From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jookia <166291@gmail.com> Subject: [PATCH 1/2] svn-download: Respect current-http-proxy when downloading. Date: Tue, 16 Feb 2016 23:37:57 +1100 Message-ID: <56c321a5.8445620a.d0d47.3c13@mx.google.com> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41228) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <166291@gmail.com>) id 1aVfWU-0006AV-Ei for guix-devel@gnu.org; Tue, 16 Feb 2016 08:18:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <166291@gmail.com>) id 1aVfWR-0004Ud-89 for guix-devel@gnu.org; Tue, 16 Feb 2016 08:18:34 -0500 Received: from mail-pf0-x22a.google.com ([2607:f8b0:400e:c00::22a]:35068) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <166291@gmail.com>) id 1aVfWQ-0004UU-Ss for guix-devel@gnu.org; Tue, 16 Feb 2016 08:18:31 -0500 Received: by mail-pf0-x22a.google.com with SMTP id c10so107417656pfc.2 for ; Tue, 16 Feb 2016 05:18:30 -0800 (PST) Received: from localhost (tor-exit.mensrea.org. [104.232.3.33]) by smtp.gmail.com with ESMTPSA id n4sm45940712pfi.3.2016.02.16.05.18.27 for (version=TLSv1/SSLv3 cipher=OTHER); Tue, 16 Feb 2016 05:18:29 -0800 (PST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org When downloading a repository through SVN over HTTP, do it using a proxy if possible. This is especially useful for people who use Tor to do all their downloading. This doesn't work with svn:// repositories to my knowledge. * guix/build/svn.scm (svn-fetch): Pass the "servers:global:http-proxy-host" and "servers:global:http-proxy-port" configuration options to SVN if current-http-proxy is set. Bail if unable to parse the proxy to avoid leaks. * guix/svn-download.scm (svn-fetch): Leak the http_proxy environment variable. --- guix/build/svn.scm | 48 +++++++++++++++++++++++++++++++++++------------- guix/svn-download.scm | 2 ++ 2 files changed, 37 insertions(+), 13 deletions(-) diff --git a/guix/build/svn.scm b/guix/build/svn.scm index 74fe084..2de5abc 100644 --- a/guix/build/svn.scm +++ b/guix/build/svn.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Ludovic Courtès ;;; Copyright © 2014 Sree Harsha Totakura +;;; Copyright © 2016 Jookia <166291@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -19,6 +20,10 @@ (define-module (guix build svn) #:use-module (guix build utils) + #:use-module (ice-9 format) + #:use-module (srfi srfi-2) + #:use-module (web uri) + #:use-module (web client) #:export (svn-fetch)) ;;; Commentary: @@ -32,18 +37,35 @@ #:key (svn-command "svn")) "Fetch REVISION from URL into DIRECTORY. REVISION must be an integer, and a valid Subversion revision. Return #t on success, #f otherwise." - (and (zero? (system* svn-command "checkout" "--non-interactive" - ;; Trust the server certificate. This is OK as we - ;; verify the checksum later. This can be removed when - ;; ca-certificates package is added. - "--trust-server-cert" "-r" (number->string revision) - url directory)) - (with-directory-excursion directory - (begin - ;; The contents of '.svn' vary as a function of the current status - ;; of the repo. Since we want a fixed output, this directory needs - ;; to be taken out. - (delete-file-recursively ".svn") - #t)))) + (define proxy-config + (if (current-http-proxy) + (and-let* ((proxy-uri (string->uri (current-http-proxy))) + (proxy-host (uri-host proxy-uri)) + (proxy-port (number->string (uri-port proxy-uri))) + (config-host "servers:global:http-proxy-host=") + (config-port "servers:global:http-proxy-port=")) + `("--config-option" ,(string-append config-host proxy-host) + "--config-option" ,(string-append config-port proxy-port))) + '())) + + (if proxy-config + (and (zero? (apply system* (append + `(,svn-command "checkout") + proxy-config + `("--non-interactive" + ;; Trust the server certificate. This is OK as we + ;; verify the checksum later. This can be removed when + ;; ca-certificates package is added. + "--trust-server-cert" "-r" ,(number->string revision) + ,url ,directory)))) + (with-directory-excursion directory + (begin + ;; The contents of '.svn' vary as a function of the current status + ;; of the repo. Since we want a fixed output, this directory needs + ;; to be taken out. + (delete-file-recursively ".svn") + #t))) + (format (current-error-port) + "Unable to parse current-http-proxy: ~s~%" (current-http-proxy)))) ;;; svn.scm ends here diff --git a/guix/svn-download.scm b/guix/svn-download.scm index d6853ca..fbc96df 100644 --- a/guix/svn-download.scm +++ b/guix/svn-download.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2015 Ludovic Courtès ;;; Copyright © 2014 Sree Harsha Totakura +;;; Copyright © 2016 Jookia <166291@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -72,6 +73,7 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." #:recursive? #t #:modules '((guix build svn) (guix build utils)) + #:leaked-env-vars '("http_proxy") #:guile-for-build guile #:local-build? #t))) -- 2.7.0