From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: [PATCH v3] pull: Default to HTTPS. Date: Wed, 1 Mar 2017 22:20:00 +0100 Message-ID: <20170301212000.5476-1-mbakke@fastmail.com> References: <20170301051420.GA11310@jasmine> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47868) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjBfM-0000tC-Kl for guix-devel@gnu.org; Wed, 01 Mar 2017 16:20:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjBfJ-0008PS-FL for guix-devel@gnu.org; Wed, 01 Mar 2017 16:20:08 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:34382) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cjBfJ-0008PA-9R for guix-devel@gnu.org; Wed, 01 Mar 2017 16:20:05 -0500 In-Reply-To: <20170301051420.GA11310@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Cc: Marius Bakke * guix/scripts/pull.scm (%snapshot-url): Use HTTPS. (guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate. --- guix/scripts/pull.scm | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index a4824e4fd..b9438a4f6 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -29,12 +29,16 @@ #:use-module (guix monads) #:use-module ((guix build utils) #:select (with-directory-excursion delete-file-recursively)) + #:use-module ((guix build download) + #:select (%x509-certificate-directory)) #:use-module (gnu packages base) #:use-module (gnu packages guile) #:use-module ((gnu packages bootstrap) #:select (%bootstrap-guile)) + #:use-module ((gnu packages certs) #:select (nss-certs)) #:use-module (gnu packages compression) #:use-module (gnu packages gnupg) + #:use-module ((gnu packages tls) #:select (gnutls)) #:use-module (srfi srfi-1) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -45,7 +49,7 @@ (define %snapshot-url ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download" - "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz" + "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz" ) (define-syntax-rule (with-environment-variable variable value body ...) @@ -221,11 +225,34 @@ contained therein." (leave (_ "~A: unexpected argument~%") arg)) %default-options)) + (define (use-gnutls? url) + (string-prefix? "https://" url)) + + (define (use-le-certs? url) + (string=? url %snapshot-url)) + + (define (fetch-tarball store url) + (download-to-store store url "guix-latest.tar.gz")) + (with-error-handling (let* ((opts (parse-options)) (store (open-connection)) (url (assoc-ref opts 'tarball-url))) - (let ((tarball (download-to-store store url "guix-latest.tar.gz"))) + (let ((tarball (if (use-gnutls? url) + (begin + ;; Add GnuTLS to inputs and load path. + (set! %load-path + (cons (string-append (package-output store gnutls) + "/share/guile/site/" + (effective-version)) + %load-path)) + (if (use-le-certs? url) + (parameterize ((%x509-certificate-directory + (string-append (package-output store nss-certs) + "/etc/ssl/certs"))) + (fetch-tarball store url)) + (fetch-tarball store url))) + (fetch-tarball store url)))) (unless tarball (leave (_ "failed to download up-to-date source, exiting\n"))) (parameterize ((%guile-for-build -- 2.12.0