GNU bug report logs - #55399
libgit2 1.4.3 directory owner validation breaks Guix

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: important; Reported by: André Batista <nandre@HIDDEN>; Keywords: patch; dated Fri, 13 May 2022 15:22:01 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added tag(s) patch. Request was from Maxim Cournoyer <maxim.cournoyer@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 24 May 2022 23:44:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 24 19:44:34 2022
Received: from localhost ([127.0.0.1]:53820 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nteCV-0005mN-Im
	for submit <at> debbugs.gnu.org; Tue, 24 May 2022 19:44:34 -0400
Received: from mx1.riseup.net ([198.252.153.129]:56150)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@HIDDEN>) id 1nteCR-0005m6-FB
 for 55399 <at> debbugs.gnu.org; Tue, 24 May 2022 19:44:30 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4L79lT5yBBzDqxK;
 Tue, 24 May 2022 16:44:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1653435862; bh=klXF4xU3bm+i0MfXVt77ZPkOziGAGpw83lVNtNnLSG8=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=PggFNkO5W5DTKwqqcSsx+887QRI7g13FADQc3kWfasHs9bQdbdfQYAmCSaVrbmiAI
 teWNqqyA2jf/XeU37BtMh98ou19F3MFsoNjTnvmQ7GLDu2cCDt4SHHjsnxQa3owAJF
 GjDJ89GEsE0Ivd6tCm6tMG4d3g3A5134egaMNH3U=
X-Riseup-User-ID: F07CB6E760F5805AC51D445A715C2E783B74CC52B78ECB9F77561D4EEB36923D
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4L79lS4YqRz1yQc;
 Tue, 24 May 2022 16:44:20 -0700 (PDT)
Date: Tue, 24 May 2022 20:44:13 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
Message-ID: <Yo1tzQLys4R8aAyA@andel>
References: <Yn53d4GR+kohZh/b@andel>
 <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
 <YoUvHJ24iYDBrO9v@andel> <87a6b85o37.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="VTQOZ90TQgTRYNmT"
Content-Disposition: inline
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--VTQOZ90TQgTRYNmT
Content-Type: multipart/mixed; boundary="tLL1RHzY3GxXA7/F"
Content-Disposition: inline


--tLL1RHzY3GxXA7/F
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi again,

seg 23 mai 2022 =E0s 16:18:52 (1653333532), ludo@HIDDEN enviou:
> ...
> (For now commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab changes
> Guile-Git in Guix to depend on libgit2 1.3 as a workaround.)

After upgrading guile-git, the attached patches disables owner
validation and reverts the above commit which made Guix's guile-git
depend on libgit2 1.3 instead of latest.

Cheers!

--tLL1RHzY3GxXA7/F
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="guix.git.patch"
Content-Transfer-Encoding: quoted-printable

=46rom f9de10676c15a65d6df7e430efbb84cebb431ac9 Mon Sep 17 00:00:00 2001
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
References: <87a6b85o37.fsf_-_@HIDDEN>
=46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D <nandre@HIDDEN>
To: 55399 <at> debbugs.gnu.org
Date: Tue, 24 May 2022 19:38:17 -0300
Subject: [PATCH] guix: Disable owner validation when updating cached checko=
ut

* guix/git.scm (update-cached-checkout): Disable owner validation
checks.
---
 guix/git.scm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..d5e12188a2 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -4,6 +4,7 @@
 ;;; Copyright =A9 2021 Kyle Meyer <kyle@HIDDEN>
 ;;; Copyright =A9 2021 Marius Bakke <marius@HIDDEN>
 ;;; Copyright =A9 2022 Maxime Devos <maximedevos@HIDDEN>
+;;; Copyright =A9 2022 Andr=E9 Batista <nandre@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,6 +24,7 @@
 (define-module (guix git)
   #:use-module (git)
   #:use-module (git object)
+  #:use-module (git settings)
   #:use-module (git submodule)
   #:use-module (guix i18n)
   #:use-module (guix base32)
@@ -463,6 +465,8 @@ (define canonical-ref
           (repository    (if cache-exists?
                              (repository-open cache-directory)
                              (clone/swh-fallback url ref cache-directory))=
))
+     ;; Disable owner validation. See <https://issues.guix.gnu.org/55399>.
+     (set-owner-validation! #f)
      ;; Only fetch remote if it has not been cloned just before.
      (when (and cache-exists?
                 (not (reference-available? repository ref)))
--
2.36.0

--tLL1RHzY3GxXA7/F
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="guix.guile.patch"
Content-Transfer-Encoding: quoted-printable

=46rom f9de10676c15a65d6df7e430efbb84cebb431ac9 Mon Sep 17 00:00:00 2001
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
References: <87a6b85o37.fsf_-_@HIDDEN>
=46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D <nandre@HIDDEN>
To: 55399 <at> debbugs.gnu.org
Date: Tue, 24 May 2022 19:38:18 -0300
Subject: [PATCH] gnu: guile-git: Use latest libgit2

* gnu/packages/guile.scm (guile-git) [inputs]: Use latest libgit2.
Reverts commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab.
---
 gnu/packages/guile.scm | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index a9e04cb476..138fb4d6bc 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -833,9 +833,7 @@ (define-public guile-git
     (native-inputs
      (list pkg-config autoconf automake texinfo guile-3.0 guile-bytestruct=
ures))
     (inputs
-     ;; libgit2@HIDDEN =E2=80=98fixed=E2=80=99 a git CVE it never shared, b=
reaking Guix.  Use
-     ;; 1.3 for now; see <https://issues.guix.gnu.org/55399> for alternati=
ves.
-     (list guile-3.0 libgit2-1.3))
+     (list guile-3.0 libgit2))
     (propagated-inputs
      (list guile-bytestructures))
     (synopsis "Guile bindings for libgit2")

--tLL1RHzY3GxXA7/F--

--VTQOZ90TQgTRYNmT
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQG5BAABCgAjFiEEXo3OJhMk/jL9rLM1Nj97Uq5OMvYFAmKNbcsFgwPCZwAACgkQ
Nj97Uq5OMvb0AQv9HGwqf48upFCiCc0W+Ag9eQ1pceB4Lkl9GxLNJRoc9bfb3Wch
kAKKuBlyDzn5Tp/WwQtKcNoR0X6OEel2lNsM6NLoJdlxMN0QDU674Tnt16r5BZfD
Oam2s9vSdf+C99nrFxwAXd1Jqi5vLLfXNIcA9bArRgF8CnooOX8VWYbPvtTaqxNN
Z0i1XE5qtOtX+Jx3pwmF1Ve/dx5xP1+JZ11b9RqGWv+is9AbexBLl8WNna3KC/qL
shFAwCMiCSLgBfPhzhNolBdvrVeBkWkLGF+6L5WsGLiK3McBpv58UI9jJTTnETG0
EeNtzlBFMzyJUU2K8THdyoFTNclehZ0xI1W+DqzpcLdjz9c2Uy/4NvCtOJGYBXyy
g7YkZtYbsIYvx0LcG1ntcpDuNB7PaqovprTOYGUF9ntbrpCAOvIkebIVQRAcHOQt
lcijp4KWv+ZPt8dVDbPZ87Z7QAuAj64K2rpJlz+2y0HfuYPWTLXpaCz4LUqiWU88
LGX9yqQ6QXMXME9Z
=Or2r
-----END PGP SIGNATURE-----

--VTQOZ90TQgTRYNmT--




Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 24 May 2022 01:44:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 23 21:44:48 2022
Received: from localhost ([127.0.0.1]:50515 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1ntJbM-000295-8A
	for submit <at> debbugs.gnu.org; Mon, 23 May 2022 21:44:48 -0400
Received: from mx1.riseup.net ([198.252.153.129]:58898)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@HIDDEN>) id 1ntJbI-00028n-TB
 for 55399 <at> debbugs.gnu.org; Mon, 23 May 2022 21:44:47 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4L6cSg5X0LzDqdj;
 Mon, 23 May 2022 18:44:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1653356679; bh=XSQr7Ps4rHrxNSV4/lfDjwdtNZegrOd8wPT1trdiIF8=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=WPl4vha2Diay1mDzRBfVAsdDs8J/9MtbdIY7CCFlt3iUfx19qEwqyKxBGbAooz8FH
 F/M2OljCzurn/dMunnVBrdG2E5VxWc5SBB1HrFTn/Wlz6OyrFjRokUK5u3X+9LBM6a
 vGB0WSnuUJFEqx1As2vUuP5uUn/Ap8joqHJmOvww=
X-Riseup-User-ID: 6FAE4BDD7BD4E33388CF21EFF286DFE3DE2A36625E494BA65300CE8B5B01A1C5
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4L6cSf5Dnqz1yQc;
 Mon, 23 May 2022 18:44:34 -0700 (PDT)
Date: Mon, 23 May 2022 22:44:23 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
Message-ID: <Yow4dwnY1SdpL3qm@andel>
References: <Yn53d4GR+kohZh/b@andel>
 <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
 <YoUvHJ24iYDBrO9v@andel> <87a6b85o37.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87a6b85o37.fsf_-_@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi!

seg 23 mai 2022 às 16:18:52 (1653333532), ludo@HIDDEN enviou:
> Yes please!  You pretty much already have the code, so we could put
> together a new Guile-Git release instead of carrying these modifications
> in Guix proper.

Done! Issue 26.

https://gitlab.com/guile-git/guile-git/-/issues/26






Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.
Severity set to 'important' from 'normal' Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
Changed bug title to 'libgit2 1.4.3 directory owner validation breaks Guix' from 'guix system reconfigure fails on channel validation' Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 23 May 2022 14:19:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 23 10:19:05 2022
Received: from localhost ([127.0.0.1]:49910 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nt8tk-0000sk-VC
	for submit <at> debbugs.gnu.org; Mon, 23 May 2022 10:19:05 -0400
Received: from eggs.gnu.org ([209.51.188.92]:50284)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1nt8th-0000sB-CV
 for 55399 <at> debbugs.gnu.org; Mon, 23 May 2022 10:19:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34906)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1nt8tb-0000TE-9u; Mon, 23 May 2022 10:18:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=T+JmCtPsjXVRZbsiaA9yaG/N1UzLZKm1lLqQicTqQVA=; b=JugF7Byc6CQ8Z/jv9w06
 nwpGshFHKx49oyYPTv5fQyq/il3aRiVJGN36zkbdGZFfK0Ry/VCpCGBAeXEfLtSjuDj2aAmDCAjjI
 d2z37/mdki+BBPMKuOm2byks66XhHgZHWyEzBZANkaC3Pvooq9uHkHfeYeyaZqS0vLP/T+Ntn2SWP
 srMHVsRkUjggy0UnMprRzsJzdKx7Rot/5/uSco8PrG+oO+HynnccairYXi+ELLBupX3z28dhSsEVc
 pmpV5YbgyHWdEXDfl1Wg/DvOMNIsB/Gt/Px5MilOgid+BGUuNeFYY4OIEslVXsSf4AQ5J3BrTQJbg
 xutV8SwGxcI8XQ==;
Received: from [193.50.110.143] (port=39852 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1nt8ta-0001Yq-TJ; Mon, 23 May 2022 10:18:55 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: =?utf-8?Q?Andr=C3=A9?= Batista <nandre@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
References: <Yn53d4GR+kohZh/b@andel>
 <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
 <YoUvHJ24iYDBrO9v@andel>
Date: Mon, 23 May 2022 16:18:52 +0200
In-Reply-To: <YoUvHJ24iYDBrO9v@andel> (=?utf-8?Q?=22Andr=C3=A9?= Batista"'s
 message of "Wed, 18 May 2022 14:38:36 -0300")
Message-ID: <87a6b85o37.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org, Maxime Devos <maximedevos@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Andr=C3=A9,

Andr=C3=A9 Batista <nandre@HIDDEN> skribis:

> Anyway, the proper think to do is to update guile-git, so I'll be
> opening an issue there.

Yes please!  You pretty much already have the code, so we could put
together a new Guile-Git release instead of carrying these modifications
in Guix proper.

(For now commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab changes
Guile-Git in Guix to depend on libgit2 1.3 as a workaround.)

Thanks!

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 18 May 2022 17:38:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 18 13:38:56 2022
Received: from localhost ([127.0.0.1]:33436 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nrNdQ-0005Pf-75
	for submit <at> debbugs.gnu.org; Wed, 18 May 2022 13:38:56 -0400
Received: from mx0.riseup.net ([198.252.153.6]:34478)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@HIDDEN>) id 1nrNdN-0005PN-No
 for 55399 <at> debbugs.gnu.org; Wed, 18 May 2022 13:38:54 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx0.riseup.net (Postfix) with ESMTPS id 4L3KwR61yvz9s7d;
 Wed, 18 May 2022 10:38:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1652895527; bh=fSs5/fwayNjAHvWegiXT7W2GPI3W/VykORODsKHsfuw=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=AgqJUJj2LW8jqZirSFlXeo82OYOIQb+mRwbWUjje1wO6OQU40hP7LP+oUTF+Ngeqv
 E/dej6v6zQcvJoL28ZmKp85yqc/oeMmPsxSC5EiorExsfAwMirLEStzujFOueEZjII
 zrsSQoMDm5RWbVgyaJAZsbrJJGnJ97Up+zmmFsEk=
X-Riseup-User-ID: 002575DF375A5763B8CA8BF8DC280711774570187A6E4E21A089A840382E0E5F
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4L3KwQ5Q91z1xph;
 Wed, 18 May 2022 10:38:46 -0700 (PDT)
Date: Wed, 18 May 2022 14:38:36 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: bug#55399: Temporary fix
Message-ID: <YoUvHJ24iYDBrO9v@andel>
References: <Yn53d4GR+kohZh/b@andel>
 <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="BW/eXf9dR20dld1M"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 55399
Cc: 55399 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--BW/eXf9dR20dld1M
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Hi Maxime!

sex 13 mai 2022 às 17:28:29 (1652473709), maximedevos@HIDDEN enviou:
> André Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> > Any thoughts?
> 
> According to
> <https://github.com/libgit2/libgit2/pull/6267/commits/574b5ee7bb112987443916cdedcfc8e274121e9d>,
>  the ownership check can be relaxed by setting an option.  The guile-
> git library would need to be adjusted to support the option though.

Thanks for your pointers. I've only had a substitute* hammer and this
certainly seemed like a loose nail, so I've hammered my way through.

The patch bellow addresses the issue on guix side only and it was
applied/tested locally before b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab
So this later commit would need to be reverted, otherwise guix will
not use the new libgit2 v1.4.3 anyway.

Anyway, the proper think to do is to update guile-git, so I'll be
opening an issue there.

Happy hacking!



--BW/eXf9dR20dld1M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline; filename="guile-git.patch"

From 370bf9bec714747244da00a7fd793da04c49c523 Mon Sep 17 00:00:00 2001
In-Reply-To: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
References: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@HIDDEN>
Date: Tue, 17 May 2022 19:18:49 -0300
Subject: [PATCH] guix/git: Disable owner validation when updating cache.
To: 55399 <at> debbugs.gnu.org
Cc: maximedevos@HIDDEN

---
 gnu/packages/guile.scm | 40 +++++++++++++++++++++++++++++++++++++++-
 guix/git.scm           |  3 +++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 9d58c8d4cd..b120f3eefe 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -816,6 +816,44 @@ (define-public guile-git
               (sha256
                (base32
                 "11a51acibwi2hpaygmrpn6nwbr4lqalc87ihrgj3mhz6swbsk9n7"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (substitute* "git/settings.scm"
+                    (("set-user-agent!))")
+                     (string-append "set-user-agent!\n"
+                                    "            set-owner-validation!))"))
+                    (("GIT_OPT_ENABLE_STRICT_OBJECT_CREATION 14)" m)
+                     (string-append m "\n" "(define GIT_OPT_ENABLE_STRICT_SYMBOLIC_REF_CREATION 15)"))
+
+                    (("(GIT_OPT_SET_SSL_CIPHERS).*" _ m)
+                     (string-append m " 16)\n"))
+
+                    (("(GIT_OPT_GET_USER_AGENT).*" _ m)
+                     (string-append m " 17)\n"
+                       "(define GIT_OPT_ENABLE_OFS_DELTA 18)\n"
+                       "(define GIT_OPT_ENABLE_FSYNC_GITDIR 19)\n"
+                       "(define GIT_OPT_GET_WINDOWS_SHAREMODE 20)\n"
+                       "(define GIT_OPT_SET_WINDOWS_SHAREMODE 21)\n"
+                       "(define GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION 22)\n"
+                       "(define GIT_OPT_SET_ALLOCATOR 23)\n"
+                       "(define GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY 24)\n"
+                       "(define GIT_OPT_GET_PACK_MAX_OBJECTS 25)\n"
+                       "(define GIT_OPT_SET_PACK_MAX_OBJECTS 26)\n"
+                       "(define GIT_OPT_DISABLE_PACK_KEEP_FILE_CHECKS 27)\n"
+                       "(define GIT_OPT_ENABLE_HTTP_EXPECT_CONTINUE 28)\n"
+                       "(define GIT_OPT_GET_MWINDOW_FILE_LIMIT 29)\n"
+                       "(define GIT_OPT_SET_MWINDOW_FILE_LIMIT 30)\n"
+                       "(define GIT_OPT_SET_ODB_PACKED_PRIORITY 31)\n"
+                       "(define GIT_OPT_SET_ODB_LOOSE_PRIORITY 32)\n"
+                       "(define GIT_OPT_GET_EXTENSIONS 33)\n"
+                       "(define GIT_OPT_SET_EXTENSIONS 34)\n"
+                       "(define GIT_OPT_GET_OWNER_VALIDATION 35)\n"
+                       "(define GIT_OPT_SET_OWNER_VALIDATION 36)\n\n"
+                       "(define set-owner-validation!\n"
+                       "  (let  ((proc (libgit2->procedure* \"git_libgit2_opts\" (list int int))))\n"
+                       "    (lambda* (owner-validation)\n"
+                       "     (proc GIT_OPT_SET_OWNER_VALIDATION owner-validation))))\n")))))
               (patches (search-patches
                         "guile-git-adjust-for-libgit2-1.2.0.patch"))))
     (build-system gnu-build-system)
diff --git a/guix/git.scm b/guix/git.scm
index 53e7219c8c..ced6a9c62c 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -23,6 +23,7 @@
 (define-module (guix git)
   #:use-module (git)
   #:use-module (git object)
+  #:use-module (git settings)
   #:use-module (git submodule)
   #:use-module (guix i18n)
   #:use-module (guix base32)
@@ -463,6 +464,8 @@ (define canonical-ref
           (repository    (if cache-exists?
                              (repository-open cache-directory)
                              (clone/swh-fallback url ref cache-directory))))
+     ;; Disable owner validation for local repos see #55399
+     (set-owner-validation! 0)
      ;; Only fetch remote if it has not been cloned just before.
      (when (and cache-exists?
                 (not (reference-available? repository ref)))

--BW/eXf9dR20dld1M--




Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 13 May 2022 15:28:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:28:32 2022
Received: from localhost ([127.0.0.1]:44640 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1npXDU-0002sU-8z
	for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:28:32 -0400
Received: from xavier.telenet-ops.be ([195.130.132.52]:42970)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1npXDS-0002sI-Fr
 for 55399 <at> debbugs.gnu.org; Fri, 13 May 2022 11:28:30 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by xavier.telenet-ops.be with bizsmtp
 id WFUV2700J4UW6Th01FUVXQ; Fri, 13 May 2022 17:28:29 +0200
Message-ID: <c5a0381129feb0a20c4642ca97409e967471a537.camel@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
From: Maxime Devos <maximedevos@HIDDEN>
To: =?ISO-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>, 
 55399 <at> debbugs.gnu.org
Date: Fri, 13 May 2022 17:28:29 +0200
In-Reply-To: <Yn53d4GR+kohZh/b@andel>
References: <Yn53d4GR+kohZh/b@andel>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-A8/gSho3tij3TOCPSWT7"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1652455709; bh=6D4REXBID5X3x4CeWpE84/cJcITsTtguEKHnrG5RWNc=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=Usv4OKG7Rw+q8bacH/+D9FFGPd9Z65gTX4eWVtvDulUAqSquIb+q9RofOsMe/4wFf
 OlS+IOXtFgBgdIkChy6nnZOqo7QeeMlBGfXzqv9gnTp7ueYPST/4NImILyNey25uqg
 sW9KklX/S07+/iOCO8pfED8SS0sxONP31ZFHzifyMCX0J3jY56EPIOGS+TcJ9zw2nA
 P3e1oyBlUJAWrPKDGCUtTRlJfSI/vBn8VXsp1KhZTW9f2Et7ZQq67KEhJMvmEw8MeS
 T7CmT+xiTnbjRGe0Q9ureYIL8ajmBY34bHKTwqQKJWv7eaTfiSV2XmKsETu1p2mPty
 CR3FrxM4rdrlg==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55399
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-A8/gSho3tij3TOCPSWT7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Andr=C3=A9 Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> Any thoughts?

According to
<https://github.com/libgit2/libgit2/pull/6267/commits/574b5ee7bb11298744391=
6cdedcfc8e274121e9d>,
 the ownership check can be relaxed by setting an option.  The guile-
git library would need to be adjusted to support the option though.

Greetings,
Maxime.

--=-A8/gSho3tij3TOCPSWT7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYn55HRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7sCyAQDfwyWmtyToJRDlZV70quA6O2XJ
q55xtkI/mmttol638gEAr8O7Qb6uM7vbIM0oSQRHJgNiJVKatgfUAHipcnWC3Ak=
=Fxlz
-----END PGP SIGNATURE-----

--=-A8/gSho3tij3TOCPSWT7--





Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at 55399 <at> debbugs.gnu.org:


Received: (at 55399) by debbugs.gnu.org; 13 May 2022 15:26:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:26:08 2022
Received: from localhost ([127.0.0.1]:44633 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1npXB9-0002n8-UK
	for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:26:08 -0400
Received: from xavier.telenet-ops.be ([195.130.132.52]:39514)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1npXB8-0002mz-Gl
 for 55399 <at> debbugs.gnu.org; Fri, 13 May 2022 11:26:06 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by xavier.telenet-ops.be with bizsmtp
 id WFS42700H4UW6Th01FS47t; Fri, 13 May 2022 17:26:05 +0200
Message-ID: <1f9a73621562c5fe96a0d254aef893f95ab33ff0.camel@HIDDEN>
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
From: Maxime Devos <maximedevos@HIDDEN>
To: =?ISO-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>, 
 55399 <at> debbugs.gnu.org
Date: Fri, 13 May 2022 17:26:04 +0200
In-Reply-To: <Yn53d4GR+kohZh/b@andel>
References: <Yn53d4GR+kohZh/b@andel>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-039nLV/U5R2BaD5o8stT"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1652455565; bh=r4KJmDLzooWn7y2oKdj6Gsg98yNLmvEYTGtvjlI+Lg4=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=bgzD8yHjdzZu+fu25xsZDCrKMeutsaVtMVmnIsTUsOGvMTtBUXalEh2jC/XR0BoxS
 rEMD/ynzc0fXY18oS1CEIHVbx/LCTjTyiKj9mAKnwKRrTevPpzUi/PkfPB4T0XzsT2
 aKI8eVilXaUrhY9dSu6Rw2oYhixft5+U9rr6OKNxZKys3/x2feVGvb+YCB3kBG/rNZ
 o2JmhfTL06I+H2b3vWK0gZ9qbNzVn8urKLssBOhc2Epw1YVFww0rnuEPbTk2nwZCyb
 97VlpSlWA+t1CM+prxmtwi38+dThPr/mVcw5D3KKuyqTLLYummj4tG2EvKpXoGNG3b
 KVwQfRkyAk6jw==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 55399
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-039nLV/U5R2BaD5o8stT
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Andr=C3=A9 Batista schreef op vr 13-05-2022 om 12:21 [-0300]:
> Any thoughts?

For now, let 'guile-git' use the libgit2-1.3 variant, look into
relaxing the =E2=80=98is owned by=E2=80=99 check later?

Greetings,
Maxime

--=-039nLV/U5R2BaD5o8stT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYn54jBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7m4iAPoCZrJ2G9KOnpQMrRr0NRkW6KMp
d8HjPHGZlNWtk466eQD/ZG3OedO6KSPKmWu7im29bg1CI4Ntuo3DfL3YkwHakAo=
=VcFh
-----END PGP SIGNATURE-----

--=-039nLV/U5R2BaD5o8stT--





Information forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 13 May 2022 15:21:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 13 11:21:48 2022
Received: from localhost ([127.0.0.1]:44603 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1npX6x-0002bw-RA
	for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:21:48 -0400
Received: from lists.gnu.org ([209.51.188.17]:54204)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@HIDDEN>) id 1npX6w-0002bp-6z
 for submit <at> debbugs.gnu.org; Fri, 13 May 2022 11:21:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40810)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@HIDDEN>) id 1npX6w-00011H-26
 for bug-guix@HIDDEN; Fri, 13 May 2022 11:21:46 -0400
Received: from mx0.riseup.net ([198.252.153.6]:55370)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@HIDDEN>) id 1npX6t-0004kl-MD
 for bug-guix@HIDDEN; Fri, 13 May 2022 11:21:45 -0400
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx0.riseup.net (Postfix) with ESMTPS id 4L0C6X3PV8z9s7f
 for <bug-guix@HIDDEN>; Fri, 13 May 2022 08:21:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1652455300; bh=TMxbG2DvezrP8tFrRmR+pKDZpr+J8ZsAWihxQwEL6bE=;
 h=Date:From:To:Subject:From;
 b=YMf2cmxgV4RGFYTOunOe+nHWOG7piyvQDN/AK0tseiVCMzyfE2ZMCbhuhv5bd+v1e
 SXxA1DUbEymsD8qLE8usnjLK7XGs+j7cMwVQM9237MqBJLQWAJUVRaIJNrmC38fNjd
 NfegQob1J2JET9fEs3gmMvjdX4hGgZtbwk+hpdyI=
X-Riseup-User-ID: A422B65AA728CA59D5DC920278E4FA4F43FAD4E46B87EAC9E1140F38A1AE7074
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews2.riseup.net (Postfix) with ESMTPSA id 4L0C6V5dk9z1yBZ
 for <bug-guix@HIDDEN>; Fri, 13 May 2022 08:21:38 -0700 (PDT)
Date: Fri, 13 May 2022 12:21:27 -0300
From: =?iso-8859-1?Q?Andr=E9?= Batista <nandre@HIDDEN>
To: bug-guix@HIDDEN
Subject: guix system reconfigure fails on channel validation
Message-ID: <Yn53d4GR+kohZh/b@andel>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@HIDDEN;
 helo=mx0.riseup.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Hello Guix!

Recently, I've not been able to reconfigure some of my guix systems
because guix fails to forward validate the commits in between the
current system deployment and the newer one. This appears to be
related to the new libgit2 version 1.4.3[1][2], which addressed CVE
2022-24765, since there was no change to the related guix routines
on the time lapse since the last deploy.

This is the error I'm getting:

$ sudo guix system --fallback -c 3 -M 3  reconfigure myconfig.scm
Backtrace:
          19 (primitive-load "/home/user/.config/guix/current/bin/g?")
In guix/ui.scm:
   2230:7 18 (run-guix . _)
  2193:10 17 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1752:10 16 (with-exception-handler _ _ #:unwind? _ # _)
In guix/status.scm:
    829:3 15 (_)
    809:4 14 (call-with-status-report _ _)
In guix/scripts/system.scm:
   1253:4 13 (_)
In ice-9/boot-9.scm:
  1752:10 12 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
   658:37 11 (thunk)
   1320:8 10 (call-with-build-handler #<procedure b445f18 at guix/u?> ?)
  2129:25  9 (run-with-store #<store-connection 256.99 b0934d8> _ # _ ?)
In guix/scripts/system.scm:
  1277:15  8 (_ _)
    819:5  7 (perform-action reconfigure #<<image> name: #f format:?> ?)
In guix/scripts/system/reconfigure.scm:
    345:3  6 (check-forward-update _ #:current-channels _)
In srfi/srfi-1.scm:
   691:23  5 (filter-map #<procedure ba4c460 at guix/scripts/syst?> . #)
In guix/scripts/system/reconfigure.scm:
   352:37  4 (_ #<<channel> name: guix url: "/src/guix.git" branch: ?>)
In guix/git.scm:
    469:7  3 (update-cached-checkout _ #:ref _ #:recursive? _ # _ # _ ?)
In git/bindings.scm:
     77:2  2 (raise-git-error _)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Git error: repository path '/src/guix.git/' is not owned by current user


-----

And these are the commits being compared:

$ guix system describe
Generation 214  May 06 2022 22:47:43    (current)
  file name: /var/guix/profiles/system-214-link
  canonical file name: /gnu/store/b0wrzz8sxqi9hywpqz29cm73l9adxjy9-system
  label: GNU with Linux-Libre-Atom 5.17.5
  bootloader: grub
  root device: label: "rootfs"
  kernel: /gnu/store/xmdskyk85sypr4wgf5iwg5iid08l4aiq-linux-libre-atom-5.17.5/bzImage
  channels:
    guix:
      repository URL: /src/guix.git
      branch: master
      commit: ee70ed5bf50e781a6a43985211aa763e28db62b9
  configuration file: /gnu/store/g653hksfz0iwnbpynaq2mx4nv7ayb7r7-configuration.scm


$ guix describe
Generation 200  May 12 2022 13:48:01    (current)
  guix a1cb645
    repository URL: /src/guix.git
    branch: master
    commit: a1cb645d83d085382eaf64f4c097642aa47c297a

Any thoughts?

1. https://github.com/libgit2/libgit2/blob/v1.4.3/docs/changelog.md
2. https://github.com/libgit2/libgit2/commit/0cc4a70db0942f65528f4877be14a6a987fe3c64
3. https://github.blog/2022-04-12-git-security-vulnerability-announced/




Acknowledgement sent to André Batista <nandre@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#55399; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Thu, 9 Jun 2022 21:00:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.