[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#41425] [PATCH 0/5] Have 'guix pull' protect against downgrade attac
From: |
zimoun |
Subject: |
[bug#41425] [PATCH 0/5] Have 'guix pull' protect against downgrade attacks |
Date: |
Thu, 28 May 2020 10:06:07 +0200 |
Hi Ludo,
On Wed, 27 May 2020 at 18:32, Ludovic Courtès <ludo@gnu.org> wrote:
> > (commit-relation left merge)
> > Segmentation fault
>
> It took me a while to notice, but the problem with the code above is
> that ‘repo’ is closed when you call ‘commit-relation’, and thus the
> commit objects are invalid. It works if you keep ‘repo’ alive:
It make totally sense. Thank you for the explanations.
> --8<---------------cut here---------------start------------->8---
> $ guix describe
> Generacio 145 May 25 2020 00:37:58 (nuna)
> guix 9744cc7
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: 9744cc7b4636fafb772c94adb8f05961b5b39f16
> $ guix repl
> GNU Guile 3.0.2
> Copyright (C) 1995-2020 Free Software Foundation, Inc.
>
> Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
> This program is free software, and you are welcome to redistribute it
> under certain conditions; type `,show c' for details.
>
> Enter `,help' for help.
> scheme@(guix-user)> (use-modules (guix git) (guix channels) (guix tests git)
> (git))
> (define url-cache-directory (@@ (guix git) url-cache-directory))
> (define dir (url-cache-directory (channel-url (car %default-channels))))
> ;;; <stdin>:2:0: warning: possibly unused local top-level variable
> `url-cache-directory'
> ;;; <stdin>:3:0: warning: possibly unused local top-level variable `dir'
> scheme@(guix-user)> (define repo (repository-open dir))
> ;;; <stdin>:4:0: warning: possibly unused local top-level variable `repo'
> scheme@(guix-user)> (define merge (find-commit repo "Merge"))
> ;;; <stdin>:5:0: warning: possibly unused local top-level variable `merge'
> scheme@(guix-user)> merge
> $1 = #<git-commit b4440de133401abc6ce8be6c1c2e720efd9b2ba3>
> scheme@(guix-user)> (define left (car (commit-parents merge)))
> left
> ;;; <stdin>:7:0: warning: possibly unused local top-level variable `left'
> $2 = #<git-commit 141262f266ab702c856f634889d4130ae661e79f>
> scheme@(guix-user)> (commit-relation left merge)
> $3 = ancestor
> scheme@(guix-user)> (gc)
> scheme@(guix-user)> (commit-relation left merge)
> $4 = ancestor
> --8<---------------cut here---------------end--------------->8---
Well, the '(gc)' has no effect here because 'repo' is still alive and
thus the reference too. Instead, an example would be:
--8<---------------cut here---------------start------------->8---
[...]
scheme@(guix-user)> (commit-relation left merge)
$3 = ancestor
scheme@(guix-user)> (define repo 42)
scheme@(guix-user)> (commit-relation left merge)
$4 = ancestor
scheme@(guix-user)> (gc)
scheme@(guix-user)> (commit-relation left merge)
Segmentation fault
--8<---------------cut here---------------end--------------->8---
isn't? Which is somehow the same than the initial example.
> The solution in such cases is to synchronize the object lifetimes. In
> this case, commits would keep a reference to the repository object to
> prevent it from being GC’d, as is done with ‘%submodule-owners’ in (git
> submodule).
I think I understand.
> Could you make an issue over at
> <https://gitlab.com/guile-git/guile-git>?
I will.
Thank you for the explanation.
bug#41425: [PATCH 0/5] Have 'guix pull' protect against downgrade attacks, Ludovic Courtès, 2020/05/24