pull: Add '--disable-authentication'.

* guix/channels.scm (latest-channel-instance): Add #:authenticate? and
honor it.
(latest-channel-instances): Likewise.
* guix/scripts/pull.scm (%default-options): Add 'authenticate-channels?'.
(show-help, %options): Add '--disable-authentication'.
(guix-pull): Pass #:authenticate? to 'latest-channel-instances'.
* doc/guix.texi (Invoking guix pull): Document it.
This commit is contained in:
Ludovic Courtès 2020-06-08 23:22:17 +02:00
parent c3f6f564e9
commit a9eeeaa6ae
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 43 additions and 10 deletions

View file

@ -3929,6 +3929,20 @@ Make sure you understand its security implications before using
@option{--allow-downgrades}.
@end quotation
@item --disable-authentication
Allow pulling channel code without authenticating it.
@cindex authentication, of channel code
By default, @command{guix pull} authenticates code downloaded from
channels by verifying that its commits are signed by authorized
developers, and raises an error if this is not the case. This option
instructs it to not perform any such verification.
@quotation Note
Make sure you understand its security implications before using
@option{--disable-authentication}.
@end quotation
@item --system=@var{system}
@itemx -s @var{system}
Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of

View file

@ -390,11 +390,12 @@ (define reporter
(define* (latest-channel-instance store channel
#:key (patches %patches)
starting-commit
(authenticate? #f)
(validate-pull
ensure-forward-channel-update))
"Return the latest channel instance for CHANNEL. When STARTING-COMMIT is
true, call VALIDATE-PULL with CHANNEL, STARTING-COMMIT, the target commit, and
their relation."
their relation. When AUTHENTICATE? is false, CHANNEL is not authenticated."
(define (dot-git? file stat)
(and (string=? (basename file) ".git")
(eq? 'directory (stat:type stat))))
@ -408,14 +409,16 @@ (define (dot-git? file stat)
(when relation
(validate-pull channel starting-commit commit relation))
(if (channel-introduction channel)
(authenticate-channel channel checkout commit)
;; TODO: Warn for all the channels once the authentication interface
;; is public.
(when (guix-channel? channel)
(warning (G_ "channel '~a' lacks an introduction and \
(if authenticate?
(if (channel-introduction channel)
(authenticate-channel channel checkout commit)
;; TODO: Warn for all the channels once the authentication interface
;; is public.
(when (guix-channel? channel)
(warning (G_ "channel '~a' lacks an introduction and \
cannot be authenticated~%")
(channel-name channel))))
(channel-name channel))))
(warning (G_ "channel authentication disabled~%")))
(when (guix-channel? channel)
;; Apply the relevant subset of PATCHES directly in CHECKOUT. This is
@ -463,11 +466,15 @@ (define (ensure-forward-channel-update channel start commit relation)
(define* (latest-channel-instances store channels
#:key
(current-channels '())
(authenticate? #t)
(validate-pull
ensure-forward-channel-update))
"Return a list of channel instances corresponding to the latest checkouts of
CHANNELS and the channels on which they depend.
When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a
\"channel introduction\".
CURRENT-CHANNELS is the list of currently used channels. It is compared
against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called
for each channel update and can choose to emit warnings or raise an error,
@ -505,6 +512,8 @@ (define-values (resulting-channels instances)
(let* ((current (current-commit (channel-name channel)))
(instance
(latest-channel-instance store channel
#:authenticate?
authenticate?
#:validate-pull
validate-pull
#:starting-commit

View file

@ -82,6 +82,7 @@ (define %default-options
(graft? . #t)
(debug . 0)
(verbosity . 1)
(authenticate-channels? . #t)
(validate-pull . ,ensure-forward-channel-update)))
(define (show-help)
@ -97,6 +98,9 @@ (define (show-help)
--branch=BRANCH download the tip of the specified BRANCH"))
(display (G_ "
--allow-downgrades allow downgrades to earlier channel revisions"))
(display (G_ "
--disable-authentication
disable channel authentication"))
(display (G_ "
-N, --news display news compared to the previous generation"))
(display (G_ "
@ -165,6 +169,9 @@ (define %options
(lambda (opt name arg result)
(alist-cons 'validate-pull warn-about-backward-updates
result)))
(option '("disable-authentication") #f #f
(lambda (opt name arg result)
(alist-cons 'authenticate-channels? #f result)))
(option '(#\p "profile") #t #f
(lambda (opt name arg result)
(alist-cons 'profile (canonicalize-profile arg)
@ -771,7 +778,8 @@ (define (guix-pull . args)
(channels (channel-list opts))
(profile (or (assoc-ref opts 'profile) %current-profile))
(current-channels (profile-channels profile))
(validate-pull (assoc-ref opts 'validate-pull)))
(validate-pull (assoc-ref opts 'validate-pull))
(authenticate? (assoc-ref opts 'authenticate-channels?)))
(cond ((assoc-ref opts 'query)
(process-query opts profile))
((assoc-ref opts 'generation)
@ -793,7 +801,9 @@ (define (guix-pull . args)
#:current-channels
current-channels
#:validate-pull
validate-pull)))
validate-pull
#:authenticate?
authenticate?)))
(format (current-error-port)
(N_ "Building from this channel:~%"
"Building from these channels:~%"