Hi,
On Thu, 07 Sep 2023 at 19:45, wolf <[email protected]> wrote:
>> The Makefile does not run ‘guix git authenticate’ using ./pre-inst-env.
>> And that’s probably to ensure the source of trust. If one corrupt the
>> commit that is built, then ’make authenticate’ would authenticate the
>> corruption because it would run the corrupted newly built guix command.
>> Currently, ’make authenticate’ run one guix command that had already
>> been authenticated. Well, that’s my understanding.
>
> Hmm, but the recipe for the authenticate rule comes from the (possibly)
> compromised source, no? So the attacker can just modify the recipe instead of
> the command going the authentication. Am I missing something?
Yes, the corruption of Makefile.am can be the corruption I was talking about.
Well, for more explanations one can maybe read:
[bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from
'installing from git' docs
Ludovic Courtès <[email protected]>
Sat, 24 Sep 2022 17:58:29 +0200
id:[email protected]
https://issues.guix.gnu.org//57910
https://issues.guix.gnu.org/msgid/[email protected]
https://yhetil.org/guix/[email protected]
[bug#57909] bug#57910: [PATCH] Add link to 'pre-inst-env' from
'installing from git' docs
Maxime Devos <[email protected]>
Sat, 24 Sep 2022 18:23:10 +0200
id:[email protected]
https://issues.guix.gnu.org//57910
https://issues.guix.gnu.org/msgid/[email protected]
https://yhetil.org/guix/[email protected]
Cheers,
simon
