From e4a4287c5fb51c0e47431606df5ee78b953d71f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Sun, 21 Jun 2020 16:39:27 +0200 Subject: channels: 'authenticate-channel' doesn't check relation with intro commit. Fixes . Reported by Jan Nieuwenhuizen . The relation check imposed an extra restriction that was unnecessary: it's enough to authenticate the set difference between the closure of START-COMMIT and that of END-COMMIT. Any attempt to jump to an unrelated commit would lead to the authentication failure of one commit on the way. * guix/channels.scm (authenticate-channel): Remove extra 'commit-relation' check when (null? commits). --- guix/channels.scm | 64 ++++++++++++++++++++++--------------------------------- 1 file changed, 26 insertions(+), 38 deletions(-) (limited to 'guix/channels.scm') diff --git a/guix/channels.scm b/guix/channels.scm index c879cb6ffa..3eec5df883 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -350,45 +350,33 @@ fails." (define reporter (progress-reporter/bar (length commits))) - ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS - ;; contains END-COMMIT or because END-COMMIT is not a descendant of - ;; START-COMMIT. Check that. - (if (null? commits) - (match (commit-relation start-commit end-commit) - ((or 'self 'ancestor 'descendant) #t) ;nothing to do! - ('unrelated - (raise - (condition - (&message - (message - (format #f (G_ "'~a' is not related to introductory \ -commit of channel '~a'~%") - (oid->string (commit-id end-commit)) - (channel-name channel)))))))) - (begin - (format (current-error-port) - (G_ "Authenticating channel '~a', \ + ;; When COMMITS is empty, it's because END-COMMIT is in the closure of + ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to + ;; be authentic already. + (unless (null? commits) + (format (current-error-port) + (G_ "Authenticating channel '~a', \ commits ~a to ~a (~h new commits)...~%") - (channel-name channel) - (commit-short-id start-commit) - (commit-short-id end-commit) - (length commits)) - - ;; If it's our first time, verify CHANNEL's introductory commit. - (when (null? authenticated-commits) - (verify-introductory-commit repository - (channel-introduction channel) - keyring)) - - (call-with-progress-reporter reporter - (lambda (report) - (authenticate-commits repository commits - #:keyring keyring - #:report-progress report))) - - (cache-authenticated-commit cache-key - (oid->string - (commit-id end-commit))))))) + (channel-name channel) + (commit-short-id start-commit) + (commit-short-id end-commit) + (length commits)) + + ;; If it's our first time, verify CHANNEL's introductory commit. + (when (null? authenticated-commits) + (verify-introductory-commit repository + (channel-introduction channel) + keyring)) + + (call-with-progress-reporter reporter + (lambda (report) + (authenticate-commits repository commits + #:keyring keyring + #:report-progress report))) + + (cache-authenticated-commit cache-key + (oid->string + (commit-id end-commit)))))) (define* (latest-channel-instance store channel #:key (patches %patches) -- cgit v1.2.3