (pointer->bytevector ptr (sizeof int))
++ 0
++ (native-endianness)
++ (sizeof int)))
++
+ (define (pointer->size_t ptr)
+ (bytevector-uint-ref (pointer->bytevector ptr (sizeof size_t))
+ 0
+diff --git a/tests/settings.scm b/tests/settings.scm
+new file mode 100644
+index 0000000..a82c5ca
+--- /dev/null
++++ b/tests/settings.scm
+@@ -0,0 +1,45 @@
++;;; Guile-Git --- GNU Guile bindings of libgit2
++;;; Copyright © 2022 André Batista <nandre@HIDDEN>
++;;;
++;;; This file is part of Guile-Git.
++;;;
++;;; Guile-Git is free software; you can redistribute it and/or modify it
++;;; under the terms of the GNU General Public License as published by
++;;; the Free Software Foundation; either version 3 of the License, or
++;;; (at your option) any later version.
++;;;
++;;; Guile-Git is distributed in the hope that it will be useful, but
++;;; WITHOUT ANY WARRANTY; without even the implied warranty of
++;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++;;; General Public License for more details.
++;;;
++;;; You should have received a copy of the GNU General Public License
++;;; along with Guile-Git. If not, see <http://www.gnu.org/licenses/>.
++
++(define-module (tests settings)
++ #:use-module (srfi srfi-64))
++
++(use-modules (tests helpers))
++(use-modules (git))
++
++(test-begin "settings")
++
++(libgit2-init!)
++
++(with-repository "simple" directory
++
++ (test-equal "disable owner validation"
++ #f
++ ((lambda ()
++ (set-owner-validation! #f)
++ (owner-validation?))))
++
++ (test-equal "enable owner validation"
++ #t
++ ((lambda ()
++ (set-owner-validation! #t)
++ (owner-validation?)))))
++
++(libgit2-shutdown!)
++
++(test-end)
+--
+2.36.0
+
--
2.37.1
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.Received: (at 55399) by debbugs.gnu.org; 28 Aug 2022 10:44:37 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Aug 28 06:44:37 2022 Received: from localhost ([127.0.0.1]:57669 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1oSFmP-0000qC-HL for submit <at> debbugs.gnu.org; Sun, 28 Aug 2022 06:44:37 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:60254) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1oSFmL-0000pz-Rk for 55399 <at> debbugs.gnu.org; Sun, 28 Aug 2022 06:44:36 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by michel.telenet-ops.be with bizsmtp id CykW2800A20ykKC06ykXec; Sun, 28 Aug 2022 12:44:31 +0200 Message-ID: <c778d6b6-d93e-a62a-e771-74ac413851bd@HIDDEN> Date: Sun, 28 Aug 2022 12:44:30 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: guix system reconfigure fails on channel validation Content-Language: en-US To: =?UTF-8?Q?Andr=c3=a9_Batista?= <nandre@HIDDEN>, 55399 <at> debbugs.gnu.org References: <Yn53d4GR+kohZh/b@andel> From: Maxime Devos <maximedevos@HIDDEN> In-Reply-To: <Yn53d4GR+kohZh/b@andel> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------s0v2m7vpty3ytUrT4iRUyKlx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1661683472; bh=x/F0BMI1JdwMtjELXciQejhhhouk6zJ117WQ7VS3xzM=; h=Date:Subject:To:References:From:In-Reply-To; b=h5OJ0N1SyErl4VzhopToc0tz+HAJYr9B/BkVFtLzjYoyPO7psXFBL/B4cbK53RZnS R8KY3J/ZWB3Dgc+6x1pD5rLW4aKoQpfnMmjmJTPbOViS9rqG+CN7gvQTMdDx74u1YX zgXdG6zYEi1ogA0bMN0MR5vrhpEjTH8T5163NVDYakDMQpfkEft+R50xuU72qEnmYb 6C7axaUMSn2NbJCBkL8A9y/BSxVZj1ekjrOTEHrX5YVoXB+32+/351JTTKTPw9bMLw 987zLv97+zsLtWGylvIpF4W9Eznhzzv2ZEQPtVZuKza8wNsWRO5XJUUfNqr0BL4anr vmoTBtHKyeSSA== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 55399 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------s0v2m7vpty3ytUrT4iRUyKlx Content-Type: multipart/mixed; boundary="------------pgn0JZRaUiqL84AJud0dI2nh"; protected-headers="v1" From: Maxime Devos <maximedevos@HIDDEN> To: =?UTF-8?Q?Andr=c3=a9_Batista?= <nandre@HIDDEN>, 55399 <at> debbugs.gnu.org Message-ID: <c778d6b6-d93e-a62a-e771-74ac413851bd@HIDDEN> Subject: Re: guix system reconfigure fails on channel validation References: <Yn53d4GR+kohZh/b@andel> In-Reply-To: <Yn53d4GR+kohZh/b@andel> --------------pgn0JZRaUiqL84AJud0dI2nh Content-Type: multipart/mixed; boundary="------------K31rjvFfYF3cYsin7JoI8yha" --------------K31rjvFfYF3cYsin7JoI8yha Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SSdtIHByZXBhcmluZyBhIF9jb21wbGV0ZV8gc2V0IG9mIHBhdGNoZXMgdG8gR3VpeCB0byBm aXggdGhpcywgSSdsbCBzZW5kIA0KdGhlbSBvbmNlIHRlc3RlZC4NCg0KR3JlZXRpbmdzLA0K TWF4aW1lLg0KDQo= --------------K31rjvFfYF3cYsin7JoI8yha Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------K31rjvFfYF3cYsin7JoI8yha-- --------------pgn0JZRaUiqL84AJud0dI2nh-- --------------s0v2m7vpty3ytUrT4iRUyKlx Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYwtHDgUDAAAAAAAKCRBJ4+4iGRcl7rJc AQCtFiS2GiRMwxgjv504hlQSRX6TkRI1F8TF9lxI2T9RdgEAvuToYUlg/OrtfaSu3ApdYcZJ7Ee+ M92AH80PyHzSjAE= =d8hy -----END PGP SIGNATURE----- --------------s0v2m7vpty3ytUrT4iRUyKlx--
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.Maxim Cournoyer <maxim.cournoyer@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 55399) by debbugs.gnu.org; 24 May 2022 23:44:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 24 19:44:34 2022
Received: from localhost ([127.0.0.1]:53820 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1nteCV-0005mN-Im
for submit <at> debbugs.gnu.org; Tue, 24 May 2022 19:44:34 -0400
Received: from mx1.riseup.net ([198.252.153.129]:56150)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <nandre@HIDDEN>) id 1nteCR-0005m6-FB
for 55399 <at> debbugs.gnu.org; Tue, 24 May 2022 19:44:30 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.riseup.net", Issuer "R3" (not verified))
by mx1.riseup.net (Postfix) with ESMTPS id 4L79lT5yBBzDqxK;
Tue, 24 May 2022 16:44:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
t=1653435862; bh=klXF4xU3bm+i0MfXVt77ZPkOziGAGpw83lVNtNnLSG8=;
h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
b=PggFNkO5W5DTKwqqcSsx+887QRI7g13FADQc3kWfasHs9bQdbdfQYAmCSaVrbmiAI
teWNqqyA2jf/XeU37BtMh98ou19F3MFsoNjTnvmQ7GLDu2cCDt4SHHjsnxQa3owAJF
GjDJ89GEsE0Ivd6tCm6tMG4d3g3A5134egaMNH3U=
X-Riseup-User-ID: F07CB6E760F5805AC51D445A715C2E783B74CC52B78ECB9F77561D4EEB36923D
Received: from [127.0.0.1] (localhost [127.0.0.1])
by fews2.riseup.net (Postfix) with ESMTPSA id 4L79lS4YqRz1yQc;
Tue, 24 May 2022 16:44:20 -0700 (PDT)
Date: Tue, 24 May 2022 20:44:13 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
Message-ID: <Yo1tzQLys4R8aAyA@andel>
References: <Yn53d4GR+kohZh/b@andel>
<c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
<YoUvHJ24iYDBrO9v@andel> <87a6b85o37.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="VTQOZ90TQgTRYNmT"
Content-Disposition: inline
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
--VTQOZ90TQgTRYNmT
Content-Type: multipart/mixed; boundary="tLL1RHzY3GxXA7/F"
Content-Disposition: inline
--tLL1RHzY3GxXA7/F
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi again,
seg 23 mai 2022 =E0s 16:18:52 (1653333532), ludo@HIDDEN enviou:
> ...
> (For now commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab changes
> Guile-Git in Guix to depend on libgit2 1.3 as a workaround.)
After upgrading guile-git, the attached patches disables owner
validation and reverts the above commit which made Guix's guile-git
depend on libgit2 1.3 instead of latest.
Cheers!
--tLL1RHzY3GxXA7/F
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="guix.git.patch"
Content-Transfer-Encoding: quoted-printable
=46rom f9de10676c15a65d6df7e430efbb84cebb431ac9 Mon Sep 17 00:00:00 2001
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
References: <87a6b85o37.fsf_-_@HIDDEN>
=46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D <nandre@HIDDEN>
To: 55399 <at> debbugs.gnu.org
Date: Tue, 24 May 2022 19:38:17 -0300
Subject: [PATCH] guix: Disable owner validation when updating cached checko=
ut
* guix/git.scm (update-cached-checkout): Disable owner validation
checks.
---
guix/git.scm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..d5e12188a2 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -4,6 +4,7 @@
;;; Copyright =A9 2021 Kyle Meyer <kyle@HIDDEN>
;;; Copyright =A9 2021 Marius Bakke <marius@HIDDEN>
;;; Copyright =A9 2022 Maxime Devos <maximedevos@HIDDEN>
+;;; Copyright =A9 2022 Andr=E9 Batista <nandre@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -23,6 +24,7 @@
(define-module (guix git)
#:use-module (git)
#:use-module (git object)
+ #:use-module (git settings)
#:use-module (git submodule)
#:use-module (guix i18n)
#:use-module (guix base32)
@@ -463,6 +465,8 @@ (define canonical-ref
(repository (if cache-exists?
(repository-open cache-directory)
(clone/swh-fallback url ref cache-directory))=
))
+ ;; Disable owner validation. See <https://issues.guix.gnu.org/55399>.
+ (set-owner-validation! #f)
;; Only fetch remote if it has not been cloned just before.
(when (and cache-exists?
(not (reference-available? repository ref)))
--
2.36.0
--tLL1RHzY3GxXA7/F
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="guix.guile.patch"
Content-Transfer-Encoding: quoted-printable
=46rom f9de10676c15a65d6df7e430efbb84cebb431ac9 Mon Sep 17 00:00:00 2001
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
References: <87a6b85o37.fsf_-_@HIDDEN>
=46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D <nandre@HIDDEN>
To: 55399 <at> debbugs.gnu.org
Date: Tue, 24 May 2022 19:38:18 -0300
Subject: [PATCH] gnu: guile-git: Use latest libgit2
* gnu/packages/guile.scm (guile-git) [inputs]: Use latest libgit2.
Reverts commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab.
---
gnu/packages/guile.scm | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index a9e04cb476..138fb4d6bc 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -833,9 +833,7 @@ (define-public guile-git
(native-inputs
(list pkg-config autoconf automake texinfo guile-3.0 guile-bytestruct=
ures))
(inputs
- ;; libgit2@HIDDEN =E2=80=98fixed=E2=80=99 a git CVE it never shared, b=
reaking Guix. Use
- ;; 1.3 for now; see <https://issues.guix.gnu.org/55399> for alternati=
ves.
- (list guile-3.0 libgit2-1.3))
+ (list guile-3.0 libgit2))
(propagated-inputs
(list guile-bytestructures))
(synopsis "Guile bindings for libgit2")
--tLL1RHzY3GxXA7/F--
--VTQOZ90TQgTRYNmT
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQG5BAABCgAjFiEEXo3OJhMk/jL9rLM1Nj97Uq5OMvYFAmKNbcsFgwPCZwAACgkQ
Nj97Uq5OMvb0AQv9HGwqf48upFCiCc0W+Ag9eQ1pceB4Lkl9GxLNJRoc9bfb3Wch
kAKKuBlyDzn5Tp/WwQtKcNoR0X6OEel2lNsM6NLoJdlxMN0QDU674Tnt16r5BZfD
Oam2s9vSdf+C99nrFxwAXd1Jqi5vLLfXNIcA9bArRgF8CnooOX8VWYbPvtTaqxNN
Z0i1XE5qtOtX+Jx3pwmF1Ve/dx5xP1+JZ11b9RqGWv+is9AbexBLl8WNna3KC/qL
shFAwCMiCSLgBfPhzhNolBdvrVeBkWkLGF+6L5WsGLiK3McBpv58UI9jJTTnETG0
EeNtzlBFMzyJUU2K8THdyoFTNclehZ0xI1W+DqzpcLdjz9c2Uy/4NvCtOJGYBXyy
g7YkZtYbsIYvx0LcG1ntcpDuNB7PaqovprTOYGUF9ntbrpCAOvIkebIVQRAcHOQt
lcijp4KWv+ZPt8dVDbPZ87Z7QAuAj64K2rpJlz+2y0HfuYPWTLXpaCz4LUqiWU88
LGX9yqQ6QXMXME9Z
=Or2r
-----END PGP SIGNATURE-----
--VTQOZ90TQgTRYNmT--
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.Received: (at 55399) by debbugs.gnu.org; 24 May 2022 01:44:48 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 23 21:44:48 2022 Received: from localhost ([127.0.0.1]:50515 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ntJbM-000295-8A for submit <at> debbugs.gnu.org; Mon, 23 May 2022 21:44:48 -0400 Received: from mx1.riseup.net ([198.252.153.129]:58898) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <nandre@HIDDEN>) id 1ntJbI-00028n-TB for 55399 <at> debbugs.gnu.org; Mon, 23 May 2022 21:44:47 -0400 Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4L6cSg5X0LzDqdj; Mon, 23 May 2022 18:44:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1653356679; bh=XSQr7Ps4rHrxNSV4/lfDjwdtNZegrOd8wPT1trdiIF8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=WPl4vha2Diay1mDzRBfVAsdDs8J/9MtbdIY7CCFlt3iUfx19qEwqyKxBGbAooz8FH F/M2OljCzurn/dMunnVBrdG2E5VxWc5SBB1HrFTn/Wlz6OyrFjRokUK5u3X+9LBM6a vGB0WSnuUJFEqx1As2vUuP5uUn/Ap8joqHJmOvww= X-Riseup-User-ID: 6FAE4BDD7BD4E33388CF21EFF286DFE3DE2A36625E494BA65300CE8B5B01A1C5 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews2.riseup.net (Postfix) with ESMTPSA id 4L6cSf5Dnqz1yQc; Mon, 23 May 2022 18:44:34 -0700 (PDT) Date: Mon, 23 May 2022 22:44:23 -0300 From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN> To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN> Subject: Re: bug#55399: guix system reconfigure fails on channel validation Message-ID: <Yow4dwnY1SdpL3qm@andel> References: <Yn53d4GR+kohZh/b@andel> <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN> <YoUvHJ24iYDBrO9v@andel> <87a6b85o37.fsf_-_@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 55399 Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi! seg 23 mai 2022 às 16:18:52 (1653333532), ludo@HIDDEN enviou: > Yes please! You pretty much already have the code, so we could put > together a new Guile-Git release instead of carrying these modifications > in Guix proper. Done! Issue 26. https://gitlab.com/guile-git/guile-git/-/issues/26
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 55399) by debbugs.gnu.org; 23 May 2022 14:19:05 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 23 10:19:05 2022 Received: from localhost ([127.0.0.1]:49910 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1nt8tk-0000sk-VC for submit <at> debbugs.gnu.org; Mon, 23 May 2022 10:19:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50284) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1nt8th-0000sB-CV for 55399 <at> debbugs.gnu.org; Mon, 23 May 2022 10:19:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34906) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1nt8tb-0000TE-9u; Mon, 23 May 2022 10:18:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=T+JmCtPsjXVRZbsiaA9yaG/N1UzLZKm1lLqQicTqQVA=; b=JugF7Byc6CQ8Z/jv9w06 nwpGshFHKx49oyYPTv5fQyq/il3aRiVJGN36zkbdGZFfK0Ry/VCpCGBAeXEfLtSjuDj2aAmDCAjjI d2z37/mdki+BBPMKuOm2byks66XhHgZHWyEzBZANkaC3Pvooq9uHkHfeYeyaZqS0vLP/T+Ntn2SWP srMHVsRkUjggy0UnMprRzsJzdKx7Rot/5/uSco8PrG+oO+HynnccairYXi+ELLBupX3z28dhSsEVc pmpV5YbgyHWdEXDfl1Wg/DvOMNIsB/Gt/Px5MilOgid+BGUuNeFYY4OIEslVXsSf4AQ5J3BrTQJbg xutV8SwGxcI8XQ==; Received: from [193.50.110.143] (port=39852 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1nt8ta-0001Yq-TJ; Mon, 23 May 2022 10:18:55 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: =?utf-8?Q?Andr=C3=A9?= Batista <nandre@HIDDEN> Subject: Re: bug#55399: guix system reconfigure fails on channel validation References: <Yn53d4GR+kohZh/b@andel> <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN> <YoUvHJ24iYDBrO9v@andel> Date: Mon, 23 May 2022 16:18:52 +0200 In-Reply-To: <YoUvHJ24iYDBrO9v@andel> (=?utf-8?Q?=22Andr=C3=A9?= Batista"'s message of "Wed, 18 May 2022 14:38:36 -0300") Message-ID: <87a6b85o37.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 55399 Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Andr=C3=A9, Andr=C3=A9 Batista <nandre@HIDDEN> skribis: > Anyway, the proper think to do is to update guile-git, so I'll be > opening an issue there. Yes please! You pretty much already have the code, so we could put together a new Guile-Git release instead of carrying these modifications in Guix proper. (For now commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab changes Guile-Git in Guix to depend on libgit2 1.3 as a workaround.) Thanks! Ludo=E2=80=99.
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.
Received: (at 55399) by debbugs.gnu.org; 18 May 2022 17:38:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 18 13:38:56 2022
Received: from localhost ([127.0.0.1]:33436 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1nrNdQ-0005Pf-75
for submit <at> debbugs.gnu.org; Wed, 18 May 2022 13:38:56 -0400
Received: from mx0.riseup.net ([198.252.153.6]:34478)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <nandre@HIDDEN>) id 1nrNdN-0005PN-No
for 55399 <at> debbugs.gnu.org; Wed, 18 May 2022 13:38:54 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.riseup.net", Issuer "R3" (not verified))
by mx0.riseup.net (Postfix) with ESMTPS id 4L3KwR61yvz9s7d;
Wed, 18 May 2022 10:38:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
t=1652895527; bh=fSs5/fwayNjAHvWegiXT7W2GPI3W/VykORODsKHsfuw=;
h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
b=AgqJUJj2LW8jqZirSFlXeo82OYOIQb+mRwbWUjje1wO6OQU40hP7LP+oUTF+Ngeqv
E/dej6v6zQcvJoL28ZmKp85yqc/oeMmPsxSC5EiorExsfAwMirLEStzujFOueEZjII
zrsSQoMDm5RWbVgyaJAZsbrJJGnJ97Up+zmmFsEk=
X-Riseup-User-ID: 002575DF375A5763B8CA8BF8DC280711774570187A6E4E21A089A840382E0E5F
Received: from [127.0.0.1] (localhost [127.0.0.1])
by fews2.riseup.net (Postfix) with ESMTPSA id 4L3KwQ5Q91z1xph;
Wed, 18 May 2022 10:38:46 -0700 (PDT)
Date: Wed, 18 May 2022 14:38:36 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#55399: Temporary fix
Message-ID: <YoUvHJ24iYDBrO9v@andel>
References: <Yn53d4GR+kohZh/b@andel>
<c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="BW/eXf9dR20dld1M"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
--BW/eXf9dR20dld1M
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Hi Maxime!
sex 13 mai 2022 às 17:28:29 (1652473709), maximedevos@HIDDEN enviou:
> André Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> > Any thoughts?
>
> According to
> <https://github.com/libgit2/libgit2/pull/6267/commits/574b5ee7bb112987443916cdedcfc8e274121e9d>,
> the ownership check can be relaxed by setting an option. The guile-
> git library would need to be adjusted to support the option though.
Thanks for your pointers. I've only had a substitute* hammer and this
certainly seemed like a loose nail, so I've hammered my way through.
The patch bellow addresses the issue on guix side only and it was
applied/tested locally before b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab
So this later commit would need to be reverted, otherwise guix will
not use the new libgit2 v1.4.3 anyway.
Anyway, the proper think to do is to update guile-git, so I'll be
opening an issue there.
Happy hacking!
--BW/eXf9dR20dld1M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename="guile-git.patch"
From 370bf9bec714747244da00a7fd793da04c49c523 Mon Sep 17 00:00:00 2001
In-Reply-To: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
References: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>
Date: Tue, 17 May 2022 19:18:49 -0300
Subject: [PATCH] guix/git: Disable owner validation when updating cache.
To: 55399 <at> debbugs.gnu.org
Cc: maximedevos@HIDDEN
---
gnu/packages/guile.scm | 40 +++++++++++++++++++++++++++++++++++++++-
guix/git.scm | 3 +++
2 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 9d58c8d4cd..b120f3eefe 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -816,6 +816,44 @@ (define-public guile-git
(sha256
(base32
"11a51acibwi2hpaygmrpn6nwbr4lqalc87ihrgj3mhz6swbsk9n7"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (substitute* "git/settings.scm"
+ (("set-user-agent!))")
+ (string-append "set-user-agent!\n"
+ " set-owner-validation!))"))
+ (("GIT_OPT_ENABLE_STRICT_OBJECT_CREATION 14)" m)
+ (string-append m "\n" "(define GIT_OPT_ENABLE_STRICT_SYMBOLIC_REF_CREATION 15)"))
+
+ (("(GIT_OPT_SET_SSL_CIPHERS).*" _ m)
+ (string-append m " 16)\n"))
+
+ (("(GIT_OPT_GET_USER_AGENT).*" _ m)
+ (string-append m " 17)\n"
+ "(define GIT_OPT_ENABLE_OFS_DELTA 18)\n"
+ "(define GIT_OPT_ENABLE_FSYNC_GITDIR 19)\n"
+ "(define GIT_OPT_GET_WINDOWS_SHAREMODE 20)\n"
+ "(define GIT_OPT_SET_WINDOWS_SHAREMODE 21)\n"
+ "(define GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION 22)\n"
+ "(define GIT_OPT_SET_ALLOCATOR 23)\n"
+ "(define GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY 24)\n"
+ "(define GIT_OPT_GET_PACK_MAX_OBJECTS 25)\n"
+ "(define GIT_OPT_SET_PACK_MAX_OBJECTS 26)\n"
+ "(define GIT_OPT_DISABLE_PACK_KEEP_FILE_CHECKS 27)\n"
+ "(define GIT_OPT_ENABLE_HTTP_EXPECT_CONTINUE 28)\n"
+ "(define GIT_OPT_GET_MWINDOW_FILE_LIMIT 29)\n"
+ "(define GIT_OPT_SET_MWINDOW_FILE_LIMIT 30)\n"
+ "(define GIT_OPT_SET_ODB_PACKED_PRIORITY 31)\n"
+ "(define GIT_OPT_SET_ODB_LOOSE_PRIORITY 32)\n"
+ "(define GIT_OPT_GET_EXTENSIONS 33)\n"
+ "(define GIT_OPT_SET_EXTENSIONS 34)\n"
+ "(define GIT_OPT_GET_OWNER_VALIDATION 35)\n"
+ "(define GIT_OPT_SET_OWNER_VALIDATION 36)\n\n"
+ "(define set-owner-validation!\n"
+ " (let ((proc (libgit2->procedure* \"git_libgit2_opts\" (list int int))))\n"
+ " (lambda* (owner-validation)\n"
+ " (proc GIT_OPT_SET_OWNER_VALIDATION owner-validation))))\n")))))
(patches (search-patches
"guile-git-adjust-for-libgit2-1.2.0.patch"))))
(build-system gnu-build-system)
diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..ced6a9c62c 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -23,6 +23,7 @@
(define-module (guix git)
#:use-module (git)
#:use-module (git object)
+ #:use-module (git settings)
#:use-module (git submodule)
#:use-module (guix i18n)
#:use-module (guix base32)
@@ -463,6 +464,8 @@ (define canonical-ref
(repository (if cache-exists?
(repository-open cache-directory)
(clone/swh-fallback url ref cache-directory))))
+ ;; Disable owner validation for local repos see #55399
+ (set-owner-validation! 0)
;; Only fetch remote if it has not been cloned just before.
(when (and cache-exists?
(not (reference-available? repository ref)))
--BW/eXf9dR20dld1M--
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.Received: (at 55399) by debbugs.gnu.org; 13 May 2022 15:28:32 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:28:32 2022 Received: from localhost ([127.0.0.1]:44640 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1npXDU-0002sU-8z for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:28:32 -0400 Received: from xavier.telenet-ops.be ([195.130.132.52]:42970) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1npXDS-0002sI-Fr for 55399 <at> debbugs.gnu.org; Fri, 13 May 2022 11:28:30 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by xavier.telenet-ops.be with bizsmtp id WFUV2700J4UW6Th01FUVXQ; Fri, 13 May 2022 17:28:29 +0200 Message-ID: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN> Subject: Re: bug#55399: guix system reconfigure fails on channel validation From: Maxime Devos <maximedevos@HIDDEN> To: =?ISO-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>, 55399 <at> debbugs.gnu.org Date: Fri, 13 May 2022 17:28:29 +0200 In-Reply-To: <Yn53d4GR+kohZh/b@andel> References: <Yn53d4GR+kohZh/b@andel> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-A8/gSho3tij3TOCPSWT7" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1652455709; bh=6D4REXBID5X3x4CeWpE84/cJcITsTtguEKHnrG5RWNc=; h=Subject:From:To:Date:In-Reply-To:References; b=Usv4OKG7Rw+q8bacH/+D9FFGPd9Z65gTX4eWVtvDulUAqSquIb+q9RofOsMe/4wFf OlS+IOXtFgBgdIkChy6nnZOqo7QeeMlBGfXzqv9gnTp7ueYPST/4NImILyNey25uqg sW9KklX/S07+/iOCO8pfED8SS0sxONP31ZFHzifyMCX0J3jY56EPIOGS+TcJ9zw2nA P3e1oyBlUJAWrPKDGCUtTRlJfSI/vBn8VXsp1KhZTW9f2Et7ZQq67KEhJMvmEw8MeS T7CmT+xiTnbjRGe0Q9ureYIL8ajmBY34bHKTwqQKJWv7eaTfiSV2XmKsETu1p2mPty CR3FrxM4rdrlg== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55399 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-A8/gSho3tij3TOCPSWT7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Andr=C3=A9 Batista schreef op vr 13-05-2022 om 12:21 [-0300]: > Any thoughts? According to <https://github.com/libgit2/libgit2/pull/6267/commits/574b5ee7bb11298744391= 6cdedcfc8e274121e9d>, the ownership check can be relaxed by setting an option. The guile- git library would need to be adjusted to support the option though. Greetings, Maxime. --=-A8/gSho3tij3TOCPSWT7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYn55HRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7sCyAQDfwyWmtyToJRDlZV70quA6O2XJ q55xtkI/mmttol638gEAr8O7Qb6uM7vbIM0oSQRHJgNiJVKatgfUAHipcnWC3Ak= =Fxlz -----END PGP SIGNATURE----- --=-A8/gSho3tij3TOCPSWT7--
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.Received: (at 55399) by debbugs.gnu.org; 13 May 2022 15:26:08 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:26:08 2022 Received: from localhost ([127.0.0.1]:44633 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1npXB9-0002n8-UK for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:26:08 -0400 Received: from xavier.telenet-ops.be ([195.130.132.52]:39514) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maximedevos@HIDDEN>) id 1npXB8-0002mz-Gl for 55399 <at> debbugs.gnu.org; Fri, 13 May 2022 11:26:06 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by xavier.telenet-ops.be with bizsmtp id WFS42700H4UW6Th01FS47t; Fri, 13 May 2022 17:26:05 +0200 Message-ID: <1f9a73621562c5fe96a0d254aef893f95ab33ff0.camel@HIDDEN> Subject: Re: bug#55399: guix system reconfigure fails on channel validation From: Maxime Devos <maximedevos@HIDDEN> To: =?ISO-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>, 55399 <at> debbugs.gnu.org Date: Fri, 13 May 2022 17:26:04 +0200 In-Reply-To: <Yn53d4GR+kohZh/b@andel> References: <Yn53d4GR+kohZh/b@andel> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-039nLV/U5R2BaD5o8stT" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1652455565; bh=r4KJmDLzooWn7y2oKdj6Gsg98yNLmvEYTGtvjlI+Lg4=; h=Subject:From:To:Date:In-Reply-To:References; b=bgzD8yHjdzZu+fu25xsZDCrKMeutsaVtMVmnIsTUsOGvMTtBUXalEh2jC/XR0BoxS rEMD/ynzc0fXY18oS1CEIHVbx/LCTjTyiKj9mAKnwKRrTevPpzUi/PkfPB4T0XzsT2 aKI8eVilXaUrhY9dSu6Rw2oYhixft5+U9rr6OKNxZKys3/x2feVGvb+YCB3kBG/rNZ o2JmhfTL06I+H2b3vWK0gZ9qbNzVn8urKLssBOhc2Epw1YVFww0rnuEPbTk2nwZCyb 97VlpSlWA+t1CM+prxmtwi38+dThPr/mVcw5D3KKuyqTLLYummj4tG2EvKpXoGNG3b KVwQfRkyAk6jw== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55399 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-039nLV/U5R2BaD5o8stT Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Andr=C3=A9 Batista schreef op vr 13-05-2022 om 12:21 [-0300]: > Any thoughts? For now, let 'guile-git' use the libgit2-1.3 variant, look into relaxing the =E2=80=98is owned by=E2=80=99 check later? Greetings, Maxime --=-039nLV/U5R2BaD5o8stT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYn54jBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7m4iAPoCZrJ2G9KOnpQMrRr0NRkW6KMp d8HjPHGZlNWtk466eQD/ZG3OedO6KSPKmWu7im29bg1CI4Ntuo3DfL3YkwHakAo= =VcFh -----END PGP SIGNATURE----- --=-039nLV/U5R2BaD5o8stT--
bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 13 May 2022 15:21:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:21:48 2022
Received: from localhost ([127.0.0.1]:44603 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1npX6x-0002bw-RA
for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:21:48 -0400
Received: from lists.gnu.org ([209.51.188.17]:54204)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <nandre@HIDDEN>) id 1npX6w-0002bp-6z
for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:21:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40810)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <nandre@HIDDEN>) id 1npX6w-00011H-26
for bug-guix@HIDDEN; Fri, 13 May 2022 11:21:46 -0400
Received: from mx0.riseup.net ([198.252.153.6]:55370)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <nandre@HIDDEN>) id 1npX6t-0004kl-MD
for bug-guix@HIDDEN; Fri, 13 May 2022 11:21:45 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.riseup.net", Issuer "R3" (not verified))
by mx0.riseup.net (Postfix) with ESMTPS id 4L0C6X3PV8z9s7f
for <bug-guix@HIDDEN>; Fri, 13 May 2022 08:21:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
t=1652455300; bh=TMxbG2DvezrP8tFrRmR+pKDZpr+J8ZsAWihxQwEL6bE=;
h=Date:From:To:Subject:From;
b=YMf2cmxgV4RGFYTOunOe+nHWOG7piyvQDN/AK0tseiVCMzyfE2ZMCbhuhv5bd+v1e
SXxA1DUbEymsD8qLE8usnjLK7XGs+j7cMwVQM9237MqBJLQWAJUVRaIJNrmC38fNjd
NfegQob1J2JET9fEs3gmMvjdX4hGgZtbwk+hpdyI=
X-Riseup-User-ID: A422B65AA728CA59D5DC920278E4FA4F43FAD4E46B87EAC9E1140F38A1AE7074
Received: from [127.0.0.1] (localhost [127.0.0.1])
by fews2.riseup.net (Postfix) with ESMTPSA id 4L0C6V5dk9z1yBZ
for <bug-guix@HIDDEN>; Fri, 13 May 2022 08:21:38 -0700 (PDT)
Date: Fri, 13 May 2022 12:21:27 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: bug-guix@HIDDEN
Subject: guix system reconfigure fails on channel validation
Message-ID: <Yn53d4GR+kohZh/b@andel>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@HIDDEN;
helo=mx0.riseup.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)
Hello Guix!
Recently, I've not been able to reconfigure some of my guix systems
because guix fails to forward validate the commits in between the
current system deployment and the newer one. This appears to be
related to the new libgit2 version 1.4.3[1][2], which addressed CVE
2022-24765, since there was no change to the related guix routines
on the time lapse since the last deploy.
This is the error I'm getting:
$ sudo guix system --fallback -c 3 -M 3 reconfigure myconfig.scm
Backtrace:
19 (primitive-load "/home/user/.config/guix/current/bin/g?")
In guix/ui.scm:
2230:7 18 (run-guix . _)
2193:10 17 (run-guix-command _ . _)
In ice-9/boot-9.scm:
1752:10 16 (with-exception-handler _ _ #:unwind? _ # _)
In guix/status.scm:
829:3 15 (_)
809:4 14 (call-with-status-report _ _)
In guix/scripts/system.scm:
1253:4 13 (_)
In ice-9/boot-9.scm:
1752:10 12 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
658:37 11 (thunk)
1320:8 10 (call-with-build-handler #<procedure b445f18 at guix/u?> ?)
2129:25 9 (run-with-store #<store-connection 256.99 b0934d8> _ # _ ?)
In guix/scripts/system.scm:
1277:15 8 (_ _)
819:5 7 (perform-action reconfigure #<<image> name: #f format:?> ?)
In guix/scripts/system/reconfigure.scm:
345:3 6 (check-forward-update _ #:current-channels _)
In srfi/srfi-1.scm:
691:23 5 (filter-map #<procedure ba4c460 at guix/scripts/syst?> . #)
In guix/scripts/system/reconfigure.scm:
352:37 4 (_ #<<channel> name: guix url: "/src/guix.git" branch: ?>)
In guix/git.scm:
469:7 3 (update-cached-checkout _ #:ref _ #:recursive? _ # _ # _ ?)
In git/bindings.scm:
77:2 2 (raise-git-error _)
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Git error: repository path '/src/guix.git/' is not owned by current user
-----
And these are the commits being compared:
$ guix system describe
Generation 214 May 06 2022 22:47:43 (current)
file name: /var/guix/profiles/system-214-link
canonical file name: /gnu/store/b0wrzz8sxqi9hywpqz29cm73l9adxjy9-system
label: GNU with Linux-Libre-Atom 5.17.5
bootloader: grub
root device: label: "rootfs"
kernel: /gnu/store/xmdskyk85sypr4wgf5iwg5iid08l4aiq-linux-libre-atom-5.17.5/bzImage
channels:
guix:
repository URL: /src/guix.git
branch: master
commit: ee70ed5bf50e781a6a43985211aa763e28db62b9
configuration file: /gnu/store/g653hksfz0iwnbpynaq2mx4nv7ayb7r7-configuration.scm
$ guix describe
Generation 200 May 12 2022 13:48:01 (current)
guix a1cb645
repository URL: /src/guix.git
branch: master
commit: a1cb645d83d085382eaf64f4c097642aa47c297a
Any thoughts?
1. https://github.com/libgit2/libgit2/blob/v1.4.3/docs/changelog.md
2. https://github.com/libgit2/libgit2/commit/0cc4a70db0942f65528f4877be14a6a987fe3c64
3. https://github.blog/2022-04-12-git-security-vulnerability-announced/
André Batista <nandre@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#55399; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.