--- Begin Message ---
|
Subject: |
[PATCH 0/3] 'reconfigure' disallows downgrades by default |
|
Date: |
Thu, 16 Jul 2020 00:15:06 +0200 |
Hello!
This patch series changes ‘guix system reconfigure’ so that it errors
out when attempting to downgrade the system, which could (re)introduce
security vulnerability and/or cause problems with stateful services
(we experienced the latter a couple of weeks ago on berlin.guix.gnu.org
actually). Having this sanity check is pretty much a prerequisite for
unattended upgrades IMO (patch coming soon!).
It works by comparing the commits shown by ‘guix describe’ to those
shown by ‘guix system describe’, essentially. Apart from that, it
is similar to what ‘guix pull’ does. There’s a bit of redundancy
with code in ‘guix pull’, but that seemed unavoidable (it’s mostly
UI stuff).
Thoughts?
Thanks,
Ludo’.
Ludovic Courtès (3):
git: Factorize 'resolve-reference'.
git: 'update-cached-checkout' has a new #:check-out? parameter.
guix system: 'reconfigure' disallows downgrades by default.
doc/guix.texi | 35 +++++++++--
guix/git.scm | 90 ++++++++++++++------------
guix/scripts/system.scm | 15 ++++-
guix/scripts/system/reconfigure.scm | 97 ++++++++++++++++++++++++++++-
4 files changed, 192 insertions(+), 45 deletions(-)
--
2.27.0
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: [bug#42381] [PATCH 0/3] 'reconfigure' disallows downgrades by default |
|
Date: |
Thu, 23 Jul 2020 00:34:21 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Ludovic Courtès <ludo@gnu.org> skribis:
> git: Factorize 'resolve-reference'.
> git: 'update-cached-checkout' has a new #:check-out? parameter.
> guix system: 'reconfigure' disallows downgrades by default.
Pushed as 8e31736b0a60919cc1bfc5dc22c395b09243484a.
Feedback welcome, in particular if it breaks your workflow.
Ludo’.
--- End Message ---