Re: was I hacked?

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: was I hacked?

From:	Vagrant Cascadian
Subject:	Re: was I hacked?
Date:	Thu, 14 Apr 2022 09:05:29 -0700

On 2022-04-14, jgart wrote:
> On Thu, 14 Apr 2022 08:26:39 +0800 Feng Shu <tumashu@163.com> wrote:
>> jgart <jgart@dismail.de> writes:
>> 
>> > On Wed, 13 Apr 2022 02:25:11 -0300 Thiago Jung Bauermann 
>> > <bauermann@kolabnow.com> wrote:
>> >> I don't understand why Guix thinks that. IIUC 950f3e… is a direct
>> >> descendant of 42679e…
>> >
>> > As of today now the has changed:
>> >
>> >  ```
>> >  λ guix pull
>> > Updating channel 'guixrus' from Git repository at 
>> > 'https://git.sr.ht/~whereiseveryone/guixrus'...Updating channel 'nonguix' 
>> > from Git repository at 'https://gitlab.com/nonguix/nonguix'...Updating 
>> > channel 'guix' from Git repository at 
>> > 'https://git.savannah.gnu.org/git/guix.git'...guix pull: error: aborting 
>> > update of channel 'guix' to commit 
>> > 5743d505834a8b13778da2c969ea4e15bb7a3a75, which is not a descendant of 
>> > 42679e3f81a0fa61e225b1f6aa0e80e39625372f
>> > hint: This could indicate that the channel has been tampered with and is 
>> > trying to force a roll-back, preventing you from getting the latest
>> > updates.  If you think this is not the case, explicitly allow non-forward 
>> > updates.
>> > ```
>> >
>> > I haven't allowed downgrades yet.
>> >
>> > Waiting to see if I get an answer first on why it's happening.
>> 
>> Why not roll-back to an older guix, then try guix pull again? 
>
> Hi Feng,
>
> Thanks! that worked!!!
>
> I rolled back one generation and ran `guix pull`.

That still does leave me wonder what the deal was...

Was the repository tampered with?

Rolling back to an older generation and then moving forward basically
would be a successfull (hopefully just accidental) attack changing the
commit history! Rolling back to an older generation isn't much different
than just blindly allowing to move forward to a different branch...

Is it possible that one of your channels actually had the exact same
commit in it, but then forked off in different directions?

It is rather unsettling to not know what happened...


live well,
  vagrant

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

was I hacked?, jgart, 2022/04/12
- Re: was I hacked?, Thiago Jung Bauermann, 2022/04/13
  - Re: was I hacked?, jgart, 2022/04/13
    - Re: was I hacked?, Feng Shu, 2022/04/13
    - Re: was I hacked?, jgart, 2022/04/14
    - Re: was I hacked?, Vagrant Cascadian <=
    - Re: was I hacked?, jgart, 2022/04/14
    - Re: was I hacked?, Christine Lemmer-Webber, 2022/04/14
    - Re: was I hacked?, jgart, 2022/04/14
    - Re: was I hacked?, Christine Lemmer-Webber, 2022/04/14
    - Re: was I hacked?, jgart, 2022/04/14
    - Re: was I hacked?, Jack Hill, 2022/04/14
    - Re: was I hacked?, jgart, 2022/04/15
    - Re: was I hacked?, jgart, 2022/04/15
    - Re: was I hacked?, Edouard Klein, 2022/04/15
    - Re: was I hacked?, Christine Lemmer-Webber, 2022/04/15

Prev by Date: Re: Kernel panic on new machine
Next by Date: Re: was I hacked?
Previous by thread: Re: was I hacked?
Next by thread: Re: was I hacked?
Index(es):
- Date
- Thread