aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-06-21 16:39:27 +0200
committerLudovic Courtès <ludo@gnu.org>2020-06-21 17:36:40 +0200
commite4a4287c5fb51c0e47431606df5ee78b953d71f8 (patch)
treed46264905fc86a845c1544cc2077e8e3c5ec002f
parent41939c374a3ef421d2d4c6453c327a9cd7af4ce5 (diff)
downloadguix-e4a4287c5fb51c0e47431606df5ee78b953d71f8.tar
guix-e4a4287c5fb51c0e47431606df5ee78b953d71f8.tar.gz
channels: 'authenticate-channel' doesn't check relation with intro commit.
Fixes <https://bugs.gnu.org/41908>. Reported by Jan Nieuwenhuizen <janneke@gnu.org>. The relation check imposed an extra restriction that was unnecessary: it's enough to authenticate the set difference between the closure of START-COMMIT and that of END-COMMIT. Any attempt to jump to an unrelated commit would lead to the authentication failure of one commit on the way. * guix/channels.scm (authenticate-channel): Remove extra 'commit-relation' check when (null? commits).
-rw-r--r--guix/channels.scm64
1 files changed, 26 insertions, 38 deletions
diff --git a/guix/channels.scm b/guix/channels.scm
index c879cb6ffa..3eec5df883 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -350,45 +350,33 @@ fails."
(define reporter
(progress-reporter/bar (length commits)))
- ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS
- ;; contains END-COMMIT or because END-COMMIT is not a descendant of
- ;; START-COMMIT. Check that.
- (if (null? commits)
- (match (commit-relation start-commit end-commit)
- ((or 'self 'ancestor 'descendant) #t) ;nothing to do!
- ('unrelated
- (raise
- (condition
- (&message
- (message
- (format #f (G_ "'~a' is not related to introductory \
-commit of channel '~a'~%")
- (oid->string (commit-id end-commit))
- (channel-name channel))))))))
- (begin
- (format (current-error-port)
- (G_ "Authenticating channel '~a', \
+ ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
+ ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
+ ;; be authentic already.
+ (unless (null? commits)
+ (format (current-error-port)
+ (G_ "Authenticating channel '~a', \
commits ~a to ~a (~h new commits)...~%")
- (channel-name channel)
- (commit-short-id start-commit)
- (commit-short-id end-commit)
- (length commits))
-
- ;; If it's our first time, verify CHANNEL's introductory commit.
- (when (null? authenticated-commits)
- (verify-introductory-commit repository
- (channel-introduction channel)
- keyring))
-
- (call-with-progress-reporter reporter
- (lambda (report)
- (authenticate-commits repository commits
- #:keyring keyring
- #:report-progress report)))
-
- (cache-authenticated-commit cache-key
- (oid->string
- (commit-id end-commit)))))))
+ (channel-name channel)
+ (commit-short-id start-commit)
+ (commit-short-id end-commit)
+ (length commits))
+
+ ;; If it's our first time, verify CHANNEL's introductory commit.
+ (when (null? authenticated-commits)
+ (verify-introductory-commit repository
+ (channel-introduction channel)
+ keyring))
+
+ (call-with-progress-reporter reporter
+ (lambda (report)
+ (authenticate-commits repository commits
+ #:keyring keyring
+ #:report-progress report)))
+
+ (cache-authenticated-commit cache-key
+ (oid->string
+ (commit-id end-commit))))))
(define* (latest-channel-instance store channel
#:key (patches %patches)