--- Begin Message ---
|
Subject: |
[PATCH] channels: Error out when the 'guix' channel lacks an introduction. |
|
Date: |
Wed, 24 Jun 2020 14:57:49 +0200 |
* guix/channels.scm (latest-channel-instance): Raise an error instead of
warning when 'guix is unauthenticated.
* tests/channels.scm ("latest-channel-instances, missing introduction for
'guix'"):
New test.
---
guix/channels.scm | 13 ++++++++++---
tests/channels.scm | 21 +++++++++++++++++++++
2 files changed, 31 insertions(+), 3 deletions(-)
Hi!
This patch makes it an error to have a 'guix' channel without an
introduction. Before that, it was just a warning, which is easily
overlooked. (Similarly, wget or your browser stop if they cannot
authenticate the host you're connecting to over HTTPS.)
Note that when using the "official" 'guix' channel, (guix channels)
automatically adds the introduction (see commit
c3f6f564e909ebefe752d24b325871a4e3a02d40). It will work similarly
for people who maintain forks.
Thanks,
Ludo'.
diff --git a/guix/channels.scm b/guix/channels.scm
index 3eec5df883..1016b95045 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -406,9 +406,16 @@ their relation. When AUTHENTICATE? is false, CHANNEL is
not authenticated."
;; TODO: Warn for all the channels once the authentication
interface
;; is public.
(when (guix-channel? channel)
- (warning (G_ "channel '~a' lacks an introduction and \
-cannot be authenticated~%")
- (channel-name channel))))
+ (raise (condition
+ (&message
+ (message (format #f (G_ "channel '~a' lacks an \
+introduction and cannot be authenticated~%")
+ (channel-name channel))))
+ (&fix-hint
+ (hint (G_ "Add the missing introduction to your
+channels file to address the issue. Alternatively, you can pass
+@option{--disable-authentication}, at the risk of running unauthenticated and
+thus potentially malicious code.")))))))
(warning (G_ "channel authentication disabled~%")))
(when (guix-channel? channel)
diff --git a/tests/channels.scm b/tests/channels.scm
index 3a2c1d429b..d7202f8cbf 100644
--- a/tests/channels.scm
+++ b/tests/channels.scm
@@ -402,6 +402,27 @@
(channel-news-for-commit channel commit5 commit1))
'(#f "tag-for-first-news-entry")))))))
+(unless (which (git-command)) (test-skip 1))
+(test-assert "latest-channel-instances, missing introduction for 'guix'"
+ (with-temporary-git-repository directory
+ '((add "a.txt" "A")
+ (commit "first commit")
+ (add "b.scm" "#t")
+ (commit "second commit"))
+ (with-repository directory repository
+ (let* ((commit1 (find-commit repository "first"))
+ (commit2 (find-commit repository "second"))
+ (channel (channel (url (string-append "file://" directory))
+ (name 'guix))))
+
+ (guard (c ((message-condition? c)
+ (->bool (string-contains (condition-message c)
+ "introduction"))))
+ (with-store store
+ ;; Attempt a downgrade from NEW to OLD.
+ (latest-channel-instances store (list channel))
+ #f))))))
+
(unless (gpg+git-available?) (test-skip 1))
(test-equal "authenticate-channel, wrong first commit signer"
#t
--
2.26.2
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: [bug#42030] [PATCH] channels: Error out when the 'guix' channel lacks an introduction. |
|
Date: |
Sun, 28 Jun 2020 23:31:16 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Ludovic Courtès <ludo@gnu.org> skribis:
> * guix/channels.scm (latest-channel-instance): Raise an error instead of
> warning when 'guix is unauthenticated.
> * tests/channels.scm ("latest-channel-instances, missing introduction for
> 'guix'"):
> New test.
> ---
> guix/channels.scm | 13 ++++++++++---
> tests/channels.scm | 21 +++++++++++++++++++++
> 2 files changed, 31 insertions(+), 3 deletions(-)
Pushed as ead5c46147ebf352ad4804d52a766dcf105eda4f.
Ludo’.
--- End Message ---