[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25975: Use HTTPS in `guix pull`
|
From: |
Marius Bakke |
|
Subject: |
bug#25975: Use HTTPS in `guix pull` |
|
Date: |
Sun, 05 Mar 2017 15:59:16 +0100 |
|
User-agent: |
Notmuch/0.23.7 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu) |
I've tried a number of times to send this through `git send-email`, but
it seems to get caught in a spam filter or similar.
Trying as attachment now.
Note that this uses 'nss-certs' for easy testing, but is intended to use
'le-certs' from this thread:
https://lists.gnu.org/archive/html/guix-devel/2017-02/msg01146.html
From 6667ea5a2ec3a26dd5c4fb5f792485eeb941a969 Mon Sep 17 00:00:00 2001
From: Marius Bakke <address@hidden>
Date: Wed, 1 Mar 2017 22:11:02 +0100
Subject: [PATCH] pull: Default to HTTPS.
* guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
(guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate.
---
guix/scripts/pull.scm | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index a4824e4fd..4031f1d32 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -29,12 +29,16 @@
#:use-module (guix monads)
#:use-module ((guix build utils)
#:select (with-directory-excursion delete-file-recursively))
+ #:use-module ((guix build download)
+ #:select (%x509-certificate-directory))
#:use-module (gnu packages base)
#:use-module (gnu packages guile)
#:use-module ((gnu packages bootstrap)
#:select (%bootstrap-guile))
+ #:use-module ((gnu packages certs) #:select (nss-certs))
#:use-module (gnu packages compression)
#:use-module (gnu packages gnupg)
+ #:use-module ((gnu packages tls) #:select (gnutls))
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
@@ -45,7 +49,7 @@
(define %snapshot-url
;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download";
- "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz";
+ "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz";
)
(define-syntax-rule (with-environment-variable variable value body ...)
@@ -221,11 +225,35 @@ contained therein."
(leave (_ "~A: unexpected argument~%") arg))
%default-options))
+ (define (use-gnutls? url)
+ (string-prefix? "https://"; url))
+
+ (define (use-le-certs? url)
+ (string-prefix? "https://git.savannah.gnu.org"; url))
+
+ (define (fetch-tarball store url)
+ (download-to-store store url "guix-latest.tar.gz"))
+
(with-error-handling
(let* ((opts (parse-options))
(store (open-connection))
(url (assoc-ref opts 'tarball-url)))
- (let ((tarball (download-to-store store url "guix-latest.tar.gz")))
+ (let ((tarball
+ (if (use-gnutls? url)
+ (begin
+ ;; Add GnuTLS to inputs and load path.
+ (set! %load-path
+ (cons (string-append (package-output store gnutls)
+ "/share/guile/site/"
+ (effective-version))
+ %load-path))
+ (if (use-le-certs? url)
+ (parameterize ((%x509-certificate-directory
+ (string-append (package-output store
nss-certs)
+ "/etc/ssl/certs")))
+ (fetch-tarball store url))
+ (fetch-tarball store url)))
+ (fetch-tarball store url))))
(unless tarball
(leave (_ "failed to download up-to-date source, exiting\n")))
(parameterize ((%guile-for-build
--
2.12.0
signature.asc
Description: PGP signature
- bug#25975: Use HTTPS in `guix pull`,
Marius Bakke <=
bug#25975: Use HTTPS in `guix pull`, Ludovic Courtès, 2017/03/08