From patchwork Fri Apr 12 13:13:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rostislav Svoboda X-Patchwork-Id: 62946 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0069727BBEA; Fri, 12 Apr 2024 14:16:25 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 379D927BBE9 for ; Fri, 12 Apr 2024 14:16:22 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rvGl6-0000Yy-Az; Fri, 12 Apr 2024 09:16:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvGl5-0000Y6-9h for guix-patches@gnu.org; Fri, 12 Apr 2024 09:15:59 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rvGl4-00052w-AA; Fri, 12 Apr 2024 09:15:58 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rvGlA-0000FK-CE; Fri, 12 Apr 2024 09:16:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70353] [PATCH] pull: Add fine-grained control for `guix pull --allow-downgrades`. Resent-From: Rostislav Svoboda Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, rekado@elephly.net, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Fri, 12 Apr 2024 13:16:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70353 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70353@debbugs.gnu.org, pelzflorian@pelzflorian.de Cc: Rostislav Svoboda , Christopher Baines , Josselin Poiret , Ludovic =?utf-8?q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-To: guix-patches@gnu.org, pelzflorian@pelzflorian.de X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?utf-8?q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by submit@debbugs.gnu.org id=B.1712927726591 (code B ref -1); Fri, 12 Apr 2024 13:16:03 +0000 Received: (at submit) by debbugs.gnu.org; 12 Apr 2024 13:15:26 +0000 Received: from localhost ([127.0.0.1]:58112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvGkK-00006g-8f for submit@debbugs.gnu.org; Fri, 12 Apr 2024 09:15:26 -0400 Received: from lists.gnu.org ([2001:470:142::17]:37072) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvGk7-0008Ud-IJ for submit@debbugs.gnu.org; Fri, 12 Apr 2024 09:15:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvGjq-0000MR-Tb for guix-patches@gnu.org; Fri, 12 Apr 2024 09:14:43 -0400 Received: from mail-lj1-x231.google.com ([2a00:1450:4864:20::231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rvGjn-0004qW-41 for guix-patches@gnu.org; Fri, 12 Apr 2024 09:14:42 -0400 Received: by mail-lj1-x231.google.com with SMTP id 38308e7fff4ca-2d485886545so13345451fa.2 for ; Fri, 12 Apr 2024 06:14:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712927676; x=1713532476; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=yyM1d8Wgk3tgtjxPkW3gT+0dZOMuOb2TVQ6rfv1ORI4=; b=Saj599lcN7Q54SkjRVHBSuLywx5O6Xn1jTFGUr0y84IoVqVioOM1hzvEw9g8lmnhuR MX72pAgR/GxF4wX9RZQn1SoXUOohp16vsegPXXQV7jIXakj3UezLkUlFaDSerMn2Ig1g WqZSHljcqGhC8p//WN7yS3TIfvj5HakyAt+mY3891SIrHjQKKP8huVS2Z0QjGSILP7tY NCl7kG3x5NAYyitqasJ2OiDj19m2dT31qH8ZMMEPsNlVxS611BJhofoIDjdKG53PNIni Re5p8yk8Pb1K3y2waoL+jdVVKdDIDwaMmn9bD1057x4CkuzpQSptU9PTxQjxKAuwRnaO 6Lgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712927676; x=1713532476; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yyM1d8Wgk3tgtjxPkW3gT+0dZOMuOb2TVQ6rfv1ORI4=; b=Clu4ppl4ZT2zC/mK/7HhKN/ltKNoNr5mTkJQGVjwmdUEZAbJ4dSDmciw0KHxG8p9fK IBS9cZiackvKygwZXwUXsuLcVBJjCA0RaoSQJcXhaOx0IOKuW1JSkDsDmBAbho3f1ewX IeQ+3KVK5BJ6NBKS2YqVe7W9fEIPdj8Yr1D9KVR3Bf0umEzTNC3EyP+dFOQBs6uVGHJM ilZmM7DQGyST2naZax+d2h0OiKmQ5SJC2/y7Wla/XcIJJ2aHW5cB3UvliX9oJZjotDuo tN/2SzVeMUoHyvkrlNJ3/yNYZLtKsu0AvSN8p9OfdQ1o94Eakr1xejV0IXAbf1sK2jJp IF+w== X-Gm-Message-State: AOJu0YzIBXY6bG6vvrXAj21kU25uTyHP1kZYbNC7oGNlSVHlPgTtaczf QqKjCS2G2aMSD1TD9HTl8LeEtuaAedo5h1YrtEHGsrLP1YhWp5za+IxRG2bh X-Google-Smtp-Source: AGHT+IHcZlxM3Avb4PZ4hV0ZBNoZPejANZr79FXLCCz3gH6IYVVqkLcaZGQjJ0RrwvIfBSVKMxBnHA== X-Received: by 2002:a2e:97d4:0:b0:2d8:41c5:ad64 with SMTP id m20-20020a2e97d4000000b002d841c5ad64mr1820566ljj.13.1712927675918; Fri, 12 Apr 2024 06:14:35 -0700 (PDT) Received: from ecke.fritz.box (dynamic-2a02-3100-5eb8-7f01-460f-8c96-5797-5367.310.pool.telefonica.de. [2a02:3100:5eb8:7f01:460f:8c96:5797:5367]) by smtp.googlemail.com with ESMTPSA id h18-20020a17090619d200b00a51a80028e8sm1821267ejd.65.2024.04.12.06.14.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 06:14:35 -0700 (PDT) From: Rostislav Svoboda X-Google-Original-From: Rostislav Svoboda Date: Fri, 12 Apr 2024 15:13:36 +0200 Message-ID: <3dbbb59fdc650a20a0eb853a0d30aaccae1beae5.1712927299.git.Rostislav.Svoboda@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::231; envelope-from=rostislav.svoboda@gmail.com; helo=mail-lj1-x231.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Introduce the ability to specify channels for downgrades in `guix pull`, enhancing security by enabling users to trust certain channels over others. This update maintains backward compatibility and updates relevant documentation. * guix/scripts/pull.scm (allow-downgrades): Option accepts a list of downgradable channels, add '-a' as its short version. (%default-options): Remove validate-pull. (channels-with-validations): New procedure. * guix/channels.scm (latest-channel-instances): Signature change. * doc/guix.texi (Invoking guix pull): Document changes. Change-Id: If947a2453c520463d77da9591af9ac03e6472afc --- doc/guix.texi | 21 ++++++---- guix/channels.scm | 61 +++++++++++++++++------------ guix/scripts/pull.scm | 89 +++++++++++++++++++++++++++++++++++++------ 3 files changed, 127 insertions(+), 44 deletions(-) base-commit: 7af70efd7633b0d70091762cf43ce01a86176e8e prerequisite-patch-id: e64f0d27446c1c560ad851f367a2472c14a7037e prerequisite-patch-id: dfa2d04882577e60f7d473731e434454b8852644 prerequisite-patch-id: cc23ce978964d00cd66167c9465795838079d103 prerequisite-patch-id: f802f9482cfdb9b3b403616d8c2e91a252eee72c prerequisite-patch-id: f1fd30f4906d43b4a0cbd16d45407cb75a3af0d5 prerequisite-patch-id: 375dece6d1cab20d1f4b4185c872634faa63d877 prerequisite-patch-id: 46680596f20c72c67fd869c057fb7eb0904f3bc9 prerequisite-patch-id: 866db02be533978a7953f5404a01335ae9434cb0 prerequisite-patch-id: e0e407612802204a5a17ae9678b78f13a6957a4a prerequisite-patch-id: 1d7d9a6c7af37a60d9b24ec5b6ddfcb63bfa3658 prerequisite-patch-id: c54d19e7e00697430d955942249f8ac06a0d5e0d prerequisite-patch-id: c51a937244a2bfd3098b14dacea70820e4175cd3 prerequisite-patch-id: 0d64205fece7716a15913d1b5b1e6264542c3e6b prerequisite-patch-id: 48a4c1d593f45b030b20d21424423b18fc628be5 prerequisite-patch-id: 5a7198d3c2e5c1711c707875657886fada86045c prerequisite-patch-id: a5426596293ad72222b40b165208718ac360f076 prerequisite-patch-id: 3d69d13f9f454733518329cf6c570dd3ad4e8ec4 prerequisite-patch-id: 9359f1cfb68b8f2c251db5c79cacd696ab7a61c7 prerequisite-patch-id: e3c63b7b5415c0defbb04b6332d7fe9c0f9f92d1 prerequisite-patch-id: 6820bafc717331edb240b9c5d0e6ea9b56f0d268 prerequisite-patch-id: 819a40d73fd85f0abbb6de717702cc350a638812 prerequisite-patch-id: 389cfca519329cbc85ed6cf9e4f19457584e7113 prerequisite-patch-id: 93ae07255880b16be653369b88ac4bab01531de4 prerequisite-patch-id: c4ae064694c171c4709e0bbbce7dcae9a3ed3640 prerequisite-patch-id: 8e3e598481b5985c08e5e0b47064b517b7303ec8 prerequisite-patch-id: 01933610286e38850935f6832db66bc68ce867d9 prerequisite-patch-id: c46d5e95188b94c38b0effb5eacbe9d645c88625 prerequisite-patch-id: 9f7f301a7e1617f3edd6bfaa89e99b33924a6041 prerequisite-patch-id: ca097b601f748da69c706eaf70ca94e66cd80494 prerequisite-patch-id: fb9f6159a1e6de7c5866068731156d459ad33b62 prerequisite-patch-id: 4f42d2dc345f4e5d534be7cf491a6955f06d9ebe prerequisite-patch-id: 52a3ecab13d8feacab75727f9a09d5ab108d1a23 prerequisite-patch-id: 25b017882ab15f59a8b2c1613ab321795a17dde9 prerequisite-patch-id: 6d7299f9a81a7a93e47b38c00e0b1d924ce8b687 prerequisite-patch-id: d192b54857d9029fa7f88dae85aa4a3b5163c332 prerequisite-patch-id: 92919e6803391635e63c33196c2a13eaf8ebc283 prerequisite-patch-id: ed7ba0aab3ec834bcfbfd67281392e49d9cf67a5 prerequisite-patch-id: 82406c3bc8cfee6acc8c8079015070f283fe79e3 prerequisite-patch-id: a59d1f2dc396fb7a2d1b4d51d83b4f77659fd9c7 prerequisite-patch-id: 8fefac2b53befd391dff2c96f4c6a3699a3060d5 prerequisite-patch-id: 9ddab69dc4619551f7334fe4b400e592ed4393a7 prerequisite-patch-id: 0deaa2b9c7bc444b22053af11b234ca4ccf16399 prerequisite-patch-id: e0a866813a66138498944da75bdad86f596bdb7c prerequisite-patch-id: 62736ca29e36894d18f65532cc28cfdc7336846c prerequisite-patch-id: b586f071a3faa5dcab26a252e9e378ff7e9a0687 prerequisite-patch-id: 1812d030ccb0890fb5aa1f9397ed82fb21479825 prerequisite-patch-id: 31dd5fb7a5b242e8263d570162db341147211da6 prerequisite-patch-id: 3883ed174c39f0fc7931f50c71f2060504ff462a prerequisite-patch-id: e90161d1e23ff002d4f2d857e596ba65eec483d8 prerequisite-patch-id: 61d34657ffbd7381cbde53c679129dc255a42ef9 prerequisite-patch-id: f17d9fa7c863667737420d2541bcec4537515e8b prerequisite-patch-id: ff994a1d3e932e75eb88747bc1933690da835dba prerequisite-patch-id: f3b5d769de6ad0adf1b416f0a6f0a2bbaf7ed223 prerequisite-patch-id: b646681f04f59b46dea1f7c6d4344578e0bd26ee prerequisite-patch-id: 96aa449e0b10733f455552f96c3665cc52a2d8da prerequisite-patch-id: b21ad691e53f0c96b6412e176413f904f5c8f46e prerequisite-patch-id: 28a9474b4f516613c1e73504b44bb0716505bff1 prerequisite-patch-id: 7c7d301e9827ddb4bbd5054e4d227e02561c4cf2 prerequisite-patch-id: 0801807425306d34c12e0718fd67973092e84b56 prerequisite-patch-id: c059905a50861b9c0e0c3c0359db4847c6bb3386 prerequisite-patch-id: abb0c728d67f1e57a87d5cbfec93bb77b4a766c2 prerequisite-patch-id: 823fb528dee836deec3c5154a23167d773f4bbb3 prerequisite-patch-id: 11a7b07fbbbb45cbdea63321fa5657a3037a69b8 prerequisite-patch-id: 1900015cfa7370761c371d243038caa8e0576d05 prerequisite-patch-id: b724fddb5e4f81644384296be36f695c48d866df prerequisite-patch-id: ab85ac4bd58ecfcc65ce6b003a48530172040ddb prerequisite-patch-id: 653a88a96f1c8bf90f82e4d0ee5828e8e417ca69 prerequisite-patch-id: ecd314828713060dbe48b00d6962adcf58a4d419 prerequisite-patch-id: 833f9bd5e73f7119d93de182c39dfb96fd6b7863 prerequisite-patch-id: 00bc17f527ee712025e18cdc5469de2b59a04fcd prerequisite-patch-id: 4015e7d087d5f7b9248fe4c8b0a28a05c3af1c02 prerequisite-patch-id: 8d82f9e6e183647a0bf71e23815e2941e44a3f2b prerequisite-patch-id: 6474ef2249845b7bfafc6165e31a1de6c9dfcf18 prerequisite-patch-id: 532fa26ec1e1eddead55a04e7dd81d336434cec6 prerequisite-patch-id: d0c7f0a3c9c701c752390e7f8874b831a51b4721 prerequisite-patch-id: 5e832cefe1aa9bfe819544fb306c6b23c2c9e7f0 prerequisite-patch-id: d66e51cdcff3ede7b23d5091984a1aade854ac98 prerequisite-patch-id: 6b7cf832abbf146396d7df86cd4f878a904a0320 prerequisite-patch-id: 63834babd74f8def30ebe7b2ca4dbed4b28c3137 prerequisite-patch-id: 0289f88620fd72075def4ac9c4ce6bd852d7f1a4 prerequisite-patch-id: 1f41c559441e467bd73bb1df79a63d6a0109b96f prerequisite-patch-id: 24e7a521375e8acea68c3eae6f3254b0e5dee0c9 prerequisite-patch-id: 49db410eaa0d7458a02cb32b86c2e2623d765efd prerequisite-patch-id: fb4b7556c93cd0a1f4aa2be66c6a215d66c5bca5 prerequisite-patch-id: 9a9bb6ba3e1fc11c21fbe1866e66d9cfe6d37699 prerequisite-patch-id: 6c47deafe67eb028713cd50aa9cc79e6d3245cd1 prerequisite-patch-id: 39f79ec625a9638bcf4b3baa6330409410c3482a prerequisite-patch-id: c2d13e3c12ebfa112a263f665d6d183f06e471cd prerequisite-patch-id: 50897a59062a9a9493f5c3cbe4de6e7c31253dc4 prerequisite-patch-id: dc2ab1ba8eb9254b54aec802cd5a8554ad0d7427 prerequisite-patch-id: 1b5d3e05ab39ab71fbaa1f89bb87671531bd8996 prerequisite-patch-id: 4d8469b9f311c2537b2b17361b514133c1bc44c6 prerequisite-patch-id: d1f4af7fe8fe28fd07a7304d492aacf8aabd554c prerequisite-patch-id: 7aa53008d8a25cbc8d8bf4a957dc14fc41a22cdc prerequisite-patch-id: bec04bcd1a8bde390df50cc3ede20330d89f66ae prerequisite-patch-id: a62c77d02ba4daa8787569b1a994f0d13d5586a1 prerequisite-patch-id: 85c8af3f3b5ddfdb0a945140da8db78397014216 prerequisite-patch-id: 706e9ff224b29f69e5ff46bff78fbaa6d5c8a965 prerequisite-patch-id: f6ec22a324786d424e37fdd13e47d93707be5e29 prerequisite-patch-id: 6c54aae06ad841022e3b9ca5bf5a9fe5666e20b8 prerequisite-patch-id: 5d8a0e8b34714ede8b1e7231e87e14775e59fe03 prerequisite-patch-id: 436ca0797f40803a29cd92642779b39053f57415 prerequisite-patch-id: 67314ee95ba419b10665b6dcac740df43f50f286 prerequisite-patch-id: a1ebf7ce0cda0aa984950c3d297993a47b0b55c5 prerequisite-patch-id: 8187a9938c4486260fa963ac8598f2e79f316a14 prerequisite-patch-id: d0577705afaae403a4870cf9eb46a88c309720f5 prerequisite-patch-id: ed724c179ae06be02fc6f29564a03af286ea10a3 prerequisite-patch-id: c6e7e4bde5e1e83790c13a6c7c756dde83f15afe prerequisite-patch-id: 0668f66b2ebad6403f57d4ed949bd36453c9cfdd prerequisite-patch-id: 809f06dd2dfd99d0243fe295a288821c0f227e60 prerequisite-patch-id: ae9198b8ce83182d7cc70f5764e6aa2cfd3785dd prerequisite-patch-id: 0ef999884cd6f5b9b7b1c6c7bcf651544577e0cc prerequisite-patch-id: 8218aa7aa4faced270f5fc4a390a9ab14df294da prerequisite-patch-id: a9ff1cbede308ddac21a10490cd3a69da1540134 prerequisite-patch-id: 44cdc5feed948595d67960c23f097c58cc03166f prerequisite-patch-id: dec7ead565cb54631dd6c2c89044fa5a5eea702c prerequisite-patch-id: d4049c80d5c8ea3ae0cdd4933ef4374bd6c1af1f prerequisite-patch-id: 89a148b621b299e6012de347aa346f85e02c665d prerequisite-patch-id: 4fc8385e8a084c168ba967d0a5c917d13dd2a7f0 prerequisite-patch-id: cc8a049aa55860942e3ce18d701c2916e8259a19 prerequisite-patch-id: 1e5d88dfead0e9ae42090655e1d602fe5f07fdca prerequisite-patch-id: e853cfacdadcb1c102592324b00a2ca558e78b14 prerequisite-patch-id: bdd3ac1f6cd0f0a61578ed6e9633fbbeb88314bf prerequisite-patch-id: 99353ed7ae4d5564ea7cec6f0f88ecf888c3af0d prerequisite-patch-id: b58b2ad5e50c1a683b5a585a040d1f3a436c5ed5 prerequisite-patch-id: 8eb6ff783b25d4f3f79605ec7b2ea9d965702060 prerequisite-patch-id: 57dd63bbac0618e8267d14a142602f540ccbc03a prerequisite-patch-id: 777c2b37cdb65376300d8d351c1a3a40c5899edf prerequisite-patch-id: f229670b487a65c74032b00d87bd558702fa45a7 prerequisite-patch-id: d16f9431ae0f904bb5f92d073f3d5098b43de98e prerequisite-patch-id: ba26c3bc4e3fb43ec4b30686e5aa9591b38dc521 prerequisite-patch-id: 10ebc9937d51c0343fa58ebf9c21a2169e25ac2f prerequisite-patch-id: ec3fe0e7750a3d3898c30ca8919f748b3246edf4 prerequisite-patch-id: b76eae3c45eacab41a2fc3c6a938142822727750 prerequisite-patch-id: f24a30e97c6bc7bfe6285fbdfdef6c04031332a8 prerequisite-patch-id: 000bd5bfe1e962fe9dd206c6710e5c3b3a694b19 prerequisite-patch-id: c07a82e36e089126bd6e9ac597ce54ede59b1b07 prerequisite-patch-id: 9b5edce8468eca7c168c441487fc6c61d96bda26 prerequisite-patch-id: b9e1fe07f6138ff7d7f89019e6a05e5a48078656 prerequisite-patch-id: 8e06d2fbc82785a48a67e69b7857b8fd058d6390 prerequisite-patch-id: 4cc91fb8ac40821862fde116b4fcec99fe58607a prerequisite-patch-id: 808b4588379e262d3dc2aeb8dc39038b8fd5d18d prerequisite-patch-id: 624297da775fedc0d54685e6ae15ea7ff8b70a3e prerequisite-patch-id: 666301163dab8a79ae623768860e410af007a381 prerequisite-patch-id: 031fb919d2b513a7a49370c72ad68d7b9da54ce1 prerequisite-patch-id: 3ca2a08de287f610cf62f630e7460d08148009e5 prerequisite-patch-id: daf79beb6223d15072dc504c02390e3d6861a45f prerequisite-patch-id: 63daa16b14fde4ae4e254d6648ee95008fa532bd prerequisite-patch-id: febe68abf452e18c8581d77a02f07302872a8447 prerequisite-patch-id: 4b7bad04859079f63e8dcc59b132f99be9bef3fb prerequisite-patch-id: fbedc8771b3d946eeb36e4604ca6ed79ae0c0662 prerequisite-patch-id: c811604d44439a29662328ecc08bd6c137af203f prerequisite-patch-id: c17a588dbc2c1f7e71f2c63c6c4b1a08904e1270 prerequisite-patch-id: f695bc6e04713fd1cf47fb225ad8c3a898f7f794 prerequisite-patch-id: 4c89e84ee39b491e797945ba3747c39a11ade2b6 prerequisite-patch-id: 43f5bdd25d7d27fb025c1ff6a259d9f8037d39c5 prerequisite-patch-id: 2610793ce2711cd0dacdae3f71000bff8234e6d8 prerequisite-patch-id: 4d2d4abd7881a0572b4f8040ac47c6d7d2a6c7c8 prerequisite-patch-id: 3a1ff9fdf32ec74eb15d5bfbf2d4fd19b575fc0f prerequisite-patch-id: c3ea3842c6d84c92bbdf9dffd373d19603d7f49d prerequisite-patch-id: 5ac260d14be9ea2ba0172a840884e81de5e7bb75 prerequisite-patch-id: 06f9a3d4bff79bda91d9cdd620ecab3123af4b99 prerequisite-patch-id: 005725cf638483ac094b50d93774a0c48310194f prerequisite-patch-id: f3ad3df21e262fe88f248129f5efa0ed364acfe5 prerequisite-patch-id: 0d9f52508588c8a3c6295c6577f42bd831dfd7d3 prerequisite-patch-id: 5c1f16647fed2e82b554b68c06c2d1f62d6ee49b prerequisite-patch-id: 60df7c9bf2497a3992dce92d5262e96024edf31c prerequisite-patch-id: c68e7931f12e4c59224e884223d79ab25e07a5db prerequisite-patch-id: a42771427174629d48ea8a44f519a9129ccb0d91 prerequisite-patch-id: 72e188c19baa1522f91d64de852755a5b160b9d8 prerequisite-patch-id: 5dc957032e01c44d8e842edcb2e76f088cae8ecb prerequisite-patch-id: 4ba5eefb1fcddecbaec970b52f6fd06a00e6c52d prerequisite-patch-id: 299d1f029e8a78748ee108a333d47716fa322b43 prerequisite-patch-id: d7425a5fb7a4ff794742232b051536dd40419cca prerequisite-patch-id: 583a3001411e4ecf4adf1ee8b493d54572eeee6c prerequisite-patch-id: 8e8b3110e4527a321b52e4cabc99285f75129534 prerequisite-patch-id: 0101b154dd6367068f8a5ba7d4abe4063ad5f3e1 prerequisite-patch-id: 37574a831f4930342765b748480b3df8a377df2d prerequisite-patch-id: 9463ab8b81a49bda03788c89cee815c2acdcf30d prerequisite-patch-id: 7133e80cc6d5283e2d5703293dbeaf3126ad27d0 prerequisite-patch-id: 586ac8c7d55abe4a20b8a4b1b1e314bf5759a897 prerequisite-patch-id: 243b80b0fa3fb621341b07ed09e7e4be3b900c6a prerequisite-patch-id: 158d2fb559ffbf2dcf112e58aedf4f955dc24c1c prerequisite-patch-id: 8f85d193144663d0021be1a77e317bd109c8a621 prerequisite-patch-id: 8666f84a6c97b3fa1d7565aeb86a30868fb86002 prerequisite-patch-id: 46fc39c64b488d0d05c1f75eb2b762c0d3736825 prerequisite-patch-id: 8de0ded129c99d9827723b9704fc71e9ce60fc01 prerequisite-patch-id: 287760bde51e13a1923a4b53861657a9fbbabd8c prerequisite-patch-id: f40bed11183649ba83896beacca34cec6b53b004 prerequisite-patch-id: 18ebb77e05266e600e66eab18f50cbe439114a4d prerequisite-patch-id: cc08ea4132bb2d07cf26f2d1be02ded20ff2ec90 prerequisite-patch-id: c2d6bd8f3900373ac68c0e0e983977ba72f64aa6 prerequisite-patch-id: b5f678b9d5a00b9ddc22034f12f71142965f7337 prerequisite-patch-id: 5dc70823540367eed9b188ebdbdbad6dda0c33bb prerequisite-patch-id: 4f4a022b9f7cbb354279fc3100b71949c8cc126f prerequisite-patch-id: 1c3d5d7518681a0ffa79f1828709d66eef09a735 prerequisite-patch-id: 3bec5d4bc63bb79ec76db1b424d4aefdb4d45df0 prerequisite-patch-id: 9170de444c5fb9ca9e7a2e6e9887334831303e4b prerequisite-patch-id: d079c3ccb67ca89d6d2bfb6cb96a8d331e0b6cb9 prerequisite-patch-id: 938d47e37d4f7fd8bcc632d144c202b5a0c04884 prerequisite-patch-id: 4e75f7b90d936f7fd3256997c232c0116b6c9c8b prerequisite-patch-id: a1fc5372c89129434927bdf6cc935b3cc7d2c637 prerequisite-patch-id: 3c291de7c40987e423de6ac7628f37ad7b9e8972 prerequisite-patch-id: 50775b74ad6749d099a554e3cdc0f7e805b68d49 prerequisite-patch-id: 6afad40bca00c6d342738a20f8ddc820c0c40b2b prerequisite-patch-id: a5c9a3726ec6e5c60f33ad6df49317bbd41672c4 prerequisite-patch-id: 8e577234383e6ed511bcf3581e04325cbf60dcb2 prerequisite-patch-id: 1675bb658c90730025a744f7869a3566fb5cf41a prerequisite-patch-id: 9c02fe03b70a5312cc982fd4b48e73e889a9afdf prerequisite-patch-id: 054b7faed9b7442b9b4f856ffc2166b72fc514f0 prerequisite-patch-id: c389185e7416a1505c8a769c739b040fea26a805 prerequisite-patch-id: 6e1fecd20a532eca97a9ea044765186159f6551e prerequisite-patch-id: 1ad8cb8f6e5ccfb35b32ea20a1c2f0b25de08b6b prerequisite-patch-id: 9a72f1e2eda3506da18d209bd83c0a45adeadfe3 prerequisite-patch-id: f6439fbf1c313fce92526da08898137e1c4c5516 prerequisite-patch-id: 36417d4c2e0f8689bf385c856903dbca23ef7397 prerequisite-patch-id: bbe330f3efb49f901d8ec24f356e34b499f700cf prerequisite-patch-id: 5dd47338f678784efa3f4f3ba31dff0c68c71d9a prerequisite-patch-id: 6e2d4930e534201e18c3e38320ef17c71dee1dc6 prerequisite-patch-id: 9e6aa48c5a0a8603f391ff44243261d0d8c2577a prerequisite-patch-id: cd95cd5a24cc03890e1fa9ef3032b653819e1c9a prerequisite-patch-id: 160b57156f0e2f80af128847b93619ea898833b8 prerequisite-patch-id: 9a4a4978088a4ea154cfbcec17a31ef6e5e1074d prerequisite-patch-id: dee2c2c332ba35fde672fea8056eb8ed56c024cd prerequisite-patch-id: c3808cff4ac4e04405205bbf461f03b4c728d0d7 prerequisite-patch-id: f1e503ec8fd7998d7bde805b4d0f3fff46d4a893 prerequisite-patch-id: f81eb8e46e5b122e97a8aeff731479d1d3d61870 prerequisite-patch-id: f68b17cf1309cf3f25e43bd44d19c0db1d729ec5 prerequisite-patch-id: 1d3e5e0163a2c29a64dbe4c621c1e8e14cb2b286 prerequisite-patch-id: 31f3147040f581cb68d9b8bea1e8fcdb49e18724 prerequisite-patch-id: 0098f37a24f4df48825919fd4ce8f10fccbbf40a prerequisite-patch-id: 03b1dca8120732810fbf4cf03365f2b4fa910542 prerequisite-patch-id: f84f9cc5ed38f496e12f3c8ac0d23b85ef3449fc prerequisite-patch-id: c2dd9f70835b16b1b3897f50ccb3b4a39f0ad8c4 prerequisite-patch-id: 5eac3d761f29aba27bc16915c05d9b1fea81184a prerequisite-patch-id: 912aa0b6ab9e3d7d720ba9bc6b5c27b89ee280cf prerequisite-patch-id: 6c0d1f5f372762e7022b2410adc333e404a036ce prerequisite-patch-id: 844bc1e9fd8dea655c2ed139dcc7c85f071f3720 prerequisite-patch-id: d8c7f8b3ebe71fc9a50801f895dd3d761c6a4098 prerequisite-patch-id: a2eceeb8e567ad4983ee7e59bd0ee886ef7c55f1 prerequisite-patch-id: 45d9caecee88c2605cd8842b4a0bb83fb62756bd prerequisite-patch-id: 73ae4984ab4d07d5c9674cdfc15014c553b3a8af prerequisite-patch-id: cc538edcfe86bdb12f6d47a9b78a035132aa3810 prerequisite-patch-id: 18cf055d341e69b6028ba78f372892fe2dc76336 prerequisite-patch-id: f59108f4830bcfb6453ec9a2e685a5cef61d2383 prerequisite-patch-id: 7453f9edd0b5c3271d4f6e9de12b58ea9d502f8d prerequisite-patch-id: 5caddac4cd57c2e6d42bab4ffbcf2c3d6228ea17 prerequisite-patch-id: 4c46a01cb6ee025390501b09f9348e2a8e381993 prerequisite-patch-id: 4f8cdfaab6315bc65b3f38678e22e5d00c7f30be prerequisite-patch-id: c94469de4689a864b5e75763b184b023c9c7445e prerequisite-patch-id: 1a9344c24472b1daedac6a811dc0f2d8f9bc6eb5 prerequisite-patch-id: dd9c9ab8c6d26fcf6ab78da884f49c42d1c68eea prerequisite-patch-id: 34868ce87a741d970f9aaf88c5c8541430543b22 prerequisite-patch-id: 970b913f62efb7d6335982d24729d19e634b7945 prerequisite-patch-id: 47036a978b9dd7995d46f77ae1697d2f9e507e83 prerequisite-patch-id: b27bf719d4dfdb065c03cc8a160396f7711f29f2 prerequisite-patch-id: 6a0212dddf9bd47fe54d42163c41e497a6f65117 prerequisite-patch-id: a93d5c36334aa7b661b228c834e25997366ed8c7 prerequisite-patch-id: c57f197c5d4b671cf0570c05461427bd0ba670d5 prerequisite-patch-id: a90151451f07e35b06be94678ceeb9d4a50ae950 prerequisite-patch-id: c75d7f23d9c4c73d60921dd5fcdc8c056df996e2 prerequisite-patch-id: a50c960d4bd6aa0cb48e2f35456affce98554c61 prerequisite-patch-id: 61ee7f8a98d4a1d4eb49bc706170a65aa6349dfc prerequisite-patch-id: 7a36b0fed429a3326779575c81065c5036d6f910 prerequisite-patch-id: f1ef4133d8f77e36c9a3135caa539d1be16f8039 prerequisite-patch-id: 6a72ea9a4ba18f7b0e090b61429ea9d5c376d04d prerequisite-patch-id: 821ccb28a4cebb703b155729e0f7203f4b1a30eb prerequisite-patch-id: 8d8decdfe49f15a1ce37ae4eca0f3a7ba60266bd prerequisite-patch-id: b982b85f3630eee58214dba394d6d289cab30444 prerequisite-patch-id: e57f4a998af683e5389d70c56ebcb3ff787709fc prerequisite-patch-id: cbb956ddcd7915a647985871c220c831c3d4bbce prerequisite-patch-id: 9a500aed6e9974e705aa20c51f232f90ffaa8f9f prerequisite-patch-id: bd3436a91924339e83e4780e20d354345c820d34 prerequisite-patch-id: 23d3567eb8a5ddc7fed69e01d10662717419a191 prerequisite-patch-id: d4c5fef20346bba633ab94bdb052c6de9b0e453a prerequisite-patch-id: a2826776b8fcfedaf3ae425cd0fe0c4272be2364 prerequisite-patch-id: 1a1d7759acb5b6a0c1bb5a4e1f6b4b5e5e9e51bd prerequisite-patch-id: edc9f52fe850363bed5b2ade92a454d401329263 prerequisite-patch-id: 7a2e2df63b0f6d389aa7865b70f25082c948d88d prerequisite-patch-id: 1447051118876c7f3dff81df7a40750dcfd8fb00 prerequisite-patch-id: 00ec72b6c3f21f16fac94206d7bb47048a32322e prerequisite-patch-id: 9ef932c3a1509589b7e4398a8c3c89bc5fc40bb9 prerequisite-patch-id: 805ef22d10e8863c51f406fdc6f60bcae72c6669 prerequisite-patch-id: 553a63b55e3db3b6c8fb9bdf8ec88875c4e184a1 prerequisite-patch-id: ca3d4781bc2ae8c17152c3d86f180bc339bee7f0 prerequisite-patch-id: b35dc108169c49d64f893684aa5194e99880e149 prerequisite-patch-id: d4a824429aa9abbeec81ced3cc2435e765809574 prerequisite-patch-id: 304b21e7031989556e16bc7fa0371977ce4145e8 prerequisite-patch-id: 6ac9dbbe5dae2dde1ea5414ec857b0c6d8dea576 prerequisite-patch-id: 6b47c87c4a68cebae3fec88164fee7d97bd19f14 prerequisite-patch-id: 453e434a15330b53516bbf85cccb98ce855ec3ac prerequisite-patch-id: 529b20d51875e1fbfdc5717051067b1a06b87dff prerequisite-patch-id: d09b02f5c6a0f1a2e6b74d67aeeac4350bf56938 prerequisite-patch-id: 47fe54ebb375daf84c71069ea3a0805d6f7f52ad prerequisite-patch-id: 08b4ea5f8ce7fa92963a9b0ff4ead29d4e9fbfd4 prerequisite-patch-id: 347c060723c3f351e1efeedf20b368ea40cd1cd7 prerequisite-patch-id: a6e0f2d751527d45c7167d516cf91ff3095efdb2 prerequisite-patch-id: 7e66ad784a43f55c65bf325417138fb02851a7d6 prerequisite-patch-id: a63b483b61a087162fdca94add0d23fea72a11c9 prerequisite-patch-id: ab30533aa5cc6c54aee014e423da7c6cbea39d3e prerequisite-patch-id: f7d5feab65b3c0a6a549b8f13e29379c3d1b36e7 prerequisite-patch-id: ca1b17d35d3ff8b05027e1cb52ef426a85c582a3 prerequisite-patch-id: ba1107d619ed5930e3dc0261e81659e03d921435 prerequisite-patch-id: f949265b5004bb1ac6c328ef1e718938df65da83 prerequisite-patch-id: 67807d846a1633f1f40a4b44bda03b2f45fc9fab prerequisite-patch-id: 95a1e54cf33eb6df03e4e12946b9eeb8db5a1ffa prerequisite-patch-id: a0bd501f38a20fe46c2ed9fd483cb1ede1eb8472 prerequisite-patch-id: d624e9e7e1e36a50dbb7c070992bca25fba55c1c prerequisite-patch-id: 8e505dcd41728e50f4ba2415b872d80c251cd9f8 prerequisite-patch-id: fb78e5203171f8328c5382306a6c0fee8193c973 prerequisite-patch-id: b6d73eaf238267f5a2927a99e357475a72fd587b prerequisite-patch-id: 3adfacfbacce675198e87dd872ff8f0cdc566987 prerequisite-patch-id: 4514dfe11632bab14d4dc9812ed46e5f4f116dd9 prerequisite-patch-id: ec6871db78a15fc2e71b07cf87232a613af51d23 prerequisite-patch-id: 274ccbc822e44bbb68e16caf036697b4ef0dfdbd prerequisite-patch-id: e37159bc30b56de2e1685e21d59ff6225733a2fb prerequisite-patch-id: ae02fd29e0237f7e6b1bf8466b612f24c5dffc6c prerequisite-patch-id: 311b02bc6476fbf3b0e4b5bd18f65bbfe59ed27e prerequisite-patch-id: d5465b3cfc187cda8ec5875dbdb9531d1ded6f87 prerequisite-patch-id: 7b55b10adc1afddc93d4e42d3f532623c3a2e934 prerequisite-patch-id: 7831cad70e720cfcd5444ef0835ddfc06c11cefb prerequisite-patch-id: f76df4b2b3655def61b52f2f1a680135ae79ff8d prerequisite-patch-id: e34680aa4ade1b17df81890b800862d4d070154f prerequisite-patch-id: 0517d9e6713dbe9332df218a047aea17d470a59b prerequisite-patch-id: 19cc6a6aa192d02ca1ea09a1a83456ebada634e6 prerequisite-patch-id: a1ab3a23d85ae911bcf18adbb7fc1921d3f43685 prerequisite-patch-id: 7eaaedc29f8dfc2a97b7e046bcdb41abc685b258 prerequisite-patch-id: 320b38b0ceed88a367da19435b1a538ed1b4fd56 prerequisite-patch-id: 7081f1afadcc43d8ca75843faada7029447ba87c prerequisite-patch-id: 9ebc296f4fd14380585d0c328348e0a7ad822d83 prerequisite-patch-id: 80db168983a618e17957e6f1d2056bbe7658dcf6 prerequisite-patch-id: a4b65d5bbe47daefa8f5ad28b2a60d62f58511f9 prerequisite-patch-id: 09a48e243c6a05f03ca11dfbe6dfe799361db138 prerequisite-patch-id: f5f9d4eafce71f32a724eba6c34ec09f45f07144 prerequisite-patch-id: e4a37bdec5abce981e3349558914c2ce7450f00a prerequisite-patch-id: 957db8bd8936dedf40f59a91a3879a4072c31a12 prerequisite-patch-id: b826b9ecfbfdc70b792500f102ef7d4c8b32c8d1 prerequisite-patch-id: bf50f7b1ebc767d64ffa833446d8e5b0f05a7f8f prerequisite-patch-id: ad220eb76ac18bfd031154d3f3975d16933ea3a6 prerequisite-patch-id: e71efada01bb2281ef303a6841897b5eae489f53 prerequisite-patch-id: a0f0d81bdd4579222b91d83076bd2177ed6badd6 prerequisite-patch-id: 35d9530a653eee7869bde9355357922ce8f4ac6f prerequisite-patch-id: 3b6116b3586d3cbe539e95d8198aeb00a3d70bd2 prerequisite-patch-id: 237be4dfb42c0968267e644d3be2f83fd25a22ac prerequisite-patch-id: b711e53ec30f3f18ba9c9db66918c5fa2f1c885b prerequisite-patch-id: 5ec5041d0e68978aa05c95ac462e81a8a8258ec2 prerequisite-patch-id: d75bc5cc28ddc4aae8784c0c3a23decd993da992 prerequisite-patch-id: 317cd307f8314c33ee75f7d3d8cbe2a2da99c4a9 prerequisite-patch-id: 35c5471f06532a1de9d0461fcca8e381dbfd5206 prerequisite-patch-id: c3c54ba3efe4319a8f743e0d04e41cd725f17207 prerequisite-patch-id: 10b41ba92f6418da93985f702dc4d18c03b3dfee prerequisite-patch-id: b677efe91b421879f33f9529a63fe74bcb65726a prerequisite-patch-id: 77355becac8f8ef8cec11b421901011e8d672e36 prerequisite-patch-id: 9b4bd6b0e6a5d85029dcb9c4fd747084f9022217 prerequisite-patch-id: 266dfac72d8eb5497a7d9117543d5f2f5d513630 prerequisite-patch-id: 7827c6b82ded58cd79cf29dfb17fe6babf2fcf4b prerequisite-patch-id: 4fa72314f18708e5608059fe642f2c2d669335d9 prerequisite-patch-id: d2b45d0d3862076783145a04a8764e3b01fa4a7c prerequisite-patch-id: 13731078668f815fc09edc1e11480e03de3bd2b5 prerequisite-patch-id: afd71b14ca167ed512a328a97ddcd2448614ccac prerequisite-patch-id: ea387a4f9d860397a26c840c11c8742f0ac70fc3 prerequisite-patch-id: ef355ff43bfbda3b3f6b8e918b12a43aa1354709 prerequisite-patch-id: bd4dd0b450ec7119e9eda30677440660b1fe0c0e prerequisite-patch-id: a64a2413adba06d25d00a19e1649ffbc18e76fc8 prerequisite-patch-id: 2aaf8f0d38ebc949f2610d86e4ce6f9679680ed0 prerequisite-patch-id: c79a3ed696499fd6d3e4b6526fd43f3afcd3a259 prerequisite-patch-id: 13525aace311948825c12098fcba1fbaa2da8e1e prerequisite-patch-id: 14d676a1f9be29468a7b062e067be8c002ca1baf prerequisite-patch-id: f7e4b3c1b487a12a554e7390e677eb07b598fe48 prerequisite-patch-id: d3c033213ce18b7b187685cf7f9a86488e695df0 prerequisite-patch-id: b67b6bdab92b43156a17b81e4d664855b61a3a2e prerequisite-patch-id: ebb63f0a9fc43c79fcfbd878cd65d7d0e509d9be prerequisite-patch-id: 1ffda67da9e34e482a38c0506608daed2ba5813c prerequisite-patch-id: 9b0479571f29a197f90294ce6187826aeeeb764c prerequisite-patch-id: 48f9dfb4d4afb7d6630241bbe3e030692792a82f prerequisite-patch-id: 9533ae9e3764af1bcda86bc2aa25144066a10259 prerequisite-patch-id: bbe8faf500b3a5a15fda2bcbf33847469e13497b prerequisite-patch-id: 67e4c6d12623e089449944e1056a677b9345f788 prerequisite-patch-id: adb06edf2f45c7b41c184ffecf7afd0db512697f prerequisite-patch-id: 9825937196b6200426da9aa4352aeb75832a2087 prerequisite-patch-id: c8f5ca7d1266875b96727307b54341da03732a73 prerequisite-patch-id: 88a9de4f50e95fd6c1e4438eb635e331a24543d4 prerequisite-patch-id: a0989641f8bac1927debf2f7410c80f11d0759a6 prerequisite-patch-id: b6a669405f05cdf522e5aa91b60e3de8a5db8f43 prerequisite-patch-id: c7c3b5771d9e898e1222e9fa91b509e9f906db37 prerequisite-patch-id: 46969fde04c6018a7df740820889c91eeb06d0ca prerequisite-patch-id: a18f4312030213225a3bc1f950ba291acc163f09 prerequisite-patch-id: efd66886475b2196a6236f2cf48c48c5bdc74615 prerequisite-patch-id: 414fe81e77ead73d608b0b1c4b1bca9d0394bcbf prerequisite-patch-id: 232cd6530f508dd17d89c8247d6ac95f3d9ebfe0 prerequisite-patch-id: 986d37a176cacf59a741686952964ffdc668a5b7 prerequisite-patch-id: 1dd1189feef1e6ffc82a6b48fa1e6a63bf59efa3 prerequisite-patch-id: 171bb52a5d60534c0bcf72c5fc865a32cea5dc5a prerequisite-patch-id: 9241e1ed3743c07e212771a7853537cca0a4ab85 prerequisite-patch-id: eaac5259297e472736513202070a04aca85b3fd6 prerequisite-patch-id: 73243b73f091edf51254f39deab0d74a0346b487 prerequisite-patch-id: afce689b73f108b7ccd2fa2a3d741ed64943a5e4 prerequisite-patch-id: c580ea31036ada33c9620a1925e03fcafeaaab4c prerequisite-patch-id: 6f5c6535c075a25edfd4ee3bc05e8cb3eb7c58dd prerequisite-patch-id: d50d2eabebf349d74d1fd51ada0775cbdeff14fe prerequisite-patch-id: c77334ce5547cdd33e6c3075bc7c89214bb09fcd prerequisite-patch-id: 20ee4127d9c842c273b9a74abfb1efebcbb38acd prerequisite-patch-id: db8da6789d161b1981c13f607927c722f0a529a2 prerequisite-patch-id: 05965b4684132940d261ff856878beb9a56e941a prerequisite-patch-id: bf90bfba4df06e1cda6fce98c315df3d940fed0f prerequisite-patch-id: a3b3188ab9428343614339f3c7e9c2751906d28f prerequisite-patch-id: f0e4acf5b72ca6951273ff9e817fb5f7772d73f4 prerequisite-patch-id: 19db2eaaea5b76ab668de14c35ba0fe0f3bcbce1 prerequisite-patch-id: fae8684420b2723b3abeaa4f44294028e5665ae0 prerequisite-patch-id: 5430e8e9379aacdf2779cb6fe77c523199d0b20d prerequisite-patch-id: bc32e217755699169b790c3f8bfdf17e37cfec98 prerequisite-patch-id: e26b3244d4a326504ee9c8218307f448f0b410c7 prerequisite-patch-id: c6f4cdd70b7bd9c5ef71d6a51f2de41173732a47 prerequisite-patch-id: 8657f04c0baadc17c59fb4ca753b9a3d621ea6db prerequisite-patch-id: 15844599f2c3ca9980610df3d309cbe7a88ab225 prerequisite-patch-id: 26d4353d8612f6c77bbd7f33942ed15f510bfe6d prerequisite-patch-id: 1da066a88c66835923cb797e72fc5460b19b8446 prerequisite-patch-id: 7a95587373ef751546501146d0236853e7387ac7 prerequisite-patch-id: e9b289ae8caa0d0a800de54d59c200beb92338c7 prerequisite-patch-id: 879844bfb9b350c562883f3aec9e2437c11fe061 prerequisite-patch-id: ba523d8984cab6c1992a1f47dd364601c2ae6e2a prerequisite-patch-id: cc36cccc087bf4f2566861f75c93dc1c1a0eec7e prerequisite-patch-id: c117baf0385e7763618087d1b015f7ba4d67b2fa diff --git a/doc/guix.texi b/doc/guix.texi index 5827e0de14..6126c1b5ef 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4565,15 +4565,22 @@ Invoking guix pull Show which channel commit(s) would be used and what would be built or substituted but do not actually do it. -@item --allow-downgrades -Allow pulling older or unrelated revisions of channels than those -currently in use. +@item --allow-downgrades[=channels] +@itemx -a [channels] +Allows pulling older or unrelated revisions of specified channels, or +all channels if none are specified. @cindex downgrade attacks, protection against -By default, @command{guix pull} protects against so-called ``downgrade -attacks'' whereby the Git repository of a channel would be reset to an -earlier or unrelated revision of itself, potentially leading you to -install older, known-vulnerable versions of software packages. +By default, @command{guix pull} safeguards against so-called ``downgrade +attacks``, where a channel's Git repository is reset to a previous or +unrelated revision, potentially causing the installation of older, +vulnerable software versions. Without specifying channels, this +protection is disabled entirely, posing a security risk. + +It's advisable to permit downgrades only for channels you trust +implicitly, such as those you maintain. For all other channels, +including the official Guix channel, downgrade protection remains +recommended. @quotation Note Make sure you understand its security implications before using diff --git a/guix/channels.scm b/guix/channels.scm index 66f3122f79..af5a0b26c4 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -497,26 +497,35 @@ (define (channel-instance-primary-url instance) (define* (latest-channel-instances store channels #:key - (current-channels '()) - (authenticate? #t) - (validate-pull - ensure-forward-channel-update)) + (channel-validation-pairs '()) + (authenticate? #t)) "Return a list of channel instances corresponding to the latest checkouts of CHANNELS and the channels on which they depend. When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a \"channel introduction\". -CURRENT-CHANNELS is the list of currently used channels. It is compared -against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called -for each channel update and can choose to emit warnings or raise an error, -depending on the policy it implements." +CHANNEL-VALIDATION-PAIRS is a list of pairs of currently used channels with their +respective validation procedures: (current-channel . validate-pull). The +current-channel is compared against the newly-fetched instances of CHANNELS, and its +validate-pull procedure is called for each channel update and can choose to emit +warnings or raise an error, depending on the policy it implements." (define (current-commit name) - ;; Return the current commit for channel NAME. - (any (lambda (channel) - (and (eq? (channel-name channel) name) - (channel-commit channel))) - current-channels)) + "Return the current commit for channel NAME." + (any (lambda (channel-with-validation) + (let ((channel (car channel-with-validation))) + (and (eq? (channel-name channel) name) + (channel-commit channel)))) + channel-validation-pairs)) + + (define (current-validate-pull name) + "Return the desired validate-pull procedure for channel NAME." + (any (lambda (channel-with-validation) + (let ((channel (car channel-with-validation)) + (validate-pull (cdr channel-with-validation))) + (and (eq? (channel-name channel) name) + validate-pull))) + channel-validation-pairs)) (define instance-name (compose channel-name channel-instance-channel)) @@ -544,20 +553,22 @@ (define* (latest-channel-instances store channels (if (and previous (not (more-specific? channel previous))) (loop rest previous-channels instances) - (begin + (let ((current (current-commit (channel-name channel))) + (validate-pull (current-validate-pull (channel-name channel)))) + ;; (format #t "channel '~a' is validated by '~a'~%" + ;; (channel-name channel) (procedure-name validate-pull)) (format (current-error-port) (G_ "Updating channel '~a' from Git repository at '~a'...~%") (channel-name channel) (channel-url channel)) - (let* ((current (current-commit (channel-name channel))) - (instance - (latest-channel-instance store channel - #:authenticate? - authenticate? - #:validate-pull - validate-pull - #:starting-commit - current))) + (let ((instance + (latest-channel-instance store channel + #:authenticate? + authenticate? + #:validate-pull + validate-pull + #:starting-commit + current))) (when authenticate? ;; CHANNEL is authenticated so we can trust the ;; primary URL advertised in its metadata and warn @@ -1001,7 +1012,7 @@ (define latest-channel-instances* (define* (latest-channel-derivation #:optional (channels %default-channels) #:key - (current-channels '()) + (channel-validation-pairs '()) (validate-pull ensure-forward-channel-update)) "Return as a monadic value the derivation that builds the profile for the @@ -1010,7 +1021,7 @@ (define* (latest-channel-derivation #:optional (channels %default-channels) (mlet %store-monad ((instances (latest-channel-instances* channels #:current-channels - current-channels + channel-validation-pairs #:validate-pull validate-pull))) (channel-instances->derivation instances))) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index 58d3cd7e83..c662e88771 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -76,8 +76,7 @@ (define %default-options (graft? . #t) (debug . 0) (verbosity . 1) - (authenticate-channels? . #t) - (validate-pull . ,ensure-forward-channel-update))) + (authenticate-channels? . #t))) (define (show-help) (display (G_ "Usage: guix pull [OPTION]... @@ -94,7 +93,8 @@ (define (show-help) (display (G_ " --branch=BRANCH download the tip of the specified \"guix\" channel BRANCH")) (display (G_ " - --allow-downgrades allow downgrades to earlier channel revisions")) + -a, --allow-downgrades[=CHANNELS] + allow downgrades to earlier revisions of CHANNELS")) (display (G_ " --disable-authentication disable channel authentication")) @@ -176,10 +176,37 @@ (define %options (option '("branch") #t #f (lambda (opt name arg result) (alist-cons 'ref `(branch . ,arg) result))) - (option '("allow-downgrades") #f #f + (option '(#\a "allow-downgrades") #f #t (lambda (opt name arg result) - (alist-cons 'validate-pull warn-about-backward-updates - result))) + (cond + ((string? arg) + ((compose + (cut alist-cons 'allow-downgrades <> + (alist-delete 'allow-downgrades result)) + (cut append + (or (assoc-ref result 'allow-downgrades) + (list)) + <>)) + ;; Values may be also comma-separated. Possibilities: + ;; -a val1 -a val2,val3 -a val4 -aval5 + (string-tokenize arg + (char-set-complement (char-set #\,))))) + ((boolean? arg) + ;; The command contains this option with no value + ;; specified, (`arg' is #f). We'll interpreted this as + ;; 'all channels can be downgraded' + (alist-cons 'allow-downgrades #t result)) + (else + ((compose + (lambda (text) + (raise (condition (&message (message text))))) + (cut format #f <> + "You found a bug:" arg name + version system %guix-version + %guix-bug-report-address)) + "~a The value '~a' of the '~a' option is unrecognized. +(version: ~s; system: ~s; host version: ~s) +Please report the COMPLETE output above by email to <~a>.~%"))))) (option '("disable-authentication") #f #f (lambda (opt name arg result) (alist-cons 'authenticate-channels? #f result))) @@ -828,6 +855,41 @@ (define (validate-cache-directory-ownership) @command{sudo -i} or equivalent if you really want to pull as ~a.") dir:user our:user))))))))))) +(define (channels-with-validations downgradable-candidates channels) + "Return a list of pairs: channel + pull-validation procedure. The procedure +is `warn-about-backward-updates' if a given channel is among the +DOWNGRADABLE-CANDIDATES or `ensure-forward-channel-update' otherwise. E.g.: + +((channel1 . #) + (channel2 . #))" + (cond + ((and (list? downgradable-candidates) (not (null? downgradable-candidates))) + (let ((downgradables-candidate-names (map string->symbol + downgradable-candidates)) + (channels-names (map channel-name channels))) + (map (lambda (name) + (unless (member name channels-names) + (leave (G_ "'~a' must be one of '~a~'%") name channels-names))) + downgradables-candidate-names) + (let* ((downgradables-names + (filter (cut member <> downgradables-candidate-names) + channels-names)) + (downgradables + (filter (compose (cut member <> downgradables-names) + (cut channel-name <>)) + channels)) + (non-downgradables (lset-difference equal? channels + downgradables))) + (append + (map (cut cons <> warn-about-backward-updates) downgradables) + (map (cut cons <> ensure-forward-channel-update) non-downgradables))))) + + ((and (boolean? downgradable-candidates) downgradable-candidates) + (map (cut cons <> warn-about-backward-updates) channels)) + + (else + (map (cut cons <> ensure-forward-channel-update) channels)))) + (define-command (guix-pull . args) (synopsis "pull the latest revision of Guix") @@ -844,7 +906,7 @@ (define-command (guix-pull . args) (dry-run? (assoc-ref opts 'dry-run?)) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) - (validate-pull (assoc-ref opts 'validate-pull)) + (allow-downgrades (assoc-ref opts 'allow-downgrades)) (authenticate? (assoc-ref opts 'authenticate-channels?))) (cond ((assoc-ref opts 'query) @@ -868,14 +930,17 @@ (define-command (guix-pull . args) (set-build-options-from-command-line store opts) (ensure-default-profile) (honor-x509-certificates store) - (let* ((channels (channel-list opts)) + (channel-validation-pairs + ;; Only current-channels can be checked against + ;; downgrade-attacks. New channels can't be + ;; downgraded. Their commit history is unknown yet. + (channels-with-validations allow-downgrades + current-channels)) (instances (latest-channel-instances store channels - #:current-channels - current-channels - #:validate-pull - validate-pull + #:channel-validation-pairs + channel-validation-pairs #:authenticate? authenticate?))) (format (current-error-port)