From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marius Bakke <mbakke@fastmail.com>
Subject: [PATCH] pull: Use HTTPS by default.
Date: Tue, 28 Feb 2017 17:39:02 +0100
Message-ID: <20170228163902.5367-1-mbakke@fastmail.com>
References: <87shmy1hup.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56873)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1ciknz-0008K5-Sf
	for guix-devel@gnu.org; Tue, 28 Feb 2017 11:39:16 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1ciknw-0003ab-Oa
	for guix-devel@gnu.org; Tue, 28 Feb 2017 11:39:15 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:46695)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1ciknw-0003Zj-G2
	for guix-devel@gnu.org; Tue, 28 Feb 2017 11:39:12 -0500
In-Reply-To: <87shmy1hup.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org
Cc: Marius Bakke <mbakke@fastmail.com>

* guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
(%options): Add "--insecure" option.
(show-help): Mention it.
(guix-pull): Pass #:verify-certificate to DOWNLOAD-TO-STORE.
---
 guix/scripts/pull.scm | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index a4824e4fd..b1724f13c 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -45,7 +45,7 @@
 
 (define %snapshot-url
   ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download"
-  "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
+  "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
   )
 
 (define-syntax-rule (with-environment-variable variable value body ...)
@@ -78,6 +78,8 @@ Download and deploy the latest version of Guix.\n"))
   (display (_ "
       --url=URL          download the Guix tarball from URL"))
   (display (_ "
+      --insecure         do not perform validation of TLS certificates"))
+  (display (_ "
       --bootstrap        use the bootstrap Guile to build the new Guix"))
   (newline)
   (display (_ "
@@ -96,6 +98,9 @@ Download and deploy the latest version of Guix.\n"))
                 (lambda (opt name arg result)
                   (alist-cons 'tarball-url arg
                               (alist-delete 'tarball-url result))))
+        (option '("insecure") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'insecure? #t result)))
         (option '("bootstrap") #f #f
                 (lambda (opt name arg result)
                   (alist-cons 'bootstrap? #t result)))
@@ -225,7 +230,9 @@ contained therein."
     (let* ((opts  (parse-options))
            (store (open-connection))
            (url   (assoc-ref opts 'tarball-url)))
-      (let ((tarball (download-to-store store url "guix-latest.tar.gz")))
+      (let ((tarball (download-to-store store url "guix-latest.tar.gz"
+                                        #:verify-certificate?
+                                        (not (assoc-ref opts 'insecure?)))))
         (unless tarball
           (leave (_ "failed to download up-to-date source, exiting\n")))
         (parameterize ((%guile-for-build
-- 
2.12.0