[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disabling authentication checks for tests in local Guix checkouts
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Disabling authentication checks for tests in local Guix checkouts |
|
Date: |
Mon, 17 Jun 2024 23:52:02 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Suhail Singh <suhailsingh247@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> I’m not sure how to integrate it though: in the general case, we
>> probably want to keep authentication enabled by default, but how to
>> allow users to easily disable it when using a personal checkout?
>
> Could you please elaborate on what the challenge is?
>
> Is the challenge in inferring when they are using a personal checkout?
> Would it be a challenge to have the user provide an option instead?
> Said option could either be passed in explicitly every-time, or a
> command provided to allow the user to set/unset the option (which would
> get stored, say, in .git/config under guix "authentication") and the
> code updated to read the preference from there.
The challenge is in determining that Guix is running from a local
checkout. Now that I think about it, it’s not that hard: ./pre-inst-env
sets ‘GUIX_UNINSTALLED’. So we could do:
#:authenticate? (not (getenv "GUIX_UNINSTALLED"))
Problem is that an attacker could lead a user to disable authentication
by getting them to set this seemingly unrelated environment variable.
The ‘.git/config’ option you propose is not available because that all
happens with the Guix-managed cached checkout under
~/.cache/guix/checkouts.
Maybe a specific environment variable would do?
Ludo’.