GNU bug report logs - #76660
Downgrade prevention triggers erroneously with 'guix pull'

Previous Next

Full log

View this message in rfc822 format

From: Simon Tournier <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Tomas Volf <~@wolfsden.cz>
Cc: Jack Hill <jackhill <at> jackhill.us>, 76660 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: bug#76660: current guix pull doesn't authenticate
Date: Mon, 10 Mar 2025 20:46:32 +0100

Hi,

On Mon, 10 Mar 2025 at 15:27, Ludovic Courtès <ludo <at> gnu.org> wrote:

>> I expect the root cause to be the same as in 66268.  (Man, is it over an
>> year already?  The time sure does fly.)
>
> It looks like it!  Terrible that such a serious bug didn’t triaged
> appropriately.

Somehow, the fix seems to rely on “git merge-base --is-ancestor” for
implementing “commit-relation”?

Since “build: Add dependency on Git” commit
f651a359691cbe4750f1fe8d14dd964f7971f91 from Sep 26 2023 we can assume
Git is available by the code that run “commit-relation”, no?

And, to my knowledge, the implementation relying on “git merge-base
--is-ancestor” does not have the problem, right?

Last cherry on the top, from [1], the implementation relying on “git
merge-base --is-ancestor” is 35x faster.

Win-win, no?  Because the fix for ’eq?’  will introduce performance cost
and ’commit-relation’ will be even slower, no?

Cheers,
simon

1: comparing commit-relation using Scheme+libgit2 vs shellout plumbing Git
Simon Tournier <zimon.toutoune <at> gmail.com>
Tue, 12 Sep 2023 00:48:30 +0200
id:865y4gz5q9.fsf <at> gmail.com
https://lists.gnu.org/archive/html/guix-devel/2023-09
https://yhetil.org/guix/865y4gz5q9.fsf <at> gmail.com

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.