[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Building from git
|
From: |
Simon Tournier |
|
Subject: |
Re: Building from git |
|
Date: |
Thu, 07 Sep 2023 20:59:27 +0200 |
Hi,
On Thu, 07 Sep 2023 at 19:45, wolf <wolf@wolfsden.cz> wrote:
>> The Makefile does not run ‘guix git authenticate’ using ./pre-inst-env.
>> And that’s probably to ensure the source of trust. If one corrupt the
>> commit that is built, then ’make authenticate’ would authenticate the
>> corruption because it would run the corrupted newly built guix command.
>> Currently, ’make authenticate’ run one guix command that had already
>> been authenticated. Well, that’s my understanding.
>
> Hmm, but the recipe for the authenticate rule comes from the (possibly)
> compromised source, no? So the attacker can just modify the recipe instead of
> the command going the authentication. Am I missing something?
Yes, the corruption of Makefile.am can be the corruption I was talking about.
Well, for more explanations one can maybe read:
[bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from
'installing from git' docs
Ludovic Courtès <ludo@gnu.org>
Sat, 24 Sep 2022 17:58:29 +0200
id:87k05s7oii.fsf_-_@gnu.org
https://issues.guix.gnu.org//57910
https://issues.guix.gnu.org/msgid/87k05s7oii.fsf_-_@gnu.org
https://yhetil.org/guix/87k05s7oii.fsf_-_@gnu.org
[bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from
'installing from git' docs
Maxime Devos <maximedevos@telenet.be>
Sat, 24 Sep 2022 18:23:10 +0200
id:ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
https://issues.guix.gnu.org//57910
https://issues.guix.gnu.org/msgid/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
https://yhetil.org/guix/ec49e6c2-a542-7d95-0d73-10b2816c59d2@telenet.be
Cheers,
simon
- Building from git, Nicolas Débonnaire, 2023/09/03
- Re: Building from git,
Simon Tournier <=