diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-05-20 23:18:09 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-05-25 00:00:28 +0200 |
commit | 9744cc7b4636fafb772c94adb8f05961b5b39f16 (patch) | |
tree | a06d57b21b197ebe1d3f9a85d81d6ecc795146a1 /doc | |
parent | 872898f768ae6d3b41eb93c5e183624bd1d157ff (diff) | |
download | guix-9744cc7b4636fafb772c94adb8f05961b5b39f16.tar guix-9744cc7b4636fafb772c94adb8f05961b5b39f16.tar.gz |
pull: Protect against downgrade attacks.
* guix/scripts/pull.scm (%default-options): Add 'validate-pull'.
(%options, show-help): Add '--allow-downgrades'.
(warn-about-backward-updates): New procedure.
(guix-pull): Pass #:current-channels and #:validate-pull to
'latest-channel-instances'.
* guix/channels.scm (ensure-forward-channel-update): Add hint for
when (channel-commit channel) is true.
* doc/guix.texi (Invoking guix pull): Document '--allow-downgrades'.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index aa2b316c90..3d1b097447 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3900,6 +3900,21 @@ Use @var{profile} instead of @file{~/.config/guix/current}. Show which channel commit(s) would be used and what would be built or substituted but do not actually do it. +@item --allow-downgrades +Allow pulling older or unrelated revisions of channels than those +currently in use. + +@cindex downgrade attacks, protection against +By default, @command{guix pull} protects against so-called ``downgrade +attacks'' whereby the Git repository of a channel would be reset to an +earlier or unrelated revision of itself, potentially leading you to +install older, known-vulnerable versions of software packages. + +@quotation Note +Make sure you understand its security implications before using +@option{--allow-downgrades}. +@end quotation + @item --system=@var{system} @itemx -s @var{system} Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of |