[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disabling authentication checks for tests in local Guix checkouts
|
From: |
Suhail Singh |
|
Subject: |
Re: Disabling authentication checks for tests in local Guix checkouts |
|
Date: |
Mon, 17 Jun 2024 22:36:38 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Ludovic Courtès <ludo@gnu.org> writes:
> The challenge is in determining that Guix is running from a local
> checkout. Now that I think about it, it’s not that hard: ./pre-inst-env
> sets ‘GUIX_UNINSTALLED’. So we could do:
>
> #:authenticate? (not (getenv "GUIX_UNINSTALLED"))
>
> Problem is that an attacker could lead a user to disable authentication
> by getting them to set this seemingly unrelated environment variable.
>
> The ‘.git/config’ option you propose is not available because that all
> happens with the Guix-managed cached checkout under
> ~/.cache/guix/checkouts.
Thank you for the detailed explanation.
> Maybe a specific environment variable would do?
Perhaps. What is the threat model of the attacker?
--
Suhail