Package: guix-patches;
Reported by: Christopher Baines <mail <at> cbaines.net>
Date: Thu, 24 Dec 2020 17:19:02 UTC
Severity: normal
Tags: patch
Done: Christopher Baines <mail <at> cbaines.net>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Christopher Baines <mail <at> cbaines.net> To: 45409 <at> debbugs.gnu.org Subject: [bug#45409] [PATCH 2/3] guix: Untangle (guix narinfo) from (guix scripts substitute). Date: Thu, 24 Dec 2020 17:22:20 +0000
Moving the code left the %allow-unauthenticated-substitutes? parameter working
across both modules, which isn't very clear. Instead just use
%allow-unauthenticated-substitutes? in the substitute module.
* guix/scripts/substitute.scm (process-query, process-substitution): Change
the authorized? argument to lookup-narinfo and lookup-narinfos/diverse based
on %allow-unauthenticated-substitutes?.
* guix/narinfo.scm (valid-narinfo?): Remove use of
%allow-unauthenticated-substitutes?.
---
guix/narinfo.scm | 63 ++++++++++++++++++-------------------
guix/scripts/substitute.scm | 16 +++++++---
2 files changed, 42 insertions(+), 37 deletions(-)
diff --git a/guix/narinfo.scm b/guix/narinfo.scm
index 3ecb2f039e..8aa9e53ebd 100644
--- a/guix/narinfo.scm
+++ b/guix/narinfo.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2014 Nikita Karetnikov <nikita <at> karetnikov.org>
;;; Copyright © 2018 Kyle Meyer <kyle <at> kyleam.com>
+;;; Copyright © 2020 Christopher Baines <mail <at> cbaines.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -26,7 +27,6 @@
#:use-module (guix base64)
#:use-module (guix records)
#:use-module (guix diagnostics)
- #:use-module (guix scripts substitute)
#:use-module (gcrypt hash)
#:use-module (gcrypt pk-crypto)
#:use-module (rnrs bytevectors)
@@ -209,38 +209,37 @@ No authentication and authorization checks are performed here!"
(define* (valid-narinfo? narinfo #:optional (acl (current-acl))
#:key verbose?)
"Return #t if NARINFO's signature is not valid."
- (or (%allow-unauthenticated-substitutes?)
- (let ((hash (narinfo-sha256 narinfo))
- (signature (narinfo-signature narinfo))
- (uri (uri->string (first (narinfo-uris narinfo)))))
- (and hash signature
- (signature-case (signature hash acl)
- (valid-signature #t)
- (invalid-signature
- (when verbose?
- (format (current-error-port)
- "invalid signature for substitute at '~a'~%"
- uri))
- #f)
- (hash-mismatch
- (when verbose?
- (format (current-error-port)
- "hash mismatch for substitute at '~a'~%"
- uri))
- #f)
- (unauthorized-key
- (when verbose?
- (format (current-error-port)
- "substitute at '~a' is signed by an \
+ (let ((hash (narinfo-sha256 narinfo))
+ (signature (narinfo-signature narinfo))
+ (uri (uri->string (first (narinfo-uris narinfo)))))
+ (and hash signature
+ (signature-case (signature hash acl)
+ (valid-signature #t)
+ (invalid-signature
+ (when verbose?
+ (format (current-error-port)
+ "invalid signature for substitute at '~a'~%"
+ uri))
+ #f)
+ (hash-mismatch
+ (when verbose?
+ (format (current-error-port)
+ "hash mismatch for substitute at '~a'~%"
+ uri))
+ #f)
+ (unauthorized-key
+ (when verbose?
+ (format (current-error-port)
+ "substitute at '~a' is signed by an \
unauthorized party~%"
- uri))
- #f)
- (corrupt-signature
- (when verbose?
- (format (current-error-port)
- "corrupt signature for substitute at '~a'~%"
- uri))
- #f))))))
+ uri))
+ #f)
+ (corrupt-signature
+ (when verbose?
+ (format (current-error-port)
+ "corrupt signature for substitute at '~a'~%"
+ uri))
+ #f)))))
(define (write-narinfo narinfo port)
"Write NARINFO to PORT."
diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index 72242b73f1..e2d30f1760 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2014 Nikita Karetnikov <nikita <at> karetnikov.org>
;;; Copyright © 2018 Kyle Meyer <kyle <at> kyleam.com>
+;;; Copyright © 2020 Christopher Baines <mail <at> cbaines.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -692,11 +693,14 @@ expected by the daemon."
"Reply to COMMAND, a query as written by the daemon to this process's
standard input. Use ACL as the access-control list against which to check
authorized substitutes."
- (define (valid? obj)
- (valid-narinfo? obj acl))
+ (define valid?
+ (if (%allow-unauthenticated-substitutes?)
+ (begin
+ (warn-about-missing-authentication)
- (when (%allow-unauthenticated-substitutes?)
- (warn-about-missing-authentication))
+ (const #t))
+ (lambda (obj)
+ (valid-narinfo? obj acl))))
(match (string-tokenize command)
(("have" paths ..1)
@@ -797,7 +801,9 @@ DESTINATION is in the store, deduplicate its files. Print a status line on
the current output port."
(define narinfo
(lookup-narinfo cache-urls store-item
- (cut valid-narinfo? <> acl)))
+ (if (%allow-unauthenticated-substitutes?)
+ (const #t)
+ (cut valid-narinfo? <> acl))))
(define destination-in-store?
(string-prefix? (string-append (%store-prefix) "/")
--
2.29.2
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.