GNU bug report logs - #74755
etc/git/pre-push: Run guix git authenticate before check-channel-news

Previous Next

Package: guix-patches;

Reported by: Vagrant Cascadian <vagrant <at> debian.org>

Date: Mon, 9 Dec 2024 20:26:01 UTC

Severity: normal

Done: Vagrant Cascadian <vagrant <at> debian.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 74755 in the body.
You can then email your comments to 74755 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#74755; Package guix-patches. (Mon, 09 Dec 2024 20:26:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Vagrant Cascadian <vagrant <at> debian.org>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 09 Dec 2024 20:26:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: guix-patches <at> gnu.org
Cc: vagrant <at> debian.org
Subject: etc/git/pre-push: Run guix git authenticate before check-channel-news
Date: Mon, 09 Dec 2024 12:25:34 -0800

[Message part 1 (text/plain, inline)]
Running check-channel-news before authenticating the repository could
result in running unauthenticated code; the attached patch switches the
order they are run in.

live well,
  vagrant

[0001-etc-git-pre-push-Run-guix-git-authenticate-before-ch.patch (text/x-diff, inline)]
From 42bd8ceceada3ad764a450c040bc2a9a1e3f7842 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant <at> debian.org>
Date: Mon, 9 Dec 2024 12:21:30 -0800
Subject: [PATCH] etc: git: pre-push: Run guix git authenticate before
 check-channel-news.

Running check-channel-news first could potentially be untrusted code, so
authenticate first.

* etc/git/pre-push: Run guix git authenticate before check-channel-news.
---
 etc/git/pre-push | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/git/pre-push b/etc/git/pre-push
index 325b23854b..752310d854 100755
--- a/etc/git/pre-push
+++ b/etc/git/pre-push
@@ -33,8 +33,8 @@ do
 		case "$2" in
 		    *.gnu.org*)
 			set -e
-			make check-channel-news
 			exec guix git authenticate
+			make check-channel-news
 			exit 127
 			;;
 		    *)

base-commit: da3c8a963f83c044568d99921480259eaa26a923
-- 
2.39.5


[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#74755; Package guix-patches. (Tue, 24 Dec 2024 14:42:02 GMT) Full text and rfc822 format available.

Message #8 received at 74755 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: 74755 <at> debbugs.gnu.org
Subject: Re: bug#74755: etc/git/pre-push: Run guix git authenticate before
 check-channel-news
Date: Tue, 24 Dec 2024 15:41:42 +0100

Hi,

Vagrant Cascadian <vagrant <at> debian.org> skribis:

> From 42bd8ceceada3ad764a450c040bc2a9a1e3f7842 Mon Sep 17 00:00:00 2001
> From: Vagrant Cascadian <vagrant <at> debian.org>
> Date: Mon, 9 Dec 2024 12:21:30 -0800
> Subject: [PATCH] etc: git: pre-push: Run guix git authenticate before
>  check-channel-news.
>
> Running check-channel-news first could potentially be untrusted code, so
> authenticate first.
>
> * etc/git/pre-push: Run guix git authenticate before check-channel-news.

LGTM, thanks!

Ludo’.
Reply sent to Vagrant Cascadian <vagrant <at> debian.org>:
You have taken responsibility. (Sun, 05 Jan 2025 21:26:02 GMT) Full text and rfc822 format available.
Notification sent to Vagrant Cascadian <vagrant <at> debian.org>:
bug acknowledged by developer. (Sun, 05 Jan 2025 21:26:02 GMT) Full text and rfc822 format available.

Message #13 received at 74755-done <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 74755-done <at> debbugs.gnu.org
Subject: Re: bug#74755: etc/git/pre-push: Run guix git authenticate before
 check-channel-news
Date: Sun, 05 Jan 2025 13:25:32 -0800

[Message part 1 (text/plain, inline)]
On 2024-12-24, Ludovic Courtès wrote:
> Vagrant Cascadian <vagrant <at> debian.org> skribis:
>> From 42bd8ceceada3ad764a450c040bc2a9a1e3f7842 Mon Sep 17 00:00:00 2001
>> From: Vagrant Cascadian <vagrant <at> debian.org>
>> Date: Mon, 9 Dec 2024 12:21:30 -0800
>> Subject: [PATCH] etc: git: pre-push: Run guix git authenticate before
>>  check-channel-news.
>>
>> Running check-channel-news first could potentially be untrusted code, so
>> authenticate first.
>>
>> * etc/git/pre-push: Run guix git authenticate before check-channel-news.
>
> LGTM, thanks!

Pushed as:

ab9cda9ebd00073d5a0783919809f2e564f141e9 etc: git: pre-push: Run guix git authenticate before check-channel-news.

live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 03 Feb 2025 12:24:11 GMT) Full text and rfc822 format available.
This bug report was last modified 194 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.