aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-05-20 23:18:09 +0200
committerLudovic Courtès <ludo@gnu.org>2020-05-25 00:00:28 +0200
commit9744cc7b4636fafb772c94adb8f05961b5b39f16 (patch)
treea06d57b21b197ebe1d3f9a85d81d6ecc795146a1 /doc
parent872898f768ae6d3b41eb93c5e183624bd1d157ff (diff)
downloadguix-9744cc7b4636fafb772c94adb8f05961b5b39f16.tar
guix-9744cc7b4636fafb772c94adb8f05961b5b39f16.tar.gz
pull: Protect against downgrade attacks.
* guix/scripts/pull.scm (%default-options): Add 'validate-pull'. (%options, show-help): Add '--allow-downgrades'. (warn-about-backward-updates): New procedure. (guix-pull): Pass #:current-channels and #:validate-pull to 'latest-channel-instances'. * guix/channels.scm (ensure-forward-channel-update): Add hint for when (channel-commit channel) is true. * doc/guix.texi (Invoking guix pull): Document '--allow-downgrades'.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi15
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index aa2b316c90..3d1b097447 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3900,6 +3900,21 @@ Use @var{profile} instead of @file{~/.config/guix/current}.
Show which channel commit(s) would be used and what would be built or
substituted but do not actually do it.
+@item --allow-downgrades
+Allow pulling older or unrelated revisions of channels than those
+currently in use.
+
+@cindex downgrade attacks, protection against
+By default, @command{guix pull} protects against so-called ``downgrade
+attacks'' whereby the Git repository of a channel would be reset to an
+earlier or unrelated revision of itself, potentially leading you to
+install older, known-vulnerable versions of software packages.
+
+@quotation Note
+Make sure you understand its security implications before using
+@option{--allow-downgrades}.
+@end quotation
+
@item --system=@var{system}
@itemx -s @var{system}
Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of