summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-06-21 16:39:27 +0200
committerLudovic Courtès <ludo@gnu.org>2020-06-21 17:36:40 +0200
commite4a4287c5fb51c0e47431606df5ee78b953d71f8 (patch)
treed46264905fc86a845c1544cc2077e8e3c5ec002f
parent41939c374a3ef421d2d4c6453c327a9cd7af4ce5 (diff)
downloadguix-e4a4287c5fb51c0e47431606df5ee78b953d71f8.tar.gz
channels: 'authenticate-channel' doesn't check relation with intro commit.
Fixes <https://bugs.gnu.org/41908>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.

The relation check imposed an extra restriction that was unnecessary:
it's enough to authenticate the set difference between the closure of
START-COMMIT and that of END-COMMIT.  Any attempt to jump to an
unrelated commit would lead to the authentication failure of one commit
on the way.

* guix/channels.scm (authenticate-channel): Remove extra
'commit-relation' check when (null? commits).
-rw-r--r--guix/channels.scm64
1 files changed, 26 insertions, 38 deletions
diff --git a/guix/channels.scm b/guix/channels.scm
index c879cb6ffa..3eec5df883 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -350,45 +350,33 @@ fails."
     (define reporter
       (progress-reporter/bar (length commits)))
 
-    ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS
-    ;; contains END-COMMIT or because END-COMMIT is not a descendant of
-    ;; START-COMMIT.  Check that.
-    (if (null? commits)
-        (match (commit-relation start-commit end-commit)
-          ((or 'self 'ancestor 'descendant) #t)   ;nothing to do!
-          ('unrelated
-           (raise
-            (condition
-             (&message
-              (message
-               (format #f (G_ "'~a' is not related to introductory \
-commit of channel '~a'~%")
-                       (oid->string (commit-id end-commit))
-                       (channel-name channel))))))))
-        (begin
-          (format (current-error-port)
-                  (G_ "Authenticating channel '~a', \
+    ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
+    ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
+    ;; be authentic already.
+    (unless (null? commits)
+      (format (current-error-port)
+              (G_ "Authenticating channel '~a', \
 commits ~a to ~a (~h new commits)...~%")
-                  (channel-name channel)
-                  (commit-short-id start-commit)
-                  (commit-short-id end-commit)
-                  (length commits))
-
-          ;; If it's our first time, verify CHANNEL's introductory commit.
-          (when (null? authenticated-commits)
-            (verify-introductory-commit repository
-                                        (channel-introduction channel)
-                                        keyring))
-
-          (call-with-progress-reporter reporter
-            (lambda (report)
-              (authenticate-commits repository commits
-                                    #:keyring keyring
-                                    #:report-progress report)))
-
-          (cache-authenticated-commit cache-key
-                                      (oid->string
-                                       (commit-id end-commit)))))))
+              (channel-name channel)
+              (commit-short-id start-commit)
+              (commit-short-id end-commit)
+              (length commits))
+
+      ;; If it's our first time, verify CHANNEL's introductory commit.
+      (when (null? authenticated-commits)
+        (verify-introductory-commit repository
+                                    (channel-introduction channel)
+                                    keyring))
+
+      (call-with-progress-reporter reporter
+        (lambda (report)
+          (authenticate-commits repository commits
+                                #:keyring keyring
+                                #:report-progress report)))
+
+      (cache-authenticated-commit cache-key
+                                  (oid->string
+                                   (commit-id end-commit))))))
 
 (define* (latest-channel-instance store channel
                                   #:key (patches %patches)