From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: `guix pull` over HTTPS
Date: Wed, 1 Mar 2017 00:14:20 -0500
Message-ID: <20170301051420.GA11310@jasmine>
References: <874m011xb2.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<871sv44x97.fsf@gnu.org> <20170228054616.GA28504@jasmine>
	<87shmy1hup.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<20170228162919.GA10253@jasmine>
	<87mvd61cxv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<87k28a11wt.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<87h93e0z4a.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<87efyi0ynv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<8760jt206c.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55138)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1ciwbB-0003ok-BB
	for guix-devel@gnu.org; Wed, 01 Mar 2017 00:14:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1ciwb7-0001qT-9k
	for guix-devel@gnu.org; Wed, 01 Mar 2017 00:14:49 -0500
Content-Disposition: inline
In-Reply-To: <8760jt206c.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: guix-devel@gnu.org


--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 01, 2017 at 03:36:11AM +0100, Marius Bakke wrote:
> Subject: [PATCH] pull: Default to HTTPS.
>=20
> * guix/build/download.scm (tls-wrap): Add CERTIFICATE-DIRECTORY parameter.
> (open-connection-for-uri): Adjust parameters to match.
> (http-fetch): Likewise.
> (url-fetch): Likewise.
> * guix/download.scm (download-to-store): Likewise.
> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
> (guix-pull): Verify against the store path of NSS-CERTS.

When I don't have GnuTLS in my environment, it fails like this:

Starting download of /tmp/guix-file.pSCYyI
=46rom https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz...
;;; Failed to autoload make-session in (gnutls):
;;; ERROR: missing interface for module (gnutls)
ERROR: In procedure module-lookup: Unbound variable: make-session
failed to download "/tmp/guix-file.pSCYyI" from "https://git.savannah.gnu.o=
rg/cgit/guix.git/snapshot/master.tar.gz"
guix pull: error: failed to download up-to-date source, exiting

Also, I think we should only use a default trust store when pulling from
%snapshot-url.

--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAli2WKwACgkQJkb6MLrK
fwjdHBAAqpG5iexadwFa9oY5AC98KJ86z0Jpw7CBhu1FOQFRZuZlA1rpNm+qx8VL
6Nxb6A2Af5H8LrkVmRFUtj5i3FyYlWV0vywpXA7NLnNj38hV2vya9eUfzL2wCQFw
awL+tqrS2V/iih7ETDuoAyLSwvpsr2ElSMm0N+BJBIC8KeXvp+GjHkq87bR29HO/
FJhHMfmQq3Mxu7EPN+0iLa4MQDFbJrAel3FZIklC6TmWd9x8XJiDs3Z81y9EDBiA
XBRt9z5DtEvi6UNbVEJ+r7UCi1iGQRjNymLP+pL2eonF8sybv9B7OIPJwxewBcwI
mGo7r7HlCnyy8iQQvPaTIq3u7Rk9LSP2bDvHucAsRSTvTWBHQ8isxgbXMO9PIxGl
IdRBLe7lM6Fjq1wV0mPsUEUloAR4B2cGoSFZlvP5vpGUN7D+uuh1/JsBY0zyEFoE
+4srYUmFmc1neU9Dg7mCw/JrgpQjYL2X/bA2b59pQ/dSMZJTBmIhee6Ior+7wz/l
QmELMXMNTGFoj/NYgzJ6ydSWDwSx+bTQ7IeVTvKsVQgKHJcRmctNHhJ7C9uEuIp1
mSp4eIcRlJ//DRaU/iYj/z0inL0FxGU2L8qL0AELxYJcZWsNGzGN1BnJVD9x9xXc
dJJ9IuZz5TsqHxSXrgPy3oweqSMPaEHgGt8GoLmBS7CmELWZkYY=
=ka24
-----END PGP SIGNATURE-----

--3V7upXqbjpZ4EhLz--