From patchwork Sun Sep 26 10:19:29 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Attila Lendvai <attila@lendvai.name>
X-Patchwork-Id: 33308
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 3C64727BBE3; Sun, 26 Sep 2021 11:26:29 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id C100527BBE1
	for <patchwork@mira.cbaines.net>; Sun, 26 Sep 2021 11:26:28 +0100 (BST)
Received: from localhost ([::1]:58862 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1mURMZ-0000Ya-Nn
	for patchwork@mira.cbaines.net; Sun, 26 Sep 2021 06:26:27 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60812)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mURMA-0000SJ-Kb
 for guix-patches@gnu.org; Sun, 26 Sep 2021 06:26:04 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:52668)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mURMA-0001x9-CZ
 for guix-patches@gnu.org; Sun, 26 Sep 2021 06:26:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mURMA-00016m-1N
 for guix-patches@gnu.org; Sun, 26 Sep 2021 06:26:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#50814] [PATCH] guix: git-authenticate: Also authenticate the
 channel intro commit.
Resent-From: Attila Lendvai <attila@lendvai.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 26 Sep 2021 10:26:01 +0000
Resent-Message-ID: <handler.50814.B.16326519234212@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 50814
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 50814@debbugs.gnu.org
Cc: Attila Lendvai <attila@lendvai.name>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16326519234212
 (code B ref -1); Sun, 26 Sep 2021 10:26:01 +0000
Received: (at submit) by debbugs.gnu.org; 26 Sep 2021 10:25:23 +0000
Received: from localhost ([127.0.0.1]:35981 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mURLX-00015r-5C
 for submit@debbugs.gnu.org; Sun, 26 Sep 2021 06:25:23 -0400
Received: from lists.gnu.org ([209.51.188.17]:33704)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <attila.lendvai@gmail.com>) id 1mURLV-00015k-G5
 for submit@debbugs.gnu.org; Sun, 26 Sep 2021 06:25:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60722)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <attila.lendvai@gmail.com>)
 id 1mURLO-0000HA-PG
 for guix-patches@gnu.org; Sun, 26 Sep 2021 06:25:17 -0400
Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]:45029)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <attila.lendvai@gmail.com>)
 id 1mURLL-000141-3U
 for guix-patches@gnu.org; Sun, 26 Sep 2021 06:25:12 -0400
Received: by mail-ed1-x531.google.com with SMTP id v18so20606511edc.11
 for <guix-patches@gnu.org>; Sun, 26 Sep 2021 03:25:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=sender:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=;
 b=NE5MAxP/Zg288tkwzt/6F/uey5dKmPTmsNJUFzdJ0j8pU9cgX4G+VJGVjdoBHMqC9/
 SAUojM7tu96Jo1ZZeb1R263lo7t6kgRwKfGijQCQpBaJZY3zJmjyxjfZLkjx38AMXj1T
 AGVqvDUBixR+2WxRV3b160oLWu+GGytzp0lKv/l9lSo0OXoLCFKi3mJ/UE+tgWpKW7DB
 5SKPxeBqzlXOiBDwCoA+6w/ZqsMMte+VvsJapLGU0JAy/ym5sSL0bNJ1oXOKkRzHjDph
 IUf85m9PjM4DRrNE+I1OGfDgJfyiq3qUkV3EGDS3m28hihQGB3YmWzp8GRl3BNeoVILH
 kZog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
 :mime-version:content-transfer-encoding;
 bh=1P+w1ctAKtO/tMjrAfkWuP+ktOezBlPOPEt3hJ7Kk+8=;
 b=4gbSyeAaiILawwoUPAA7M0k+wAsKtAaoVjk9btLyWhIVhP+eSUmevCMs9RTZeNulnC
 Sl0rsEU2b2mdYnsQBpPdDnPt71GOMgxwxBWd+zCNBdIU6t5/LQ/JoKmuCTaEZYoEDEIw
 jN6dLRknHThdKTMaI9IXsnolIkJqI8rNAzt8c4IbLqQwm3xERL8LqXHwZO9cUEj5Quxi
 upc00JQbdzHVP/4Hj+JYIPgUU6XY1QkKgaMPhe/4lQmQcfto0rfAkBsC+79RQz1ITRkr
 1UdEkFWjN9GBM5fWcdREkY5TBjqkOCT0QnALa09ttCpbLiJ9rt3yCXrJ8VJFii+asJAL
 bYxw==
X-Gm-Message-State: AOAM530asKAkPxFJUo5CvBUPWiCgYzelEKez09+cCKctm1jF94zlIYH8
 1GmF7unTLeIQP4jag3QPMSWNQ9L5TkY=
X-Google-Smtp-Source: 
 ABdhPJwYCuFtAvjJctMQyP3m/ZxTPRkBfe7AePmKpc4vLW2iCLba+VZSXIPLDF2246z0G5q2afW5Fg==
X-Received: by 2002:a05:6402:6d6:: with SMTP id
 n22mr16850262edy.257.1632651908356;
 Sun, 26 Sep 2021 03:25:08 -0700 (PDT)
Received: from localhost.localdomain
 ([2a02:ab88:370d:c380:4c15:c040:7494:7502])
 by smtp.gmail.com with ESMTPSA id o5sm4059852eds.26.2021.09.26.03.25.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 26 Sep 2021 03:25:07 -0700 (PDT)
From: Attila Lendvai <attila@lendvai.name>
Date: Sun, 26 Sep 2021 12:19:29 +0200
Message-Id: <20210926101928.3877-1-attila@lendvai.name>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::531;
 envelope-from=attila.lendvai@gmail.com; helo=mail-ed1-x531.google.com
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248,
 FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches

* guix/git-authenticate.scm (authenticate-commit): Reword and extend the error
message to point to the relevant part of the manual.
(authenticate-repository): Explicitly authenticate the channel introduction
commit, so that it's also rejected unless it is signed by an authorized
key. Otherwise only the second commit would yield an error, which
is confusing.
---

here's how i tested this:

i set up pulling from a local checkout of guix.
in that branch i created a signed dummy commit, and added it as a channel
introduction, replacing guix in my /etc/guix/channels.scm. then tried to
guix pull, which worked.

then i added another dummy commit, which resulted in an error when pulling.

then i reset the branch back to only contain the first commit, and added
this code that then resulted in an error even with a single commit.

i have encountered it while i was trying to set up my local checkout to
test my patches on my live guix, and i was utterly confused why my commit
was rejected as unauthenticated (i misunderstood how git-authenticate
works).

 guix/git-authenticate.scm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index ab3fcd8b2f..7d66bf0754 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -236,8 +236,8 @@ not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
             (condition
              (&unauthorized-commit-error (commit id)
                                          (signing-key signing-key)))
-            (formatted-message (G_ "commit ~a not signed by an authorized \
-key: ~a")
+            (formatted-message (G_ "commit ~a is signed by an unauthorized \
+key: ~a\nSee info guix \"Specifying Channel Authorizations\".")
                                (oid->string id)
                                (openpgp-format-fingerprint
                                 (openpgp-public-key-fingerprint
@@ -424,7 +424,12 @@ denoting the authorized keys for commits whose parent lack the
         ;; If it's our first time, verify START-COMMIT's signature.
         (when (null? authenticated-commits)
           (verify-introductory-commit repository keyring
-                                      start-commit signer))
+                                      start-commit signer)
+          ;; Explicitly authenticate the channel introduction commit, so that
+          ;; it's also rejected unless it's signed by an authorized
+          ;; key. Otherwise only the second commit would yield an error, which
+          ;; is confusing.
+          (authenticate-commits repository (list start-commit)))
 
         (let ((stats (call-with-progress-reporter reporter
                        (lambda (report)