channels: 'authenticate-channel' doesn't check relation with intro commit.

Fixes <https://bugs.gnu.org/41908>. Reported by Jan Nieuwenhuizen <janneke@gnu.org>. The relation check imposed an extra restriction that was unnecessary: it's enough to authenticate the set difference between the closure of START-COMMIT and that of END-COMMIT. Any attempt to jump to an unrelated commit would lead to the authentication failure of one commit on the way. * guix/channels.scm (authenticate-channel): Remove extra 'commit-relation' check when (null? commits).
2020-06-21 16:39:27 +02:00 · 2020-06-21 16:39:27 +02:00 · e4a4287c5f
commit e4a4287c5f
parent 41939c374a
1 changed files with 23 additions and 35 deletions
--- a/guix/channels.scm
+++ b/guix/channels.scm
@ -350,45 +350,33 @@ fails."
    (define reporter
      (progress-reporter/bar (length commits)))
-    ;; When COMMITS is empty, it's either because AUTHENTICATED-COMMITS
+    ;; When COMMITS is empty, it's because END-COMMIT is in the closure of
-    ;; contains END-COMMIT or because END-COMMIT is not a descendant of
+    ;; START-COMMIT and/or AUTHENTICATED-COMMITS, in which case it's known to
-    ;; START-COMMIT.  Check that.
+    ;; be authentic already.
-    (if (null? commits)
+    (unless (null? commits)
-        (match (commit-relation start-commit end-commit)
+      (format (current-error-port)
-          ((or 'self 'ancestor 'descendant) #t)   ;nothing to do!
+              (G_ "Authenticating channel '~a', \
          ('unrelated
           (raise
            (condition
             (&message
              (message
               (format #f (G_ "'~a' is not related to introductory \
 commit of channel '~a'~%")
                       (oid->string (commit-id end-commit))
                       (channel-name channel))))))))
        (begin
          (format (current-error-port)
                  (G_ "Authenticating channel '~a', \
 commits ~a to ~a (~h new commits)...~%")
-                  (channel-name channel)
+              (channel-name channel)
-                  (commit-short-id start-commit)
+              (commit-short-id start-commit)
-                  (commit-short-id end-commit)
+              (commit-short-id end-commit)
-                  (length commits))
+              (length commits))
-          ;; If it's our first time, verify CHANNEL's introductory commit.
+      ;; If it's our first time, verify CHANNEL's introductory commit.
-          (when (null? authenticated-commits)
+      (when (null? authenticated-commits)
-            (verify-introductory-commit repository
+        (verify-introductory-commit repository
-                                        (channel-introduction channel)
+                                    (channel-introduction channel)
-                                        keyring))
+                                    keyring))
-          (call-with-progress-reporter reporter
+      (call-with-progress-reporter reporter
-            (lambda (report)
+        (lambda (report)
-              (authenticate-commits repository commits
+          (authenticate-commits repository commits
-                                    #:keyring keyring
+                                #:keyring keyring
-                                    #:report-progress report)))
+                                #:report-progress report)))
-          (cache-authenticated-commit cache-key
+      (cache-authenticated-commit cache-key
-                                      (oid->string
+                                  (oid->string
-                                       (commit-id end-commit)))))))
+                                   (commit-id end-commit))))))
 (define* (latest-channel-instance store channel
                                  #:key (patches %patches)