From: Leo Famulari <leo@famulari.name>
To: Marius Bakke <mbakke@fastmail.com>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH v3] pull: Default to HTTPS.
Date: Wed, 1 Mar 2017 17:07:08 -0500 [thread overview]
Message-ID: <20170301220708.GA22766@jasmine> (raw)
In-Reply-To: <20170301212000.5476-1-mbakke@fastmail.com>
[-- Attachment #1: Type: text/plain, Size: 2541 bytes --]
On Wed, Mar 01, 2017 at 10:20:00PM +0100, Marius Bakke wrote:
> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
> (guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate.
Nice! It works without GnuTLS in $PATH and an unset $SSL_CERT_DIR :)
By the way, the only thing I'm waiting for before submitting an le-certs
package is one more person to check that they can reproduce the
certificates that would be provided by the le-certs package, as
requested here:
http://lists.gnu.org/archive/html/guix-devel/2017-02/msg01146.html
> (define %snapshot-url
> ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download"
> - "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
> + "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
> )
> + (define (use-le-certs? url)
> + (string=? url %snapshot-url))
I thought about it, and we should probably relax this, to match
"https://git.savannah.gnu.org/cgit/guix.git", so that everything would
work in cases like this...
$ guix pull --url=https://git.savannah.gnu.org/cgit/guix.git/snapshot/v0.12.0.tar.gz
... and for future cases when `guix pull` may use Git.
> + (define (fetch-tarball store url)
> + (download-to-store store url "guix-latest.tar.gz"))
> +
> (with-error-handling
> (let* ((opts (parse-options))
> (store (open-connection))
> (url (assoc-ref opts 'tarball-url)))
> - (let ((tarball (download-to-store store url "guix-latest.tar.gz")))
> + (let ((tarball (if (use-gnutls? url)
> + (begin
> + ;; Add GnuTLS to inputs and load path.
> + (set! %load-path
> + (cons (string-append (package-output store gnutls)
> + "/share/guile/site/"
> + (effective-version))
> + %load-path))
> + (if (use-le-certs? url)
> + (parameterize ((%x509-certificate-directory
> + (string-append (package-output store nss-certs)
> + "/etc/ssl/certs")))
> + (fetch-tarball store url))
> + (fetch-tarball store url)))
> + (fetch-tarball store url))))
I hope some more seasoned Schemers will offer their review :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2017-03-01 22:07 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-09 15:55 `guix pull` over HTTPS Leo Famulari
2017-02-10 0:30 ` Leo Famulari
2017-02-10 15:33 ` Ludovic Courtès
2017-02-10 16:22 ` Marius Bakke
2017-02-10 22:21 ` Ludovic Courtès
2017-02-10 22:43 ` Marius Bakke
2017-02-10 22:52 ` ng0
2017-02-11 14:28 ` Ludovic Courtès
2017-02-11 19:25 ` Leo Famulari
2017-02-11 19:48 ` Ricardo Wurmus
2017-02-12 13:36 ` Ludovic Courtès
2017-02-28 5:46 ` Leo Famulari
2017-02-28 14:59 ` Marius Bakke
2017-02-28 16:29 ` Leo Famulari
2017-02-28 16:45 ` Marius Bakke
2017-02-28 20:44 ` Marius Bakke
2017-02-28 21:44 ` Marius Bakke
2017-02-28 21:54 ` Marius Bakke
2017-03-01 2:36 ` Marius Bakke
2017-03-01 5:14 ` Leo Famulari
2017-03-01 21:20 ` [PATCH v3] pull: Default to HTTPS Marius Bakke
2017-03-01 22:07 ` Leo Famulari [this message]
2017-03-01 21:21 ` `guix pull` over HTTPS Marius Bakke
2017-03-06 10:04 ` Ludovic Courtès
2017-03-06 10:06 ` Ludovic Courtès
2017-03-06 12:27 ` Marius Bakke
2017-02-28 23:05 ` Marius Bakke
2017-03-01 0:19 ` Leo Famulari
2017-02-28 16:39 ` [PATCH] pull: Use HTTPS by default Marius Bakke
2017-03-01 1:01 ` Leo Famulari
2017-02-10 18:55 ` `guix pull` over HTTPS Christopher Allan Webber
2017-02-10 15:29 ` Ludovic Courtès
2017-02-13 21:23 ` Bob Proulx
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170301220708.GA22766@jasmine \
--to=leo@famulari.name \
--cc=guix-devel@gnu.org \
--cc=mbakke@fastmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).