GNU bug report logs

#50814 [PATCH] guix: git-authenticate: Also authenticate the channel intro commit.

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Full log

Message #13 received at 50814@debbugs.gnu.org (full text, mbox, reply):

Received: (at 50814) by debbugs.gnu.org; 26 Sep 2021 18:15:07 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 26 14:15:07 2021
Received: from localhost ([127.0.0.1]:38756 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mUYg7-0001A1-Bj
	for submit@debbugs.gnu.org; Sun, 26 Sep 2021 14:15:07 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:44558)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1mUYg5-00016L-4C
 for 50814@debbugs.gnu.org; Sun, 26 Sep 2021 14:15:06 -0400
Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d])
 by baptiste.telenet-ops.be with bizsmtp
 id yiF3250030mfAB401iF3VW; Sun, 26 Sep 2021 20:15:03 +0200
Message-ID: <2b0173cc9809ab1e806bf0061fc28a9a85dda6e0.camel@telenet.be>
Subject: Re: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate
 the channel intro commit.
From: Maxime Devos <maximedevos@telenet.be>
To: Attila Lendvai <attila@lendvai.name>, 50814@debbugs.gnu.org
In-Reply-To: <20210926101928.3877-1-attila@lendvai.name>
References: <20210926101928.3877-1-attila@lendvai.name>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-T0Rmxvr6JckLDOp1J0l6"
Date: Sun, 26 Sep 2021 20:14:41 +0200
MIME-Version: 1.0
User-Agent: Evolution 3.34.2 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21;
 t=1632680103; bh=zxVmm4eG/ck84kdFcjH5tFLJ0LwR2202hAvXv07WDRg=;
 h=Subject:From:To:In-Reply-To:References:Date;
 b=cV6qyMECT7m0d20FcLiv8Pjc9r5O3ksXeD2SS/Q+5rLFopHf/lVtDRvjjELsJXRjU
 MI7aZsJt8ib3laqa6q4sBFRaZ9ELdMLRquB0xpwbJ+9PdFBM4cK289vz6Gb9LSuxCN
 so33Cp9rUdM5Vy+aeKVECktAM9WF0L8OfHeRYTVbW7cxDwx3Jgp2JFuzBp5F6VX3LH
 YFLTAsPot7dsFieCuKCPs1IYI3fyhBl7zMMwNcFOcraQhfTaKL6lx2SAxAMTGFXR8c
 SZnVnnoxOOqAgnZGnYRCg6Nz3A8VUXuVJOhmwIHHGYUBrIt3R/3bP6u94rm8scVjTp
 81Olo6d3Mx7pw==
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 50814
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

[Message part 1 (text/plain, inline)]
Attila Lendvai schreef op zo 26-09-2021 om 12:19 [+0200]:
> * guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
> message to point to the relevant part of the manual.
> (authenticate-repository): Explicitly authenticate the channel introduction
> commit, so that it's also rejected unless it is signed by an authorized
> key. Otherwise only the second commit would yield an error, which
> is confusing.
> ---
> 
> here's how i tested this:
> 
> i set up pulling from a local checkout of guix.
> in that branch i created a signed dummy commit, and added it as a channel
> introduction, replacing guix in my /etc/guix/channels.scm. then tried to
> guix pull, which worked.
> 
> then i added another dummy commit, which resulted in an error when pulling.
> 
> then i reset the branch back to only contain the first commit, and added
> this code that then resulted in an error even with a single commit.
> 
> i have encountered it while i was trying to set up my local checkout to
> test my patches on my live guix, and i was utterly confused why my commit
> was rejected as unauthenticated (i misunderstood how git-authenticate
> works).
> 
>  guix/git-authenticate.scm | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
> index ab3fcd8b2f..7d66bf0754 100644
> --- a/guix/git-authenticate.scm
> +++ b/guix/git-authenticate.scm
> @@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
>              (condition
>               (&unauthorized-commit-error (commit id)
>                                           (signing-key signing-key)))
> -            (formatted-message (G_ "commit ~a not signed by an authorized \
> -key: ~a")
> +            (formatted-message (G_ "commit ~a is signed by an unauthorized \
> +key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
>                                 (oid->string id)
>                                 (openpgp-format-fingerprint
>                                  (openpgp-public-key-fingerprint
> @@ -424,7 +424,12 @@ denoting the authorized keys for commits whose parent lack the
>          ;; If it's our first time, verify START-COMMIT's signature.
>          (when (null? authenticated-commits)
>            (verify-introductory-commit repository keyring
> -                                      start-commit signer))
> +                                      start-commit signer)
> +          ;; Explicitly authenticate the channel introduction commit, so that
> +          ;; it's also rejected unless it's signed by an authorized
> +          ;; key. Otherwise only the second commit would yield an error, which
> +          ;; is confusing.
> +          (authenticate-commits repository (list start-commit)))

Could you add a test to tests/git-authenticate.scm, verifying the right comit
is reported?  (Maybe use unauthorized-commit-error?, guard and
authenticate-repository.)

I'm not sure explicitely validating the start commit is sufficient.  What happens
in the following scenario:

(Order of commits)
  0. start commit
  1. valid (already authenticated?) commit
  2. invalid commit
  3. invalid commit

Is commit 2 reported, or commit 3 reported?  I think commit 2 should be reported,
but from your messages on IRC, I think you saw commit 3 being reported?

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Mon Sep 8 01:36:22 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.