Archived
1
0
Fork 0

substitute: Untangle skipping authentication from valid-narinfo?.

Rather than having valid-narinfo? evaluate to #t if
%allow-unauthenticated-substitutes? is set to #t, just use (const #t) for
valid-narinfo? when %allow-unauthenticated-substitutes? is set to #t.  This
will allow moving valid-narinfo? in to a (guix substitutes) module.

* guix/scripts/substitute.scm (process-query, process-substitution): Change
the authorized? argument to lookup-narinfo and lookup-narinfos/diverse based
on %allow-unauthenticated-substitutes?.
(valid-narinfo?): Remove use of %allow-unauthenticated-substitutes?.
This commit is contained in:
Christopher Baines 2020-12-24 16:01:25 +00:00
parent 540893a8cc
commit 35e0c0cf1d
No known key found for this signature in database
GPG key ID: 5E28A33B0B84F577

View file

@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2018 Kyle Meyer <kyle@kyleam.com> ;;; Copyright © 2018 Kyle Meyer <kyle@kyleam.com>
;;; Copyright © 2020 Christopher Baines <mail@cbaines.net>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -375,38 +376,37 @@ No authentication and authorization checks are performed here!"
(define* (valid-narinfo? narinfo #:optional (acl (current-acl)) (define* (valid-narinfo? narinfo #:optional (acl (current-acl))
#:key verbose?) #:key verbose?)
"Return #t if NARINFO's signature is not valid." "Return #t if NARINFO's signature is not valid."
(or (%allow-unauthenticated-substitutes?) (let ((hash (narinfo-sha256 narinfo))
(let ((hash (narinfo-sha256 narinfo)) (signature (narinfo-signature narinfo))
(signature (narinfo-signature narinfo)) (uri (uri->string (first (narinfo-uris narinfo)))))
(uri (uri->string (first (narinfo-uris narinfo))))) (and hash signature
(and hash signature (signature-case (signature hash acl)
(signature-case (signature hash acl) (valid-signature #t)
(valid-signature #t) (invalid-signature
(invalid-signature (when verbose?
(when verbose? (format (current-error-port)
(format (current-error-port) "invalid signature for substitute at '~a'~%"
"invalid signature for substitute at '~a'~%" uri))
uri)) #f)
#f) (hash-mismatch
(hash-mismatch (when verbose?
(when verbose? (format (current-error-port)
(format (current-error-port) "hash mismatch for substitute at '~a'~%"
"hash mismatch for substitute at '~a'~%" uri))
uri)) #f)
#f) (unauthorized-key
(unauthorized-key (when verbose?
(when verbose? (format (current-error-port)
(format (current-error-port) "substitute at '~a' is signed by an \
"substitute at '~a' is signed by an \
unauthorized party~%" unauthorized party~%"
uri)) uri))
#f) #f)
(corrupt-signature (corrupt-signature
(when verbose? (when verbose?
(format (current-error-port) (format (current-error-port)
"corrupt signature for substitute at '~a'~%" "corrupt signature for substitute at '~a'~%"
uri)) uri))
#f)))))) #f)))))
(define (write-narinfo narinfo port) (define (write-narinfo narinfo port)
"Write NARINFO to PORT." "Write NARINFO to PORT."
@ -917,11 +917,14 @@ expected by the daemon."
"Reply to COMMAND, a query as written by the daemon to this process's "Reply to COMMAND, a query as written by the daemon to this process's
standard input. Use ACL as the access-control list against which to check standard input. Use ACL as the access-control list against which to check
authorized substitutes." authorized substitutes."
(define (valid? obj) (define valid?
(valid-narinfo? obj acl)) (if (%allow-unauthenticated-substitutes?)
(begin
(warn-about-missing-authentication)
(when (%allow-unauthenticated-substitutes?) (const #t))
(warn-about-missing-authentication)) (lambda (obj)
(valid-narinfo? obj acl))))
(match (string-tokenize command) (match (string-tokenize command)
(("have" paths ..1) (("have" paths ..1)
@ -1081,7 +1084,9 @@ DESTINATION is in the store, deduplicate its files. Print a status line on
the current output port." the current output port."
(define narinfo (define narinfo
(lookup-narinfo cache-urls store-item (lookup-narinfo cache-urls store-item
(cut valid-narinfo? <> acl))) (if (%allow-unauthenticated-substitutes?)
(const #t)
(cut valid-narinfo? <> acl))))
(define destination-in-store? (define destination-in-store?
(string-prefix? (string-append (%store-prefix) "/") (string-prefix? (string-append (%store-prefix) "/")