From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: [PATCH] pull: Use HTTPS by default. Date: Tue, 28 Feb 2017 17:39:02 +0100 Message-ID: <20170228163902.5367-1-mbakke@fastmail.com> References: <87shmy1hup.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56873) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ciknz-0008K5-Sf for guix-devel@gnu.org; Tue, 28 Feb 2017 11:39:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ciknw-0003ab-Oa for guix-devel@gnu.org; Tue, 28 Feb 2017 11:39:15 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:46695) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ciknw-0003Zj-G2 for guix-devel@gnu.org; Tue, 28 Feb 2017 11:39:12 -0500 In-Reply-To: <87shmy1hup.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Cc: Marius Bakke * guix/scripts/pull.scm (%snapshot-url): Use HTTPS. (%options): Add "--insecure" option. (show-help): Mention it. (guix-pull): Pass #:verify-certificate to DOWNLOAD-TO-STORE. --- guix/scripts/pull.scm | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index a4824e4fd..b1724f13c 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -45,7 +45,7 @@ (define %snapshot-url ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download" - "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz" + "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz" ) (define-syntax-rule (with-environment-variable variable value body ...) @@ -78,6 +78,8 @@ Download and deploy the latest version of Guix.\n")) (display (_ " --url=URL download the Guix tarball from URL")) (display (_ " + --insecure do not perform validation of TLS certificates")) + (display (_ " --bootstrap use the bootstrap Guile to build the new Guix")) (newline) (display (_ " @@ -96,6 +98,9 @@ Download and deploy the latest version of Guix.\n")) (lambda (opt name arg result) (alist-cons 'tarball-url arg (alist-delete 'tarball-url result)))) + (option '("insecure") #f #f + (lambda (opt name arg result) + (alist-cons 'insecure? #t result))) (option '("bootstrap") #f #f (lambda (opt name arg result) (alist-cons 'bootstrap? #t result))) @@ -225,7 +230,9 @@ contained therein." (let* ((opts (parse-options)) (store (open-connection)) (url (assoc-ref opts 'tarball-url))) - (let ((tarball (download-to-store store url "guix-latest.tar.gz"))) + (let ((tarball (download-to-store store url "guix-latest.tar.gz" + #:verify-certificate? + (not (assoc-ref opts 'insecure?))))) (unless tarball (leave (_ "failed to download up-to-date source, exiting\n"))) (parameterize ((%guile-for-build -- 2.12.0