GNU bug report logs - #55399
libgit2 1.4.3 directory owner validation breaks Guix

Previous Next

Full log

Message #46 received at 55399 <at> debbugs.gnu.org (full text, mbox):

From: André Batista <nandre <at> riseup.net>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Maxime Devos <maximedevos <at> telenet.be>, 55399 <at> debbugs.gnu.org
Subject: Re: bug#55399: guix system reconfigure fails on channel validation
Date: Fri, 3 Feb 2023 00:48:43 -0300

Hello,

ter 24 mai 2022 às 20:44:13 (1653435853), nandre <at> riseup.net enviou:
> seg 23 mai 2022 às 16:18:52 (1653333532), ludo <at> gnu.org enviou:
> > (For now commit b6bfe9ea6a1b19159455b34f1af4ac00ef9b94ab changes
> > Guile-Git in Guix to depend on libgit2 1.3 as a workaround.)
> 
> After upgrading guile-git, the attached patches disables owner
> validation and reverts the above commit which made Guix's guile-git
> depend on libgit2 1.3 instead of latest.

#61246 has an alternative solution to this issue. Newer libgit2
versions check for safe.directory configuration entries on user's
global scope. This means that instead of disabling owner validation
in guix code itself, users can exempt directories of their own
choosing. This is IMO a better solution and so the patches provided
here should be disregarded.

However, since libgit2 seems to have changed its API elsewhere after
1.3.x, I've avoided messing with guile-git inputs this time and so
it still depends on libgit2-1.3.

IMO, instead of upgrading libgit2 dependency and risk breaking
guile-git in unknown ways, we should work on revising guile-git's
conformance to latter libgit2 versions (it's currently on 1.5.1).
Meaning not trying to apply the patches Maxime provided, but
working upstream.

WDYT?

Cheers!

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.