diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-05-20 23:18:09 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-05-25 00:00:28 +0200 |
commit | 9744cc7b4636fafb772c94adb8f05961b5b39f16 (patch) | |
tree | a06d57b21b197ebe1d3f9a85d81d6ecc795146a1 /guix/channels.scm | |
parent | 872898f768ae6d3b41eb93c5e183624bd1d157ff (diff) | |
download | guix-patches-9744cc7b4636fafb772c94adb8f05961b5b39f16.tar guix-patches-9744cc7b4636fafb772c94adb8f05961b5b39f16.tar.gz |
pull: Protect against downgrade attacks.
* guix/scripts/pull.scm (%default-options): Add 'validate-pull'.
(%options, show-help): Add '--allow-downgrades'.
(warn-about-backward-updates): New procedure.
(guix-pull): Pass #:current-channels and #:validate-pull to
'latest-channel-instances'.
* guix/channels.scm (ensure-forward-channel-update): Add hint for
when (channel-commit channel) is true.
* doc/guix.texi (Invoking guix pull): Document '--allow-downgrades'.
Diffstat (limited to 'guix/channels.scm')
-rw-r--r-- | guix/channels.scm | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/guix/channels.scm b/guix/channels.scm index 70e2d7f07c..84c47fc0d0 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -246,25 +246,29 @@ This procedure implements a channel update policy meant to be used as a ('ancestor #t) ('self #t) (_ - (raise (apply make-compound-condition - (condition - (&message (message - (format #f (G_ "\ + (raise (make-compound-condition + (condition + (&message (message + (format #f (G_ "\ aborting update of channel '~a' to commit ~a, which is not a descendant of ~a") - (channel-name channel) - (channel-instance-commit instance) - start)))) - - ;; Don't show the hint when the user explicitly specified a - ;; commit in CHANNEL. - (if (channel-commit channel) - '() - (list (condition - (&fix-hint - (hint (G_ "This could indicate that the channel has + (channel-name channel) + (channel-instance-commit instance) + start)))) + + ;; If the user asked for a specific commit, they might want + ;; that to happen nevertheless, so tell them about the + ;; relevant 'guix pull' option. + (if (channel-commit channel) + (condition + (&fix-hint + (hint (G_ "Use @option{--allow-downgrades} to force +this downgrade.")))) + (condition + (&fix-hint + (hint (G_ "This could indicate that the channel has been tampered with and is trying to force a roll-back, preventing you from getting the latest updates. If you think this is not the case, explicitly -allow non-forward updates."))))))))))) +allow non-forward updates.")))))))))) (define* (latest-channel-instances store channels #:key |