From patchwork Mon Apr 15 14:43:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rostislav Svoboda X-Patchwork-Id: 63051 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 0F60B27BBEB; Mon, 15 Apr 2024 15:45:17 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8B9A627BBE9 for ; Mon, 15 Apr 2024 15:45:14 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rwNZn-0006dB-19; Mon, 15 Apr 2024 10:44:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rwNZi-0006aL-F0 for guix-patches@gnu.org; Mon, 15 Apr 2024 10:44:50 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rwNZi-0000ZQ-5H for guix-patches@gnu.org; Mon, 15 Apr 2024 10:44:50 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rwNZt-0000aQ-SD for guix-patches@gnu.org; Mon, 15 Apr 2024 10:45:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70353] [PATCH] pull: Add fine-grained control for `guix pull --allow-downgrades`. Resent-From: Rostislav Svoboda Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 15 Apr 2024 14:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70353 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70353@debbugs.gnu.org, pelzflorian@pelzflorian.de X-Debbugs-Original-To: guix-patches@gnu.org, pelzflorian@pelzflorian.de Received: via spool by submit@debbugs.gnu.org id=B.17131922682033 (code B ref -1); Mon, 15 Apr 2024 14:45:01 +0000 Received: (at submit) by debbugs.gnu.org; 15 Apr 2024 14:44:28 +0000 Received: from localhost ([127.0.0.1]:37652 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rwNZH-0000Vx-Ix for submit@debbugs.gnu.org; Mon, 15 Apr 2024 10:44:28 -0400 Received: from lists.gnu.org ([2001:470:142::17]:59762) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rwNZD-0000Ud-N1 for submit@debbugs.gnu.org; Mon, 15 Apr 2024 10:44:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rwNYw-0006Xz-FJ for guix-patches@gnu.org; Mon, 15 Apr 2024 10:44:02 -0400 Received: from mail-qt1-x82c.google.com ([2607:f8b0:4864:20::82c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rwNYt-0000BP-MX for guix-patches@gnu.org; Mon, 15 Apr 2024 10:44:02 -0400 Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-436ffd27871so7295081cf.2 for ; Mon, 15 Apr 2024 07:43:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713192238; x=1713797038; darn=gnu.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Ea6MhMmMOX/JKTOI5sV/78hYq5Deogz1QprJBVEqiKI=; b=FeiD0VOpGYmWD4XFtRekjUHT8SrHFsbPJ1Qel7cnCjb3FQThDRavME1vekbs6vK4D5 qcSahSPYzyEf99IBAQpnJviVv9l26j5+zCuocDzW0pJfqgRqno2MZieAvMg7Hj6l6XFR dEbT4+CTp7CASzeqKnUki/u/QNnWDZvBZMxIBE9Z57ixPZUN0VoXVF/E2NIaBvJwjSCl /bdXr94YVm4m3URxHw/RsmLlWzxRY7eKR67UCxnTJL7TVEODosVsPgTLFc0DGTqotYeB HWJzVZNYXggveOy6Rv74qIz+s3NbczM8kvKkN87sCWTamibCLJSbfJ8LhPD7Kaz7crlZ 7t1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713192238; x=1713797038; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ea6MhMmMOX/JKTOI5sV/78hYq5Deogz1QprJBVEqiKI=; b=pYUDXt7abOQv6B+xNpb4Yv0eBwJGDdTjE0M1IKEJtTo07okuqP22koOgd/tP7648pG 6zlyVb3aSYdEQJaQmj4Xt5shI0KqQBRpAxkypLJvU6Hp7ohAQ4SSAthr84e3EjNVoFMv ZoVHXwH4sb30IzsVe13Rrn086DoAecH9hOtYpOYfl1r2zXGygxXFDwNr0gl1ZQ6agBp1 omEbbjgoIU7AWYqFFIDBqX8qnRVxhQ9sDSOhjvEn+dX7nqlqIYFWeTPWn7xw+4I04yC5 AIc2mqvi8M0vCG1h+Tk8U9YdT2RxXg5a39bRWdu7PBEejYZtkf4PlaBqA7zbou4LzcxS Uv8A== X-Gm-Message-State: AOJu0YzXlwjaz6yXQRsjOQh4rrYMl5E2+Ekx9NlESbRtZK+jqWvMAeuz 119TI7vg9OuxBkSEeg0YgS87cgx9OvUjCZRZB2jznuxHyiXNRwh/AKUM8T2A+UMhapmJUXP9ro4 TpIKvT3eDCWBZfEzJWM9SQ9NwRoWcJKl0 X-Google-Smtp-Source: AGHT+IH7jU37A3TbzL5Rs8S7AqS0qssCsv4VJociIfJisAR7vmOPZWkOnu1/Dy0yLb6PQv+evG2QlSaDfvjI/9UkkZQ= X-Received: by 2002:ac8:7fce:0:b0:437:95e:f83d with SMTP id b14-20020ac87fce000000b00437095ef83dmr3379859qtk.1.1713192237989; Mon, 15 Apr 2024 07:43:57 -0700 (PDT) MIME-Version: 1.0 References: <3dbbb59fdc650a20a0eb853a0d30aaccae1beae5.1712927299.git.Rostislav.Svoboda@gmail.com> In-Reply-To: From: Rostislav Svoboda Date: Mon, 15 Apr 2024 16:43:21 +0200 Message-ID: Received-SPF: pass client-ip=2607:f8b0:4864:20::82c; envelope-from=rostislav.svoboda@gmail.com; helo=mail-qt1-x82c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches > Argh, the patch flawed. Please ignore it for now. Sorry. Corrected. Please have a look at the attachment. Thx. Cheers, Bost From 982f7c8531c342b76508acd5c219851d03bfbb13 Mon Sep 17 00:00:00 2001 Message-ID: <982f7c8531c342b76508acd5c219851d03bfbb13.1713191302.git.Rostislav.Svoboda@gmail.com> From: Rostislav Svoboda Date: Wed, 10 Apr 2024 19:36:33 +0200 Subject: [PATCH] pull: Add fine-grained control for `guix pull --allow-downgrades`. Introduce the ability to specify channels for downgrades in `guix pull`, enhancing security by enabling users to trust certain channels over others. This update maintains backward compatibility and updates relevant documentation. * guix/scripts/pull.scm (allow-downgrades): Option accepts a list of downgradable channels, add '-a' as its short version. (%default-options): Remove validate-pull. (channels-with-validations): New procedure. * guix/channels.scm (latest-channel-instances): Signature change. * doc/guix.texi (Invoking guix pull): Document changes. * test/channels.scm (latest-channel-instances validate-pull): Adopt latest-channel-instances signature change. * guix/inferior.scm (cached-channel-instance): Adopt latest-channel-instances signature change. * guix/scripts/time-machine.scm (guix-time-machine): Adopt latest-channel-instances signature change. (%reference-channels): compute JIT Change-Id: If947a2453c520463d77da9591af9ac03e6472afc --- doc/guix.texi | 21 ++++++--- guix/channels.scm | 67 ++++++++++++++------------ guix/inferior.scm | 17 +++---- guix/scripts/pull.scm | 89 ++++++++++++++++++++++++++++++----- guix/scripts/time-machine.scm | 17 ++++--- tests/channels.scm | 8 ++-- 6 files changed, 146 insertions(+), 73 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index fc28a15980..8c4dcee63e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4565,15 +4565,22 @@ Invoking guix pull Show which channel commit(s) would be used and what would be built or substituted but do not actually do it. -@item --allow-downgrades -Allow pulling older or unrelated revisions of channels than those -currently in use. +@item --allow-downgrades[=channels] +@itemx -a [channels] +Allows pulling older or unrelated revisions of specified channels, or +all channels if none are specified. @cindex downgrade attacks, protection against -By default, @command{guix pull} protects against so-called ``downgrade -attacks'' whereby the Git repository of a channel would be reset to an -earlier or unrelated revision of itself, potentially leading you to -install older, known-vulnerable versions of software packages. +By default, @command{guix pull} safeguards against so-called ``downgrade +attacks``, where a channel's Git repository is reset to a previous or +unrelated revision, potentially causing the installation of older, +vulnerable software versions. Without specifying channels, this +protection is disabled entirely, posing a security risk. + +It's advisable to permit downgrades only for channels you trust +implicitly, such as those you maintain. For all other channels, +including the official Guix channel, downgrade protection remains +recommended. @quotation Note Make sure you understand its security implications before using diff --git a/guix/channels.scm b/guix/channels.scm index 66f3122f79..d89df35b06 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -497,26 +497,35 @@ (define (channel-instance-primary-url instance) (define* (latest-channel-instances store channels #:key - (current-channels '()) - (authenticate? #t) - (validate-pull - ensure-forward-channel-update)) + (channel-validation-pairs '()) + (authenticate? #t)) "Return a list of channel instances corresponding to the latest checkouts of CHANNELS and the channels on which they depend. When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a \"channel introduction\". -CURRENT-CHANNELS is the list of currently used channels. It is compared -against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called -for each channel update and can choose to emit warnings or raise an error, -depending on the policy it implements." +CHANNEL-VALIDATION-PAIRS is a list of pairs of currently used channels with their +respective validation procedures: (current-channel . validate-pull). The +current-channel is compared against the newly-fetched instances of CHANNELS, and its +validate-pull procedure is called for each channel update and can choose to emit +warnings or raise an error, depending on the policy it implements." (define (current-commit name) - ;; Return the current commit for channel NAME. - (any (lambda (channel) - (and (eq? (channel-name channel) name) - (channel-commit channel))) - current-channels)) + "Return the current commit for channel NAME." + (any (lambda (channel-with-validation) + (let ((channel (car channel-with-validation))) + (and (eq? (channel-name channel) name) + (channel-commit channel)))) + channel-validation-pairs)) + + (define (current-validate-pull name) + "Return the desired validate-pull procedure for channel NAME." + (any (lambda (channel-with-validation) + (let ((channel (car channel-with-validation)) + (validate-pull (cdr channel-with-validation))) + (and (eq? (channel-name channel) name) + validate-pull))) + channel-validation-pairs)) (define instance-name (compose channel-name channel-instance-channel)) @@ -544,20 +553,22 @@ (define* (latest-channel-instances store channels (if (and previous (not (more-specific? channel previous))) (loop rest previous-channels instances) - (begin + (let ((current (current-commit (channel-name channel))) + (validate-pull (current-validate-pull (channel-name channel)))) + ;; (format #t "channel '~a' is validated by '~a'~%" + ;; (channel-name channel) (procedure-name validate-pull)) (format (current-error-port) (G_ "Updating channel '~a' from Git repository at '~a'...~%") (channel-name channel) (channel-url channel)) - (let* ((current (current-commit (channel-name channel))) - (instance - (latest-channel-instance store channel - #:authenticate? - authenticate? - #:validate-pull - validate-pull - #:starting-commit - current))) + (let ((instance + (latest-channel-instance store channel + #:authenticate? + authenticate? + #:validate-pull + validate-pull + #:starting-commit + current))) (when authenticate? ;; CHANNEL is authenticated so we can trust the ;; primary URL advertised in its metadata and warn @@ -1001,18 +1012,14 @@ (define latest-channel-instances* (define* (latest-channel-derivation #:optional (channels %default-channels) #:key - (current-channels '()) - (validate-pull - ensure-forward-channel-update)) + (channel-validation-pairs '())) "Return as a monadic value the derivation that builds the profile for the latest instances of CHANNELS. CURRENT-CHANNELS and VALIDATE-PULL are passed to 'latest-channel-instances'." (mlet %store-monad ((instances (latest-channel-instances* channels - #:current-channels - current-channels - #:validate-pull - validate-pull))) + #:channel-validation-pairs + channel-validation-pairs))) (channel-instances->derivation instances))) (define* (sexp->channel sexp #:optional (name 'channel)) diff --git a/guix/inferior.scm b/guix/inferior.scm index 190ba01b3c..3be9028afb 100644 --- a/guix/inferior.scm +++ b/guix/inferior.scm @@ -872,17 +872,16 @@ (define* (cached-channel-instance store (authenticate? #t) (cache-directory (%inferior-cache-directory)) (ttl (* 3600 24 30)) - (reference-channels '()) - (validate-channels (const #t))) + (channel-validation-pairs '())) "Return a directory containing a guix filetree defined by CHANNELS, a list of channels. The directory is a subdirectory of CACHE-DIRECTORY, where entries can be reclaimed after TTL seconds. This procedure opens a new connection to the build daemon. AUTHENTICATE? determines whether CHANNELS are authenticated. -VALIDATE-CHANNELS must be a four-argument procedure used to validate channel -instances against REFERENCE-CHANNELS; it is passed as #:validate-pull to -'latest-channel-instances' and should raise an exception in case a target -channel commit is deemed \"invalid\"." +CHANNEL-VALIDATION-PAIRS must be a list of pairs (channel . validation-pull) where +validation-pull is a four-argument procedure used to validate corresponding channel +instance. This procedure 'latest-channel-instances' and should raise an exception in +case a target channel commit is deemed \"invalid\"." (define commits ;; Since computing the instances of CHANNELS is I/O-intensive, use a ;; cheaper way to get the commit list of CHANNELS. This limits overhead @@ -935,10 +934,8 @@ (define* (cached-channel-instance store -> (latest-channel-instances store channels #:authenticate? authenticate? - #:current-channels - reference-channels - #:validate-pull - validate-channels)) + #:channel-validation-pairs + channel-validation-pairs)) (profile (channel-instances->derivation instances))) (mbegin %store-monad diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index 58d3cd7e83..b79a4a0c95 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -76,8 +76,7 @@ (define %default-options (graft? . #t) (debug . 0) (verbosity . 1) - (authenticate-channels? . #t) - (validate-pull . ,ensure-forward-channel-update))) + (authenticate-channels? . #t))) (define (show-help) (display (G_ "Usage: guix pull [OPTION]... @@ -94,7 +93,8 @@ (define (show-help) (display (G_ " --branch=BRANCH download the tip of the specified \"guix\" channel BRANCH")) (display (G_ " - --allow-downgrades allow downgrades to earlier channel revisions")) + -a, --allow-downgrades[=CHANNELS] + allow downgrades to earlier revisions of CHANNELS")) (display (G_ " --disable-authentication disable channel authentication")) @@ -176,10 +176,37 @@ (define %options (option '("branch") #t #f (lambda (opt name arg result) (alist-cons 'ref `(branch . ,arg) result))) - (option '("allow-downgrades") #f #f + (option '(#\a "allow-downgrades") #f #t (lambda (opt name arg result) - (alist-cons 'validate-pull warn-about-backward-updates - result))) + (cond + ((string? arg) + ((compose + (cut alist-cons 'allow-downgrades <> + (alist-delete 'allow-downgrades result)) + (cut append + (or (assoc-ref result 'allow-downgrades) + (list)) + <>)) + ;; Values may be also comma-separated. Possibilities: + ;; -a val1 -a val2,val3 -a val4 -aval5 + (string-tokenize arg + (char-set-complement (char-set #\,))))) + ((boolean? arg) + ;; The command contains this option with no value + ;; specified, (`arg' is #f). We'll interpreted this as + ;; 'all channels can be downgraded' + (alist-cons 'allow-downgrades #t result)) + (else + ((compose + (lambda (text) + (raise (condition (&message (message text))))) + (cut format #f <> + "You found a bug:" arg name + version system %guix-version + %guix-bug-report-address)) + "~a The value '~a' of the '~a' option is unrecognized. +(version: ~s; system: ~s; host version: ~s) +Please report the COMPLETE output above by email to <~a>.~%"))))) (option '("disable-authentication") #f #f (lambda (opt name arg result) (alist-cons 'authenticate-channels? #f result))) @@ -828,6 +855,41 @@ (define (validate-cache-directory-ownership) @command{sudo -i} or equivalent if you really want to pull as ~a.") dir:user our:user))))))))))) +(define (channels-with-validations downgradable-candidates channels) + "Return a list of pairs: channel + validate-pull procedure. The procedure +is `warn-about-backward-updates' if a given channel is among the +DOWNGRADABLE-CANDIDATES or `ensure-forward-channel-update' otherwise. E.g.: + +((channel1 . #) + (channel2 . #))" + (cond + ((and (list? downgradable-candidates) (not (null? downgradable-candidates))) + (let ((downgradables-candidate-names (map string->symbol + downgradable-candidates)) + (channels-names (map channel-name channels))) + (map (lambda (name) + (unless (member name channels-names) + (leave (G_ "'~a' must be one of '~a~'%") name channels-names))) + downgradables-candidate-names) + (let* ((downgradables-names + (filter (cut member <> downgradables-candidate-names) + channels-names)) + (downgradables + (filter (compose (cut member <> downgradables-names) + (cut channel-name <>)) + channels)) + (non-downgradables (lset-difference equal? channels + downgradables))) + (append + (map (cut cons <> warn-about-backward-updates) downgradables) + (map (cut cons <> ensure-forward-channel-update) non-downgradables))))) + + ((and (boolean? downgradable-candidates) downgradable-candidates) + (map (cut cons <> warn-about-backward-updates) channels)) + + (else + (map (cut cons <> ensure-forward-channel-update) channels)))) + (define-command (guix-pull . args) (synopsis "pull the latest revision of Guix") @@ -844,7 +906,7 @@ (define-command (guix-pull . args) (dry-run? (assoc-ref opts 'dry-run?)) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) - (validate-pull (assoc-ref opts 'validate-pull)) + (allow-downgrades (assoc-ref opts 'allow-downgrades)) (authenticate? (assoc-ref opts 'authenticate-channels?))) (cond ((assoc-ref opts 'query) @@ -868,14 +930,17 @@ (define-command (guix-pull . args) (set-build-options-from-command-line store opts) (ensure-default-profile) (honor-x509-certificates store) - (let* ((channels (channel-list opts)) + (channel-validation-pairs + ;; Only current-channels can be checked against + ;; downgrade-attacks. New channels can't be + ;; downgraded. Their commit history is unknown yet. + (channels-with-validations allow-downgrades + current-channels)) (instances (latest-channel-instances store channels - #:current-channels - current-channels - #:validate-pull - validate-pull + #:channel-validation-pairs + channel-validation-pairs #:authenticate? authenticate?))) (format (current-error-port) diff --git a/guix/scripts/time-machine.scm b/guix/scripts/time-machine.scm index d9ce85df84..139dff9e83 100644 --- a/guix/scripts/time-machine.scm +++ b/guix/scripts/time-machine.scm @@ -149,10 +149,6 @@ (define (parse-args args) (define %oldest-possible-commit "4a0b87f0ec5b6c2dcf82b372dd20ca7ea6acdd9c") ;v0.16.0 -(define %reference-channels - (list (channel (inherit %default-guix-channel) - (commit %oldest-possible-commit)))) - (define (validate-guix-channel channel start commit relation) "Raise an error if CHANNEL is the 'guix' channel and the RELATION of COMMIT to %OLDEST-POSSIBLE-COMMIT is not that of an ancestor." @@ -180,7 +176,12 @@ (define-command (guix-time-machine . args) (substitutes? (assoc-ref opts 'substitutes?)) (authenticate? (assoc-ref opts 'authenticate-channels?))) (if command-line - (let* ((directory + (let* ((channel-validation-pairs + (list (cons (channel (inherit %default-guix-channel) + (commit %oldest-possible-commit)) + validate-guix-channel))) + + (directory (with-store store (with-status-verbosity (assoc-ref opts 'verbosity) (with-build-handler (build-notifier #:use-substitutes? @@ -191,10 +192,8 @@ (define-command (guix-time-machine . args) (set-build-options-from-command-line store opts) (cached-channel-instance store channels #:authenticate? authenticate? - #:reference-channels - %reference-channels - #:validate-channels - validate-guix-channel))))) + #:channel-validation-pairs + channel-validation-pairs))))) (executable (string-append directory "/bin/guix"))) (apply execl (cons* executable executable command-line))) (warning (G_ "no command specified; nothing to do~%"))))))) diff --git a/tests/channels.scm b/tests/channels.scm index c56e4e6a71..1bb85dd3e8 100644 --- a/tests/channels.scm +++ b/tests/channels.scm @@ -245,10 +245,8 @@ (define channel-metadata-dependencies (string=? (channel-instance-commit instance1) (channel-instance-commit instance2))))))))))) -(test-equal "latest-channel-instances #:validate-pull" +(test-equal "latest-channel-instances validate-pull" 'descendant - - ;; Make sure the #:validate-pull procedure receives the right values. (let/ec return (with-temporary-git-repository directory '((add "a.txt" "A") @@ -275,8 +273,8 @@ (define channel-metadata-dependencies (with-store store ;; Attempt a downgrade from NEW to OLD. (latest-channel-instances store (list old) - #:current-channels (list new) - #:validate-pull validate-pull))))))) + #:channel-validation-pairs + (list (cons new validate-pull))))))))) (test-assert "channel-instances->manifest" ;; Compute the manifest for a graph of instances and make sure we get a base-commit: a8353e9d6b34fd8d42d2e8f14ce844849fe9c293 -- 2.41.0