From unknown Tue Sep 23 03:24:06 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#53608 <53608@debbugs.gnu.org> To: bug#53608 <53608@debbugs.gnu.org> Subject: Status: [PATCH 0/2] Rejecting commits unrelated to the introductory commit Reply-To: bug#53608 <53608@debbugs.gnu.org> Date: Tue, 23 Sep 2025 10:24:06 +0000 retitle 53608 [PATCH 0/2] Rejecting commits unrelated to the introductory c= ommit reassign 53608 guix-patches submitter 53608 Ludovic Court=C3=A8s severity 53608 normal tag 53608 patch security thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 12:32:05 2022 Received: (at submit) by debbugs.gnu.org; 28 Jan 2022 17:32:05 +0000 Received: from localhost ([127.0.0.1]:60415 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDV6T-0000uC-13 for submit@debbugs.gnu.org; Fri, 28 Jan 2022 12:32:05 -0500 Received: from lists.gnu.org ([209.51.188.17]:49948) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDV6Q-0000u3-4g for submit@debbugs.gnu.org; Fri, 28 Jan 2022 12:32:03 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60412) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nDV6P-000068-T5 for guix-patches@gnu.org; Fri, 28 Jan 2022 12:32:01 -0500 Received: from [2001:470:142:3::e] (port=33450 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nDV6P-0008PN-Ek; Fri, 28 Jan 2022 12:32:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=dq9IcKXPO6ORxKYv39S0RYu7MLL7ruLib5MV+thdYc4=; b=YuCKyOragxhdTQ Ewo9VoWYqpXDWK4L7fO4Mn0PrR7S7qKllvVbOICMQAD9YfhrMfUBDNv4SQs/vbWOwzLagiRjA1hdu IJWV4bXnWyh2ApPGLvaekDtzIVYsv1j+l1xxVeOEMnjaMCVbZDWeVTjUG8G8V/7mAW2ZxSQKOkBUG 7OU4oSbNLpTloDjsGrZ+nEpeLstxuNemSe/QQpD0IEPKRIWHLh+zMNwgF3kH6cnULtnhmrH5CqJL8 c4+iaozTM0RC5awpr4x/eVr1sK17Sb5ev0ehraEXm8IfM10ot2bR3bn9wV2tQQtvzLQPt0SUU96iB xCMJjGqURJNvr3Oh9/HA==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=33808 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nDV6M-00070m-Vx; Fri, 28 Jan 2022 12:31:59 -0500 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/2] Rejecting commits unrelated to the introductory commit Date: Fri, 28 Jan 2022 18:31:42 +0100 Message-Id: <20220128173142.7072-1-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 X-Debbugs-Cc: Maxime Devos , Attila Lendvai MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! This patch series fixes a bug in the checkout authentication code: it would be possible to authenticate a commit unrelated to the introductory commit, provided that target commit passes the authorization invariant (see the commit log for details). Users of Guix and of third-party channels are safe: this bug does not have any impact on checkout authentication in those cases. What concrete cases are affected? Suppose someone forks Guix and publishes a new channel introduction for their fork. The expectation is that any branch started before the introductory channel, for instance in the original Guix repo, would fail to be authenticated. However, because of this bug, such a branch would be considered authentic in the fork because all its commits pass the authorization invariant (IOW, they are authentic in the original repository). Thoughts? Ludo'. Ludovic Courtès (2): git: Add 'commit-descendant?'. git-authenticate: Ensure the target is a descendant of the introductory commit. doc/guix.texi | 4 ++- guix/git-authenticate.scm | 17 ++++++++-- guix/git.scm | 24 +++++++++++++- tests/channels.scm | 60 +++++++++++++++++++++++++++++++++- tests/git-authenticate.scm | 44 +++++++++++++++++++++++++ tests/git.scm | 52 ++++++++++++++++++++++++++++- tests/guix-git-authenticate.sh | 17 ++++++++-- 7 files changed, 210 insertions(+), 8 deletions(-) base-commit: 5052f76afd02e27d6484acf74c86bfa1b6f9cd0e -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 12:43:28 2022 Received: (at 53608) by debbugs.gnu.org; 28 Jan 2022 17:43:28 +0000 Received: from localhost ([127.0.0.1]:60425 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDVHU-0001BU-4C for submit@debbugs.gnu.org; Fri, 28 Jan 2022 12:43:28 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDVHS-0001B9-9L for 53608@debbugs.gnu.org; Fri, 28 Jan 2022 12:43:26 -0500 Received: from [2001:470:142:3::e] (port=33974 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nDVHH-0001Xj-WB; Fri, 28 Jan 2022 12:43:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=keTnlh4PjmKHkmyLkF5P2cbYzw/gceW7Tj9wAidp2hA=; b=FbyAP0rtJCBRBX MGPaScgbTcyZ9+PikHnLbLkIMvA9lweF0aebUknY4lfiF158VahRmpwDrnuETheHVBbsObH8ZDNSl vDecFyrP2y2YOy5PhYQec8OFz9j8asFcjivt6ZTvRtw2FOdlV4q5qZiQnaDuDOxyIuiPVK0LqV4K0 bq6B6HkI4W4jlYYFHkKwsdrU6C62QCQhNRTcx8ksrGwlybouxmnKReErN094uLuNaxqqnd+xKFbpr ENTSdR/B2jV3pP/DyMFUVegJlGuCOOpYo5L4AiU+UVPLh8Io8kxT/U7WkI4UidjQGOR1bb3KG8Tsq yHJZJJXItV0vv0qWLeWw==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=33810 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nDVHC-0002VO-Qf; Fri, 28 Jan 2022 12:43:13 -0500 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 53608@debbugs.gnu.org Subject: [PATCH 1/2] git: Add 'commit-descendant?'. Date: Fri, 28 Jan 2022 18:43:00 +0100 Message-Id: <20220128174301.7632-1-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.3 (/) X-Debbugs-Envelope-To: 53608 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.3 (-) * guix/git.scm (commit-descendant?): New procedure. * tests/git.scm ("commit-descendant?"): New test. --- guix/git.scm | 24 +++++++++++++++++++++++- tests/git.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/guix/git.scm b/guix/git.scm index 43e85a5026..53e7219c8c 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2020 Mathieu Othacehe -;;; Copyright © 2018, 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2018-2022 Ludovic Courtès ;;; Copyright © 2021 Kyle Meyer ;;; Copyright © 2021 Marius Bakke ;;; Copyright © 2022 Maxime Devos @@ -46,6 +46,7 @@ (define-module (guix git) #:use-module (ice-9 ftw) #:use-module (srfi srfi-1) #:use-module (srfi srfi-11) + #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:export (%repository-cache-directory @@ -60,6 +61,7 @@ (define-module (guix git) latest-repository-commit commit-difference commit-relation + commit-descendant? remote-refs @@ -623,6 +625,26 @@ (define (commit-relation old new) (if (set-contains? oldest new) 'descendant 'unrelated)))))) + +(define (commit-descendant? new old) + "Return true if NEW is the descendant of one of OLD, a list of commits. + +When the expected result is likely #t, this is faster than using +'commit-relation' since fewer commits need to be traversed." + (let ((old (list->setq old))) + (let loop ((commits (list new)) + (visited (setq))) + (match commits + (() + #f) + (_ + ;; Perform a breadth-first search as this is likely going to + ;; terminate more quickly than a depth-first search. + (let ((commits (remove (cut set-contains? visited <>) commits))) + (or (any (cut set-contains? old <>) commits) + (loop (append-map commit-parents commits) + (fold set-insert visited commits))))))))) + ;; ;;; Remote operations. diff --git a/tests/git.scm b/tests/git.scm index d0646bbc85..ca59d2a33e 100644 --- a/tests/git.scm +++ b/tests/git.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2019, 2020, 2022 Ludovic Courtès ;;; Copyright © 2021 Xinglu Chen #t) + (master1 master3 => #f) + (master3 master1 => #t) + (master2 branch1 => #f) + (master2 branch1 master1 => #t) + (branch1 master2 => #f) + (branch1 merge => #f) + (merge branch1 => #t) + (master1 merge => #f) + (merge master1 => #t)) + (with-temporary-git-repository directory + '((add "a.txt" "A") + (commit "first commit") + (branch "hack") + (checkout "hack") + (add "1.txt" "1") + (commit "branch commit") + (checkout "master") + (add "b.txt" "B") + (commit "second commit") + (add "c.txt" "C") + (commit "third commit") + (merge "hack" "merge")) + (with-repository directory repository + (let ((master1 (find-commit repository "first")) + (master2 (find-commit repository "second")) + (master3 (find-commit repository "third")) + (branch1 (find-commit repository "branch")) + (merge (find-commit repository "merge"))) + (letrec-syntax ((verify + (syntax-rules () + ((_) '()) + ((_ (new old ...) rest ...) + (cons `(new old ... => + ,(commit-descendant? new + (list old ...))) + (verify rest ...)))))) + (verify (master3 master3) + (master1 master3) + (master3 master1) + (master2 branch1) + (master2 branch1 master1) + (branch1 master2) + (branch1 merge) + (merge branch1) + (master1 merge) + (merge master1))))))) + (unless (which (git-command)) (test-skip 1)) (test-equal "remote-refs" '("refs/heads/develop" "refs/heads/master" -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 28 12:43:33 2022 Received: (at 53608) by debbugs.gnu.org; 28 Jan 2022 17:43:33 +0000 Received: from localhost ([127.0.0.1]:60427 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDVHY-0001Bg-Hb for submit@debbugs.gnu.org; Fri, 28 Jan 2022 12:43:33 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33928) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDVHS-0001BA-Bs for 53608@debbugs.gnu.org; Fri, 28 Jan 2022 12:43:27 -0500 Received: from [2001:470:142:3::e] (port=34004 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nDVHM-0001Xk-0T; Fri, 28 Jan 2022 12:43:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=RNdMfb0GmJ4tGSFrJ1vahpq30SOG+m3iL/btg9vJfhA=; b=nyvfO2p7G9sQnldRmwUi inWqHJIiqXQ+283oShWhBheYVTI89PgPCuIzQeKNk6IKbw9uYK8wRMyOUCaLXZl+4njETf4ZMdW2H PrFitQKraDq95QMN9g7CTZxbSgRBPpIZQl5vg/elmhApPNKywqNAadKdhCk+dmmDara/Yr5pTkU3R vYnUS35bo6BV6oW5qmuTKIxjV/QevEPif/0dASFs7I8eNtmH7mn0pBD2J5O44ULeVTDh6roXJelxf FTSNhVOFKXqfbyPJZ9hQIch+0uJ8jAWvbhDIwZgd/gDfetU/O4oenUiWdBS5S0b4q55sGsL4gH3oD m5csb9MBXldkIg==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=33810 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nDVHI-0002VO-7J; Fri, 28 Jan 2022 12:43:17 -0500 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 53608@debbugs.gnu.org Subject: [PATCH 2/2] git-authenticate: Ensure the target is a descendant of the introductory commit. Date: Fri, 28 Jan 2022 18:43:01 +0100 Message-Id: <20220128174301.7632-2-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20220128174301.7632-1-ludo@gnu.org> References: <20220128174301.7632-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53608 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. --- doc/guix.texi | 4 ++- guix/git-authenticate.scm | 17 ++++++++-- tests/channels.scm | 60 +++++++++++++++++++++++++++++++++- tests/git-authenticate.scm | 44 +++++++++++++++++++++++++ tests/guix-git-authenticate.sh | 17 ++++++++-- 5 files changed, 136 insertions(+), 6 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 62e994ceb1..61f2d7a771 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5448,7 +5448,9 @@ commit of a channel that should be authenticated. The first time a channel is fetched with @command{guix pull} or @command{guix time-machine}, the command looks up the introductory commit and verifies that it is signed by the specified OpenPGP key. From then on, it -authenticates commits according to the rule above. +authenticates commits according to the rule above. Authentication fails +if the target commit is neither a descendant nor an ancestor of the +introductory commit. Additionally, your channel must provide all the OpenPGP keys that were ever mentioned in @file{.guix-authorizations}, stored as @file{.key} diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm index ab3fcd8b2f..419cb85afc 100644 --- a/guix/git-authenticate.scm +++ b/guix/git-authenticate.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2019, 2020, 2021, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -22,7 +22,9 @@ (define-module (guix git-authenticate) #:use-module (guix base16) #:autoload (guix base64) (base64-encode) #:use-module ((guix git) - #:select (commit-difference false-if-git-not-found)) + #:select (commit-difference + commit-descendant? + false-if-git-not-found)) #:use-module (guix i18n) #:use-module ((guix diagnostics) #:select (formatted-message)) #:use-module (guix openpgp) @@ -426,6 +428,17 @@ (define commits (verify-introductory-commit repository keyring start-commit signer)) + ;; Make sure END-COMMIT is a descendant of START-COMMIT or of one of + ;; AUTHENTICATED-COMMITS, which are known to be descendants of + ;; START-COMMIT. + (unless (commit-descendant? end-commit + (cons start-commit + authenticated-commits)) + (raise (formatted-message + (G_ "commit ~a is not a descendant of introductory commit ~a") + (oid->string (commit-id end-commit)) + (oid->string (commit-id start-commit))))) + (let ((stats (call-with-progress-reporter reporter (lambda (report) (authenticate-commits repository commits diff --git a/tests/channels.scm b/tests/channels.scm index d45c450241..0fe870dbaf 100644 --- a/tests/channels.scm +++ b/tests/channels.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Ricardo Wurmus -;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2019, 2020, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -525,6 +525,64 @@ (define (find-commit* message) #:keyring-reference-prefix "") 'failed)))))) +(unless (gpg+git-available?) (test-skip 1)) +(test-equal "authenticate-channel, not a descendant of introductory commit" + #t + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file + %ed25519-2-public-key-file + %ed25519-2-secret-key-file) + (with-temporary-git-repository directory + `((add ".guix-channel" + ,(object->string + '(channel (version 0) + (keyring-reference "master")))) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (commit "first commit" + (signer ,(key-fingerprint %ed25519-public-key-file))) + (branch "alternate-branch") + (checkout "alternate-branch") + (add "something.txt" ,(random-text)) + (commit "intro commit" + (signer ,(key-fingerprint %ed25519-public-key-file))) + (checkout "master") + (add "random" ,(random-text)) + (commit "second commit" + (signer ,(key-fingerprint %ed25519-public-key-file)))) + (with-repository directory repository + (let* ((commit1 (find-commit repository "first")) + (commit2 (find-commit repository "second")) + (commit0 (commit-lookup + repository + (reference-target + (branch-lookup repository "alternate-branch")))) + (intro (make-channel-introduction + (commit-id-string commit0) + (openpgp-public-key-fingerprint + (read-openpgp-packet + %ed25519-public-key-file)))) + (channel (channel (name 'example) + (url (string-append "file://" directory)) + (introduction intro)))) + (guard (c ((formatted-message? c) + (and (string-contains (formatted-message-string c) + "not a descendant") + (equal? (formatted-message-arguments c) + (list + (oid->string (commit-id commit2)) + (oid->string (commit-id commit0))))))) + (authenticate-channel channel directory + (commit-id-string commit2) + #:keyring-reference-prefix "") + 'failed)))))) + (unless (gpg+git-available?) (test-skip 1)) (test-equal "authenticate-channel, .guix-authorizations" #t diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm index 6ec55fb2e5..c063920c12 100644 --- a/tests/git-authenticate.scm +++ b/tests/git-authenticate.scm @@ -431,4 +431,48 @@ (define (correct? c commit) #:keyring-reference "master" #:cache-key (random-text))))))))) +(unless (gpg+git-available?) (test-skip 1)) +(test-equal "authenticate-repository, target not a descendant of intro" + 'target-commit-not-a-descendant-of-intro + (with-fresh-gnupg-setup (list %ed25519-public-key-file + %ed25519-secret-key-file) + (let ((fingerprint (key-fingerprint %ed25519-public-key-file))) + (with-temporary-git-repository directory + `((add "signer.key" ,(call-with-input-file %ed25519-public-key-file + get-string-all)) + (add ".guix-authorizations" + ,(object->string + `(authorizations (version 0) + ((,(key-fingerprint + %ed25519-public-key-file) + (name "Charlie")))))) + (commit "zeroth commit" (signer ,fingerprint)) + (branch "pre-intro-branch") + (checkout "pre-intro-branch") + (add "b.txt" "B") + (commit "alternate commit" (signer ,fingerprint)) + (checkout "master") + (add "a.txt" "A") + (commit "first commit" (signer ,fingerprint)) + (add "c.txt" "C") + (commit "second commit" (signer ,fingerprint))) + (with-repository directory repository + (let ((commit1 (find-commit repository "first")) + (commit-alt + (commit-lookup repository + (reference-target + (branch-lookup repository + "pre-intro-branch"))))) + (guard (c ((formatted-message? c) + (and (equal? (formatted-message-arguments c) + (list (oid->string (commit-id commit-alt)) + (oid->string (commit-id commit1)))) + 'target-commit-not-a-descendant-of-intro))) + (authenticate-repository repository + (commit-id commit1) + (openpgp-fingerprint fingerprint) + #:end (commit-id commit-alt) + #:keyring-reference "master" + #:cache-key (random-text))))))))) + (test-end "git-authenticate") diff --git a/tests/guix-git-authenticate.sh b/tests/guix-git-authenticate.sh index 8ebbea398b..2b90d8a4af 100644 --- a/tests/guix-git-authenticate.sh +++ b/tests/guix-git-authenticate.sh @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2020 Ludovic Courtès +# Copyright © 2020, 2022 Ludovic Courtès # # This file is part of GNU Guix. # @@ -34,10 +34,18 @@ intro_signer="BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA" cache_key="test-$$" -guix git authenticate "$intro_commit" "$intro_signer" \ +# This must fail because the end commit is not a descendant of $intro_commit. +! guix git authenticate "$intro_commit" "$intro_signer" \ --cache-key="$cache_key" --stats \ --end=9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 +# The v1.2.0 commit is a descendant of $intro_commit and it satisfies the +# authorization invariant. +v1_2_0_commit="a099685659b4bfa6b3218f84953cbb7ff9e88063" +guix git authenticate "$intro_commit" "$intro_signer" \ + --cache-key="$cache_key" --stats \ + --end="$v1_2_0_commit" + rm "$XDG_CACHE_HOME/guix/authentication/$cache_key" # Commit and signer of the 'v1.0.0' tag. @@ -45,6 +53,11 @@ v1_0_0_commit="6298c3ffd9654d3231a6f25390b056483e8f407c" v1_0_0_signer="3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5" # civodul v1_0_1_commit="d68de958b60426798ed62797ff7c96c327a672ac" +# This should succeed because v1.0.0 is an ancestor of $intro_commit. +guix git authenticate "$intro_commit" "$intro_signer" \ + --cache-key="$cache_key" --stats \ + --end="$v1_0_0_commit" + # This should fail because these commits lack '.guix-authorizations'. ! guix git authenticate "$v1_0_0_commit" "$v1_0_0_signer" \ --cache-key="$cache_key" --end="$v1_0_1_commit" -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 29 05:38:05 2022 Received: (at control) by debbugs.gnu.org; 29 Jan 2022 10:38:05 +0000 Received: from localhost ([127.0.0.1]:32788 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDl7N-0003eM-MG for submit@debbugs.gnu.org; Sat, 29 Jan 2022 05:38:05 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:49846) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nDl7M-0003dn-4a for control@debbugs.gnu.org; Sat, 29 Jan 2022 05:38:04 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id AAD0D3D6 for ; Sat, 29 Jan 2022 11:37:57 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfR16n7PhAn6 for ; Sat, 29 Jan 2022 11:37:57 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id ECCB0123 for ; Sat, 29 Jan 2022 11:37:56 +0100 (CET) Date: Sat, 29 Jan 2022 11:37:56 +0100 Message-Id: <87bkzubzej.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #53608 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: AAD0D3D6 X-Spamd-Result: default: False [0.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[control@debbugs.gnu.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_MIXED_CHARSET(0.71)[subject]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) tags 53608 + security quit From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 08 18:02:20 2022 Received: (at 53608) by debbugs.gnu.org; 8 Feb 2022 23:02:20 +0000 Received: from localhost ([127.0.0.1]:49025 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHZV6-00074Q-Jd for submit@debbugs.gnu.org; Tue, 08 Feb 2022 18:02:20 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:57536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHZV4-00074B-Vd for 53608@debbugs.gnu.org; Tue, 08 Feb 2022 18:02:19 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 4B72C292; Wed, 9 Feb 2022 00:02:13 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mj-KrMdXo98b; Wed, 9 Feb 2022 00:02:12 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 1C61A1ED; Wed, 9 Feb 2022 00:02:12 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 53608@debbugs.gnu.org Subject: Re: bug#53608: [PATCH 0/2] Rejecting commits unrelated to the introductory commit References: <20220128173142.7072-1-ludo@gnu.org> Date: Wed, 09 Feb 2022 00:02:11 +0100 In-Reply-To: <20220128173142.7072-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cour?= =?utf-8?Q?t=C3=A8s=22's?= message of "Fri, 28 Jan 2022 18:31:42 +0100") Message-ID: <87leyl7yj0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 4B72C292 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 53608 Cc: Attila Lendvai , Maxime Devos X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Howdy Maxime & Attila, Did you have a chance to look into this series? https://issues.guix.gnu.org/53608 It=E2=80=99s relatively simple but I=E2=80=99d rather have other eyeballs l= ooking at it. TIA. :-) Ludo=E2=80=99. Ludovic Court=C3=A8s skribis: > Hello! > > This patch series fixes a bug in the checkout authentication code: > it would be possible to authenticate a commit unrelated to the > introductory commit, provided that target commit passes the > authorization invariant (see the commit log for details). > > Users of Guix and of third-party channels are safe: this bug does > not have any impact on checkout authentication in those cases. > > What concrete cases are affected? Suppose someone forks Guix and > publishes a new channel introduction for their fork. The expectation > is that any branch started before the introductory channel, for > instance in the original Guix repo, would fail to be authenticated. > However, because of this bug, such a branch would be considered > authentic in the fork because all its commits pass the authorization > invariant (IOW, they are authentic in the original repository). > > Thoughts? > > Ludo'. > > Ludovic Court=C3=A8s (2): > git: Add 'commit-descendant?'. > git-authenticate: Ensure the target is a descendant of the > introductory commit. > > doc/guix.texi | 4 ++- > guix/git-authenticate.scm | 17 ++++++++-- > guix/git.scm | 24 +++++++++++++- > tests/channels.scm | 60 +++++++++++++++++++++++++++++++++- > tests/git-authenticate.scm | 44 +++++++++++++++++++++++++ > tests/git.scm | 52 ++++++++++++++++++++++++++++- > tests/guix-git-authenticate.sh | 17 ++++++++-- > 7 files changed, 210 insertions(+), 8 deletions(-) > > > base-commit: 5052f76afd02e27d6484acf74c86bfa1b6f9cd0e From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 10 17:29:29 2022 Received: (at 53608) by debbugs.gnu.org; 10 Feb 2022 22:29:29 +0000 Received: from localhost ([127.0.0.1]:57454 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nIHwP-00006j-9A for submit@debbugs.gnu.org; Thu, 10 Feb 2022 17:29:29 -0500 Received: from baptiste.telenet-ops.be ([195.130.132.51]:59660) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nIHwN-00006a-Og for 53608@debbugs.gnu.org; Thu, 10 Feb 2022 17:29:28 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by baptiste.telenet-ops.be with bizsmtp id taVS260034UW6Th01aVS11; Thu, 10 Feb 2022 23:29:26 +0100 Message-ID: <2ff5b7962c1258f94554f23128385c593a3ee9de.camel@telenet.be> Subject: Re: bug#53608: [PATCH 0/2] Rejecting commits unrelated to the introductory commit From: Maxime Devos To: Ludovic =?ISO-8859-1?Q?Court=E8s?= , 53608@debbugs.gnu.org Date: Thu, 10 Feb 2022 23:29:25 +0100 In-Reply-To: <87leyl7yj0.fsf@gnu.org> References: <20220128173142.7072-1-ludo@gnu.org> <87leyl7yj0.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-IdGAVPLeEIMxSRGuRHfv" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1644532166; bh=dt2Lxlr38nf0ftkbPXg+OhS9yBWNBNKrAbYLooardO0=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=GtFehImHR104ohbUTzGxnWP84EWkXYW+kjOHMRs2cylV9qQE9FNaS0T9sM+nAGHoL 7Za1Ef4MXO8guLvbIahTJAqHIB20eWZF8wJ5yrbJeqISNuoVohJrnukORm1LrNjkUg NoQOM0p9/aLa97kWZ+N/QaYQhW6OflylIliuBxkxhoPghkJfCTD/tt44Q/ZWqKU3hD kdBbrFmQlCrhgSMniZd39lX/0dkI21sN2EqJENOkdhO1BCfDRJ0DaZMYmwmQGmy7LM Md825rNPGYKndjIZqhx8ZKYIDoxdR3BwcO1lhGlbPOqBD3HxAdrDiEsgeqNbXiL0Ae sL4rOeqoESUmQ== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 53608 Cc: Attila Lendvai X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-IdGAVPLeEIMxSRGuRHfv Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op wo 09-02-2022 om 00:02 [+0100]: > Howdy Maxime & Attila, >=20 > Did you have a chance to look into this series? >=20 > =C2=A0=C2=A0https://issues.guix.gnu.org/53608 >=20 > It=E2=80=99s relatively simple but I=E2=80=99d rather have other eyeballs= looking at it. >=20 > TIA. :-) The concept seems reasonable to me but I cannot tell if the implementation is good or bad. Greetings, Maxime. --=-IdGAVPLeEIMxSRGuRHfv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYgWRxRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qEOAQCEfbn+MLhVRCt5q5ukhzGHy9m1 DN9i/vQ5E1zEqHjGVQEAh+71xUwAAK4Kpw/zR7S5/dyoy1TS75Nwo5rO1aYfLw0= =cMzn -----END PGP SIGNATURE----- --=-IdGAVPLeEIMxSRGuRHfv-- From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 14 05:34:09 2022 Received: (at 53608) by debbugs.gnu.org; 14 Feb 2022 10:34:09 +0000 Received: from localhost ([127.0.0.1]:39921 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nJYgL-0001yC-6M for submit@debbugs.gnu.org; Mon, 14 Feb 2022 05:34:09 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:34874) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nJYgI-0001xh-Qv for 53608@debbugs.gnu.org; Mon, 14 Feb 2022 05:34:07 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 49C32B12; Mon, 14 Feb 2022 11:34:01 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bGr4uSXyWvWd; Mon, 14 Feb 2022 11:34:00 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 202A528B; Mon, 14 Feb 2022 11:34:00 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: bug#53608: [PATCH 0/2] Rejecting commits unrelated to the introductory commit References: <20220128173142.7072-1-ludo@gnu.org> <87leyl7yj0.fsf@gnu.org> <2ff5b7962c1258f94554f23128385c593a3ee9de.camel@telenet.be> Date: Mon, 14 Feb 2022 11:33:59 +0100 In-Reply-To: <2ff5b7962c1258f94554f23128385c593a3ee9de.camel@telenet.be> (Maxime Devos's message of "Thu, 10 Feb 2022 23:29:25 +0100") Message-ID: <87tud1ybxk.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 49C32B12 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/mixed,text/plain,text/x-patch]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 53608 Cc: Attila Lendvai , 53608@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Maxime Devos skribis: > Ludovic Court=C3=A8s schreef op wo 09-02-2022 om 00:02 [+0100]: >> Howdy Maxime & Attila, >>=20 >> Did you have a chance to look into this series? >>=20 >> =C2=A0=C2=A0https://issues.guix.gnu.org/53608 >>=20 >> It=E2=80=99s relatively simple but I=E2=80=99d rather have other eyeball= s looking at it. >>=20 >> TIA. :-) > > The concept seems reasonable to me but I cannot tell if the > implementation is good or bad. OK. I went ahead and pushed these two commits: ca87601dd9 git-authenticate: Ensure the target is a descendant of the int= roductory commit. 87d49346f3 git: Add 'commit-descendant?'. The actual change is this extra condition: --=-=-= Content-Type: text/x-patch Content-Disposition: inline @@ -426,6 +428,17 @@ (define commits (verify-introductory-commit repository keyring start-commit signer)) + ;; Make sure END-COMMIT is a descendant of START-COMMIT or of one of + ;; AUTHENTICATED-COMMITS, which are known to be descendants of + ;; START-COMMIT. + (unless (commit-descendant? end-commit + (cons start-commit + authenticated-commits)) + (raise (formatted-message + (G_ "commit ~a is not a descendant of introductory commit ~a") + (oid->string (commit-id end-commit)) + (oid->string (commit-id start-commit))))) + (let ((stats (call-with-progress-reporter reporter (lambda (report) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I encourage everyone to take a look. Thanks, Ludo=E2=80=99. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 14 05:34:16 2022 Received: (at control) by debbugs.gnu.org; 14 Feb 2022 10:34:17 +0000 Received: from localhost ([127.0.0.1]:39924 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nJYgS-0001yc-GU for submit@debbugs.gnu.org; Mon, 14 Feb 2022 05:34:16 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:34896) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nJYgQ-0001yL-S1 for control@debbugs.gnu.org; Mon, 14 Feb 2022 05:34:15 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 75E2BB12 for ; Mon, 14 Feb 2022 11:34:09 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oGH1XePAVo28 for ; Mon, 14 Feb 2022 11:34:09 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id DDEDD28B for ; Mon, 14 Feb 2022 11:34:08 +0100 (CET) Date: Mon, 14 Feb 2022 11:34:08 +0100 Message-Id: <87sfslybxb.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #53608 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 75E2BB12 X-Spamd-Result: default: False [0.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[control@debbugs.gnu.org]; RCPT_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_MIXED_CHARSET(0.71)[subject]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) close 53608 quit From unknown Tue Sep 23 03:24:06 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 14 Mar 2022 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator