From debbugs-submit-bounces@debbugs.gnu.org Wed May 21 15:12:55 2025 Received: (at submit) by debbugs.gnu.org; 21 May 2025 19:12:55 +0000 Received: from localhost ([127.0.0.1]:52694 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHos0-0005d2-Fd for submit@debbugs.gnu.org; Wed, 21 May 2025 15:12:54 -0400 Received: from lists.gnu.org ([2001:470:142::17]:38348) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uHorv-0005aq-7c for submit@debbugs.gnu.org; Wed, 21 May 2025 15:12:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHoro-0006fz-Jr for bug-gnu-emacs@gnu.org; Wed, 21 May 2025 15:12:41 -0400 Received: from dancol.org ([2600:3c01:e000:3d8::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHorm-000730-9T for bug-gnu-emacs@gnu.org; Wed, 21 May 2025 15:12:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=b2THrs6fVAQN+uEKkkUcEOgpVwNxOaJ+lLTbnnjllQA=; b=MCHt+EqUbHex/THl+mlpQRGP1g cIckkNuz2Km9P8uGk6+SO56T+MOdLHsAAw4U+j8I/C3tJCAzm7kM3HrZPtdWZ+zreCmFndeXV0WoD gPeKSDJa8cqf+0l+2cmxRqC4Zwm9E2IpOGmVkn2bHLawhsW9z0AymGfRXnxXPwFEP4ckup8sAhW98 XPfd2dp9CfljucXEajty3u2zsEzGAPJ56cYSUYn1irrP5PmoOGHMXUTxADsceKrxgboGzbqSEUChN lcpG+GesbAci3li0ui6pjup6eLyC1Sr7b39GP4dVmaj8MFhLrPPNMbk6adfoyOnB9UrctIZ+SZLNE 2sbRLVag==; Received: from dancol by dancol.org with local (Exim 4.96) (envelope-from ) id 1uHoqe-00ACBP-0J for bug-gnu-emacs@gnu.org; Wed, 21 May 2025 15:11:28 -0400 From: Daniel Colascione To: bug-gnu-emacs@gnu.org Subject: [Security] hash locking needed for tree-sitter downloads User-Agent: mu4e 1.12.10; emacs 31.0.50 Date: Wed, 21 May 2025 15:12:32 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2600:3c01:e000:3d8::1; envelope-from=dancol@dancol.org; helo=dancol.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) When downloading code, a tag isn't good enough. We should insist on a specific commit. We have a fair bit of code in Emacs that looks like this: (add-to-list 'treesit-language-source-alist '(javascript "https://github.com/tree-sitter/tree-sitter-javascript" "v0.23.1") t) (add-to-list 'treesit-language-source-alist '(jsdoc "https://github.com/tree-sitter/tree-sitter-jsdoc" "v0.23.2") t) The entries in treesit-language-source-alist mostly have tags but not commit hashes. The expected commit hash should be *mandatory*, because right now, anyone with access to one of these repositories can retarget any of those tags at malicious code. See https://snyk.io/blog/npm-security-preventing-supply-chain-attacks/ Every other important language ecosystem has evolved some kind of "hash locking" capability for breaking the author-retargets-to-malware attack vector. We should too. We shouldn't allow the commit hash to be absent for ordinary users. P.S. we've debated vendoring these grammars with Emacs. I still think that's the right way to go. But if we're going to download and build, we should at least do it in a secure way. P.S.S. Do we need the list of grammars in build.sh under admin? It duplicates what's in Lisp elsewhere in the tree. From debbugs-submit-bounces@debbugs.gnu.org Thu May 22 02:46:28 2025 Received: (at 78542) by debbugs.gnu.org; 22 May 2025 06:46:28 +0000 Received: from localhost ([127.0.0.1]:59072 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHzhD-0007PF-UE for submit@debbugs.gnu.org; Thu, 22 May 2025 02:46:28 -0400 Received: from relay9-d.mail.gandi.net ([2001:4b98:dc4:8::229]:53813) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uHzgv-0007Lp-9Z for 78542@debbugs.gnu.org; Thu, 22 May 2025 02:46:12 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 3DC2B439A6; Thu, 22 May 2025 06:45:59 +0000 (UTC) From: Juri Linkov To: Daniel Colascione Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: Organization: LINKOV.NET References: Date: Thu, 22 May 2025 09:36:57 +0300 Message-ID: <87o6vlxijm.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddtgdehvdejucdltddurdegfedvrddttddmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufgjohhffffkfgggtgesthdtredttdertdenucfhrhhomheplfhurhhiucfnihhnkhhovhcuoehjuhhriheslhhinhhkohhvrdhnvghtqeenucggtffrrghtthgvrhhnpeffgeetfeevlefhleejfeeuheeiudeitdffhfdutdekfeffgffhveehteegueekheenucfkphepledurdduvdelrddutdefrddvjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeluddruddvledruddtfedrvdejpdhhvghlohepmhgrihhlrdhgrghnughirdhnvghtpdhmrghilhhfrhhomhepjhhurhhisehlihhnkhhovhdrnhgvthdpnhgspghrtghpthhtohepfedprhgtphhtthhopeejkeehgedvseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtoheptggrshhouhhrihesghhmrghilhdrtghomhdprhgtphhtthhopegurghntgholhesuggrnhgtohhlrdhorhhg X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: Yuan Fu , 78542@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) > When downloading code, a tag isn't good enough. We should insist on a > specific commit. > [...] > The entries in treesit-language-source-alist mostly have tags but not > commit hashes. The expected commit hash should be *mandatory*, because > right now, anyone with access to one of these repositories can retarget > any of those tags at malicious code. Indeed, tags can be easily relocated to a different commit. > Every other important language ecosystem has evolved some kind of "hash > locking" capability for breaking the author-retargets-to-malware attack > vector. We should too. We shouldn't allow the commit hash to be absent > for ordinary users. Agreed, "hash locking" should lock commit hashes, not tags. > P.S. we've debated vendoring these grammars with Emacs. I still think > that's the right way to go. But if we're going to download and build, > we should at least do it in a secure way. The only reason currently tags are used instead of commit hashes is because there is no way to checkout a specific commit with the current implementation when the default value of 'treesit--install-language-grammar-full-clone' is nil. > P.S.S. Do we need the list of grammars in build.sh under admin? It > duplicates what's in Lisp elsewhere in the tree. Apparently no need, so they could be removed. From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 07 04:06:02 2025 Received: (at 78542) by debbugs.gnu.org; 7 Jun 2025 08:06:03 +0000 Received: from localhost ([127.0.0.1]:46641 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uNoZ0-0003pp-EJ for submit@debbugs.gnu.org; Sat, 07 Jun 2025 04:06:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49078) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uNoYx-0003pI-LC for 78542@debbugs.gnu.org; Sat, 07 Jun 2025 04:06:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uNoYr-0001uz-9k; Sat, 07 Jun 2025 04:05:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=+tn/Bnk9HkU3W8BceX3HE+ThwGI8L7A1sMx9jUEKbnI=; b=A/0/uOeIZ4g6 UqKH9ycnl1kIng/gToxeyvh47yxwtU2bNYBIZrrWTixCmeI8fMdOZE/FsAwumDlkYACd85V7RUgbm an5t8f8UozKnKEL7oxDkS4wssJ+InGlXc4DrbCLiApv4g+fHVLTbBJmjoZ8/yfBeOyfahFm7fLJ1N 2iMzrDfYa0qGxZCO2IRgs3VOZVlwsfRYc/xReSv1e6SW2KvpQoZURahw3bLkCN5isKh+qIZuqxsUw 3yGEmzmPZ+dXNw8qf1kO3pztmOvU6hvE/ykBILf2jH2dnyP7kUoT/bo4q76u3ineKdleI9/NQoHiH SEKdB1HOSXctlB9TasHKnQ==; Date: Sat, 07 Jun 2025 11:05:51 +0300 Message-Id: <86wm9oj7s0.fsf@gnu.org> From: Eli Zaretskii To: Juri Linkov , casouri@gmail.com In-Reply-To: <87o6vlxijm.fsf@mail.linkov.net> (message from Juri Linkov on Thu, 22 May 2025 09:36:57 +0300) Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads References: <87o6vlxijm.fsf@mail.linkov.net> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ping! Do we want to make some progress here? > Cc: Yuan Fu , 78542@debbugs.gnu.org > From: Juri Linkov > Date: Thu, 22 May 2025 09:36:57 +0300 > > > When downloading code, a tag isn't good enough. We should insist on a > > specific commit. > > [...] > > The entries in treesit-language-source-alist mostly have tags but not > > commit hashes. The expected commit hash should be *mandatory*, because > > right now, anyone with access to one of these repositories can retarget > > any of those tags at malicious code. > > Indeed, tags can be easily relocated to a different commit. > > > Every other important language ecosystem has evolved some kind of "hash > > locking" capability for breaking the author-retargets-to-malware attack > > vector. We should too. We shouldn't allow the commit hash to be absent > > for ordinary users. > > Agreed, "hash locking" should lock commit hashes, not tags. > > > P.S. we've debated vendoring these grammars with Emacs. I still think > > that's the right way to go. But if we're going to download and build, > > we should at least do it in a secure way. > > The only reason currently tags are used instead of commit hashes is > because there is no way to checkout a specific commit with the > current implementation when the default value of > 'treesit--install-language-grammar-full-clone' is nil. > > > P.S.S. Do we need the list of grammars in build.sh under admin? It > > duplicates what's in Lisp elsewhere in the tree. > > Apparently no need, so they could be removed. > > > > From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 08 13:49:03 2025 Received: (at 78542) by debbugs.gnu.org; 8 Jun 2025 17:49:03 +0000 Received: from localhost ([127.0.0.1]:52822 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uOK8l-0002rA-A1 for submit@debbugs.gnu.org; Sun, 08 Jun 2025 13:49:03 -0400 Received: from relay7-d.mail.gandi.net ([217.70.183.200]:44567) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uOK8j-0002qf-IQ for 78542@debbugs.gnu.org; Sun, 08 Jun 2025 13:49:02 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 75312438F0; Sun, 8 Jun 2025 17:48:53 +0000 (UTC) From: Juri Linkov To: Eli Zaretskii Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: <86wm9oj7s0.fsf@gnu.org> Organization: LINKOV.NET References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> Date: Sun, 08 Jun 2025 20:45:42 +0300 Message-ID: <87ecvugm9l.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugdekudejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufgjohhffffkfgggtgesthdtredttdertdenucfhrhhomheplfhurhhiucfnihhnkhhovhcuoehjuhhriheslhhinhhkohhvrdhnvghtqeenucggtffrrghtthgvrhhnpeegtdekudehueevfefftedufeelgfejffektefgieevjeeigeekueejteelieegheenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeeluddruddvledruddtfedrvdejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepledurdduvdelrddutdefrddvjedphhgvlhhopehmrghilhdrghgrnhguihdrnhgvthdpmhgrihhlfhhrohhmpehjuhhriheslhhinhhkohhvrdhnvghtpdhnsggprhgtphhtthhopeegpdhrtghpthhtohepjeekheegvdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopegurghntgholhesuggrnhgtohhlrdhorhhgpdhrtghpthhtoheptggrshhouhhrihesghhmrghilhdrtghomhdprhgtphhtthhopegvlhhiiiesghhnuhdrohhrgh X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, casouri@gmail.com, dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) >> The only reason currently tags are used instead of commit hashes is >> because there is no way to checkout a specific commit with the >> current implementation when the default value of >> 'treesit--install-language-grammar-full-clone' is nil. Here is the current state: 1. (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json") installs the latest commit 46aa487. 2. (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" "v0.24.8") installs the commit ee35a6e tagged v0.24.8. 3. (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" "4d770d3") fails to check out "4d770d3" with the error: git clone https://github.com/tree-sitter/tree-sitter-json --quiet --depth 1 -b 4d770d3 warning: Could not find remote branch 4d770d3 to clone fatal: Remote branch 4d770d3 not found in upstream origin 4. (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" nil nil nil nil "4d770d3") fails to check out "4d770d3" with the error: git -C /tmp/treesit-workdirHhEIhg/repo checkout 4d770d3 error: pathspec '4d770d3' did not match any file(s) known to git After (setq treesit--install-language-grammar-full-clone t): 5. (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" "4d770d3") successfully installs the commit "v0.24.8-1-g4d770d3". When treesit--install-language-grammar-full-clone is nil, "--depth 1" is added to "git clone". So we need a Git guru to recommend a command line to use "git clone" with "--depth 1" to check out a single commit. From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 09 21:38:28 2025 Received: (at 78542) by debbugs.gnu.org; 10 Jun 2025 01:38:29 +0000 Received: from localhost ([127.0.0.1]:59423 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uOnwX-0007EH-Jl for submit@debbugs.gnu.org; Mon, 09 Jun 2025 21:38:28 -0400 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]:42438) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uOnwT-0007Cd-65 for 78542@debbugs.gnu.org; Mon, 09 Jun 2025 21:38:22 -0400 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-74801bc6dc5so3671813b3a.1 for <78542@debbugs.gnu.org>; Mon, 09 Jun 2025 18:38:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1749519495; x=1750124295; darn=debbugs.gnu.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=FcSFOC4zuChFa+tHDU6XG7o9rlGHpjgdA6TQQyY44hA=; b=H4lSyj/b2EauzFYQJUABufllOeK/mWm2FxPBjyKwMhhKIpNwihwY5aT0wwH0La/8G1 +BNtWXUKgvtCYJNAPEevtok//dZB3Y9n87AWcpknyCBOvHVKIRr80fmDUqo8INhoPDwL 1iuDf7GLgHOL/HoAMScqymsI08GgxYf3Y+eLaoeGF3Z9boqvrZZapkdgyF0tuxXBKuPI s4mP3a8PQKMvtciUEYmtaEevB30PiCpCZZyie1lSQ0ieDGj+gA9iMsWb1CkclJEM+Qu+ II1inc0SGk2N72QQtupe1fwnpDoJb5lK3X9Wkd6Kl18EhHoQ1yvyM8BvOqW0kT5aofjH Y4Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749519495; x=1750124295; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FcSFOC4zuChFa+tHDU6XG7o9rlGHpjgdA6TQQyY44hA=; b=tt8JxRUlQCy8mlEsCW+8ArpDVSkltKxDGuLjS79rzy4KLGF9DCTBfN6pKp6z5AX6vx gSnDnoyovcuEPN01IuzDjTdt1YB+ujsEyjRe/+ZtPASxtW3O2JCmwLi4VkdKOIbyVVxI AyXmAmi4oouimg61jhtrDv5ey2JDELci6hcjEIR3dpzYA2egD8brRheX581U8GC2Q1Us NSEwPScGuDLyAJyVwGe7ViiL8By7L7ZMyqjrWkHJY+IAI10jZ7ZZT7rUyEiqXKvcp3oJ em9wXjJghalzGz9ykoFffUg4Q3FMuCvRk1PW+g1G/yB2PI0yPxkXflTSwnhyMdjU0Tu7 gdjQ== X-Forwarded-Encrypted: i=1; AJvYcCV8EVlrTyXbsL9KZmEcBU96ccjLi6vf7Na9prPbQxYgqLLi1SuRZK7no0EY2O9OH5Jx2+1YMQ==@debbugs.gnu.org X-Gm-Message-State: AOJu0Yxb7yHmYQi6dPeHDFupdK5HWYKonVbOYtOEYug9IXOP4/Ftp2YZ kVv7Reytnlco7UQ6g1Ot9SXy0QA1jOLWFT7nDVxtQBzD3rOmyGVhfDjp X-Gm-Gg: ASbGncvN8z65PB60NGIKjOTvegys+5MGRLB7PWaa6TPs59WGqrS+rAMbBCqrspQuc/7 XAPDPg6Y4+haGeZpO56Y3qKkeukz3QqUdayPXAeIGBWw+IoAL2m5tjjA6iBU+iOrSdPtYVNuniq 9Q3xcpPnEF0lGAssSNWoUUf441N5ha1gZytudz3HdcVd0v4J+7hNfMaSyIPUfRncU81B0DmCjqR 031+S7Gr4KVE+J9kOqMlw6YXosk8zC7UsOmTsLVChT/opJUxU2UT2ITY1zqps3y4pd2fAXcmfjr f0IvEnrpT1wDlmo8jU66Lu3cR5shSXuyZilFSP5TFswGgeI7w3JivQhXZOch/7WTLj+mrCpGlrJ mN8v+mLdy5hSyrQEGaGkaDa6Q0Qm21Qh8ukA= X-Google-Smtp-Source: AGHT+IFBhfCXqdaTqgYfnvD6DNEV7Chh20cOojxGZTbHOSGLedq0UJN2jTD3lXjwgx4QtUFn1NT2ww== X-Received: by 2002:aa7:88c3:0:b0:736:4e14:8ec5 with SMTP id d2e1a72fcca58-7485ea85e56mr2239435b3a.11.1749519494960; Mon, 09 Jun 2025 18:38:14 -0700 (PDT) Received: from smtpclient.apple (c-24-4-247-194.hsd1.ca.comcast.net. [24.4.247.194]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b0836d4sm6351623b3a.85.2025.06.09.18.38.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jun 2025 18:38:14 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\)) Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads From: Yuan Fu In-Reply-To: <87ecvugm9l.fsf@mail.linkov.net> Date: Mon, 9 Jun 2025 18:38:03 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> To: Juri Linkov X-Mailer: Apple Mail (2.3826.500.181.1.5) X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, Eli Zaretskii , dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > On Jun 8, 2025, at 10:45=E2=80=AFAM, Juri Linkov = wrote: >=20 >>> The only reason currently tags are used instead of commit hashes is >>> because there is no way to checkout a specific commit with the >>> current implementation when the default value of >>> 'treesit--install-language-grammar-full-clone' is nil. >=20 > Here is the current state: >=20 > 1. (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json") >=20 > installs the latest commit 46aa487. >=20 > 2. (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json" > "v0.24.8") >=20 > installs the commit ee35a6e tagged v0.24.8. >=20 > 3. (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json" > "4d770d3") >=20 > fails to check out "4d770d3" with the error: >=20 > git clone https://github.com/tree-sitter/tree-sitter-json --quiet = --depth 1 -b 4d770d3 > warning: Could not find remote branch 4d770d3 to clone > fatal: Remote branch 4d770d3 not found in upstream origin >=20 > 4. (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json" > nil nil nil nil "4d770d3") >=20 > fails to check out "4d770d3" with the error: >=20 > git -C /tmp/treesit-workdirHhEIhg/repo checkout 4d770d3 > error: pathspec '4d770d3' did not match any file(s) known to git >=20 > After (setq treesit--install-language-grammar-full-clone t): >=20 > 5. (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json" > "4d770d3") >=20 > successfully installs the commit "v0.24.8-1-g4d770d3". >=20 > When treesit--install-language-grammar-full-clone is nil, > "--depth 1" is added to "git clone". >=20 > So we need a Git guru to recommend a command line to use > "git clone" with "--depth 1" to check out a single commit. Would it work if we do a blobless full clone, checkout the commit, and = fetch depth=3D1? Eg, git clone https://github.com/tree-sitter/tree-sitter-json.git = --filter=3Dblob:none cd tree-sitter-json git checkout 4d770d3 git fetch --depth=3D1 Yuan= From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 10 02:47:14 2025 Received: (at 78542) by debbugs.gnu.org; 10 Jun 2025 06:47:15 +0000 Received: from localhost ([127.0.0.1]:60197 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uOslO-0000FB-23 for submit@debbugs.gnu.org; Tue, 10 Jun 2025 02:47:14 -0400 Received: from relay6-d.mail.gandi.net ([217.70.183.198]:53323) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uOsfR-0007sc-Fk for 78542@debbugs.gnu.org; Tue, 10 Jun 2025 02:41:09 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id A27614424F; Tue, 10 Jun 2025 06:40:56 +0000 (UTC) From: Juri Linkov To: Yuan Fu Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: Organization: LINKOV.NET References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> Date: Tue, 10 Jun 2025 09:23:31 +0300 Message-ID: <87sek8p1h4.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugddutdefkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefujghofhffkfgfgggtsehttdertddtredtnecuhfhrohhmpefluhhrihcunfhinhhkohhvuceojhhurhhisehlihhnkhhovhdrnhgvtheqnecuggftrfgrthhtvghrnhepgedtkeduheeuveefffetudeflefgjeffkeetgfeiveejieegkeeujeetleeigeehnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepledurdduvdelrddutdefrddvjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeluddruddvledruddtfedrvdejpdhhvghlohepmhgrihhlrdhgrghnughirdhnvghtpdhmrghilhhfrhhomhepjhhurhhisehlihhnkhhovhdrnhgvthdpnhgspghrtghpthhtohepgedprhgtphhtthhopeejkeehgedvseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtohepuggrnhgtohhlsegurghntgholhdrohhrghdprhgtphhtthhopegvlhhiiiesghhnuhdrohhrghdprhgtphhtthhopegtrghsohhurhhisehgmhgrihhlrdgtohhm X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, Eli Zaretskii , dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) >> When treesit--install-language-grammar-full-clone is nil, >> "--depth 1" is added to "git clone". >> >> So we need a Git guru to recommend a command line to use >> "git clone" with "--depth 1" to check out a single commit. > > Would it work if we do a blobless full clone, checkout the commit, and fetch depth=1? Eg, > > git clone https://github.com/tree-sitter/tree-sitter-json.git --filter=blob:none > cd tree-sitter-json > git checkout 4d770d3 > git fetch --depth=1 This still keeps full history. This means we could simply set the default value of treesit--install-language-grammar-full-clone to t, or completely remove this variable, if there is no way to clone at a specific commit without fetching full history? From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 10 03:44:39 2025 Received: (at 78542) by debbugs.gnu.org; 10 Jun 2025 07:44:39 +0000 Received: from localhost ([127.0.0.1]:60730 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uOtew-0007N0-Ia for submit@debbugs.gnu.org; Tue, 10 Jun 2025 03:44:39 -0400 Received: from dancol.org ([2600:3c01:e000:3d8::1]:46746) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uOtet-0007MQ-SQ for 78542@debbugs.gnu.org; Tue, 10 Jun 2025 03:44:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To: Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fxAwwy4+fgcICz9mn7eVkoCpvtBgUUU56LGNg4e3dCY=; b=VpUr7Rdtr7OTyjdlK3vaH+cbur 02dRFxeJYuxp2QyzbI4ZfTcDLDUQuflX2BceN0rcPVPutQnIyjGt+8UWGUlKi2ElvnnL4RmOy1hBC soRKJhSI91tweCJs2+4mR5ubfLXwBr96HVV3ObukJw3eo2u4F4FV5NFv4TgADLfU7syhyllbjYo1r OlnzCgA+VieuyNR5wkBXxEnVqFw9Pcu2pG/hToO+xkViR9ANipTcjDuA3+hi8u2l2p9CAF60y+wlI wpRefDE21pB+6pMNkNaAALI9HAkTdtuUTYVHA2ycjzqrfM5suU3JwLxkTThSd76JX2hers/Agw5ew QmnwRcIQ==; Received: from dancol by dancol.org with local (Exim 4.96) (envelope-from ) id 1uOtdX-00BWR1-0t; Tue, 10 Jun 2025 03:43:11 -0400 From: Daniel Colascione To: Juri Linkov Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: <87sek8p1h4.fsf@mail.linkov.net> References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> User-Agent: mu4e 1.12.10; emacs 31.0.50 Date: Tue, 10 Jun 2025 00:44:30 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: Yuan Fu , 78542@debbugs.gnu.org, Eli Zaretskii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Juri Linkov writes: >>> When treesit--install-language-grammar-full-clone is nil, >>> "--depth 1" is added to "git clone". >>> >>> So we need a Git guru to recommend a command line to use >>> "git clone" with "--depth 1" to check out a single commit. >> >> Would it work if we do a blobless full clone, checkout the commit, and fetch depth=1? Eg, >> >> git clone https://github.com/tree-sitter/tree-sitter-json.git --filter=blob:none >> cd tree-sitter-json >> git checkout 4d770d3 >> git fetch --depth=1 > > This still keeps full history. There's a difference between full history and all blobs for all revisions in this history. You can also use --shallow-since during the clone with a date to further limit history. --shallow-exclude would probably work even better, since you wouldn't need a date, but it's broken for me somehow, at least with the repository above. But --shallow-since works. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 19 13:08:53 2025 Received: (at 78542) by debbugs.gnu.org; 19 Jun 2025 17:08:53 +0000 Received: from localhost ([127.0.0.1]:36174 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSIku-00068d-0m for submit@debbugs.gnu.org; Thu, 19 Jun 2025 13:08:53 -0400 Received: from relay5-d.mail.gandi.net ([2001:4b98:dc4:8::225]:59523) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSIkq-00067I-6n for 78542@debbugs.gnu.org; Thu, 19 Jun 2025 13:08:49 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 681A744351; Thu, 19 Jun 2025 17:08:40 +0000 (UTC) From: Juri Linkov To: Daniel Colascione Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: Organization: LINKOV.NET References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> Date: Thu, 19 Jun 2025 20:06:51 +0300 Message-ID: <87qzzfk6dw.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddvgdeitdekucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufgjohhffffkfgggtgesthdtredttdertdenucfhrhhomheplfhurhhiucfnihhnkhhovhcuoehjuhhriheslhhinhhkohhvrdhnvghtqeenucggtffrrghtthgvrhhnpeegtdekudehueevfefftedufeelgfejffektefgieevjeeigeekueejteelieegheenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeeluddruddvledruddttddrjeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepledurdduvdelrddutddtrdejjedphhgvlhhopehmrghilhdrghgrnhguihdrnhgvthdpmhgrihhlfhhrohhmpehjuhhriheslhhinhhkohhvrdhnvghtpdhnsggprhgtphhtthhopeegpdhrtghpthhtohepjeekheegvdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopegvlhhiiiesghhnuhdrohhrghdprhgtphhtthhopegtrghsohhurhhisehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggrnhgtohhlsegurghntgholhdrohhrgh X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: Yuan Fu , 78542@debbugs.gnu.org, Eli Zaretskii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) >>>> When treesit--install-language-grammar-full-clone is nil, >>>> "--depth 1" is added to "git clone". >>>> >>>> So we need a Git guru to recommend a command line to use >>>> "git clone" with "--depth 1" to check out a single commit. >>> >>> Would it work if we do a blobless full clone, checkout the commit, and fetch depth=1? Eg, >>> >>> git clone https://github.com/tree-sitter/tree-sitter-json.git --filter=blob:none >>> cd tree-sitter-json >>> git checkout 4d770d3 >>> git fetch --depth=1 >> >> This still keeps full history. > > There's a difference between full history and all blobs for all > revisions in this history. You can also use --shallow-since during the > clone with a date to further limit history. --shallow-exclude would > probably work even better, since you wouldn't need a date, but it's > broken for me somehow, at least with the repository above. > But --shallow-since works. I can't find what value to provide for --shallow-since. So let's just use a blobless full clone: diff --git a/lisp/treesit.el b/lisp/treesit.el index 353e991ec20..5d03f0cf45e 100644 --- a/lisp/treesit.el +++ b/lisp/treesit.el @@ -5238,7 +5238,13 @@ treesit--install-language-grammar-1 (if url-is-dir (when revision (treesit--git-checkout-branch workdir revision)) - (treesit--git-clone-repo url revision workdir)) + (if commit + ;; Force blobless full clone to be able later + ;; to checkout a commit (bug#78542). + (let ((treesit--install-language-grammar-blobless t) + (treesit--install-language-grammar-full-clone t)) + (treesit--git-clone-repo url revision workdir)) + (treesit--git-clone-repo url revision workdir))) (when commit (treesit--git-checkout-branch workdir commit)) (setq version (treesit--language-git-revision workdir)) From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 19 13:56:05 2025 Received: (at 78542) by debbugs.gnu.org; 19 Jun 2025 17:56:05 +0000 Received: from localhost ([127.0.0.1]:37038 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSJUa-00039o-RO for submit@debbugs.gnu.org; Thu, 19 Jun 2025 13:56:05 -0400 Received: from relay7-d.mail.gandi.net ([2001:4b98:dc4:8::227]:45503) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSJUY-00038j-Mg for 78542@debbugs.gnu.org; Thu, 19 Jun 2025 13:56:03 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 3678644377; Thu, 19 Jun 2025 17:55:53 +0000 (UTC) From: Juri Linkov To: Daniel Colascione Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: <87qzzfk6dw.fsf@mail.linkov.net> Organization: LINKOV.NET References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> <87qzzfk6dw.fsf@mail.linkov.net> Date: Thu, 19 Jun 2025 20:54:08 +0300 Message-ID: <87v7oripmn.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddvgdeiudejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufgjohhffffkfgggtgesmhdtreertdertdenucfhrhhomheplfhurhhiucfnihhnkhhovhcuoehjuhhriheslhhinhhkohhvrdhnvghtqeenucggtffrrghtthgvrhhnpedvffdvgfffhefhueehieffhfeitdfftdeuvdejvdduledtfedvleeikeelheduheenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeeluddruddvledruddttddrjeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepledurdduvdelrddutddtrdejjedphhgvlhhopehmrghilhdrghgrnhguihdrnhgvthdpmhgrihhlfhhrohhmpehjuhhriheslhhinhhkohhvrdhnvghtpdhnsggprhgtphhtthhopeegpdhrtghpthhtohepvghlihiisehgnhhurdhorhhgpdhrtghpthhtohepjeekheegvdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopegtrghsohhurhhisehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggrnhgtohhlsegurghntgholhdrohhrgh X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: Yuan Fu , 78542@debbugs.gnu.org, Eli Zaretskii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain > + (if commit > + ;; Force blobless full clone to be able later > + ;; to checkout a commit (bug#78542). > + (let ((treesit--install-language-grammar-blobless t) > + (treesit--install-language-grammar-full-clone t)) > + (treesit--git-clone-repo url revision workdir)) > + (treesit--git-clone-repo url revision workdir))) Since with this change it's possible to specify the commit, let's also improve the format of the source list. Currently adding a commit to the list requires prefixing it with four nils: (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" nil nil nil nil "4d770d3") The following patch introduces an alternative format using keywords, e.g.: (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" :commit "4d770d3") --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=treesit-language-source-alist.patch diff --git a/lisp/treesit.el b/lisp/treesit.el index 353e991ec20..fedcb6ed1e9 100644 --- a/lisp/treesit.el +++ b/lisp/treesit.el @@ -4998,7 +4998,7 @@ treesit-language-source-alist The value should be an alist where each element has the form - (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT [KEYWORD VALUE]...)) + (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT)) Only LANG and URL are mandatory. LANG is the language symbol. URL is the URL of the grammar's Git repository or a directory @@ -5015,8 +5015,17 @@ treesit-language-source-alist CC and C++ are C and C++ compilers, defaulting to \"cc\" and \"c++\", respectively. +Another way to specify optional data is to use keywords: + + (LANG . (URL [KEYWORD VALUE]...)) + The currently supported keywords: +`:revision' is the same as REVISION above. +`:source-dir' is the same as SOURCE-DIR above. +`:cc' is the same as CC above. +`:c++' is the same as C++ above. +`:commit' is the same as COMMIT above. `:copy-queries' when non-nil specifies whether to copy the files in the \"queries\" directory from the source directory to the installation directory.") @@ -5203,7 +5212,7 @@ treesit--git-clone-repo (apply #'treesit--call-process-signal args))) (defun treesit--install-language-grammar-1 - (out-dir lang url &optional revision source-dir cc c++ commit &rest args) + (out-dir lang url &rest args) "Compile and install a tree-sitter language grammar library. OUT-DIR is the directory to put the compiled library file. If it @@ -5211,8 +5220,7 @@ treesit--install-language-grammar-1 configuration directory is used (and automatically created if it does not exist). -For LANG, URL, REVISION, SOURCE-DIR, GRAMMAR-DIR, CC, C++, COMMIT, see -`treesit-language-source-alist'. +For ARGS, see `treesit-language-source-alist'. Return the git revision of the installed grammar. The revision is generated by \"git describe\". It only works when @@ -5225,13 +5233,25 @@ treesit--install-language-grammar-1 (workdir (if url-is-dir maybe-repo-dir (expand-file-name "repo"))) - copy-queries version) + version + revision source-dir cc c++ commit copy-queries) ;; Process the keyword args. (while (keywordp (car args)) (pcase (pop args) - (:copy-queries (setq copy-queries (pop args))) - (_ (pop args)))) + (:revision (setq revision (pop args))) + (:source-dir (setq source-dir (pop args))) + (:cc (setq cc (pop args))) + (:c++ (setq c++ (pop args))) + (:commit (setq commit (pop args))) + (:copy-queries (setq copy-queries (pop args))))) + + ;; Old positional convention for backward-compatibility: + (unless revision (setq revision (nth 0 args))) + (unless source-dir (setq source-dir (nth 1 args))) + (unless cc (setq cc (nth 2 args))) + (unless c++ (setq c++ (nth 3 args))) + (unless commit (setq commit (nth 4 args))) (unwind-protect (with-temp-buffer --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 19 14:13:09 2025 Received: (at 78542) by debbugs.gnu.org; 19 Jun 2025 18:13:09 +0000 Received: from localhost ([127.0.0.1]:37300 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSJl6-00056e-PZ for submit@debbugs.gnu.org; Thu, 19 Jun 2025 14:13:09 -0400 Received: from dancol.org ([2600:3c01:e000:3d8::1]:36908) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSJl3-00056B-OD for 78542@debbugs.gnu.org; Thu, 19 Jun 2025 14:13:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: References:In-Reply-To:Subject:CC:To:From:Date:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=lmWlpvXMjpVwzNI58xLBncl+XtNkQ3q8VEl7+g88iJU=; b=Yom7ur9PqR2Np4pREqKVgY/Bzl VnbbyBikpy+FXMZXt9ijxPQqUTvocJy9EMbPe+OPc4uXjtLl/3qHVolA78rF3zL7ka3Pi6Q5G5plL Y/2JE0ecpNQPWX6NLwsH5+KMXEaZXXiydsiwPQDWqKrmni6ZYoxn7iiKA3Z1lH8T63Weht4tZz+ks xhhChZxuUBIOSnKHl4d7vUGnQMsOgm0adjR3RUERtW1HwWhpRa4CeUIaxxjYYbhnQl6+r6n440Yvj 2zG8DsE1GXrTT150b3g3TlLzJXq1SdbuBlQj0a/fXDVZzbSP8gz6MCXZSP6ZmdL3ejsDFno88pfL+ 0X8clTpw==; Received: from [2600:1006:b181:8eab:0:44:9f3e:3501] (port=46220 helo=[IPv6:::1]) by dancol.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1uSJja-00CNIk-2Q; Thu, 19 Jun 2025 14:11:34 -0400 Date: Thu, 19 Jun 2025 14:12:56 -0400 From: Daniel Colascione To: Juri Linkov Subject: =?US-ASCII?Q?Re=3A_bug=2378542=3A_=5BSecurity=5D_hash_lock?= =?US-ASCII?Q?ing_needed_for_tree-sitter_downloads?= User-Agent: K-9 Mail for Android In-Reply-To: <87v7oripmn.fsf@mail.linkov.net> References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> <87qzzfk6dw.fsf@mail.linkov.net> <87v7oripmn.fsf@mail.linkov.net> Message-ID: <4BE28885-3135-4FA9-8665-22DBC9E31FC8@dancol.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: Yuan Fu , 78542@debbugs.gnu.org, Eli Zaretskii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On June 19, 2025 1:54:08 PM EDT, Juri Linkov wrote: >> + (if commit >> + ;; Force blobless full clone to be able later >> + ;; to checkout a commit (bug#78542)=2E >> + (let ((treesit--install-language-grammar-blobless t) >> + (treesit--install-language-grammar-full-clone t)= ) >> + (treesit--git-clone-repo url revision workdir)) >> + (treesit--git-clone-repo url revision workdir))) > >Since with this change it's possible to specify the commit, >let's also improve the format of the source list=2E >Currently adding a commit to the list requires >prefixing it with four nils: > > (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github=2Ecom/tree-sitter/tree-sitter-json" > nil nil nil nil "4d770d3") > >The following patch introduces an alternative format >using keywords, e=2Eg=2E: > > (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github=2Ecom/tree-sitter/tree-sitter-json" > :commit "4d770d3") > Great=2E While you're doing this, can you also please use full hashes? Sho= rt ones aren't particularly collision resistant=2E From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 20 02:55:21 2025 Received: (at 78542) by debbugs.gnu.org; 20 Jun 2025 06:55:21 +0000 Received: from localhost ([127.0.0.1]:45158 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSVej-0005DO-8x for submit@debbugs.gnu.org; Fri, 20 Jun 2025 02:55:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50124) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSVeg-0005Cz-Mz for 78542@debbugs.gnu.org; Fri, 20 Jun 2025 02:55:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uSVeY-0004p1-Pq; Fri, 20 Jun 2025 02:55:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=6RcXx3I/TbNu7cNAD1TMQy41omyT724yZ+XMfckw4Wo=; b=PkPVKG/TV7dO ese6TBNFHvHffRMVB8OEpE0BGWs8JBHKDXdvA74n06fwOLqZPysWQ7mkGQGV11mwymxTOHpHsg8Hz fajAcoekCLwg67fbFVLUw4ZN18zSxheS0uhQTDjzRcI1C+z8w4AmkUTLBKDJcT7jbZi/HGQwlI2iy uxm6LYHRc/2x6pkx6ZSFrxvW81z/ey3wuYPMsY3+YbGvccZZ+BBxYvP7g+e7V0jckFNwHLCxwNOZx 8/y5Ai5xeQGCXqmB2TqjkMlj+H9FTkuQ43Jj2euFXFeAlTFuGRaBVvooTIjP5ujd6GZWhP3H/s2vA vihe6hb3A5TgtvqF9qTZow==; Date: Fri, 20 Jun 2025 09:55:04 +0300 Message-Id: <867c16lx6f.fsf@gnu.org> From: Eli Zaretskii To: Juri Linkov In-Reply-To: <87v7oripmn.fsf@mail.linkov.net> (message from Juri Linkov on Thu, 19 Jun 2025 20:54:08 +0300) Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> <87qzzfk6dw.fsf@mail.linkov.net> <87v7oripmn.fsf@mail.linkov.net> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, casouri@gmail.com, dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Juri Linkov > Cc: Yuan Fu , 78542@debbugs.gnu.org, Eli Zaretskii > > Date: Thu, 19 Jun 2025 20:54:08 +0300 > > The value should be an alist where each element has the form > > - (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT [KEYWORD VALUE]...)) > + (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT)) > > Only LANG and URL are mandatory. LANG is the language symbol. > URL is the URL of the grammar's Git repository or a directory > @@ -5015,8 +5015,17 @@ treesit-language-source-alist > CC and C++ are C and C++ compilers, defaulting to \"cc\" and > \"c++\", respectively. > > +Another way to specify optional data is to use keywords: > + > + (LANG . (URL [KEYWORD VALUE]...)) > + > The currently supported keywords: > > +`:revision' is the same as REVISION above. > +`:source-dir' is the same as SOURCE-DIR above. > +`:cc' is the same as CC above. > +`:c++' is the same as C++ above. > +`:commit' is the same as COMMIT above. > `:copy-queries' when non-nil specifies whether to copy the files > in the \"queries\" directory from the source directory to the > installation directory.") This is okay, but I guess the keywords are not entirely independent? That is, to have a valid spec one needs several keywords to be specified together? In that case, I think this should be stated in the doc string. From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 20 12:59:47 2025 Received: (at 78542) by debbugs.gnu.org; 20 Jun 2025 16:59:48 +0000 Received: from localhost ([127.0.0.1]:54623 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSf5d-0004RJ-0E for submit@debbugs.gnu.org; Fri, 20 Jun 2025 12:59:47 -0400 Received: from relay4-d.mail.gandi.net ([2001:4b98:dc4:8::224]:51099) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSf5a-0004Q6-A8 for 78542@debbugs.gnu.org; Fri, 20 Jun 2025 12:59:42 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id B8F1E43AD6; Fri, 20 Jun 2025 16:59:34 +0000 (UTC) From: Juri Linkov To: Eli Zaretskii Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: <867c16lx6f.fsf@gnu.org> Organization: LINKOV.NET References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> <87qzzfk6dw.fsf@mail.linkov.net> <87v7oripmn.fsf@mail.linkov.net> <867c16lx6f.fsf@gnu.org> Date: Fri, 20 Jun 2025 19:48:09 +0300 Message-ID: <87msa2e4vq.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddvgdekleegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufgjohhffffkfgggtgesthdtredttdertdenucfhrhhomheplfhurhhiucfnihhnkhhovhcuoehjuhhriheslhhinhhkohhvrdhnvghtqeenucggtffrrghtthgvrhhnpeffgeetfeevlefhleejfeeuheeiudeitdffhfdutdekfeffgffhveehteegueekheenucfkphepledurdduvdelrddutddtrdejjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeluddruddvledruddttddrjeejpdhhvghlohepmhgrihhlrdhgrghnughirdhnvghtpdhmrghilhhfrhhomhepjhhurhhisehlihhnkhhovhdrnhgvthdpnhgspghrtghpthhtohepgedprhgtphhtthhopeejkeehgedvseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtoheptggrshhouhhrihesghhmrghilhdrtghomhdprhgtphhtthhopegurghntgholhesuggrnhgtohhlrdhorhhgpdhrtghpthhtohepvghlihiisehgnhhurdhorhhg X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, casouri@gmail.com, dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) >> The value should be an alist where each element has the form >> >> - (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT [KEYWORD VALUE]...)) >> + (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT)) >> >> Only LANG and URL are mandatory. LANG is the language symbol. >> URL is the URL of the grammar's Git repository or a directory >> @@ -5015,8 +5015,17 @@ treesit-language-source-alist >> CC and C++ are C and C++ compilers, defaulting to \"cc\" and >> \"c++\", respectively. >> >> +Another way to specify optional data is to use keywords: >> + >> + (LANG . (URL [KEYWORD VALUE]...)) >> + >> The currently supported keywords: >> >> +`:revision' is the same as REVISION above. >> +`:source-dir' is the same as SOURCE-DIR above. >> +`:cc' is the same as CC above. >> +`:c++' is the same as C++ above. >> +`:commit' is the same as COMMIT above. >> `:copy-queries' when non-nil specifies whether to copy the files >> in the \"queries\" directory from the source directory to the >> installation directory.") > > This is okay, but I guess the keywords are not entirely independent? > That is, to have a valid spec one needs several keywords to be > specified together? In that case, I think this should be stated in > the doc string. Actually, the keywords are independent. This was the reason to introduce the keywords, so they could be specified separately from other keywords. From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 20 13:00:19 2025 Received: (at 78542) by debbugs.gnu.org; 20 Jun 2025 17:00:20 +0000 Received: from localhost ([127.0.0.1]:54635 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSf6A-0004Z8-S7 for submit@debbugs.gnu.org; Fri, 20 Jun 2025 13:00:19 -0400 Received: from relay2-d.mail.gandi.net ([217.70.183.194]:46575) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSf5e-0004QT-OU; Fri, 20 Jun 2025 12:59:49 -0400 Received: by mail.gandi.net (Postfix) with ESMTPSA id 51CF143182; Fri, 20 Jun 2025 16:59:38 +0000 (UTC) From: Juri Linkov To: Daniel Colascione Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads In-Reply-To: <4BE28885-3135-4FA9-8665-22DBC9E31FC8@dancol.org> Organization: LINKOV.NET References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> <87qzzfk6dw.fsf@mail.linkov.net> <87v7oripmn.fsf@mail.linkov.net> <4BE28885-3135-4FA9-8665-22DBC9E31FC8@dancol.org> Date: Fri, 20 Jun 2025 19:56:46 +0300 Message-ID: <878qlme4hd.fsf@mail.linkov.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/31.0.50 (x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain X-GND-State: clean X-GND-Score: -100 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddvgdekleegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufgjohhffffkfgggtgesthdtredttdertdenucfhrhhomheplfhurhhiucfnihhnkhhovhcuoehjuhhriheslhhinhhkohhvrdhnvghtqeenucggtffrrghtthgvrhhnpeegtdekudehueevfefftedufeelgfejffektefgieevjeeigeekueejteelieegheenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeeluddruddvledruddttddrjeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepledurdduvdelrddutddtrdejjedphhgvlhhopehmrghilhdrghgrnhguihdrnhgvthdpmhgrihhlfhhrohhmpehjuhhriheslhhinhhkohhvrdhnvghtpdhnsggprhgtphhtthhopeehpdhrtghpthhtoheptghonhhtrhholhesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopegvlhhiiiesghhnuhdrohhrghdprhgtphhtthhopeejkeehgedvseguvggssghughhsrdhgnhhurdhorhhgpdhrtghpthhtoheptggrshhouhhrihesghhmrghilhdrtghomhdprhgtphhtthhopegurghntgholhesuggrnhgtohhlrdhorhhg X-GND-Sasl: juri@linkov.net X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78542 Cc: Yuan Fu , 78542@debbugs.gnu.org, Eli Zaretskii X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) close 78542 31.0.50 thanks >> The following patch introduces an alternative format >> using keywords, e.g.: >> >> (treesit--install-language-grammar-1 >> (locate-user-emacs-file "tree-sitter") 'json >> "https://github.com/tree-sitter/tree-sitter-json" >> :commit "4d770d3") > > Great. While you're doing this, can you also please use full hashes? > Short ones aren't particularly collision resistant. So now replaced tags with full hashes that either correspond to the previous tags or are mentioned explicitly in the comments section of ts-mode files. > P.S.S. Do we need the list of grammars in build.sh under admin? It > duplicates what's in Lisp elsewhere in the tree. I don't know if build.sh is still used or can be removed. Maybe Yuan could answer. From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 20 18:38:03 2025 Received: (at 78542) by debbugs.gnu.org; 20 Jun 2025 22:38:03 +0000 Received: from localhost ([127.0.0.1]:58335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSkMy-0001fe-MD for submit@debbugs.gnu.org; Fri, 20 Jun 2025 18:38:02 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]:47513) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uSkMu-0001e3-KQ for 78542@debbugs.gnu.org; Fri, 20 Jun 2025 18:37:58 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-441ab63a415so24159325e9.3 for <78542@debbugs.gnu.org>; Fri, 20 Jun 2025 15:37:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mavit.org.uk; s=google; t=1750459070; x=1751063870; darn=debbugs.gnu.org; h=mime-version:message-id:subject:cc:to:from:date:from:to:cc:subject :date:message-id:reply-to; bh=ZjMxzhZ/w/t+qx+2PH6YT9WHfE5tEnj+wbZB9oOxnd0=; b=KtJgHJ8o4fDPWwKFAL09QEUZ3xCpreBe0iD73PCGo2rz0KFQorkJ77U/IdTX0imbyB OL+3Z5YuYMivHcaurv3mMpEDsEcpxoATyDeFLXGMnRG5TT4U50eCHJxIuYbK5EkGD8B7 h3teL9rwWr7+kvsbfZtXMHN+WgquqtRzLaQ1c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750459070; x=1751063870; h=mime-version:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ZjMxzhZ/w/t+qx+2PH6YT9WHfE5tEnj+wbZB9oOxnd0=; b=K4ktxCVVy4t3HxHKR2XxUlEDQrVmVoztUIEeKE7gBp+eow64wyKOsNZyoP63B0g3BY Hd4PmCfnBreKrfs5uFcdmV3wnbu1sI9o4nUNS6/Ie7HjbVv3uztTlK1hkWBxYs6oMV9J ognuDh9nhruHy0JUE0Vjxw8Un+keuCghSNjDm/fEYIEVj5dr4KQ03548ezi+KI/XmmPn ubM51VyBBeEk7dhH1Gyv25qEVcbCVd5ns5n7VXHs48Bo9OY2EZGaaPh+H6Tf4nW+zgoF 9qU6sTYc4JtYr1k1H4rzvHt56dlQ9pxEX+Kzb4DGD/zq6DO7l5afGABYxygQRZir7TDN r3ZA== X-Gm-Message-State: AOJu0Yw6EBAYPyTFIbhAHV65KfQavwIkTv9OLx9HlN7ECi0dPzBhme4Y /eHBWCczfKC/2QwtZeYfZgtTLVq0JU+w+U0gfIUuYssPk3XRmPwSo8QPJzWaen+kaA== X-Gm-Gg: ASbGnctL/8BZYLtmJ1n7oro3S7vAEAOQrOOTXwhtHAe/A55H87pHZgy5i9/Ce9omIGf IvDN4IuLeJQRV7u1yyqtcTn5CwkLLbUr6N2OMooIoixDdkBPUXuJZHfYzzQiDDuygS66ROlI03K cQI0kqHeGiBAzM4UB8VK0sBb8hEQK8d7a/KBhTNqQ184lIFaZIxCDG3UWk/IbH/cM+YR6b6BpEU EvdUp+na8PHrLVekjYyu79t2o/GaMeMeg9koSamZkrG5nDqqaRNNOizixw/FaK2cqhf0NdiMhLA CCjY67YPWyFNpBX4aus/FDqlvE6EebkSgetk0UTjgOXae9swzcJaCWnh7fYKeAes1+ZH+vmawLS ffMvf7wwi7DPGSsfaujjdIhbKuSp5adgfBojIm2q0Lwa9hyzBBYriBuIlcBPlaz9J4kqYgy1d X-Google-Smtp-Source: AGHT+IFfbRFZ0I5j/AXLzKOkzryvZItXTTSOiMim4QRAd3RqdHw+UfzvbGzYjcvRvMec0OXkvdNwVA== X-Received: by 2002:a5d:5f8e:0:b0:3a5:243c:6042 with SMTP id ffacd0b85a97d-3a6d12bb6b6mr4160083f8f.2.1750459070100; Fri, 20 Jun 2025 15:37:50 -0700 (PDT) Received: from froglet.home.mavit.org.uk (dudl-14-b2-v4wan-165812-cust3365.vm31.cable.virginm.net. [82.34.125.38]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4535e9844c3sm71509385e9.11.2025.06.20.15.37.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Jun 2025 15:37:49 -0700 (PDT) Received: from froglet.home.mavit.org.uk (localhost [127.0.0.1]) by froglet.home.mavit.org.uk (8.18.1/8.17.1) with ESMTPS id 55KMbm36007198 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Fri, 20 Jun 2025 23:37:48 +0100 Received: from localhost (mavit@localhost) by froglet.home.mavit.org.uk (8.18.1/8.18.1/Submit) with ESMTP id 55KMblAi007195; Fri, 20 Jun 2025 23:37:47 +0100 X-Authentication-Warning: froglet.home.mavit.org.uk: mavit owned process doing -bs Date: Fri, 20 Jun 2025 23:37:47 +0100 (BST) From: Peter Oliver To: juri@linkov.net Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-1463811584-670522885-1750459068=:4407" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: casouri@gmail.com, 78542@debbugs.gnu.org, dancol@dancol.org, eliz@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---1463811584-670522885-1750459068=:4407 Content-Type: text/plain; format=flowed; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Jun 8, 2025, at 10:45 AM, Juri Linkov linkov.net> wrote: > Here is the current state: > > 3. (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json" > "4d770d3") > > fails to check out "4d770d3" with the error: > > git clone https://github.com/tree-sitter/tree-sitter-json --quiet --depth 1 -b 4d770d3 > warning: Could not find remote branch 4d770d3 to clone > fatal: Remote branch 4d770d3 not found in upstream origin I’m a bit late to the party, here, but would it make sense to have, say: (treesit--install-language-grammar-1 (locate-user-emacs-file "tree-sitter") 'json "https://github.com/tree-sitter/tree-sitter-json" :tag "v0.24.8" :commit "4d770d31f732d50d3ec373865822fbe659e47c75") We could then: git clone https://github.com/tree-sitter/tree-sitter-json --quiet --depth 1 -b v0.24.8 git checkout 4d770d31f732d50d3ec373865822fbe659e47c75 Additionally, I think including the tag helps to clarify the intention to anyone reading the code, without them having to go away and refer to the repository to find out about that commit. -- Peter Oliver ---1463811584-670522885-1750459068=:4407-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 20 19:05:15 2025 Received: (at 78542) by debbugs.gnu.org; 20 Jun 2025 23:05:16 +0000 Received: from localhost ([127.0.0.1]:58612 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSknK-0005fg-Ql for submit@debbugs.gnu.org; Fri, 20 Jun 2025 19:05:15 -0400 Received: from mail-vs1-xe35.google.com ([2607:f8b0:4864:20::e35]:52547) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uSknI-0005bP-4Z for 78542@debbugs.gnu.org; Fri, 20 Jun 2025 19:05:13 -0400 Received: by mail-vs1-xe35.google.com with SMTP id ada2fe7eead31-4e7ade16082so634703137.1 for <78542@debbugs.gnu.org>; Fri, 20 Jun 2025 16:05:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750460706; x=1751065506; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nGcQAtDVl14iEiji5dwEJIp7WEgMkEJnpxHSuYieb7c=; b=Tqv43XLAGc51zpv2+F03OHQvRp1ZkWDCJBhbD/TU63Etirq9X60F1tZPY2JaCQJE2e Wci55KsKZnixXS3JRtiYNWJ6BxQBKQmbcTY0ulmTKybo4PXhN8ebPt8gDDoie3zbSaH3 l3SJ005+yn2W6Hr2NV5mmDdDBx0b/kVHer/RfGFWOBq7rqdfcgbbse0v8vxv4UiJmJjy XH5NoTvWsMtq+4J5Q1SY+rKcUe7Y/Ia1Rz3GjqPAfJUqUD5npR8k1+PxUlK3KHbzpoy1 7Dl7ojGJ5JaGJRGPVJ1yzRGk8ruYcOL3WaYcNtw/jvrvWcK/xqFkTT8CbhQGEnjf9vgj tmQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750460706; x=1751065506; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nGcQAtDVl14iEiji5dwEJIp7WEgMkEJnpxHSuYieb7c=; b=o172UsuSIVdvdPZ1XjnIBKsmlDVb/aclUq8ZgWVNI75wt6kBWfhLAyeqv66Wejqtnl iVLRJ5GQf6FLkRwT1RijAvTkflpjBzVMgKZ7qQcXTZwr6YajliKlosrEpSoTu9f2+to1 L3mLbaONgwMLH5Nu7WRzIdi34FVFk8FpiWUbhn8Y9XRJhB7Bf7SuO6KZoYlKaz24Vx9M l6WPu55ZQcuO7d04QJi5CTLy24648OF+OEFslRemrU+E7pFgJqafp+i+lHHXusdCCAZt eHTiGgAgpj+bLnEN9ah8kKPR14TARTKvPFFiTnZ48exq+YMDBspMhu4jwpaH8LHncStP W2BA== X-Forwarded-Encrypted: i=1; AJvYcCUdomM8tE9su8Fjd3weonQE8Ip4lUmZJGzlXi/a8ZvNasbqUWxceQoc1NjsZlfBLzlaI+1kyw==@debbugs.gnu.org X-Gm-Message-State: AOJu0Yzcz2cEmogi4HWbeKtlRNBMoTQn8hIy2QQlKMFXdnlqoLtHXqEg LF6KUpjXlDAMLuC4YchReFJm7FsWb/i9P5eorcbluU+go98zlNCZhYaXpDuz3MSFRuJawDrQSZO PvvnBuR82mnZyO6sTbZj0goM51ZsSBRs= X-Gm-Gg: ASbGncssQbFHEznBNYfLPfD0zt1ULnDUSoJOfchIljB+e+2X66vrh/cdSEYisu0VfrA zhvDNs8fSKfqCBMfo2uc73+eJ4S7W2OS5tY+YkiWoH978YjLafSvpXLAIDzROc2volK7+E8Np8r FR3FNRSda/w2CoV6Dk6QjfCELNEe7oYbt/SunUJ6zrZd7eMQ== X-Google-Smtp-Source: AGHT+IGyPG+ZKsSYn9Xdt6S/3jwyMsJq4+wbLn9Hl3Ss7yLtRyrLmnllZ+QTKSZYwZVVVDPmBqPrbml/tdxA96y7xhw= X-Received: by 2002:a05:6102:6889:b0:4cb:5d6c:9946 with SMTP id ada2fe7eead31-4e9c2ae4368mr3568719137.10.1750460706336; Fri, 20 Jun 2025 16:05:06 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?St=C3=A9phane_Marks?= Date: Fri, 20 Jun 2025 19:04:55 -0400 X-Gm-Features: Ac12FXyfgV5HwXDmJnsV-LAOlGBVPxl8H6skS3pJ_7ayyZkL5-CjEKk1hukMSpM Message-ID: Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter To: Peter Oliver Content-Type: multipart/alternative; boundary="000000000000983446063808e447" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: casouri@gmail.com, 78542@debbugs.gnu.org, dancol@dancol.org, eliz@gnu.org, juri@linkov.net X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --000000000000983446063808e447 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jun 20, 2025 at 6:39=E2=80=AFPM Peter Oliver wrote: > On Jun 8, 2025, at 10:45=E2=80=AFAM, Juri Linkov linkov.net> w= rote: > > > Here is the current state: > > > > 3. (treesit--install-language-grammar-1 > > (locate-user-emacs-file "tree-sitter") 'json > > "https://github.com/tree-sitter/tree-sitter-json" > > "4d770d3") > > > > fails to check out "4d770d3" with the error: > > > > git clone https://github.com/tree-sitter/tree-sitter-json --quiet > --depth 1 -b 4d770d3 > > warning: Could not find remote branch 4d770d3 to clone > > fatal: Remote branch 4d770d3 not found in upstream origin > > I=E2=80=99m a bit late to the party, here, but would it make sense to hav= e, say: > > (treesit--install-language-grammar-1 > (locate-user-emacs-file "tree-sitter") 'json > "https://github.com/tree-sitter/tree-sitter-json" > :tag "v0.24.8" > :commit "4d770d31f732d50d3ec373865822fbe659e47c75") > > We could then: > > git clone https://github.com/tree-sitter/tree-sitter-json --quiet > --depth 1 -b v0.24.8 > git checkout 4d770d31f732d50d3ec373865822fbe659e47c75 > > Additionally, I think including the tag helps to clarify the intention to > anyone reading the code, without them having to go away and refer to the > repository to find out about that commit. git tags aren't really immutable, though, as they can be changed to point to other commits. If you want to specify both a commit hash and a tag and the tag doesn't or no longer points to that commit, that would be confusing. I'd say prioritize commit hashes over tags and not sure if a :tag keyword would just act as documentation or a comment or just use a comment? --000000000000983446063808e447 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
= On Fri, Jun 20, 2025 at 6:39=E2=80=AFPM Peter Oliver <p.d.oliver@mavit.org.uk> wrote:
On Jun 8, 2025, at 10:45=E2=80=AFAM, Juri = Linkov <juri <at> linkov.net> wrote:

> Here is the current state:
>
> 3. (treesit--install-language-grammar-1
>=C2=A0 =C2=A0 (locate-user-emacs-file "tree-sitter") 'jso= n
>=C2=A0 =C2=A0 "https://github.com/tree-sitte= r/tree-sitter-json"
>=C2=A0 =C2=A0 "4d770d3")
>
>=C2=A0 fails to check out "4d770d3" with the error:
>
>=C2=A0 git clone https://github.com/tree-sitter/t= ree-sitter-json --quiet --depth 1 -b 4d770d3
>=C2=A0 warning: Could not find remote branch 4d770d3 to clone
>=C2=A0 fatal: Remote branch 4d770d3 not found in upstream origin

I=E2=80=99m a bit late to the party, here, but would it make sense to have,= say:

=C2=A0 =C2=A0(treesit--install-language-grammar-1
=C2=A0 =C2=A0 (locate-user-emacs-file "tree-sitter") 'json =C2=A0 =C2=A0 "https://github.com/tree-sitter/tr= ee-sitter-json"
=C2=A0 =C2=A0 :tag "v0.24.8"
=C2=A0 =C2=A0 :commit "4d770d31f732d50d3ec373865822fbe659e47c75")=

We could then:

=C2=A0 =C2=A0git clone https://github.com/tree-sitter= /tree-sitter-json --quiet --depth 1 -b v0.24.8
=C2=A0 =C2=A0git checkout 4d770d31f732d50d3ec373865822fbe659e47c75

Additionally, I think including the tag helps to clarify the intention to a= nyone reading the code, without them having to go away and refer to the rep= ository to find out about that commit.

git tags aren't rea= lly immutable, though, as they can be changed to point to other commits.=C2= =A0 If you want to specify both a commit hash and a tag and the tag doesn&#= 39;t or no longer points to that commit, that would be confusing.=C2=A0 I&#= 39;d say prioritize commit hashes over tags and not sure if a :tag keyword = would just act as documentation or a comment or just use a comment?
--000000000000983446063808e447-- From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 21 00:24:39 2025 Received: (at 78542) by debbugs.gnu.org; 21 Jun 2025 04:24:39 +0000 Received: from localhost ([127.0.0.1]:59432 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSpmP-0006RQ-At for submit@debbugs.gnu.org; Sat, 21 Jun 2025 00:24:38 -0400 Received: from dancol.org ([2600:3c01:e000:3d8::1]:44924) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSpmK-0006QE-UJ for 78542@debbugs.gnu.org; Sat, 21 Jun 2025 00:24:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ss4FLHbyq3Vd5TY48a+1TUUoKiIUltuauzNaLWKpuL8=; b=lz1v3iroMMG8ZvN4sGdLBAXzRg y0hOXf5cKSDGy6yDzNcco6BzD1t6argscFvFD2vHxGP4Z16ygM2RkM4uirZggInSK2PlbiQlCbtbY Qwv7PPipgzaE7Sjybcwey1BFY4I2nWOaKOKK1DK4QgwtnUuHRKdxAx4IlzOck+kG065FXX05g5OPC DcXH4CtT+bdquKLwfAwj/kvqzTh3CRgtokJe6BZOCs+QtRLt0vhjFJ78C4WQRmWCP7CrBmYLeCp1G Mi2kREHQFcNBM5107xWWMKDvOiEOJJx31XUgMVqbRqPiVnWMWxFuYyzmdHHfY1eRkRHKREIToZCii esoe/ypg==; Received: from dancol by dancol.org with local (Exim 4.96) (envelope-from ) id 1uSpkq-00CU3j-2x; Sat, 21 Jun 2025 00:23:00 -0400 From: Daniel Colascione To: =?utf-8?Q?St=C3=A9phane?= Marks Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter In-Reply-To: References: User-Agent: mu4e 1.12.10; emacs 31.0.50 Date: Sat, 21 Jun 2025 00:24:27 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, casouri@gmail.com, Peter Oliver , eliz@gnu.org, juri@linkov.net X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) St=C3=A9phane Marks writes: > On Fri, Jun 20, 2025 at 6:39=E2=80=AFPM Peter Oliver > wrote: > >> On Jun 8, 2025, at 10:45=E2=80=AFAM, Juri Linkov linkov.net> = wrote: >> >> > Here is the current state: >> > >> > 3. (treesit--install-language-grammar-1 >> > (locate-user-emacs-file "tree-sitter") 'json >> > "https://github.com/tree-sitter/tree-sitter-json" >> > "4d770d3") >> > >> > fails to check out "4d770d3" with the error: >> > >> > git clone https://github.com/tree-sitter/tree-sitter-json --quiet >> --depth 1 -b 4d770d3 >> > warning: Could not find remote branch 4d770d3 to clone >> > fatal: Remote branch 4d770d3 not found in upstream origin >> >> I=E2=80=99m a bit late to the party, here, but would it make sense to ha= ve, say: >> >> (treesit--install-language-grammar-1 >> (locate-user-emacs-file "tree-sitter") 'json >> "https://github.com/tree-sitter/tree-sitter-json" >> :tag "v0.24.8" >> :commit "4d770d31f732d50d3ec373865822fbe659e47c75") >> >> We could then: >> >> git clone https://github.com/tree-sitter/tree-sitter-json --quiet >> --depth 1 -b v0.24.8 >> git checkout 4d770d31f732d50d3ec373865822fbe659e47c75 >> >> Additionally, I think including the tag helps to clarify the intention to >> anyone reading the code, without them having to go away and refer to the >> repository to find out about that commit. > > > git tags aren't really immutable, though, as they can be changed to point > to other commits. If you want to specify both a commit hash and a tag and > the tag doesn't or no longer points to that commit, that would be > confusing. Or an error. I guess you could include tag names to allow for some kind of UX shorthand while verifying, using the hashes, that the tags still refer to their designated trees. From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 21 02:27:52 2025 Received: (at 78542) by debbugs.gnu.org; 21 Jun 2025 06:27:52 +0000 Received: from localhost ([127.0.0.1]:59664 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSrhf-0000QV-Jt for submit@debbugs.gnu.org; Sat, 21 Jun 2025 02:27:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36690) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uSrhc-0000Oo-Do for 78542@debbugs.gnu.org; Sat, 21 Jun 2025 02:27:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uSrhV-0000LZ-Dp; Sat, 21 Jun 2025 02:27:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=KYbELRKmqNxM7rL0AC/f6StPuNyTtwcdoljhgBfoyHA=; b=iM2VV3cUFf8O kT4H+DugOYy0W8mSUuioouSgmUwR/REfHXuz6+YPfSrF7/mVflmQ/wmCA0Wxl47jGiJxCW/Ie1Ow6 f5LJi8wgfJAqrYImSWpyU/OovIIKR2+OJKWoy1zHIuv4m4A6Ayn9FmKiAl4LdqRxiTRHd6fHwEJd1 zFZYRVyoTYjTZja0wOKHBlgNBkN6WaZLjWJOxhvvbQeSTyvZ2eMY6PZsLm0EXppZDLduGstxweIvS 0D6f9MrF27dexXe18roY4svk9dFIHEg7euTqj/TzzRAUNU+9gWvQEYaeD+qo81c9I9cOBCqHsEXAJ 2MFPsm66m0mWE6B8ql+/3A==; Date: Sat, 21 Jun 2025 09:27:38 +0300 Message-Id: <86v7opk3s5.fsf@gnu.org> From: Eli Zaretskii To: Juri Linkov In-Reply-To: <87msa2e4vq.fsf@mail.linkov.net> (message from Juri Linkov on Fri, 20 Jun 2025 19:48:09 +0300) Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter downloads References: <87o6vlxijm.fsf@mail.linkov.net> <86wm9oj7s0.fsf@gnu.org> <87ecvugm9l.fsf@mail.linkov.net> <87sek8p1h4.fsf@mail.linkov.net> <87qzzfk6dw.fsf@mail.linkov.net> <87v7oripmn.fsf@mail.linkov.net> <867c16lx6f.fsf@gnu.org> <87msa2e4vq.fsf@mail.linkov.net> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, casouri@gmail.com, dancol@dancol.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Juri Linkov > Cc: dancol@dancol.org, casouri@gmail.com, 78542@debbugs.gnu.org > Date: Fri, 20 Jun 2025 19:48:09 +0300 > > >> The value should be an alist where each element has the form > >> > >> - (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT [KEYWORD VALUE]...)) > >> + (LANG . (URL REVISION SOURCE-DIR CC C++ COMMIT)) > >> > >> Only LANG and URL are mandatory. LANG is the language symbol. > >> URL is the URL of the grammar's Git repository or a directory > >> @@ -5015,8 +5015,17 @@ treesit-language-source-alist > >> CC and C++ are C and C++ compilers, defaulting to \"cc\" and > >> \"c++\", respectively. > >> > >> +Another way to specify optional data is to use keywords: > >> + > >> + (LANG . (URL [KEYWORD VALUE]...)) > >> + > >> The currently supported keywords: > >> > >> +`:revision' is the same as REVISION above. > >> +`:source-dir' is the same as SOURCE-DIR above. > >> +`:cc' is the same as CC above. > >> +`:c++' is the same as C++ above. > >> +`:commit' is the same as COMMIT above. > >> `:copy-queries' when non-nil specifies whether to copy the files > >> in the \"queries\" directory from the source directory to the > >> installation directory.") > > > > This is okay, but I guess the keywords are not entirely independent? > > That is, to have a valid spec one needs several keywords to be > > specified together? In that case, I think this should be stated in > > the doc string. > > Actually, the keywords are independent. You mean, it's okay to have just the :source-dir, say, and nothing else, and that would produce a complete specification that could be used to install or upgrade the grammar library? From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 21 06:51:24 2025 Received: (at 78542) by debbugs.gnu.org; 21 Jun 2025 10:51:25 +0000 Received: from localhost ([127.0.0.1]:34695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uSvof-0001de-N9 for submit@debbugs.gnu.org; Sat, 21 Jun 2025 06:51:24 -0400 Received: from mail-ua1-x92b.google.com ([2607:f8b0:4864:20::92b]:42215) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uSvoc-0001d9-KB for 78542@debbugs.gnu.org; Sat, 21 Jun 2025 06:51:19 -0400 Received: by mail-ua1-x92b.google.com with SMTP id a1e0cc1a2514c-87f32826f22so1875820241.0 for <78542@debbugs.gnu.org>; Sat, 21 Jun 2025 03:51:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750503073; x=1751107873; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=rV6Nm0JYjm5KvFp0mifEMfFh86spowkptkPQxUx0v9w=; b=RnVK0z4zmWjBwNgkFmz7XAE3jG5JOX+8N45M6MycsiGqL84+DS/u0qYNdCHE2zgjoZ VNlZPuGqnOmEGG/vBRzZNMHhv61cdPG7CC5geoVXx9R7TBEllDK9jozPy0+a665URMut cmcS915IhSgxIy1fvL0GCPGn6foSOr1YinxIkjREoRm58RYB/KJePX1QUynndQNBNR7X l7K5ePyn9xMnODfLnTgpC+BAfONq6kvtxnfNRCUFPwCSQJQ0UuZUce6o5FAjQFNMCp0V zQ47DW4V+SS5fA9AwqkjLrg/L3EnhEjFcMjkK/jGKmgkPCN5Q793SgaGbuoUPbjEG7BD OxJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750503073; x=1751107873; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rV6Nm0JYjm5KvFp0mifEMfFh86spowkptkPQxUx0v9w=; b=suG33uuLKf36ko6NUyNtEIVXDQOtt3ayROCDxeaErhdxE0EM+HqnX1B3WWxEBVTEqq 5JIV2hsCPdUd6fAl3EzE/8xuzKNjL2izb9GMjQRxGAgCQfleM8MOGn52f4YI7GgHaEz8 ZiZ12zej8+YE192Cfk1hvruBvXVVF7kvqDIj/Z2g+48CsWc/0yO3+E9dHKXm87nMcAo+ utPUyVs2drmxvlOow3M9IjwNxcwX9Uw8AZi9hKWy5rOgmbpe5wz5YirNLDt63a1FSIi0 ASw1sXdUxB4W2AwiADdre86zlZNBffmSpQgLWQmCSTKMvc7SpwDECtm0FB3pgA8AASuN mthQ== X-Forwarded-Encrypted: i=1; AJvYcCW3RIkOtMZJ4mckRYQl6gaGblun2Y1XpLT7h1LIOVIQOMNHGz7UDwJA56Q8nko9fVIataPx7A==@debbugs.gnu.org X-Gm-Message-State: AOJu0YwbqM2LL1in7WHSvqz+CDMGbsNcM88DL1pvOY/Q2pI/oz14mKUV xSHPMNDBksIE89JaOimw9gySs94Rma0Qp2YehUeFpW/mJVgGig2Z9Fy0hmSeZrU9cf9SuMP47h+ yGbc+O/fBu9Xcg6/nLRW+cDtaV8TYJ+Wq/A== X-Gm-Gg: ASbGncuPnqujALYKFlDDVUuQZ3kR79jIpO1S8Zyen6GgQGVWm84ydO7+OPiCvV6Uvsu P2FHcoAICc13z/Rj7nuFUp5t8Tq3Q8Cw5mKDLg9QjZZ1AtnqjIa/bdvggtK7blrtrCzDTUA2rwU 33XIwySncS3w3fp8XBvHLU4uat3V+tTVVroYgMLZsyyMCfEA== X-Google-Smtp-Source: AGHT+IFvQKTj9GjtMRNK3+t+eBr1potaKPXGzMplOa/vpgz6O9povOJkU6vaNT1RBzb1hBWVRHpYBX+ZcJcgyBg6Ejw= X-Received: by 2002:a05:6102:2d08:b0:4e5:9608:1298 with SMTP id ada2fe7eead31-4e9c6a53d4emr3535718137.9.1750503072673; Sat, 21 Jun 2025 03:51:12 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?St=C3=A9phane_Marks?= Date: Sat, 21 Jun 2025 06:51:01 -0400 X-Gm-Features: Ac12FXyVuxJRAv9K1I5KNPUPOkiZlZzLqvOdiLP-I9y9KZpbTSvS7Wnb8y7FV0Q Message-ID: Subject: Re: bug#78542: [Security] hash locking needed for tree-sitter To: Daniel Colascione Content-Type: multipart/alternative; boundary="000000000000d3343c063812c15c" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 78542 Cc: 78542@debbugs.gnu.org, casouri@gmail.com, Peter Oliver , eliz@gnu.org, juri@linkov.net X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --000000000000d3343c063812c15c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Jun 21, 2025 at 12:24=E2=80=AFAM Daniel Colascione wrote: > St=C3=A9phane Marks writes: > > > On Fri, Jun 20, 2025 at 6:39=E2=80=AFPM Peter Oliver > > wrote: > > > >> On Jun 8, 2025, at 10:45=E2=80=AFAM, Juri Linkov linkov.net= > wrote: > >> > >> > Here is the current state: > >> > > >> > 3. (treesit--install-language-grammar-1 > >> > (locate-user-emacs-file "tree-sitter") 'json > >> > "https://github.com/tree-sitter/tree-sitter-json" > >> > "4d770d3") > >> > > >> > fails to check out "4d770d3" with the error: > >> > > >> > git clone https://github.com/tree-sitter/tree-sitter-json --quiet > >> --depth 1 -b 4d770d3 > >> > warning: Could not find remote branch 4d770d3 to clone > >> > fatal: Remote branch 4d770d3 not found in upstream origin > >> > >> I=E2=80=99m a bit late to the party, here, but would it make sense to = have, say: > >> > >> (treesit--install-language-grammar-1 > >> (locate-user-emacs-file "tree-sitter") 'json > >> "https://github.com/tree-sitter/tree-sitter-json" > >> :tag "v0.24.8" > >> :commit "4d770d31f732d50d3ec373865822fbe659e47c75") > >> > >> We could then: > >> > >> git clone https://github.com/tree-sitter/tree-sitter-json --quiet > >> --depth 1 -b v0.24.8 > >> git checkout 4d770d31f732d50d3ec373865822fbe659e47c75 > >> > >> Additionally, I think including the tag helps to clarify the intention > to > >> anyone reading the code, without them having to go away and refer to t= he > >> repository to find out about that commit. > > > > > > git tags aren't really immutable, though, as they can be changed to poi= nt > > to other commits. If you want to specify both a commit hash and a tag > and > > the tag doesn't or no longer points to that commit, that would be > > confusing. > > Or an error. I guess you could include tag names to allow for some kind > of UX shorthand while verifying, using the hashes, that the tags still > refer to their designated trees. > Good. --000000000000d3343c063812c15c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
= On Sat, Jun 21, 2025 at 12:24=E2=80=AFAM Daniel Colascione <dancol@dancol.org> wrote:
St=C3=A9phane Marks <shipmints@gmail.com> writes:

> On Fri, Jun 20, 2025 at 6:39=E2=80=AFPM Peter Oliver <p.d.oliver@mavit.org.uk= >
> wrote:
>
>> On Jun 8, 2025, at 10:45=E2=80=AFAM, Juri Linkov <juri <at&g= t; linko= v.net> wrote:
>>
>> > Here is the current state:
>> >
>> > 3. (treesit--install-language-grammar-1
>> >=C2=A0 =C2=A0 (locate-user-emacs-file "tree-sitter")= 'json
>> >=C2=A0 =C2=A0 "https://github.com/t= ree-sitter/tree-sitter-json"
>> >=C2=A0 =C2=A0 "4d770d3")
>> >
>> >=C2=A0 fails to check out "4d770d3" with the error:<= br> >> >
>> >=C2=A0 git clone https://github.com/tree= -sitter/tree-sitter-json --quiet
>> --depth 1 -b 4d770d3
>> >=C2=A0 warning: Could not find remote branch 4d770d3 to clone<= br> >> >=C2=A0 fatal: Remote branch 4d770d3 not found in upstream orig= in
>>
>> I=E2=80=99m a bit late to the party, here, but would it make sense= to have, say:
>>
>>=C2=A0 =C2=A0 (treesit--install-language-grammar-1
>>=C2=A0 =C2=A0 =C2=A0(locate-user-emacs-file "tree-sitter"= ) 'json
>>=C2=A0 =C2=A0 =C2=A0"https://github.com/= tree-sitter/tree-sitter-json"
>>=C2=A0 =C2=A0 =C2=A0:tag "v0.24.8"
>>=C2=A0 =C2=A0 =C2=A0:commit "4d770d31f732d50d3ec373865822fbe65= 9e47c75")
>>
>> We could then:
>>
>>=C2=A0 =C2=A0 git clone https://github.com/tr= ee-sitter/tree-sitter-json --quiet
>> --depth 1 -b v0.24.8
>>=C2=A0 =C2=A0 git checkout 4d770d31f732d50d3ec373865822fbe659e47c75=
>>
>> Additionally, I think including the tag helps to clarify the inten= tion to
>> anyone reading the code, without them having to go away and refer = to the
>> repository to find out about that commit.
>
>
> git tags aren't really immutable, though, as they can be changed t= o point
> to other commits.=C2=A0 If you want to specify both a commit hash and = a tag and
> the tag doesn't or no longer points to that commit, that would be<= br> > confusing.

Or an error. I guess you could include tag names to allow for some kind
of UX shorthand while verifying, using the hashes, that the tags still
refer to their designated trees.

Good.
--000000000000d3343c063812c15c--