From a396dd01bc6e90ae512001350d1afa471e01661d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 27 Jul 2020 11:03:14 +0200
Subject: machine: ssh: Check for potential system downgrades.

This is a followup to 8e31736b0a60919cc1bfc5dc22c395b09243484a.

* guix/scripts/system/reconfigure.scm (check-forward-update): Add
 #:current-channels.  Use it instead of OLD.
* gnu/services.scm (sexp->system-provenance): New procedure.
(system-provenance): Use it.
* gnu/machine/ssh.scm (<machine-ssh-configuration>)[allow-downgrades?]:
New field.
(machine-check-forward-update): New procedure.
(check-deployment-sanity)[assertions]: Call it.
* doc/guix.texi (Invoking guix deploy): Document 'allow-downgrades?'
field.
---
 gnu/services.scm | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

(limited to 'gnu/services.scm')

diff --git a/gnu/services.scm b/gnu/services.scm
index 399a432e3f..11ba21e824 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -89,6 +89,7 @@
 
             system-service-type
             provenance-service-type
+            sexp->system-provenance
             system-provenance
             boot-service-type
             cleanup-service-type
@@ -488,6 +489,19 @@ channels in use and CONFIG-FILE, if it is true."
 itself: the channels used when building the system, and its configuration
 file, when available.")))
 
+(define (sexp->system-provenance sexp)
+  "Parse SEXP, an s-expression read from /run/current-system/provenance or
+similar, and return two values: the list of channels listed therein, and the
+OS configuration file or #f."
+  (match sexp
+    (('provenance ('version 0)
+                  ('channels channels ...)
+                  ('configuration-file config-file))
+     (values (map sexp->channel channels)
+             config-file))
+    (_
+     (values '() #f))))
+
 (define (system-provenance system)
   "Given SYSTEM, the file name of a system generation, return two values: the
 list of channels SYSTEM is built from, and its configuration file.  If that
@@ -495,15 +509,9 @@ information is missing, return the empty list (for channels) and possibly
 #false (for the configuration file)."
   (catch 'system-error
     (lambda ()
-      (match (call-with-input-file (string-append system "/provenance")
-               read)
-        (('provenance ('version 0)
-                      ('channels channels ...)
-                      ('configuration-file config-file))
-         (values (map sexp->channel channels)
-                 config-file))
-        (_
-         (values '() #f))))
+      (sexp->system-provenance
+       (call-with-input-file (string-append system "/provenance")
+         read)))
     (lambda _
       (values '() #f))))
 
-- 
cgit v1.2.3