Message ID | 20220128173142.7072-1-ludo@gnu.org |
---|---|
Headers | show |
Series | Rejecting commits unrelated to the introductory commit | expand |
Howdy Maxime & Attila, Did you have a chance to look into this series? https://issues.guix.gnu.org/53608 It’s relatively simple but I’d rather have other eyeballs looking at it. TIA. :-) Ludo’. Ludovic Courtès <ludo@gnu.org> skribis: > Hello! > > This patch series fixes a bug in the checkout authentication code: > it would be possible to authenticate a commit unrelated to the > introductory commit, provided that target commit passes the > authorization invariant (see the commit log for details). > > Users of Guix and of third-party channels are safe: this bug does > not have any impact on checkout authentication in those cases. > > What concrete cases are affected? Suppose someone forks Guix and > publishes a new channel introduction for their fork. The expectation > is that any branch started before the introductory channel, for > instance in the original Guix repo, would fail to be authenticated. > However, because of this bug, such a branch would be considered > authentic in the fork because all its commits pass the authorization > invariant (IOW, they are authentic in the original repository). > > Thoughts? > > Ludo'. > > Ludovic Courtès (2): > git: Add 'commit-descendant?'. > git-authenticate: Ensure the target is a descendant of the > introductory commit. > > doc/guix.texi | 4 ++- > guix/git-authenticate.scm | 17 ++++++++-- > guix/git.scm | 24 +++++++++++++- > tests/channels.scm | 60 +++++++++++++++++++++++++++++++++- > tests/git-authenticate.scm | 44 +++++++++++++++++++++++++ > tests/git.scm | 52 ++++++++++++++++++++++++++++- > tests/guix-git-authenticate.sh | 17 ++++++++-- > 7 files changed, 210 insertions(+), 8 deletions(-) > > > base-commit: 5052f76afd02e27d6484acf74c86bfa1b6f9cd0e
Ludovic Courtès schreef op wo 09-02-2022 om 00:02 [+0100]: > Howdy Maxime & Attila, > > Did you have a chance to look into this series? > > https://issues.guix.gnu.org/53608 > > It’s relatively simple but I’d rather have other eyeballs looking at it. > > TIA. :-) The concept seems reasonable to me but I cannot tell if the implementation is good or bad. Greetings, Maxime.