From 41939c374a3ef421d2d4c6453c327a9cd7af4ce5 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Sun, 21 Jun 2020 15:34:53 +0200
Subject: git-authenticate: Ignore authenticated commit cache when it's not
 #o600.

* guix/git-authenticate.scm (previously-authenticated-commits): Stat
PORT; return the empty list if it's no #o600 and change it to #o600.
---
 guix/git-authenticate.scm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'guix/git-authenticate.scm')

diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 228d551d11..082c44ee06 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -306,7 +306,14 @@ IDs (hex strings)."
   (catch 'system-error
     (lambda ()
       (call-with-input-file (authenticated-commit-cache-file key)
-        read))
+        (lambda (port)
+          ;; If PORT has the wrong permissions, it might have been tampered
+          ;; with by another user so ignore its contents.
+          (if (= #o600 (stat:perms (stat port)))
+              (read port)
+              (begin
+                (chmod port #o600)
+                '())))))
     (lambda args
       (if (= ENOENT (system-error-errno args))
           '()
-- 
cgit v1.2.3