pull: Add '--disable-authentication'.

* guix/channels.scm (latest-channel-instance): Add #:authenticate? and
honor it.
(latest-channel-instances): Likewise.
* guix/scripts/pull.scm (%default-options): Add 'authenticate-channels?'.
(show-help, %options): Add '--disable-authentication'.
(guix-pull): Pass #:authenticate? to 'latest-channel-instances'.
* doc/guix.texi (Invoking guix pull): Document it.
This commit is contained in:
Ludovic Courtès 2020-06-08 23:22:17 +02:00
parent c3f6f564e9
commit a9eeeaa6ae
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
3 changed files with 43 additions and 10 deletions

@ -3929,6 +3929,20 @@ Make sure you understand its security implications before using
@option{--allow-downgrades}.
@end quotation
@item --disable-authentication
Allow pulling channel code without authenticating it.
@cindex authentication, of channel code
By default, @command{guix pull} authenticates code downloaded from
channels by verifying that its commits are signed by authorized
developers, and raises an error if this is not the case. This option
instructs it to not perform any such verification.
@quotation Note
Make sure you understand its security implications before using
@option{--disable-authentication}.
@end quotation
@item --system=@var{system}
@itemx -s @var{system}
Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of

@ -390,11 +390,12 @@ commits ~a to ~a (~h new commits)...~%")
(define* (latest-channel-instance store channel
#:key (patches %patches)
starting-commit
(authenticate? #f)
(validate-pull
ensure-forward-channel-update))
"Return the latest channel instance for CHANNEL. When STARTING-COMMIT is
true, call VALIDATE-PULL with CHANNEL, STARTING-COMMIT, the target commit, and
their relation."
their relation. When AUTHENTICATE? is false, CHANNEL is not authenticated."
(define (dot-git? file stat)
(and (string=? (basename file) ".git")
(eq? 'directory (stat:type stat))))
@ -408,14 +409,16 @@ their relation."
(when relation
(validate-pull channel starting-commit commit relation))
(if (channel-introduction channel)
(authenticate-channel channel checkout commit)
;; TODO: Warn for all the channels once the authentication interface
;; is public.
(when (guix-channel? channel)
(warning (G_ "channel '~a' lacks an introduction and \
(if authenticate?
(if (channel-introduction channel)
(authenticate-channel channel checkout commit)
;; TODO: Warn for all the channels once the authentication interface
;; is public.
(when (guix-channel? channel)
(warning (G_ "channel '~a' lacks an introduction and \
cannot be authenticated~%")
(channel-name channel))))
(channel-name channel))))
(warning (G_ "channel authentication disabled~%")))
(when (guix-channel? channel)
;; Apply the relevant subset of PATCHES directly in CHECKOUT. This is
@ -463,11 +466,15 @@ allow non-forward updates."))))))))))
(define* (latest-channel-instances store channels
#:key
(current-channels '())
(authenticate? #t)
(validate-pull
ensure-forward-channel-update))
"Return a list of channel instances corresponding to the latest checkouts of
CHANNELS and the channels on which they depend.
When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a
\"channel introduction\".
CURRENT-CHANNELS is the list of currently used channels. It is compared
against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called
for each channel update and can choose to emit warnings or raise an error,
@ -505,6 +512,8 @@ depending on the policy it implements."
(let* ((current (current-commit (channel-name channel)))
(instance
(latest-channel-instance store channel
#:authenticate?
authenticate?
#:validate-pull
validate-pull
#:starting-commit

@ -82,6 +82,7 @@
(graft? . #t)
(debug . 0)
(verbosity . 1)
(authenticate-channels? . #t)
(validate-pull . ,ensure-forward-channel-update)))
(define (show-help)
@ -97,6 +98,9 @@ Download and deploy the latest version of Guix.\n"))
--branch=BRANCH download the tip of the specified BRANCH"))
(display (G_ "
--allow-downgrades allow downgrades to earlier channel revisions"))
(display (G_ "
--disable-authentication
disable channel authentication"))
(display (G_ "
-N, --news display news compared to the previous generation"))
(display (G_ "
@ -165,6 +169,9 @@ Download and deploy the latest version of Guix.\n"))
(lambda (opt name arg result)
(alist-cons 'validate-pull warn-about-backward-updates
result)))
(option '("disable-authentication") #f #f
(lambda (opt name arg result)
(alist-cons 'authenticate-channels? #f result)))
(option '(#\p "profile") #t #f
(lambda (opt name arg result)
(alist-cons 'profile (canonicalize-profile arg)
@ -771,7 +778,8 @@ Use '~/.config/guix/channels.scm' instead."))
(channels (channel-list opts))
(profile (or (assoc-ref opts 'profile) %current-profile))
(current-channels (profile-channels profile))
(validate-pull (assoc-ref opts 'validate-pull)))
(validate-pull (assoc-ref opts 'validate-pull))
(authenticate? (assoc-ref opts 'authenticate-channels?)))
(cond ((assoc-ref opts 'query)
(process-query opts profile))
((assoc-ref opts 'generation)
@ -793,7 +801,9 @@ Use '~/.config/guix/channels.scm' instead."))
#:current-channels
current-channels
#:validate-pull
validate-pull)))
validate-pull
#:authenticate?
authenticate?)))
(format (current-error-port)
(N_ "Building from this channel:~%"
"Building from these channels:~%"