diff mbox series

[bug#70353] pull: Add fine-grained control for `guix pull --allow-downgrades`.

Message ID 3dbbb59fdc650a20a0eb853a0d30aaccae1beae5.1712927299.git.Rostislav.Svoboda@gmail.com
State New
Headers show
Series [bug#70353] pull: Add fine-grained control for `guix pull --allow-downgrades`. | expand

Commit Message

Rostislav Svoboda April 12, 2024, 1:13 p.m. UTC 
Introduce the ability to specify channels for downgrades in `guix pull`,
enhancing security by enabling users to trust certain channels over
others. This update maintains backward compatibility and updates relevant
documentation.

* guix/scripts/pull.scm (allow-downgrades): Option accepts a list of
downgradable channels, add '-a' as its short version.
(%default-options): Remove validate-pull.
(channels-with-validations): New procedure.
* guix/channels.scm (latest-channel-instances): Signature change.
* doc/guix.texi (Invoking guix pull): Document changes.

Change-Id: If947a2453c520463d77da9591af9ac03e6472afc
---
 doc/guix.texi         | 21 ++++++----
 guix/channels.scm     | 61 +++++++++++++++++------------
 guix/scripts/pull.scm | 89 +++++++++++++++++++++++++++++++++++++------
 3 files changed, 127 insertions(+), 44 deletions(-)


base-commit: 7af70efd7633b0d70091762cf43ce01a86176e8e
prerequisite-patch-id: e64f0d27446c1c560ad851f367a2472c14a7037e
prerequisite-patch-id: dfa2d04882577e60f7d473731e434454b8852644
prerequisite-patch-id: cc23ce978964d00cd66167c9465795838079d103
prerequisite-patch-id: f802f9482cfdb9b3b403616d8c2e91a252eee72c
prerequisite-patch-id: f1fd30f4906d43b4a0cbd16d45407cb75a3af0d5
prerequisite-patch-id: 375dece6d1cab20d1f4b4185c872634faa63d877
prerequisite-patch-id: 46680596f20c72c67fd869c057fb7eb0904f3bc9
prerequisite-patch-id: 866db02be533978a7953f5404a01335ae9434cb0
prerequisite-patch-id: e0e407612802204a5a17ae9678b78f13a6957a4a
prerequisite-patch-id: 1d7d9a6c7af37a60d9b24ec5b6ddfcb63bfa3658
prerequisite-patch-id: c54d19e7e00697430d955942249f8ac06a0d5e0d
prerequisite-patch-id: c51a937244a2bfd3098b14dacea70820e4175cd3
prerequisite-patch-id: 0d64205fece7716a15913d1b5b1e6264542c3e6b
prerequisite-patch-id: 48a4c1d593f45b030b20d21424423b18fc628be5
prerequisite-patch-id: 5a7198d3c2e5c1711c707875657886fada86045c
prerequisite-patch-id: a5426596293ad72222b40b165208718ac360f076
prerequisite-patch-id: 3d69d13f9f454733518329cf6c570dd3ad4e8ec4
prerequisite-patch-id: 9359f1cfb68b8f2c251db5c79cacd696ab7a61c7
prerequisite-patch-id: e3c63b7b5415c0defbb04b6332d7fe9c0f9f92d1
prerequisite-patch-id: 6820bafc717331edb240b9c5d0e6ea9b56f0d268
prerequisite-patch-id: 819a40d73fd85f0abbb6de717702cc350a638812
prerequisite-patch-id: 389cfca519329cbc85ed6cf9e4f19457584e7113
prerequisite-patch-id: 93ae07255880b16be653369b88ac4bab01531de4
prerequisite-patch-id: c4ae064694c171c4709e0bbbce7dcae9a3ed3640
prerequisite-patch-id: 8e3e598481b5985c08e5e0b47064b517b7303ec8
prerequisite-patch-id: 01933610286e38850935f6832db66bc68ce867d9
prerequisite-patch-id: c46d5e95188b94c38b0effb5eacbe9d645c88625
prerequisite-patch-id: 9f7f301a7e1617f3edd6bfaa89e99b33924a6041
prerequisite-patch-id: ca097b601f748da69c706eaf70ca94e66cd80494
prerequisite-patch-id: fb9f6159a1e6de7c5866068731156d459ad33b62
prerequisite-patch-id: 4f42d2dc345f4e5d534be7cf491a6955f06d9ebe
prerequisite-patch-id: 52a3ecab13d8feacab75727f9a09d5ab108d1a23
prerequisite-patch-id: 25b017882ab15f59a8b2c1613ab321795a17dde9
prerequisite-patch-id: 6d7299f9a81a7a93e47b38c00e0b1d924ce8b687
prerequisite-patch-id: d192b54857d9029fa7f88dae85aa4a3b5163c332
prerequisite-patch-id: 92919e6803391635e63c33196c2a13eaf8ebc283
prerequisite-patch-id: ed7ba0aab3ec834bcfbfd67281392e49d9cf67a5
prerequisite-patch-id: 82406c3bc8cfee6acc8c8079015070f283fe79e3
prerequisite-patch-id: a59d1f2dc396fb7a2d1b4d51d83b4f77659fd9c7
prerequisite-patch-id: 8fefac2b53befd391dff2c96f4c6a3699a3060d5
prerequisite-patch-id: 9ddab69dc4619551f7334fe4b400e592ed4393a7
prerequisite-patch-id: 0deaa2b9c7bc444b22053af11b234ca4ccf16399
prerequisite-patch-id: e0a866813a66138498944da75bdad86f596bdb7c
prerequisite-patch-id: 62736ca29e36894d18f65532cc28cfdc7336846c
prerequisite-patch-id: b586f071a3faa5dcab26a252e9e378ff7e9a0687
prerequisite-patch-id: 1812d030ccb0890fb5aa1f9397ed82fb21479825
prerequisite-patch-id: 31dd5fb7a5b242e8263d570162db341147211da6
prerequisite-patch-id: 3883ed174c39f0fc7931f50c71f2060504ff462a
prerequisite-patch-id: e90161d1e23ff002d4f2d857e596ba65eec483d8
prerequisite-patch-id: 61d34657ffbd7381cbde53c679129dc255a42ef9
prerequisite-patch-id: f17d9fa7c863667737420d2541bcec4537515e8b
prerequisite-patch-id: ff994a1d3e932e75eb88747bc1933690da835dba
prerequisite-patch-id: f3b5d769de6ad0adf1b416f0a6f0a2bbaf7ed223
prerequisite-patch-id: b646681f04f59b46dea1f7c6d4344578e0bd26ee
prerequisite-patch-id: 96aa449e0b10733f455552f96c3665cc52a2d8da
prerequisite-patch-id: b21ad691e53f0c96b6412e176413f904f5c8f46e
prerequisite-patch-id: 28a9474b4f516613c1e73504b44bb0716505bff1
prerequisite-patch-id: 7c7d301e9827ddb4bbd5054e4d227e02561c4cf2
prerequisite-patch-id: 0801807425306d34c12e0718fd67973092e84b56
prerequisite-patch-id: c059905a50861b9c0e0c3c0359db4847c6bb3386
prerequisite-patch-id: abb0c728d67f1e57a87d5cbfec93bb77b4a766c2
prerequisite-patch-id: 823fb528dee836deec3c5154a23167d773f4bbb3
prerequisite-patch-id: 11a7b07fbbbb45cbdea63321fa5657a3037a69b8
prerequisite-patch-id: 1900015cfa7370761c371d243038caa8e0576d05
prerequisite-patch-id: b724fddb5e4f81644384296be36f695c48d866df
prerequisite-patch-id: ab85ac4bd58ecfcc65ce6b003a48530172040ddb
prerequisite-patch-id: 653a88a96f1c8bf90f82e4d0ee5828e8e417ca69
prerequisite-patch-id: ecd314828713060dbe48b00d6962adcf58a4d419
prerequisite-patch-id: 833f9bd5e73f7119d93de182c39dfb96fd6b7863
prerequisite-patch-id: 00bc17f527ee712025e18cdc5469de2b59a04fcd
prerequisite-patch-id: 4015e7d087d5f7b9248fe4c8b0a28a05c3af1c02
prerequisite-patch-id: 8d82f9e6e183647a0bf71e23815e2941e44a3f2b
prerequisite-patch-id: 6474ef2249845b7bfafc6165e31a1de6c9dfcf18
prerequisite-patch-id: 532fa26ec1e1eddead55a04e7dd81d336434cec6
prerequisite-patch-id: d0c7f0a3c9c701c752390e7f8874b831a51b4721
prerequisite-patch-id: 5e832cefe1aa9bfe819544fb306c6b23c2c9e7f0
prerequisite-patch-id: d66e51cdcff3ede7b23d5091984a1aade854ac98
prerequisite-patch-id: 6b7cf832abbf146396d7df86cd4f878a904a0320
prerequisite-patch-id: 63834babd74f8def30ebe7b2ca4dbed4b28c3137
prerequisite-patch-id: 0289f88620fd72075def4ac9c4ce6bd852d7f1a4
prerequisite-patch-id: 1f41c559441e467bd73bb1df79a63d6a0109b96f
prerequisite-patch-id: 24e7a521375e8acea68c3eae6f3254b0e5dee0c9
prerequisite-patch-id: 49db410eaa0d7458a02cb32b86c2e2623d765efd
prerequisite-patch-id: fb4b7556c93cd0a1f4aa2be66c6a215d66c5bca5
prerequisite-patch-id: 9a9bb6ba3e1fc11c21fbe1866e66d9cfe6d37699
prerequisite-patch-id: 6c47deafe67eb028713cd50aa9cc79e6d3245cd1
prerequisite-patch-id: 39f79ec625a9638bcf4b3baa6330409410c3482a
prerequisite-patch-id: c2d13e3c12ebfa112a263f665d6d183f06e471cd
prerequisite-patch-id: 50897a59062a9a9493f5c3cbe4de6e7c31253dc4
prerequisite-patch-id: dc2ab1ba8eb9254b54aec802cd5a8554ad0d7427
prerequisite-patch-id: 1b5d3e05ab39ab71fbaa1f89bb87671531bd8996
prerequisite-patch-id: 4d8469b9f311c2537b2b17361b514133c1bc44c6
prerequisite-patch-id: d1f4af7fe8fe28fd07a7304d492aacf8aabd554c
prerequisite-patch-id: 7aa53008d8a25cbc8d8bf4a957dc14fc41a22cdc
prerequisite-patch-id: bec04bcd1a8bde390df50cc3ede20330d89f66ae
prerequisite-patch-id: a62c77d02ba4daa8787569b1a994f0d13d5586a1
prerequisite-patch-id: 85c8af3f3b5ddfdb0a945140da8db78397014216
prerequisite-patch-id: 706e9ff224b29f69e5ff46bff78fbaa6d5c8a965
prerequisite-patch-id: f6ec22a324786d424e37fdd13e47d93707be5e29
prerequisite-patch-id: 6c54aae06ad841022e3b9ca5bf5a9fe5666e20b8
prerequisite-patch-id: 5d8a0e8b34714ede8b1e7231e87e14775e59fe03
prerequisite-patch-id: 436ca0797f40803a29cd92642779b39053f57415
prerequisite-patch-id: 67314ee95ba419b10665b6dcac740df43f50f286
prerequisite-patch-id: a1ebf7ce0cda0aa984950c3d297993a47b0b55c5
prerequisite-patch-id: 8187a9938c4486260fa963ac8598f2e79f316a14
prerequisite-patch-id: d0577705afaae403a4870cf9eb46a88c309720f5
prerequisite-patch-id: ed724c179ae06be02fc6f29564a03af286ea10a3
prerequisite-patch-id: c6e7e4bde5e1e83790c13a6c7c756dde83f15afe
prerequisite-patch-id: 0668f66b2ebad6403f57d4ed949bd36453c9cfdd
prerequisite-patch-id: 809f06dd2dfd99d0243fe295a288821c0f227e60
prerequisite-patch-id: ae9198b8ce83182d7cc70f5764e6aa2cfd3785dd
prerequisite-patch-id: 0ef999884cd6f5b9b7b1c6c7bcf651544577e0cc
prerequisite-patch-id: 8218aa7aa4faced270f5fc4a390a9ab14df294da
prerequisite-patch-id: a9ff1cbede308ddac21a10490cd3a69da1540134
prerequisite-patch-id: 44cdc5feed948595d67960c23f097c58cc03166f
prerequisite-patch-id: dec7ead565cb54631dd6c2c89044fa5a5eea702c
prerequisite-patch-id: d4049c80d5c8ea3ae0cdd4933ef4374bd6c1af1f
prerequisite-patch-id: 89a148b621b299e6012de347aa346f85e02c665d
prerequisite-patch-id: 4fc8385e8a084c168ba967d0a5c917d13dd2a7f0
prerequisite-patch-id: cc8a049aa55860942e3ce18d701c2916e8259a19
prerequisite-patch-id: 1e5d88dfead0e9ae42090655e1d602fe5f07fdca
prerequisite-patch-id: e853cfacdadcb1c102592324b00a2ca558e78b14
prerequisite-patch-id: bdd3ac1f6cd0f0a61578ed6e9633fbbeb88314bf
prerequisite-patch-id: 99353ed7ae4d5564ea7cec6f0f88ecf888c3af0d
prerequisite-patch-id: b58b2ad5e50c1a683b5a585a040d1f3a436c5ed5
prerequisite-patch-id: 8eb6ff783b25d4f3f79605ec7b2ea9d965702060
prerequisite-patch-id: 57dd63bbac0618e8267d14a142602f540ccbc03a
prerequisite-patch-id: 777c2b37cdb65376300d8d351c1a3a40c5899edf
prerequisite-patch-id: f229670b487a65c74032b00d87bd558702fa45a7
prerequisite-patch-id: d16f9431ae0f904bb5f92d073f3d5098b43de98e
prerequisite-patch-id: ba26c3bc4e3fb43ec4b30686e5aa9591b38dc521
prerequisite-patch-id: 10ebc9937d51c0343fa58ebf9c21a2169e25ac2f
prerequisite-patch-id: ec3fe0e7750a3d3898c30ca8919f748b3246edf4
prerequisite-patch-id: b76eae3c45eacab41a2fc3c6a938142822727750
prerequisite-patch-id: f24a30e97c6bc7bfe6285fbdfdef6c04031332a8
prerequisite-patch-id: 000bd5bfe1e962fe9dd206c6710e5c3b3a694b19
prerequisite-patch-id: c07a82e36e089126bd6e9ac597ce54ede59b1b07
prerequisite-patch-id: 9b5edce8468eca7c168c441487fc6c61d96bda26
prerequisite-patch-id: b9e1fe07f6138ff7d7f89019e6a05e5a48078656
prerequisite-patch-id: 8e06d2fbc82785a48a67e69b7857b8fd058d6390
prerequisite-patch-id: 4cc91fb8ac40821862fde116b4fcec99fe58607a
prerequisite-patch-id: 808b4588379e262d3dc2aeb8dc39038b8fd5d18d
prerequisite-patch-id: 624297da775fedc0d54685e6ae15ea7ff8b70a3e
prerequisite-patch-id: 666301163dab8a79ae623768860e410af007a381
prerequisite-patch-id: 031fb919d2b513a7a49370c72ad68d7b9da54ce1
prerequisite-patch-id: 3ca2a08de287f610cf62f630e7460d08148009e5
prerequisite-patch-id: daf79beb6223d15072dc504c02390e3d6861a45f
prerequisite-patch-id: 63daa16b14fde4ae4e254d6648ee95008fa532bd
prerequisite-patch-id: febe68abf452e18c8581d77a02f07302872a8447
prerequisite-patch-id: 4b7bad04859079f63e8dcc59b132f99be9bef3fb
prerequisite-patch-id: fbedc8771b3d946eeb36e4604ca6ed79ae0c0662
prerequisite-patch-id: c811604d44439a29662328ecc08bd6c137af203f
prerequisite-patch-id: c17a588dbc2c1f7e71f2c63c6c4b1a08904e1270
prerequisite-patch-id: f695bc6e04713fd1cf47fb225ad8c3a898f7f794
prerequisite-patch-id: 4c89e84ee39b491e797945ba3747c39a11ade2b6
prerequisite-patch-id: 43f5bdd25d7d27fb025c1ff6a259d9f8037d39c5
prerequisite-patch-id: 2610793ce2711cd0dacdae3f71000bff8234e6d8
prerequisite-patch-id: 4d2d4abd7881a0572b4f8040ac47c6d7d2a6c7c8
prerequisite-patch-id: 3a1ff9fdf32ec74eb15d5bfbf2d4fd19b575fc0f
prerequisite-patch-id: c3ea3842c6d84c92bbdf9dffd373d19603d7f49d
prerequisite-patch-id: 5ac260d14be9ea2ba0172a840884e81de5e7bb75
prerequisite-patch-id: 06f9a3d4bff79bda91d9cdd620ecab3123af4b99
prerequisite-patch-id: 005725cf638483ac094b50d93774a0c48310194f
prerequisite-patch-id: f3ad3df21e262fe88f248129f5efa0ed364acfe5
prerequisite-patch-id: 0d9f52508588c8a3c6295c6577f42bd831dfd7d3
prerequisite-patch-id: 5c1f16647fed2e82b554b68c06c2d1f62d6ee49b
prerequisite-patch-id: 60df7c9bf2497a3992dce92d5262e96024edf31c
prerequisite-patch-id: c68e7931f12e4c59224e884223d79ab25e07a5db
prerequisite-patch-id: a42771427174629d48ea8a44f519a9129ccb0d91
prerequisite-patch-id: 72e188c19baa1522f91d64de852755a5b160b9d8
prerequisite-patch-id: 5dc957032e01c44d8e842edcb2e76f088cae8ecb
prerequisite-patch-id: 4ba5eefb1fcddecbaec970b52f6fd06a00e6c52d
prerequisite-patch-id: 299d1f029e8a78748ee108a333d47716fa322b43
prerequisite-patch-id: d7425a5fb7a4ff794742232b051536dd40419cca
prerequisite-patch-id: 583a3001411e4ecf4adf1ee8b493d54572eeee6c
prerequisite-patch-id: 8e8b3110e4527a321b52e4cabc99285f75129534
prerequisite-patch-id: 0101b154dd6367068f8a5ba7d4abe4063ad5f3e1
prerequisite-patch-id: 37574a831f4930342765b748480b3df8a377df2d
prerequisite-patch-id: 9463ab8b81a49bda03788c89cee815c2acdcf30d
prerequisite-patch-id: 7133e80cc6d5283e2d5703293dbeaf3126ad27d0
prerequisite-patch-id: 586ac8c7d55abe4a20b8a4b1b1e314bf5759a897
prerequisite-patch-id: 243b80b0fa3fb621341b07ed09e7e4be3b900c6a
prerequisite-patch-id: 158d2fb559ffbf2dcf112e58aedf4f955dc24c1c
prerequisite-patch-id: 8f85d193144663d0021be1a77e317bd109c8a621
prerequisite-patch-id: 8666f84a6c97b3fa1d7565aeb86a30868fb86002
prerequisite-patch-id: 46fc39c64b488d0d05c1f75eb2b762c0d3736825
prerequisite-patch-id: 8de0ded129c99d9827723b9704fc71e9ce60fc01
prerequisite-patch-id: 287760bde51e13a1923a4b53861657a9fbbabd8c
prerequisite-patch-id: f40bed11183649ba83896beacca34cec6b53b004
prerequisite-patch-id: 18ebb77e05266e600e66eab18f50cbe439114a4d
prerequisite-patch-id: cc08ea4132bb2d07cf26f2d1be02ded20ff2ec90
prerequisite-patch-id: c2d6bd8f3900373ac68c0e0e983977ba72f64aa6
prerequisite-patch-id: b5f678b9d5a00b9ddc22034f12f71142965f7337
prerequisite-patch-id: 5dc70823540367eed9b188ebdbdbad6dda0c33bb
prerequisite-patch-id: 4f4a022b9f7cbb354279fc3100b71949c8cc126f
prerequisite-patch-id: 1c3d5d7518681a0ffa79f1828709d66eef09a735
prerequisite-patch-id: 3bec5d4bc63bb79ec76db1b424d4aefdb4d45df0
prerequisite-patch-id: 9170de444c5fb9ca9e7a2e6e9887334831303e4b
prerequisite-patch-id: d079c3ccb67ca89d6d2bfb6cb96a8d331e0b6cb9
prerequisite-patch-id: 938d47e37d4f7fd8bcc632d144c202b5a0c04884
prerequisite-patch-id: 4e75f7b90d936f7fd3256997c232c0116b6c9c8b
prerequisite-patch-id: a1fc5372c89129434927bdf6cc935b3cc7d2c637
prerequisite-patch-id: 3c291de7c40987e423de6ac7628f37ad7b9e8972
prerequisite-patch-id: 50775b74ad6749d099a554e3cdc0f7e805b68d49
prerequisite-patch-id: 6afad40bca00c6d342738a20f8ddc820c0c40b2b
prerequisite-patch-id: a5c9a3726ec6e5c60f33ad6df49317bbd41672c4
prerequisite-patch-id: 8e577234383e6ed511bcf3581e04325cbf60dcb2
prerequisite-patch-id: 1675bb658c90730025a744f7869a3566fb5cf41a
prerequisite-patch-id: 9c02fe03b70a5312cc982fd4b48e73e889a9afdf
prerequisite-patch-id: 054b7faed9b7442b9b4f856ffc2166b72fc514f0
prerequisite-patch-id: c389185e7416a1505c8a769c739b040fea26a805
prerequisite-patch-id: 6e1fecd20a532eca97a9ea044765186159f6551e
prerequisite-patch-id: 1ad8cb8f6e5ccfb35b32ea20a1c2f0b25de08b6b
prerequisite-patch-id: 9a72f1e2eda3506da18d209bd83c0a45adeadfe3
prerequisite-patch-id: f6439fbf1c313fce92526da08898137e1c4c5516
prerequisite-patch-id: 36417d4c2e0f8689bf385c856903dbca23ef7397
prerequisite-patch-id: bbe330f3efb49f901d8ec24f356e34b499f700cf
prerequisite-patch-id: 5dd47338f678784efa3f4f3ba31dff0c68c71d9a
prerequisite-patch-id: 6e2d4930e534201e18c3e38320ef17c71dee1dc6
prerequisite-patch-id: 9e6aa48c5a0a8603f391ff44243261d0d8c2577a
prerequisite-patch-id: cd95cd5a24cc03890e1fa9ef3032b653819e1c9a
prerequisite-patch-id: 160b57156f0e2f80af128847b93619ea898833b8
prerequisite-patch-id: 9a4a4978088a4ea154cfbcec17a31ef6e5e1074d
prerequisite-patch-id: dee2c2c332ba35fde672fea8056eb8ed56c024cd
prerequisite-patch-id: c3808cff4ac4e04405205bbf461f03b4c728d0d7
prerequisite-patch-id: f1e503ec8fd7998d7bde805b4d0f3fff46d4a893
prerequisite-patch-id: f81eb8e46e5b122e97a8aeff731479d1d3d61870
prerequisite-patch-id: f68b17cf1309cf3f25e43bd44d19c0db1d729ec5
prerequisite-patch-id: 1d3e5e0163a2c29a64dbe4c621c1e8e14cb2b286
prerequisite-patch-id: 31f3147040f581cb68d9b8bea1e8fcdb49e18724
prerequisite-patch-id: 0098f37a24f4df48825919fd4ce8f10fccbbf40a
prerequisite-patch-id: 03b1dca8120732810fbf4cf03365f2b4fa910542
prerequisite-patch-id: f84f9cc5ed38f496e12f3c8ac0d23b85ef3449fc
prerequisite-patch-id: c2dd9f70835b16b1b3897f50ccb3b4a39f0ad8c4
prerequisite-patch-id: 5eac3d761f29aba27bc16915c05d9b1fea81184a
prerequisite-patch-id: 912aa0b6ab9e3d7d720ba9bc6b5c27b89ee280cf
prerequisite-patch-id: 6c0d1f5f372762e7022b2410adc333e404a036ce
prerequisite-patch-id: 844bc1e9fd8dea655c2ed139dcc7c85f071f3720
prerequisite-patch-id: d8c7f8b3ebe71fc9a50801f895dd3d761c6a4098
prerequisite-patch-id: a2eceeb8e567ad4983ee7e59bd0ee886ef7c55f1
prerequisite-patch-id: 45d9caecee88c2605cd8842b4a0bb83fb62756bd
prerequisite-patch-id: 73ae4984ab4d07d5c9674cdfc15014c553b3a8af
prerequisite-patch-id: cc538edcfe86bdb12f6d47a9b78a035132aa3810
prerequisite-patch-id: 18cf055d341e69b6028ba78f372892fe2dc76336
prerequisite-patch-id: f59108f4830bcfb6453ec9a2e685a5cef61d2383
prerequisite-patch-id: 7453f9edd0b5c3271d4f6e9de12b58ea9d502f8d
prerequisite-patch-id: 5caddac4cd57c2e6d42bab4ffbcf2c3d6228ea17
prerequisite-patch-id: 4c46a01cb6ee025390501b09f9348e2a8e381993
prerequisite-patch-id: 4f8cdfaab6315bc65b3f38678e22e5d00c7f30be
prerequisite-patch-id: c94469de4689a864b5e75763b184b023c9c7445e
prerequisite-patch-id: 1a9344c24472b1daedac6a811dc0f2d8f9bc6eb5
prerequisite-patch-id: dd9c9ab8c6d26fcf6ab78da884f49c42d1c68eea
prerequisite-patch-id: 34868ce87a741d970f9aaf88c5c8541430543b22
prerequisite-patch-id: 970b913f62efb7d6335982d24729d19e634b7945
prerequisite-patch-id: 47036a978b9dd7995d46f77ae1697d2f9e507e83
prerequisite-patch-id: b27bf719d4dfdb065c03cc8a160396f7711f29f2
prerequisite-patch-id: 6a0212dddf9bd47fe54d42163c41e497a6f65117
prerequisite-patch-id: a93d5c36334aa7b661b228c834e25997366ed8c7
prerequisite-patch-id: c57f197c5d4b671cf0570c05461427bd0ba670d5
prerequisite-patch-id: a90151451f07e35b06be94678ceeb9d4a50ae950
prerequisite-patch-id: c75d7f23d9c4c73d60921dd5fcdc8c056df996e2
prerequisite-patch-id: a50c960d4bd6aa0cb48e2f35456affce98554c61
prerequisite-patch-id: 61ee7f8a98d4a1d4eb49bc706170a65aa6349dfc
prerequisite-patch-id: 7a36b0fed429a3326779575c81065c5036d6f910
prerequisite-patch-id: f1ef4133d8f77e36c9a3135caa539d1be16f8039
prerequisite-patch-id: 6a72ea9a4ba18f7b0e090b61429ea9d5c376d04d
prerequisite-patch-id: 821ccb28a4cebb703b155729e0f7203f4b1a30eb
prerequisite-patch-id: 8d8decdfe49f15a1ce37ae4eca0f3a7ba60266bd
prerequisite-patch-id: b982b85f3630eee58214dba394d6d289cab30444
prerequisite-patch-id: e57f4a998af683e5389d70c56ebcb3ff787709fc
prerequisite-patch-id: cbb956ddcd7915a647985871c220c831c3d4bbce
prerequisite-patch-id: 9a500aed6e9974e705aa20c51f232f90ffaa8f9f
prerequisite-patch-id: bd3436a91924339e83e4780e20d354345c820d34
prerequisite-patch-id: 23d3567eb8a5ddc7fed69e01d10662717419a191
prerequisite-patch-id: d4c5fef20346bba633ab94bdb052c6de9b0e453a
prerequisite-patch-id: a2826776b8fcfedaf3ae425cd0fe0c4272be2364
prerequisite-patch-id: 1a1d7759acb5b6a0c1bb5a4e1f6b4b5e5e9e51bd
prerequisite-patch-id: edc9f52fe850363bed5b2ade92a454d401329263
prerequisite-patch-id: 7a2e2df63b0f6d389aa7865b70f25082c948d88d
prerequisite-patch-id: 1447051118876c7f3dff81df7a40750dcfd8fb00
prerequisite-patch-id: 00ec72b6c3f21f16fac94206d7bb47048a32322e
prerequisite-patch-id: 9ef932c3a1509589b7e4398a8c3c89bc5fc40bb9
prerequisite-patch-id: 805ef22d10e8863c51f406fdc6f60bcae72c6669
prerequisite-patch-id: 553a63b55e3db3b6c8fb9bdf8ec88875c4e184a1
prerequisite-patch-id: ca3d4781bc2ae8c17152c3d86f180bc339bee7f0
prerequisite-patch-id: b35dc108169c49d64f893684aa5194e99880e149
prerequisite-patch-id: d4a824429aa9abbeec81ced3cc2435e765809574
prerequisite-patch-id: 304b21e7031989556e16bc7fa0371977ce4145e8
prerequisite-patch-id: 6ac9dbbe5dae2dde1ea5414ec857b0c6d8dea576
prerequisite-patch-id: 6b47c87c4a68cebae3fec88164fee7d97bd19f14
prerequisite-patch-id: 453e434a15330b53516bbf85cccb98ce855ec3ac
prerequisite-patch-id: 529b20d51875e1fbfdc5717051067b1a06b87dff
prerequisite-patch-id: d09b02f5c6a0f1a2e6b74d67aeeac4350bf56938
prerequisite-patch-id: 47fe54ebb375daf84c71069ea3a0805d6f7f52ad
prerequisite-patch-id: 08b4ea5f8ce7fa92963a9b0ff4ead29d4e9fbfd4
prerequisite-patch-id: 347c060723c3f351e1efeedf20b368ea40cd1cd7
prerequisite-patch-id: a6e0f2d751527d45c7167d516cf91ff3095efdb2
prerequisite-patch-id: 7e66ad784a43f55c65bf325417138fb02851a7d6
prerequisite-patch-id: a63b483b61a087162fdca94add0d23fea72a11c9
prerequisite-patch-id: ab30533aa5cc6c54aee014e423da7c6cbea39d3e
prerequisite-patch-id: f7d5feab65b3c0a6a549b8f13e29379c3d1b36e7
prerequisite-patch-id: ca1b17d35d3ff8b05027e1cb52ef426a85c582a3
prerequisite-patch-id: ba1107d619ed5930e3dc0261e81659e03d921435
prerequisite-patch-id: f949265b5004bb1ac6c328ef1e718938df65da83
prerequisite-patch-id: 67807d846a1633f1f40a4b44bda03b2f45fc9fab
prerequisite-patch-id: 95a1e54cf33eb6df03e4e12946b9eeb8db5a1ffa
prerequisite-patch-id: a0bd501f38a20fe46c2ed9fd483cb1ede1eb8472
prerequisite-patch-id: d624e9e7e1e36a50dbb7c070992bca25fba55c1c
prerequisite-patch-id: 8e505dcd41728e50f4ba2415b872d80c251cd9f8
prerequisite-patch-id: fb78e5203171f8328c5382306a6c0fee8193c973
prerequisite-patch-id: b6d73eaf238267f5a2927a99e357475a72fd587b
prerequisite-patch-id: 3adfacfbacce675198e87dd872ff8f0cdc566987
prerequisite-patch-id: 4514dfe11632bab14d4dc9812ed46e5f4f116dd9
prerequisite-patch-id: ec6871db78a15fc2e71b07cf87232a613af51d23
prerequisite-patch-id: 274ccbc822e44bbb68e16caf036697b4ef0dfdbd
prerequisite-patch-id: e37159bc30b56de2e1685e21d59ff6225733a2fb
prerequisite-patch-id: ae02fd29e0237f7e6b1bf8466b612f24c5dffc6c
prerequisite-patch-id: 311b02bc6476fbf3b0e4b5bd18f65bbfe59ed27e
prerequisite-patch-id: d5465b3cfc187cda8ec5875dbdb9531d1ded6f87
prerequisite-patch-id: 7b55b10adc1afddc93d4e42d3f532623c3a2e934
prerequisite-patch-id: 7831cad70e720cfcd5444ef0835ddfc06c11cefb
prerequisite-patch-id: f76df4b2b3655def61b52f2f1a680135ae79ff8d
prerequisite-patch-id: e34680aa4ade1b17df81890b800862d4d070154f
prerequisite-patch-id: 0517d9e6713dbe9332df218a047aea17d470a59b
prerequisite-patch-id: 19cc6a6aa192d02ca1ea09a1a83456ebada634e6
prerequisite-patch-id: a1ab3a23d85ae911bcf18adbb7fc1921d3f43685
prerequisite-patch-id: 7eaaedc29f8dfc2a97b7e046bcdb41abc685b258
prerequisite-patch-id: 320b38b0ceed88a367da19435b1a538ed1b4fd56
prerequisite-patch-id: 7081f1afadcc43d8ca75843faada7029447ba87c
prerequisite-patch-id: 9ebc296f4fd14380585d0c328348e0a7ad822d83
prerequisite-patch-id: 80db168983a618e17957e6f1d2056bbe7658dcf6
prerequisite-patch-id: a4b65d5bbe47daefa8f5ad28b2a60d62f58511f9
prerequisite-patch-id: 09a48e243c6a05f03ca11dfbe6dfe799361db138
prerequisite-patch-id: f5f9d4eafce71f32a724eba6c34ec09f45f07144
prerequisite-patch-id: e4a37bdec5abce981e3349558914c2ce7450f00a
prerequisite-patch-id: 957db8bd8936dedf40f59a91a3879a4072c31a12
prerequisite-patch-id: b826b9ecfbfdc70b792500f102ef7d4c8b32c8d1
prerequisite-patch-id: bf50f7b1ebc767d64ffa833446d8e5b0f05a7f8f
prerequisite-patch-id: ad220eb76ac18bfd031154d3f3975d16933ea3a6
prerequisite-patch-id: e71efada01bb2281ef303a6841897b5eae489f53
prerequisite-patch-id: a0f0d81bdd4579222b91d83076bd2177ed6badd6
prerequisite-patch-id: 35d9530a653eee7869bde9355357922ce8f4ac6f
prerequisite-patch-id: 3b6116b3586d3cbe539e95d8198aeb00a3d70bd2
prerequisite-patch-id: 237be4dfb42c0968267e644d3be2f83fd25a22ac
prerequisite-patch-id: b711e53ec30f3f18ba9c9db66918c5fa2f1c885b
prerequisite-patch-id: 5ec5041d0e68978aa05c95ac462e81a8a8258ec2
prerequisite-patch-id: d75bc5cc28ddc4aae8784c0c3a23decd993da992
prerequisite-patch-id: 317cd307f8314c33ee75f7d3d8cbe2a2da99c4a9
prerequisite-patch-id: 35c5471f06532a1de9d0461fcca8e381dbfd5206
prerequisite-patch-id: c3c54ba3efe4319a8f743e0d04e41cd725f17207
prerequisite-patch-id: 10b41ba92f6418da93985f702dc4d18c03b3dfee
prerequisite-patch-id: b677efe91b421879f33f9529a63fe74bcb65726a
prerequisite-patch-id: 77355becac8f8ef8cec11b421901011e8d672e36
prerequisite-patch-id: 9b4bd6b0e6a5d85029dcb9c4fd747084f9022217
prerequisite-patch-id: 266dfac72d8eb5497a7d9117543d5f2f5d513630
prerequisite-patch-id: 7827c6b82ded58cd79cf29dfb17fe6babf2fcf4b
prerequisite-patch-id: 4fa72314f18708e5608059fe642f2c2d669335d9
prerequisite-patch-id: d2b45d0d3862076783145a04a8764e3b01fa4a7c
prerequisite-patch-id: 13731078668f815fc09edc1e11480e03de3bd2b5
prerequisite-patch-id: afd71b14ca167ed512a328a97ddcd2448614ccac
prerequisite-patch-id: ea387a4f9d860397a26c840c11c8742f0ac70fc3
prerequisite-patch-id: ef355ff43bfbda3b3f6b8e918b12a43aa1354709
prerequisite-patch-id: bd4dd0b450ec7119e9eda30677440660b1fe0c0e
prerequisite-patch-id: a64a2413adba06d25d00a19e1649ffbc18e76fc8
prerequisite-patch-id: 2aaf8f0d38ebc949f2610d86e4ce6f9679680ed0
prerequisite-patch-id: c79a3ed696499fd6d3e4b6526fd43f3afcd3a259
prerequisite-patch-id: 13525aace311948825c12098fcba1fbaa2da8e1e
prerequisite-patch-id: 14d676a1f9be29468a7b062e067be8c002ca1baf
prerequisite-patch-id: f7e4b3c1b487a12a554e7390e677eb07b598fe48
prerequisite-patch-id: d3c033213ce18b7b187685cf7f9a86488e695df0
prerequisite-patch-id: b67b6bdab92b43156a17b81e4d664855b61a3a2e
prerequisite-patch-id: ebb63f0a9fc43c79fcfbd878cd65d7d0e509d9be
prerequisite-patch-id: 1ffda67da9e34e482a38c0506608daed2ba5813c
prerequisite-patch-id: 9b0479571f29a197f90294ce6187826aeeeb764c
prerequisite-patch-id: 48f9dfb4d4afb7d6630241bbe3e030692792a82f
prerequisite-patch-id: 9533ae9e3764af1bcda86bc2aa25144066a10259
prerequisite-patch-id: bbe8faf500b3a5a15fda2bcbf33847469e13497b
prerequisite-patch-id: 67e4c6d12623e089449944e1056a677b9345f788
prerequisite-patch-id: adb06edf2f45c7b41c184ffecf7afd0db512697f
prerequisite-patch-id: 9825937196b6200426da9aa4352aeb75832a2087
prerequisite-patch-id: c8f5ca7d1266875b96727307b54341da03732a73
prerequisite-patch-id: 88a9de4f50e95fd6c1e4438eb635e331a24543d4
prerequisite-patch-id: a0989641f8bac1927debf2f7410c80f11d0759a6
prerequisite-patch-id: b6a669405f05cdf522e5aa91b60e3de8a5db8f43
prerequisite-patch-id: c7c3b5771d9e898e1222e9fa91b509e9f906db37
prerequisite-patch-id: 46969fde04c6018a7df740820889c91eeb06d0ca
prerequisite-patch-id: a18f4312030213225a3bc1f950ba291acc163f09
prerequisite-patch-id: efd66886475b2196a6236f2cf48c48c5bdc74615
prerequisite-patch-id: 414fe81e77ead73d608b0b1c4b1bca9d0394bcbf
prerequisite-patch-id: 232cd6530f508dd17d89c8247d6ac95f3d9ebfe0
prerequisite-patch-id: 986d37a176cacf59a741686952964ffdc668a5b7
prerequisite-patch-id: 1dd1189feef1e6ffc82a6b48fa1e6a63bf59efa3
prerequisite-patch-id: 171bb52a5d60534c0bcf72c5fc865a32cea5dc5a
prerequisite-patch-id: 9241e1ed3743c07e212771a7853537cca0a4ab85
prerequisite-patch-id: eaac5259297e472736513202070a04aca85b3fd6
prerequisite-patch-id: 73243b73f091edf51254f39deab0d74a0346b487
prerequisite-patch-id: afce689b73f108b7ccd2fa2a3d741ed64943a5e4
prerequisite-patch-id: c580ea31036ada33c9620a1925e03fcafeaaab4c
prerequisite-patch-id: 6f5c6535c075a25edfd4ee3bc05e8cb3eb7c58dd
prerequisite-patch-id: d50d2eabebf349d74d1fd51ada0775cbdeff14fe
prerequisite-patch-id: c77334ce5547cdd33e6c3075bc7c89214bb09fcd
prerequisite-patch-id: 20ee4127d9c842c273b9a74abfb1efebcbb38acd
prerequisite-patch-id: db8da6789d161b1981c13f607927c722f0a529a2
prerequisite-patch-id: 05965b4684132940d261ff856878beb9a56e941a
prerequisite-patch-id: bf90bfba4df06e1cda6fce98c315df3d940fed0f
prerequisite-patch-id: a3b3188ab9428343614339f3c7e9c2751906d28f
prerequisite-patch-id: f0e4acf5b72ca6951273ff9e817fb5f7772d73f4
prerequisite-patch-id: 19db2eaaea5b76ab668de14c35ba0fe0f3bcbce1
prerequisite-patch-id: fae8684420b2723b3abeaa4f44294028e5665ae0
prerequisite-patch-id: 5430e8e9379aacdf2779cb6fe77c523199d0b20d
prerequisite-patch-id: bc32e217755699169b790c3f8bfdf17e37cfec98
prerequisite-patch-id: e26b3244d4a326504ee9c8218307f448f0b410c7
prerequisite-patch-id: c6f4cdd70b7bd9c5ef71d6a51f2de41173732a47
prerequisite-patch-id: 8657f04c0baadc17c59fb4ca753b9a3d621ea6db
prerequisite-patch-id: 15844599f2c3ca9980610df3d309cbe7a88ab225
prerequisite-patch-id: 26d4353d8612f6c77bbd7f33942ed15f510bfe6d
prerequisite-patch-id: 1da066a88c66835923cb797e72fc5460b19b8446
prerequisite-patch-id: 7a95587373ef751546501146d0236853e7387ac7
prerequisite-patch-id: e9b289ae8caa0d0a800de54d59c200beb92338c7
prerequisite-patch-id: 879844bfb9b350c562883f3aec9e2437c11fe061
prerequisite-patch-id: ba523d8984cab6c1992a1f47dd364601c2ae6e2a
prerequisite-patch-id: cc36cccc087bf4f2566861f75c93dc1c1a0eec7e
prerequisite-patch-id: c117baf0385e7763618087d1b015f7ba4d67b2fa

Comments

Rostislav Svoboda April 12, 2024, 7:43 p.m. UTC | #1 
Argh, the patch flawed. Please ignore it for now. Sorry.
Cheers, Bost
diff mbox series

Patch

diff --git a/doc/guix.texi b/doc/guix.texi
index 5827e0de14..6126c1b5ef 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4565,15 +4565,22 @@  Invoking guix pull
 Show which channel commit(s) would be used and what would be built or
 substituted but do not actually do it.
 
-@item --allow-downgrades
-Allow pulling older or unrelated revisions of channels than those
-currently in use.
+@item --allow-downgrades[=channels]
+@itemx -a [channels]
+Allows pulling older or unrelated revisions of specified channels, or
+all channels if none are specified.
 
 @cindex downgrade attacks, protection against
-By default, @command{guix pull} protects against so-called ``downgrade
-attacks'' whereby the Git repository of a channel would be reset to an
-earlier or unrelated revision of itself, potentially leading you to
-install older, known-vulnerable versions of software packages.
+By default, @command{guix pull} safeguards against so-called ``downgrade
+attacks``, where a channel's Git repository is reset to a previous or
+unrelated revision, potentially causing the installation of older,
+vulnerable software versions. Without specifying channels, this
+protection is disabled entirely, posing a security risk.
+
+It's advisable to permit downgrades only for channels you trust
+implicitly, such as those you maintain. For all other channels,
+including the official Guix channel, downgrade protection remains
+recommended.
 
 @quotation Note
 Make sure you understand its security implications before using
diff --git a/guix/channels.scm b/guix/channels.scm
index 66f3122f79..af5a0b26c4 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -497,26 +497,35 @@  (define (channel-instance-primary-url instance)
 
 (define* (latest-channel-instances store channels
                                    #:key
-                                   (current-channels '())
-                                   (authenticate? #t)
-                                   (validate-pull
-                                    ensure-forward-channel-update))
+                                   (channel-validation-pairs '())
+                                   (authenticate? #t))
   "Return a list of channel instances corresponding to the latest checkouts of
 CHANNELS and the channels on which they depend.
 
 When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a
 \"channel introduction\".
 
-CURRENT-CHANNELS is the list of currently used channels.  It is compared
-against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called
-for each channel update and can choose to emit warnings or raise an error,
-depending on the policy it implements."
+CHANNEL-VALIDATION-PAIRS is a list of pairs of currently used channels with their
+respective validation procedures: (current-channel . validate-pull).  The
+current-channel is compared against the newly-fetched instances of CHANNELS, and its
+validate-pull procedure is called for each channel update and can choose to emit
+warnings or raise an error, depending on the policy it implements."
   (define (current-commit name)
-    ;; Return the current commit for channel NAME.
-    (any (lambda (channel)
-           (and (eq? (channel-name channel) name)
-                (channel-commit channel)))
-         current-channels))
+    "Return the current commit for channel NAME."
+    (any (lambda (channel-with-validation)
+           (let ((channel (car channel-with-validation)))
+             (and (eq? (channel-name channel) name)
+                  (channel-commit channel))))
+         channel-validation-pairs))
+
+  (define (current-validate-pull name)
+    "Return the desired validate-pull procedure for channel NAME."
+    (any (lambda (channel-with-validation)
+           (let ((channel (car channel-with-validation))
+                 (validate-pull (cdr channel-with-validation)))
+             (and (eq? (channel-name channel) name)
+                  validate-pull)))
+         channel-validation-pairs))
 
   (define instance-name
     (compose channel-name channel-instance-channel))
@@ -544,20 +553,22 @@  (define* (latest-channel-instances store channels
          (if (and previous
                   (not (more-specific? channel previous)))
              (loop rest previous-channels instances)
-             (begin
+             (let ((current (current-commit (channel-name channel)))
+                   (validate-pull (current-validate-pull (channel-name channel))))
+               ;; (format #t "channel '~a' is validated by '~a'~%"
+               ;;         (channel-name channel) (procedure-name validate-pull))
                (format (current-error-port)
                        (G_ "Updating channel '~a' from Git repository at '~a'...~%")
                        (channel-name channel)
                        (channel-url channel))
-               (let* ((current (current-commit (channel-name channel)))
-                      (instance
-                       (latest-channel-instance store channel
-                                                #:authenticate?
-                                                authenticate?
-                                                #:validate-pull
-                                                validate-pull
-                                                #:starting-commit
-                                                current)))
+               (let ((instance
+                      (latest-channel-instance store channel
+                                               #:authenticate?
+                                               authenticate?
+                                               #:validate-pull
+                                               validate-pull
+                                               #:starting-commit
+                                               current)))
                  (when authenticate?
                    ;; CHANNEL is authenticated so we can trust the
                    ;; primary URL advertised in its metadata and warn
@@ -1001,7 +1012,7 @@  (define latest-channel-instances*
 
 (define* (latest-channel-derivation #:optional (channels %default-channels)
                                     #:key
-                                    (current-channels '())
+                                    (channel-validation-pairs '())
                                     (validate-pull
                                      ensure-forward-channel-update))
   "Return as a monadic value the derivation that builds the profile for the
@@ -1010,7 +1021,7 @@  (define* (latest-channel-derivation #:optional (channels %default-channels)
   (mlet %store-monad ((instances
                        (latest-channel-instances* channels
                                                   #:current-channels
-                                                  current-channels
+                                                  channel-validation-pairs
                                                   #:validate-pull
                                                   validate-pull)))
     (channel-instances->derivation instances)))
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index 58d3cd7e83..c662e88771 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -76,8 +76,7 @@  (define %default-options
     (graft? . #t)
     (debug . 0)
     (verbosity . 1)
-    (authenticate-channels? . #t)
-    (validate-pull . ,ensure-forward-channel-update)))
+    (authenticate-channels? . #t)))
 
 (define (show-help)
   (display (G_ "Usage: guix pull [OPTION]...
@@ -94,7 +93,8 @@  (define (show-help)
   (display (G_ "
       --branch=BRANCH    download the tip of the specified \"guix\" channel BRANCH"))
   (display (G_ "
-      --allow-downgrades allow downgrades to earlier channel revisions"))
+  -a, --allow-downgrades[=CHANNELS]
+                         allow downgrades to earlier revisions of CHANNELS"))
   (display (G_ "
       --disable-authentication
                          disable channel authentication"))
@@ -176,10 +176,37 @@  (define %options
          (option '("branch") #t #f
                  (lambda (opt name arg result)
                    (alist-cons 'ref `(branch . ,arg) result)))
-         (option '("allow-downgrades") #f #f
+         (option '(#\a "allow-downgrades") #f #t
                  (lambda (opt name arg result)
-                   (alist-cons 'validate-pull warn-about-backward-updates
-                               result)))
+                   (cond
+                    ((string? arg)
+                     ((compose
+                       (cut alist-cons 'allow-downgrades <>
+                            (alist-delete 'allow-downgrades result))
+                       (cut append
+                            (or (assoc-ref result 'allow-downgrades)
+                                (list))
+                            <>))
+                      ;; Values may be also comma-separated. Possibilities:
+                      ;; -a val1 -a val2,val3 -a val4 -aval5
+                      (string-tokenize arg
+                                       (char-set-complement (char-set #\,)))))
+                    ((boolean? arg)
+                     ;; The command contains this option with no value
+                     ;; specified, (`arg' is #f). We'll interpreted this as
+                     ;; 'all channels can be downgraded'
+                     (alist-cons 'allow-downgrades #t result))
+                    (else
+                     ((compose
+                       (lambda (text)
+                         (raise (condition (&message (message text)))))
+                       (cut format #f <>
+                            "You found a bug:" arg name
+                            version system %guix-version
+                            %guix-bug-report-address))
+                      "~a The value '~a' of the '~a' option is unrecognized.
+(version: ~s; system: ~s; host version: ~s)
+Please report the COMPLETE output above by email to <~a>.~%")))))
          (option '("disable-authentication") #f #f
                  (lambda (opt name arg result)
                    (alist-cons 'authenticate-channels? #f result)))
@@ -828,6 +855,41 @@  (define (validate-cache-directory-ownership)
 @command{sudo -i} or equivalent if you really want to pull as ~a.")
                        dir:user our:user)))))))))))
 
+(define (channels-with-validations downgradable-candidates channels)
+  "Return a list of pairs: channel + pull-validation procedure. The procedure
+is `warn-about-backward-updates' if a given channel is among the
+DOWNGRADABLE-CANDIDATES or `ensure-forward-channel-update' otherwise. E.g.:
+
+((channel1 . #<procedure warn-about-backward-updates ...>)
+ (channel2 . #<procedure ensure-forward-channel-update ...>))"
+  (cond
+   ((and (list? downgradable-candidates) (not (null? downgradable-candidates)))
+    (let ((downgradables-candidate-names (map string->symbol
+                                              downgradable-candidates))
+          (channels-names (map channel-name channels)))
+      (map (lambda (name)
+             (unless (member name channels-names)
+               (leave (G_ "'~a' must be one of '~a~'%") name channels-names)))
+           downgradables-candidate-names)
+      (let* ((downgradables-names
+              (filter (cut member <> downgradables-candidate-names)
+                      channels-names))
+             (downgradables
+              (filter (compose (cut member <> downgradables-names)
+                               (cut channel-name <>))
+                      channels))
+             (non-downgradables (lset-difference equal? channels
+                                                 downgradables)))
+        (append
+         (map (cut cons <> warn-about-backward-updates) downgradables)
+         (map (cut cons <> ensure-forward-channel-update) non-downgradables)))))
+
+   ((and (boolean? downgradable-candidates) downgradable-candidates)
+    (map (cut cons <> warn-about-backward-updates) channels))
+
+   (else
+    (map (cut cons <> ensure-forward-channel-update) channels))))
+
 
 (define-command (guix-pull . args)
   (synopsis "pull the latest revision of Guix")
@@ -844,7 +906,7 @@  (define-command (guix-pull . args)
             (dry-run?     (assoc-ref opts 'dry-run?))
             (profile      (or (assoc-ref opts 'profile) %current-profile))
             (current-channels (profile-channels profile))
-            (validate-pull    (assoc-ref opts 'validate-pull))
+            (allow-downgrades (assoc-ref opts 'allow-downgrades))
             (authenticate?    (assoc-ref opts 'authenticate-channels?)))
        (cond
         ((assoc-ref opts 'query)
@@ -868,14 +930,17 @@  (define-command (guix-pull . args)
                  (set-build-options-from-command-line store opts)
                  (ensure-default-profile)
                  (honor-x509-certificates store)
-
                  (let* ((channels (channel-list opts))
+                        (channel-validation-pairs
+                         ;; Only current-channels can be checked against
+                         ;; downgrade-attacks. New channels can't be
+                         ;; downgraded. Their commit history is unknown yet.
+                         (channels-with-validations allow-downgrades
+                                                    current-channels))
                         (instances
                          (latest-channel-instances store channels
-                                                   #:current-channels
-                                                   current-channels
-                                                   #:validate-pull
-                                                   validate-pull
+                                                   #:channel-validation-pairs
+                                                   channel-validation-pairs
                                                    #:authenticate?
                                                    authenticate?)))
                    (format (current-error-port)