etc/git/pre-push: Run guix git authenticate before check-channel-news

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Vagrant Cascadian
Owner
unassigned
Submitted by
Vagrant Cascadian
Severity
normal

Debbugs page

Vagrant Cascadian wrote 3 months ago
(address . guix-patches@gnu.org)(address . vagrant@debian.org)
878qsovc1t.fsf@wireframe
Running check-channel-news before authenticating the repository could
result in running unauthenticated code; the attached patch switches the
order they are run in.

live well,
vagrant
From 42bd8ceceada3ad764a450c040bc2a9a1e3f7842 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@debian.org>
Date: Mon, 9 Dec 2024 12:21:30 -0800
Subject: [PATCH] etc: git: pre-push: Run guix git authenticate before
check-channel-news.

Running check-channel-news first could potentially be untrusted code, so
authenticate first.

* etc/git/pre-push: Run guix git authenticate before check-channel-news.
---
etc/git/pre-push | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (18 lines)
diff --git a/etc/git/pre-push b/etc/git/pre-push
index 325b23854b..752310d854 100755
--- a/etc/git/pre-push
+++ b/etc/git/pre-push
@@ -33,8 +33,8 @@ do
case "$2" in
*.gnu.org*)
set -e
- make check-channel-news
exec guix git authenticate
+ make check-channel-news
exit 127
;;
*)

base-commit: da3c8a963f83c044568d99921480259eaa26a923
--
2.39.5
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ1dSPwAKCRDcUY/If5cW
qgyiAQCy7Qa8WrtiSZmrry3SIsRLARS2YCw/Fn18E9GvUlWP0QEA1h1o+QhF706H
A+HJSSHoiee0JGPuvjTJ8qyTZetwSws=
=yXMR
-----END PGP SIGNATURE-----

Ludovic Courtès wrote 3 months ago
(name . Vagrant Cascadian)(address . vagrant@debian.org)(address . 74755@debbugs.gnu.org)
878qs55ejd.fsf@gnu.org
Hi,

Vagrant Cascadian <vagrant@debian.org> skribis:

Toggle quote (11 lines)
> From 42bd8ceceada3ad764a450c040bc2a9a1e3f7842 Mon Sep 17 00:00:00 2001
> From: Vagrant Cascadian <vagrant@debian.org>
> Date: Mon, 9 Dec 2024 12:21:30 -0800
> Subject: [PATCH] etc: git: pre-push: Run guix git authenticate before
> check-channel-news.
>
> Running check-channel-news first could potentially be untrusted code, so
> authenticate first.
>
> * etc/git/pre-push: Run guix git authenticate before check-channel-news.

LGTM, thanks!

Ludo’.
Vagrant Cascadian wrote 2 months ago
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 74755-done@debbugs.gnu.org)
877c79hs1f.fsf@wireframe
On 2024-12-24, Ludovic Courtès wrote:
Toggle quote (14 lines)
> Vagrant Cascadian <vagrant@debian.org> skribis:
>> From 42bd8ceceada3ad764a450c040bc2a9a1e3f7842 Mon Sep 17 00:00:00 2001
>> From: Vagrant Cascadian <vagrant@debian.org>
>> Date: Mon, 9 Dec 2024 12:21:30 -0800
>> Subject: [PATCH] etc: git: pre-push: Run guix git authenticate before
>> check-channel-news.
>>
>> Running check-channel-news first could potentially be untrusted code, so
>> authenticate first.
>>
>> * etc/git/pre-push: Run guix git authenticate before check-channel-news.
>
> LGTM, thanks!

Pushed as:

ab9cda9ebd00073d5a0783919809f2e564f141e9 etc: git: pre-push: Run guix git authenticate before check-channel-news.

live well,
vagrant
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ3r4zAAKCRDcUY/If5cW
qtjgAQC2udNpGpEfJYwyip+q17QEvgxq2UbO35M97XUCuo5WTAD/XJz1UzYSXQlZ
UVW1YB84pml+UNvNEEDwKi3cFQaBdgA=
=Ndcw
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 74755@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74755
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help