From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 6MPlExNOqmVsRgEAqHPOHw:P1 (envelope-from ) for ; Fri, 19 Jan 2024 11:25:23 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id 6MPlExNOqmVsRgEAqHPOHw (envelope-from ) for ; Fri, 19 Jan 2024 11:25:23 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=inria.fr header.s=dc header.b=uVRnPOem; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=inria.fr (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1705659923; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=P08SjKfGyb58HbVtAouxVKmqR4LifKGuV97BDZFYlXk=; b=uBbVYNgRz88mfdnNU2ASUB7sP1RIYEbeJMEEUo1wNxIXqJti3DI9wqDuLqEbvUk/nN7Mhi 05KTJesjdfGq5dFoXlOuUJXFBMqcH7izoLLZtlSC+AmTsG22wyI0GjhkREtmXUk/INEdTe c32A4VEt7pAJU75nLdeI4deYxAviPnFPXzXvv4AES/vrdVFU9+nm7Jm8c/QJJYC5KW89Tl TzvnO0QSZL5bMvqGwC7XTQYKtFfItW3UYfyRZZWyCQBP+OY3mCI4h1p92xHs6uKNjH3ra7 nY5PjtQHzRXKfNLLQZJxzPD1rlTlT4GoqT+H/j9RQy46U2oYksp8wOSx+x6Lyg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=inria.fr header.s=dc header.b=uVRnPOem; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=inria.fr (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1705659923; a=rsa-sha256; cv=none; b=hpX09aOZyy059mwVCC6qDpIcEQNzIPkBdTsE343G2NU2wE+JCsrZo0CecBn7RoEMJs7jaQ rvaJcNDRWz9xaAlHtqyagQ2lj1yqmgYgIwDfsuu1UZoTNVshhmEvHBksH7eZLZEYi0tuOq WSaMM4XdyufvtX6IJ0cjlC29YHpSD9+iDuireepAWdOZvszLkFrgaJpW6bHMPTclELoEtU 1gSRYcCoTyPD5VG/rSK5ZBQ32kYZsxkvuwPO7IP8qvBEabO8mA8udEXqbmKSrSMczwjXBG EISvq5huee33aEA3AAYh0zicMju1oub2CYcqlcoqpDSKL2DSljiv60/l3R8O3g== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ED75F43510 for ; Fri, 19 Jan 2024 11:25:22 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rQm3b-0006Hj-8i; Fri, 19 Jan 2024 05:25:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rQm3Y-0006HP-Eg for guix-patches@gnu.org; Fri, 19 Jan 2024 05:25:00 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rQm3Y-0002yV-6B for guix-patches@gnu.org; Fri, 19 Jan 2024 05:25:00 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rQm3a-0000B1-8t for guix-patches@gnu.org; Fri, 19 Jan 2024 05:25:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68405] [PATCH v4] guix: download: Add support for git repositories. References: <20240112151411.22470-2-romain.garbage@inria.fr> In-Reply-To: <20240112151411.22470-2-romain.garbage@inria.fr> Resent-From: Romain GARBAGE Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Jan 2024 10:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 68405 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68405@debbugs.gnu.org Cc: Romain GARBAGE , maxim.cournoyer@gmail.com Received: via spool by 68405-submit@debbugs.gnu.org id=B68405.1705659890652 (code B ref 68405); Fri, 19 Jan 2024 10:25:02 +0000 Received: (at 68405) by debbugs.gnu.org; 19 Jan 2024 10:24:50 +0000 Received: from localhost ([127.0.0.1]:57594 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rQm3N-0000AR-D5 for submit@debbugs.gnu.org; Fri, 19 Jan 2024 05:24:50 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:38230) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rQm3J-0000A1-Ng for 68405@debbugs.gnu.org; Fri, 19 Jan 2024 05:24:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=P08SjKfGyb58HbVtAouxVKmqR4LifKGuV97BDZFYlXk=; b=uVRnPOemAdA+adQibKhyvs8PqiRHB4cK6/uCgIO/VHGriznU0MPAEYbc cJGMgPijjiSpVubq7A01Wv0HYeU5RUc066LB9LUp2ppK4jJAaV+8Z3zLL 6nOUel3CeDog57arG93Jrk0f3Nwfx2ajQc5tVhz4dH3+rD+OJzyEz7cIb g=; Received-SPF: SoftFail (mail3-relais-sop.national.inria.fr: domain of romain.garbage@inria.fr is inclined to not designate 193.50.111.147 as permitted sender) identity=mailfrom; client-ip=193.50.111.147; receiver=mail3-relais-sop.national.inria.fr; envelope-from="romain.garbage@inria.fr"; x-sender="romain.garbage@inria.fr"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 include:mailout.safebrands.com a:basic-mail.safebrands.com a:basic-mail01.safebrands.com a:basic-mail02.safebrands.com ip4:128.93.142.0/24 ip4:192.134.164.0/24 ip4:128.93.162.160 ip4:89.107.174.7 mx ~all" Received-SPF: None (mail3-relais-sop.national.inria.fr: no sender authenticity information available from domain of postmaster@guix-A102.bordeaux.inria.fr) identity=helo; client-ip=193.50.111.147; receiver=mail3-relais-sop.national.inria.fr; envelope-from="romain.garbage@inria.fr"; x-sender="postmaster@guix-A102.bordeaux.inria.fr"; x-conformance=spf_only X-IronPort-AV: E=Sophos;i="6.05,204,1701126000"; d="scan'208";a="77262144" Received: from reserved-service-dhcp-pool-bso.bordeaux.inria.fr (HELO guix-A102.bordeaux.inria.fr) ([193.50.111.147]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2024 11:24:37 +0100 From: Romain GARBAGE Date: Fri, 19 Jan 2024 11:19:23 +0100 Message-ID: <20240119102417.17155-1-romain.garbage@inria.fr> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 3.83 X-Migadu-Scanner: mx13.migadu.com X-Spam-Score: 3.83 X-Migadu-Queue-Id: ED75F43510 X-TUID: P90O6fY6AXoF * guix/scripts/download.scm (git-download-to-store*): Add new variable. (copy-recursively-without-dot-git): New variable. (git-download-to-file): Add new variable. (show-help): Add 'git', 'commit', 'branch' and 'recursive'options help message. (%default-options): Add default value for 'git-reference' and 'recursive' options. (%options): Add 'git', 'commit', 'branch' and 'recursive' command line options. (guix-download) [hash]: Compute hash with 'file-hash*' instead of 'port-hash' from (gcrypt hash) module. This allows us to compute hashes for directories. * doc/guix.texi (Invoking guix-download): Add @item entries for `git', `commit', `branch' and `recursive' options. Add a paragraph in the introduction. * tests/guix-download.sh: New tests. Move variables and trap definition to the top of the file. Change-Id: Ic2c428dca4cfcb0d4714ed361a4c46609339140a --- doc/guix.texi | 23 ++++++ guix/scripts/download.scm | 154 +++++++++++++++++++++++++++++++++++--- tests/guix-download.sh | 45 ++++++++++- 3 files changed, 208 insertions(+), 14 deletions(-) Changes from v3->v4 * Capitalized `git' in help message * Replaced underscore with dash in help message * Fixed url shadowing * Wrapped long lines * Added missing punctuation * Moved variables and trap call definition to the top of the test file * Renamed some variables in the test file to be more descriptive * Removed unnecessary call to `chmod' in the test file diff --git a/doc/guix.texi b/doc/guix.texi index a66005ee9d..6e5f801a1e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14020,6 +14020,9 @@ the certificates of X.509 authorities from the directory pointed to by the @env{SSL_CERT_DIR} environment variable (@pxref{X.509 Certificates}), unless @option{--no-check-certificate} is used. +Alternatively, @command{guix download} can also retrieve a Git +repository, possibly a specific commit, tag, or branch. + The following options are available: @table @code @@ -14044,6 +14047,26 @@ URL, which makes you vulnerable to ``man-in-the-middle'' attacks. @itemx -o @var{file} Save the downloaded file to @var{file} instead of adding it to the store. + +@item --git +@itemx -g +Checkout the Git repository at the latest commit on the default branch. + +@item --commit=@var{commit-or-tag} +Checkout the Git repository at @var{commit-or-tag}. + +@var{commit-or-tag} can be either a tag or a commit defined in the Git +repository. + +@item --branch=@var{branch} +Checkout the Git repository at @var{branch}. + +The repository will be checked out at the latest commit of @var{branch}, +which must be a valid branch of the Git repository. + +@item --recursive +@itemx -r +Recursively clone the Git repository. @end table @node Invoking guix hash diff --git a/guix/scripts/download.scm b/guix/scripts/download.scm index 19052d5652..ce2ed68248 100644 --- a/guix/scripts/download.scm +++ b/guix/scripts/download.scm @@ -22,17 +22,24 @@ (define-module (guix scripts download) #:use-module (guix scripts) #:use-module (guix store) #:use-module (gcrypt hash) + #:use-module (guix hash) #:use-module (guix base16) #:use-module (guix base32) #:autoload (guix base64) (base64-encode) #:use-module ((guix download) #:hide (url-fetch)) + #:use-module ((guix git) + #:select (latest-repository-commit + update-cached-checkout + with-git-error-handling)) #:use-module ((guix build download) #:select (url-fetch)) + #:use-module (guix build utils) #:use-module ((guix progress) #:select (current-terminal-columns)) #:use-module ((guix build syscalls) #:select (terminal-columns)) #:use-module (web uri) + #:use-module (ice-9 ftw) #:use-module (ice-9 match) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) @@ -54,6 +61,57 @@ (define (download-to-file url file) (url-fetch url file #:mirrors %mirrors))) file)) +;; This is a simplified version of 'copy-recursively'. +;; It allows us to filter out the ".git" subfolder. +;; TODO: Remove when 'copy-recursively' supports '#:select?'. +(define (copy-recursively-without-dot-git source destination) + (define strip-source + (let ((len (string-length source))) + (lambda (file) + (substring file len)))) + + (file-system-fold (lambda (file stat result) ; enter? + (not (string-suffix? "/.git" file))) + (lambda (file stat result) ; leaf + (let ((dest (string-append destination + (strip-source file)))) + (case (stat:type stat) + ((symlink) + (let ((target (readlink file))) + (symlink target dest))) + (else + (copy-file file dest))))) + (lambda (dir stat result) ; down + (let ((target (string-append destination + (strip-source dir)))) + (mkdir-p target))) + (const #t) ; up + (const #t) ; skip + (lambda (file stat errno result) + (format (current-error-port) "i/o error: ~a: ~a~%" + file (strerror errno)) + #f) + #t + source)) + +(define (git-download-to-file url file reference recursive?) + "Download the git repo at URL to file, checked out at REFERENCE. +REFERENCE must be a pair argument as understood by 'latest-repository-commit'. +Return FILE." + ;; 'libgit2' doesn't support the URL format generated by 'uri->string' so + ;; we have to do a little fixup. Dropping completely the 'file:' protocol + ;; part gives better performance. + (let ((url (cond ((string-prefix? "file://" url) + (string-drop url (string-length "file://"))) + ((string-prefix? "file:" url) + (string-drop url (string-length "file:"))) + (else url)))) + (copy-recursively-without-dot-git + (with-git-error-handling + (update-cached-checkout url #:ref reference #:recursive? recursive?)) + file)) + file) + (define (ensure-valid-store-file-name name) "Replace any character not allowed in a store name by an underscore." @@ -67,17 +125,42 @@ (define valid name)) -(define* (download-to-store* url #:key (verify-certificate? #t)) +(define* (download-to-store* url + #:key (verify-certificate? #t) + #:allow-other-keys) (with-store store (download-to-store store url (ensure-valid-store-file-name (basename url)) #:verify-certificate? verify-certificate?))) +(define* (git-download-to-store* url + reference + recursive? + #:key (verify-certificate? #t)) + "Download the git repository at URL to the store, checked out at REFERENCE. +URL must specify a protocol (i.e https:// or file://), REFERENCE must be a +pair argument as understood by 'latest-repository-commit'." + ;; Ensure the URL string is properly formatted when using the 'file' + ;; protocol: URL is generated using 'uri->string', which returns + ;; "file:/path/to/file" instead of "file:///path/to/file", which in turn + ;; makes 'git-download-to-store' fail. + (let* ((file? (string-prefix? "file:" url)) + (url (if (and file? + (not (string-prefix? "file:///" url))) + (string-append "file://" (string-drop url (string-length "file:"))) + url))) + (with-store store + ;; TODO: Verify certificate support and deactivation. + (with-git-error-handling + (latest-repository-commit store url #:recursive? recursive? #:ref reference))))) + (define %default-options ;; Alist of default option values. `((format . ,bytevector->nix-base32-string) (hash-algorithm . ,(hash-algorithm sha256)) (verify-certificate? . #t) + (git-reference . #f) + (recursive? . #f) (download-proc . ,download-to-store*))) (define (show-help) @@ -97,6 +180,19 @@ (define (show-help) do not validate the certificate of HTTPS servers ")) (format #t (G_ " -o, --output=FILE download to FILE")) + (format #t (G_ " + -g, --git download the default branch's latest commit of the + Git repository at URL")) + (format #t (G_ " + --commit=COMMIT-OR-TAG + download the given commit or tag of the Git + repository at URL")) + (format #t (G_ " + --branch=BRANCH download the given branch of the Git repository + at URL")) + (format #t (G_ " + -r, --recursive download a Git repository recursively")) + (newline) (display (G_ " -h, --help display this help and exit")) @@ -105,6 +201,13 @@ (define (show-help) (newline) (show-bug-report-information)) +(define (add-git-download-option result) + (alist-cons 'download-proc + ;; XXX: #:verify-certificate? currently ignored. + (lambda* (url #:key verify-certificate? ref recursive?) + (git-download-to-store* url ref recursive?)) + (alist-delete 'download result))) + (define %options ;; Specifications of the command-line options. (list (option '(#\f "format") #t #f @@ -136,11 +239,36 @@ (define fmt-proc (alist-cons 'verify-certificate? #f result))) (option '(#\o "output") #t #f (lambda (opt name arg result) - (alist-cons 'download-proc - (lambda* (url #:key verify-certificate?) - (download-to-file url arg)) - (alist-delete 'download result)))) - + (let* ((git + (assoc-ref result 'git-reference))) + (if git + (alist-cons 'download-proc + (lambda* (url #:key verify-certificate? ref recursive?) + (git-download-to-file url arg (assoc-ref result 'git-reference) recursive?)) + (alist-delete 'download result)) + (alist-cons 'download-proc + (lambda* (url #:key verify-certificate? #:allow-other-keys) + (download-to-file url arg)) + (alist-delete 'download result)))))) + (option '(#\g "git") #f #f + (lambda (opt name arg result) + ;; Ignore this option if 'commit' or 'branch' has + ;; already been provided + (if (assoc-ref result 'git-reference) + result + (alist-cons 'git-reference '() + (add-git-download-option result))))) + (option '("commit") #t #f + (lambda (opt name arg result) + (alist-cons 'git-reference `(tag-or-commit . ,arg) + (add-git-download-option result)))) + (option '("branch") #t #f + (lambda (opt name arg result) + (alist-cons 'git-reference `(branch . ,arg) + (add-git-download-option result)))) + (option '(#\r "recursive") #f #f + (lambda (opt name arg result) + (alist-cons 'recursive? #t result))) (option '(#\h "help") #f #f (lambda args (leave-on-EPIPE (show-help)) @@ -183,12 +311,14 @@ (define (parse-options) (terminal-columns))) (fetch (uri->string uri) #:verify-certificate? - (assq-ref opts 'verify-certificate?)))) - (hash (call-with-input-file - (or path - (leave (G_ "~a: download failed~%") - arg)) - (cute port-hash (assoc-ref opts 'hash-algorithm) <>))) + (assq-ref opts 'verify-certificate?) + #:ref (assq-ref opts 'git-reference) + #:recursive? (assq-ref opts 'recursive?)))) + (hash (let* ((path* (or path + (leave (G_ "~a: download failed~%") + arg)))) + (file-hash* path* + #:algorithm (assoc-ref opts 'hash-algorithm)))) (fmt (assq-ref opts 'format))) (format #t "~a~%~a~%" path (fmt hash)) #t))) diff --git a/tests/guix-download.sh b/tests/guix-download.sh index f4cb335eef..d4cd2ea6b9 100644 --- a/tests/guix-download.sh +++ b/tests/guix-download.sh @@ -16,6 +16,12 @@ # You should have received a copy of the GNU General Public License # along with GNU Guix. If not, see . +# Define some files/folders needed for the tests. +output="t-download-$$" +test_git_repo="$(mktemp -d)" +output_dir="t-archive-dir-$$" +trap 'rm -rf "$test_git_repo" ; rm -f "$output" ; rm -rf "$output_dir"' EXIT + # # Test the `guix download' command-line utility. # @@ -36,8 +42,6 @@ guix download "file://$abs_top_srcdir/README" guix download "$abs_top_srcdir/README" # This one too, even if it cannot talk to the daemon. -output="t-download-$$" -trap 'rm -f "$output"' EXIT GUIX_DAEMON_SOCKET="/nowhere" guix download -o "$output" \ "file://$abs_top_srcdir/README" cmp "$output" "$abs_top_srcdir/README" @@ -45,4 +49,41 @@ cmp "$output" "$abs_top_srcdir/README" # This one should fail. guix download "file:///does-not-exist" "file://$abs_top_srcdir/README" && false +# Test git support with local repository. +# First, create a dummy git repo in the temporary directory. +( + cd $test_git_repo + git init + touch test + git config user.name "User" + git config user.email "user@domain" + git add test + git commit -m "Commit" + git tag -a -m "v1" v1 +) + +# Extract commit number. +commit=$((cd $test_git_repo && git log) | head -n 1 | cut -f2 -d' ') + +# We expect that guix hash is working properly or at least that the output of +# 'guix download' is consistent with 'guix hash'. +expected_hash=$(guix hash -rx $test_git_repo) + +# Test the different options +for option in "" "--commit=$commit" "--commit=v1" "--branch=master" +do + command_output="$(guix download --git $option "file://$test_git_repo")" + computed_hash="$(echo $command_output | cut -f2 -d' ')" + store_path="$(echo $command_output | cut -f1 -d' ')" + [ "$expected_hash" = "$computed_hash" ] + diff -r -x ".git" $test_git_repo $store_path +done + +# Should fail. +guix download --git --branch=non_existent "file://$test_git_repo" && false + +# Same but download to file instead of store. +guix download --git "file://$test_git_repo" -o $output_dir +diff -r -x ".git" $test_git_repo $output_dir + exit 0 -- 2.41.0