[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/07: channels: 'authenticate-channel' doesn't check relation with intr
|
From: |
guix-commits |
|
Subject: |
02/07: channels: 'authenticate-channel' doesn't check relation with intro commit. |
|
Date: |
Sun, 21 Jun 2020 11:40:18 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit e4a4287c5fb51c0e47431606df5ee78b953d71f8
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sun Jun 21 16:39:27 2020 +0200
channels: 'authenticate-channel' doesn't check relation with intro commit.
Fixes <https://bugs.gnu.org/41908>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.
The relation check imposed an extra restriction that was unnecessary:
it's enough to authenticate the set difference between the closure of
START-COMMIT and that of END-COMMIT. Any attempt to jump to an
unrelated commit would lead to the authentication failure of one commit
on the way.
* guix/channels.scm (authenticate-channel): Remove extra
'commit-relation' check when (null? commits).
---
guix/channels.scm | 64 ++++++++++++++++++++++---------------------------------
1 file changed, 26 insertions(+), 38 deletions(-)
diff --git a/guix/channels.scm b/guix/channels.scm
index c879cb6..3eec5df 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -350,45 +350,33 @@ fails."
(define reporter
(progress-reporter/bar (length commits)))
- ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS
- ;; contains END-COMMIT or because END-COMMIT is not a descendant of
- ;; START-COMMIT. Check that.
- (if (null? commits)
- (match (commit-relation start-commit end-commit)
- ((or 'self 'ancestor 'descendant) #t) ;nothing to do!
- ('unrelated
- (raise
- (condition
- (&message
- (message
- (format #f (G_ "'~a' is not related to introductory \
-commit of channel '~a'~%")
- (oid->string (commit-id end-commit))
- (channel-name channel))))))))
- (begin
- (format (current-error-port)
- (G_ "Authenticating channel '~a', \
+ ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
+ ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
+ ;; be authentic already.
+ (unless (null? commits)
+ (format (current-error-port)
+ (G_ "Authenticating channel '~a', \
commits ~a to ~a (~h new commits)...~%")
- (channel-name channel)
- (commit-short-id start-commit)
- (commit-short-id end-commit)
- (length commits))
-
- ;; If it's our first time, verify CHANNEL's introductory commit.
- (when (null? authenticated-commits)
- (verify-introductory-commit repository
- (channel-introduction channel)
- keyring))
-
- (call-with-progress-reporter reporter
- (lambda (report)
- (authenticate-commits repository commits
- #:keyring keyring
- #:report-progress report)))
-
- (cache-authenticated-commit cache-key
- (oid->string
- (commit-id end-commit)))))))
+ (channel-name channel)
+ (commit-short-id start-commit)
+ (commit-short-id end-commit)
+ (length commits))
+
+ ;; If it's our first time, verify CHANNEL's introductory commit.
+ (when (null? authenticated-commits)
+ (verify-introductory-commit repository
+ (channel-introduction channel)
+ keyring))
+
+ (call-with-progress-reporter reporter
+ (lambda (report)
+ (authenticate-commits repository commits
+ #:keyring keyring
+ #:report-progress report)))
+
+ (cache-authenticated-commit cache-key
+ (oid->string
+ (commit-id end-commit))))))
(define* (latest-channel-instance store channel
#:key (patches %patches)
- branch master updated (bdafdfc -> dbadca9), guix-commits, 2020/06/21
- 03/07: gnu: Add cdrdao., guix-commits, 2020/06/21
- 05/07: gnu: k3b: Add inputs for libraries loaded at runtime., guix-commits, 2020/06/21
- 06/07: gnu: k3b: Note the runtime dependency on udisks-service., guix-commits, 2020/06/21
- 04/07: gnu: k3b: Add inputs for external programs., guix-commits, 2020/06/21
- 01/07: git-authenticate: Ignore authenticated commit cache when it's not #o600., guix-commits, 2020/06/21
- 02/07: channels: 'authenticate-channel' doesn't check relation with intro commit.,
guix-commits <=
- 07/07: gnu: k3b: Update to 20.04.2., guix-commits, 2020/06/21