From a9eeeaa6aeeafb817df3aad22a4b85205ac3ec13 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 8 Jun 2020 23:22:17 +0200 Subject: pull: Add '--disable-authentication'. * guix/channels.scm (latest-channel-instance): Add #:authenticate? and honor it. (latest-channel-instances): Likewise. * guix/scripts/pull.scm (%default-options): Add 'authenticate-channels?'. (show-help, %options): Add '--disable-authentication'. (guix-pull): Pass #:authenticate? to 'latest-channel-instances'. * doc/guix.texi (Invoking guix pull): Document it. --- doc/guix.texi | 14 ++++++++++++++ guix/channels.scm | 25 +++++++++++++++++-------- guix/scripts/pull.scm | 14 ++++++++++++-- 3 files changed, 43 insertions(+), 10 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index dd626816d0..6c59db3393 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3929,6 +3929,20 @@ Make sure you understand its security implications before using @option{--allow-downgrades}. @end quotation +@item --disable-authentication +Allow pulling channel code without authenticating it. + +@cindex authentication, of channel code +By default, @command{guix pull} authenticates code downloaded from +channels by verifying that its commits are signed by authorized +developers, and raises an error if this is not the case. This option +instructs it to not perform any such verification. + +@quotation Note +Make sure you understand its security implications before using +@option{--disable-authentication}. +@end quotation + @item --system=@var{system} @itemx -s @var{system} Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of diff --git a/guix/channels.scm b/guix/channels.scm index a82bd340e2..5a83d83427 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -390,11 +390,12 @@ (define reporter (define* (latest-channel-instance store channel #:key (patches %patches) starting-commit + (authenticate? #f) (validate-pull ensure-forward-channel-update)) "Return the latest channel instance for CHANNEL. When STARTING-COMMIT is true, call VALIDATE-PULL with CHANNEL, STARTING-COMMIT, the target commit, and -their relation." +their relation. When AUTHENTICATE? is false, CHANNEL is not authenticated." (define (dot-git? file stat) (and (string=? (basename file) ".git") (eq? 'directory (stat:type stat)))) @@ -408,14 +409,16 @@ (define (dot-git? file stat) (when relation (validate-pull channel starting-commit commit relation)) - (if (channel-introduction channel) - (authenticate-channel channel checkout commit) - ;; TODO: Warn for all the channels once the authentication interface - ;; is public. - (when (guix-channel? channel) - (warning (G_ "channel '~a' lacks an introduction and \ + (if authenticate? + (if (channel-introduction channel) + (authenticate-channel channel checkout commit) + ;; TODO: Warn for all the channels once the authentication interface + ;; is public. + (when (guix-channel? channel) + (warning (G_ "channel '~a' lacks an introduction and \ cannot be authenticated~%") - (channel-name channel)))) + (channel-name channel)))) + (warning (G_ "channel authentication disabled~%"))) (when (guix-channel? channel) ;; Apply the relevant subset of PATCHES directly in CHECKOUT. This is @@ -463,11 +466,15 @@ (define (ensure-forward-channel-update channel start commit relation) (define* (latest-channel-instances store channels #:key (current-channels '()) + (authenticate? #t) (validate-pull ensure-forward-channel-update)) "Return a list of channel instances corresponding to the latest checkouts of CHANNELS and the channels on which they depend. +When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a +\"channel introduction\". + CURRENT-CHANNELS is the list of currently used channels. It is compared against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called for each channel update and can choose to emit warnings or raise an error, @@ -505,6 +512,8 @@ (define-values (resulting-channels instances) (let* ((current (current-commit (channel-name channel))) (instance (latest-channel-instance store channel + #:authenticate? + authenticate? #:validate-pull validate-pull #:starting-commit diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index d3d0d2bd64..f953957161 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -82,6 +82,7 @@ (define %default-options (graft? . #t) (debug . 0) (verbosity . 1) + (authenticate-channels? . #t) (validate-pull . ,ensure-forward-channel-update))) (define (show-help) @@ -97,6 +98,9 @@ (define (show-help) --branch=BRANCH download the tip of the specified BRANCH")) (display (G_ " --allow-downgrades allow downgrades to earlier channel revisions")) + (display (G_ " + --disable-authentication + disable channel authentication")) (display (G_ " -N, --news display news compared to the previous generation")) (display (G_ " @@ -165,6 +169,9 @@ (define %options (lambda (opt name arg result) (alist-cons 'validate-pull warn-about-backward-updates result))) + (option '("disable-authentication") #f #f + (lambda (opt name arg result) + (alist-cons 'authenticate-channels? #f result))) (option '(#\p "profile") #t #f (lambda (opt name arg result) (alist-cons 'profile (canonicalize-profile arg) @@ -771,7 +778,8 @@ (define (guix-pull . args) (channels (channel-list opts)) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) - (validate-pull (assoc-ref opts 'validate-pull))) + (validate-pull (assoc-ref opts 'validate-pull)) + (authenticate? (assoc-ref opts 'authenticate-channels?))) (cond ((assoc-ref opts 'query) (process-query opts profile)) ((assoc-ref opts 'generation) @@ -793,7 +801,9 @@ (define (guix-pull . args) #:current-channels current-channels #:validate-pull - validate-pull))) + validate-pull + #:authenticate? + authenticate?))) (format (current-error-port) (N_ "Building from this channel:~%" "Building from these channels:~%" -- cgit v1.2.3