Ludovic Courtès <l...@gnu.org> writes: > The challenge is in determining that Guix is running from a local > checkout. Now that I think about it, it’s not that hard: ./pre-inst-env > sets ‘GUIX_UNINSTALLED’. So we could do: > > #:authenticate? (not (getenv "GUIX_UNINSTALLED")) > > Problem is that an attacker could lead a user to disable authentication > by getting them to set this seemingly unrelated environment variable. > > The ‘.git/config’ option you propose is not available because that all > happens with the Guix-managed cached checkout under > ~/.cache/guix/checkouts.
Thank you for the detailed explanation. > Maybe a specific environment variable would do? Perhaps. What is the threat model of the attacker? -- Suhail
