From debbugs-submit-bounces@debbugs.gnu.org Thu May 23 18:34:16 2024
Received: (at submit) by debbugs.gnu.org; 23 May 2024 22:34:16 +0000
Received: from localhost ([127.0.0.1]:33117 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sAH0p-0008ID-PS
	for submit@debbugs.gnu.org; Thu, 23 May 2024 18:34:16 -0400
Received: from lists.gnu.org ([209.51.188.17]:53392)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@antr.me>) id 1sAH0m-0008I7-UQ
 for submit@debbugs.gnu.org; Thu, 23 May 2024 18:34:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@antr.me>) id 1sAH0f-0002Gj-Mk
 for bug-guix@gnu.org; Thu, 23 May 2024 18:34:05 -0400
Received: from mout-p-103.mailbox.org ([2001:67c:2050:0:465::103])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
 (Exim 4.90_1) (envelope-from <mail@antr.me>) id 1sAH0d-0007hi-Rc
 for bug-guix@gnu.org; Thu, 23 May 2024 18:34:05 -0400
Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (No client certificate requested)
 by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4VljdG6hgYz9sQb
 for <bug-guix@gnu.org>; Fri, 24 May 2024 00:33:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antr.me; s=MBO0001;
 t=1716503634;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=j1j3ix4ZZcH72BaAmYiEoXN5k9eL/aIK+58emn44tZU=;
 b=angDBtgcd/5WUSLVB09GDnTODZ4HM5pUvHcH4izsbYw35/umkaCjRGpsbq1LVi3R6lPtqu
 5B5Fa55CjOqK5vM8wkuK43qFAyGJ50gSGgwVvzVcR6aJ15KOqJ+IcUrkVagaLjHWOiXQ2B
 hsRNctbXZ725RTizgZuwZ4WBDrc//te7epwuDOJvwtxaXEalWwrZ8m1icSOmdXd7XCzF5F
 1s/crobiAkEexMqgOy5Z/ycSUgXgoA3lCOu750MX8YHRYgsTRLafVUkyHJo8zJHXs4X8VK
 iWRimsLQd2aVYfAstIqhc1jwXvvKPLLoW8wRRzyncrcgBQ9YmhpsMHceTawK5Q==
From: Antero Mejr <mail@antr.me>
To: bug-guix@gnu.org
Subject: [PATCH] gnu: Validate substitute URLs for guix service.
Date: Thu, 23 May 2024 22:33:42 +0000
Message-ID: <87cypcrwe1.fsf@antr.me>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=2001:67c:2050:0:465::103;
 envelope-from=mail@antr.me; helo=mout-p-103.mailbox.org
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


* gnu/services/base.scm (guix-service-type): Validate `substitute-urls' field.

Change-Id: I11ed74304ab02ae550db5479be9f02601857f294
---
If you forget to write "https://" when specifying a substitute URL in
guix-configuration, the system will end up in a bad state where any
`guix pull` or `guix reconfigure` operation immediately fail. It's
difficult to fix, so validate the field to avoid the problem.

 gnu/services/base.scm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 85160bd3ab..da26b86c83 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -99,6 +99,7 @@ (define-module (gnu services base)
   #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
   #:use-module (ice-9 format)
+  #:use-module (web uri)
   #:re-export (user-processes-service-type        ;backwards compatibility
                %default-substitute-urls)
   #:export (fstab-service-type
@@ -2075,6 +2076,11 @@ (define (guix-extension-merge a b)
    (chroot-directories (append (guix-extension-chroot-directories a)
                                (guix-extension-chroot-directories b)))))
 
+(define (validate-substitute-url url-str)
+  (if (string->uri url-str)
+      url-str
+      (error "Not a valid substitute URL: " url-str)))
+
 (define guix-service-type
   (service-type
    (name 'guix)
@@ -2093,8 +2099,10 @@ (define guix-service-type
               (inherit config)
               (authorized-keys (append (guix-extension-authorized-keys extension)
                                        (guix-configuration-authorized-keys config)))
-              (substitute-urls (append (guix-extension-substitute-urls extension)
-                                       (guix-configuration-substitute-urls config)))
+              (substitute-urls
+               (map validate-substitute-url
+                    (append (guix-extension-substitute-urls extension)
+                            (guix-configuration-substitute-urls config))))
               (build-machines
                (and (or (guix-configuration-build-machines config)
                         (pair? (guix-extension-build-machines extension)))

base-commit: 9901416233867233192b63fde7f616751127b189
-- 
2.41.0





From debbugs-submit-bounces@debbugs.gnu.org Fri May 24 10:19:55 2024
Received: (at 71153) by debbugs.gnu.org; 24 May 2024 14:19:55 +0000
Received: from localhost ([127.0.0.1]:37394 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sAVly-0000CR-RR
	for submit@debbugs.gnu.org; Fri, 24 May 2024 10:19:55 -0400
Received: from mail-108-mta117.mxroute.com ([136.175.108.117]:36109)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <richard@freakingpenguin.com>) id 1sAVlv-0000CJ-Qr
 for 71153@debbugs.gnu.org; Fri, 24 May 2024 10:19:52 -0400
Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com)
 (Authenticated sender: mN4UYu2MZsgR)
 by mail-108-mta117.mxroute.com (ZoneMTA) with ESMTPSA id
 18faaf8ca1c000efce.002 for <71153@debbugs.gnu.org>
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Fri, 24 May 2024 14:19:42 +0000
X-Zone-Loop: 40b7474f0b468acc7683fbc14b0c30c4a75f8950d34c
X-Originating-IP: [136.175.111.3]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=freakingpenguin.com; s=x; h=Content-Type:MIME-Version:Message-ID:Date:
 References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=U3ZGy6Jwveg0rFVIuUqI9rYshmae6r07glwHw/B4uvQ=; b=TdSu1L1sNoAeGBq6mu03WTzsQZ
 VSRaF13yhmH/97v5whwJGeySpiJorr/YLtANlWfpNFx4fPRTM2Zuqg35UCUn1fWO67bpfSYYZn/rm
 r1dJVz05qQhjgnCKVFgeg9AfPd1JwK8gW/Zmdqw7zTh3i5E8Ihx8Dqy4LCGOKzDcjKXUeknnb45tH
 x1Nde8A5EI0Jh02iHfiUDDKIq5wa9gXvK8+v6E3yIy628FHd/VCrf07t18vPDYgAvHOgp3w77R7ZK
 +3O/Vf4+r3p2zyookPdZlVg2tLTUiEuiSN4CLZgYPfTwVhGYB5q2aw9WZWoBs9+IprG22UVcVOMgP
 gMz+EZ8g==;
From: Richard Sent <richard@freakingpenguin.com>
To: Antero Mejr <mail@antr.me>
Subject: Re: bug#71153: [PATCH] gnu: Validate substitute URLs for guix service.
In-Reply-To: <87cypcrwe1.fsf@antr.me> (Antero Mejr's message of "Thu, 23 May
 2024 22:33:42 +0000")
References: <87cypcrwe1.fsf@antr.me>
Date: Fri, 24 May 2024 10:19:32 -0400
Message-ID: <87cypbuwaz.fsf@freakingpenguin.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Authenticated-Id: richard@freakingpenguin.com
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 71153
Cc: 71153@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Antero Mejr <mail@antr.me> writes:

> +(define (validate-substitute-url url-str)
> +  (if (string->uri url-str)
> +      url-str
> +      (error "Not a valid substitute URL: " url-str)))
> +

> +              (substitute-urls
> +               (map validate-substitute-url
> +                    (append (guix-extension-substitute-urls extension)
> +                            (guix-configuration-substitute-urls config))))

Should we instead create a validate-substitute-urls and use that as a
sanitizer for the guix-extension and guix-configuration records? This
would catch errors during record creation instead of service creation,
as well as still perform validation if anything else does or will use
those records in the future.

-- 
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.




From debbugs-submit-bounces@debbugs.gnu.org Fri May 24 14:27:19 2024
Received: (at 71153) by debbugs.gnu.org; 24 May 2024 18:27:19 +0000
Received: from localhost ([127.0.0.1]:38492 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sAZdP-0005Ka-Bp
	for submit@debbugs.gnu.org; Fri, 24 May 2024 14:27:19 -0400
Received: from mout-p-201.mailbox.org ([80.241.56.171]:40232)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@antr.me>) id 1sAZdN-0005KU-Qr
 for 71153@debbugs.gnu.org; Fri, 24 May 2024 14:27:18 -0400
Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (No client certificate requested)
 by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4VmD5w6x1yz9sqP;
 Fri, 24 May 2024 20:27:00 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antr.me; s=MBO0001;
 t=1716575221;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=pRdg8uhQTb2GNEAIvn1Z+vVb52lU0ExktV9CANZsFvk=;
 b=CPorSK6Ym8qF7Leh9QorXPJGkD69r7GFzeVM5b4IMEBCImk3ITN78ovGSQ7OaD39kNRdq0
 jvlwjDCG4lLSIDTruI+e0wbWn82E0ktlmijutdG2P+E/Gmxw/EAOgZPOf4ERB+oWD0jm5f
 1f4jRicavyVEfLmWRFXXSAgKDPZbW5/MdhSMEycUak5z9SfUxO+oDWLQGOAD7JxFEHhvOB
 0w6zZCc1INfKd1YglUIgFuBxVd2IZ1j5ic5sADc/tztAyaSRuk8DGgWqk93sNfyRWT7SlK
 AyvDaloMhkJnUDvjTT2UabKv4QbbJmVNzqd3/Q1sXVJBhBLx+A1kI8XOiulaOQ==
From: Antero Mejr <mail@antr.me>
To: Richard Sent <richard@freakingpenguin.com>
Subject: Re: bug#71153: [PATCH] gnu: Validate substitute URLs for guix service.
In-Reply-To: <87cypbuwaz.fsf@freakingpenguin.com> (Richard Sent's message of
 "Fri, 24 May 2024 10:19:32 -0400")
References: <87cypcrwe1.fsf@antr.me> <87cypbuwaz.fsf@freakingpenguin.com>
Date: Fri, 24 May 2024 18:26:56 +0000
Message-ID: <87a5kfjcb3.fsf@antr.me>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 71153
Cc: 71153@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Richard Sent <richard@freakingpenguin.com> writes:

> Should we instead create a validate-substitute-urls and use that as a
> sanitizer for the guix-extension and guix-configuration records? This
> would catch errors during record creation instead of service creation,
> as well as still perform validation if anything else does or will use
> those records in the future.

The problem mentioned in the initial patch only occurs when the invalid
URLs are used in the Guix service type. Having them in the record isn't
a problem. I don't there there is a major difference in where the
validation occurs though.