From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id UBIUDJPQWGcjXgEAe85BDQ:P1 (envelope-from ) for ; Tue, 10 Dec 2024 23:36:51 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id UBIUDJPQWGcjXgEAe85BDQ (envelope-from ) for ; Wed, 11 Dec 2024 00:36:51 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=iapZLwK7; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=cXaOh+bz; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1733873811; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=xMNozuDFaIcsOhBzPjyxJk0tD8mBPU08DflTV9ZKMfI=; b=oyN/58eO/v8wLY5aH8pIyi8f1shNuoSfv0Ay1L8FUeiCfKQJ3ugcwjTe1I/YHln1x5Ky+Z gkcFIXT7brGPZaZaLjDZV6Z2b+A/2ZwAaPBjyU1aX9X0fTf0qbMmj+wshtnoUcyWGv6eBy j5XFZ+saxBxokvTJgNqr3FhBMdp7OUZLUrW/Mq8JhBD2EnovsczxDWgeqCjNR90Fs26bpg 983qWE9PPubdFbClfCz7WbfF34FOQUxzi5eVoNQyMwl+M8e4nwk87aea6Lyv3ZB4JGQ2Rm p2uxWE1KEt+BJZCNSaIzty2ZqiXwyHdR4Crn0MtlHG66dlxvFGWa92UtRXuH4Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=iapZLwK7; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=cXaOh+bz; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1733873811; a=rsa-sha256; cv=none; b=CXIZo6JKvlyAGxlvlmRS4AipMDQF6jVhKQYlA1AkkrkwS3Q2uREcFMv4Q0aDauObOMeK/c v0WAPUhizWQO2okJHBKDs3kKGLywNyUp9cM5hP4ZbezZJDye+tbYfqJb3DaeKSOPnFG2pM NkVE+h3S8rdffWs0TBWeYoQHom3WNGRa67Iqnt6mNqyf5Kc75cGH2y7eOAoyBPR87Ba5nI y7hiOy8IkRS1Jt/OT9Lytnzzy6j/JFHK8icCNJ/nMHbGAxW4dy0Sp1Ou8AXNa5pIAvLtx4 +N3jJ4kmrSI0KFt4knCyRLwvcS4UIQfDYLc7JQ4Ta/pGPT4Tin/GZ6vjb7BFPQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 017BF7EC2C for ; Wed, 11 Dec 2024 00:36:51 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tL9lw-0007qR-G8; Tue, 10 Dec 2024 18:36:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL9lu-0007pZ-B9 for guix-patches@gnu.org; Tue, 10 Dec 2024 18:36:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tL9lu-0002eR-1t; Tue, 10 Dec 2024 18:36:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=xMNozuDFaIcsOhBzPjyxJk0tD8mBPU08DflTV9ZKMfI=; b=iapZLwK70EDDQ3DYRJtv4d2uHbvL3SdeLgFNZgFtZ08Z/qrBexqdDB7XsPvNALKAsnmQZhX3rudBfxMCJVaf+5nXNxmkS/E5pAwpSIE3iHOJKhUSmoLX/0Z6LHsu4+IaS2idb62njrFZOUSGfg4I5pnZlmW/4uF3MQWBgFQkxWBBV2vY4B/7KnXkoQqI/E0XRLFHZT7M3oHn7Y7uUdqxa0eeZW/a05LMdISjKC1Z+jPAZsOHQtQl3a2KJqk/VGsepckV6+zh/sAYidrXzpn04tevbYe60dVcepkXTI+lD2gwyxj9xoQbTTaAs2+8JFWeWf4U+/BtWfouvV0MHu2Kew==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tL9lr-0005dW-8w; Tue, 10 Dec 2024 18:36:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74776] [PATCH 3/7] guix download: Honor =?UTF-8?Q?=E2=80=98--no-check-certificate=E2=80=99?= for =?UTF-8?Q?=E2=80=98--git=E2=80=99.?= Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Tue, 10 Dec 2024 23:36:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74776 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74776@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by 74776-submit@debbugs.gnu.org id=B74776.173387370921100 (code B ref 74776); Tue, 10 Dec 2024 23:36:03 +0000 Received: (at 74776) by debbugs.gnu.org; 10 Dec 2024 23:35:09 +0000 Received: from localhost ([127.0.0.1]:60054 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tL9ky-0005U6-4u for submit@debbugs.gnu.org; Tue, 10 Dec 2024 18:35:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52858) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tL9ku-0005Sc-2H for 74776@debbugs.gnu.org; Tue, 10 Dec 2024 18:35:05 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL9ko-0002PS-S9; Tue, 10 Dec 2024 18:34:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=xMNozuDFaIcsOhBzPjyxJk0tD8mBPU08DflTV9ZKMfI=; b=cXaOh+bzZbXl/GwX0CpX HWCNEsdiNTTibxcchI/0efggo+fHaIBYNSY4BjCK7sNDPC47W/zkmpjpjrRTacK7n3+X7XBqzDT4D WZKckBrt0jIyGgRISEZPQ44FbySAkvzkdOUJ/HRDzL/l9Vlj1DbLHN87xjXwkuYIyVA5FvspTBSSd z+HRW9ochfmxxeDGSJnkVPz1PnGM/v/AWwD8WOkMGFN5P2TqfmQQu7fcmI9ULZ1P3osvUCbRkep9b TqNQfcMGxVwqo+h9a7pbSxAzCfB/iYu+wg+uhXWpaw5ZLZReWV5G5YmeCkTjPMWW8Z8bDnQhQmCnA Tb+nBxAbatxNGQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Wed, 11 Dec 2024 00:34:42 +0100 Message-ID: <4c0835f5958108ad2235c4bb63f22d2b742356d2.1733873391.git.ludo@gnu.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: -0.86 X-Spam-Score: -0.86 X-Migadu-Queue-Id: 017BF7EC2C X-TUID: kl1wfs6l32Fk Until now ‘--no-check-certificate’ had no effect when combined with ‘--git’. This can be tested with: guix shell libfaketime -- faketime 2019-01-01 \ guix download --no-check-certificate --git \ https://git.savannah.gnu.org/git/shepherd.git * guix/scripts/download.scm (git-download-to-file): Add #:verify-certificate? and honor it. (git-download-to-store*): Likewise. (add-git-download-option): Likewise. (%options): Likewise. Change-Id: Ib3905398199d814a02319ed3328eb8a4ed219bd5 --- guix/scripts/download.scm | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/guix/scripts/download.scm b/guix/scripts/download.scm index de68e6f328..f373e46941 100644 --- a/guix/scripts/download.scm +++ b/guix/scripts/download.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2015, 2016, 2017, 2020 Ludovic Courtès +;;; Copyright © 2012-2013, 2015-2017, 2020, 2024 Ludovic Courtès ;;; Copyright © 2021 Simon Tournier ;;; ;;; This file is part of GNU Guix. @@ -94,7 +94,8 @@ (define (copy-recursively-without-dot-git source destination) #t source)) -(define (git-download-to-file url file reference recursive?) +(define* (git-download-to-file url file reference recursive? + #:key (verify-certificate? #t)) "Download the git repo at URL to file, checked out at REFERENCE. REFERENCE must be a pair argument as understood by 'latest-repository-commit'. Return FILE." @@ -108,7 +109,8 @@ (define (git-download-to-file url file reference recursive?) (else url)))) (copy-recursively-without-dot-git (with-git-error-handling - (update-cached-checkout url #:ref reference #:recursive? recursive?)) + (update-cached-checkout url #:ref reference #:recursive? recursive? + #:verify-certificate? verify-certificate?)) file)) file) @@ -151,12 +153,13 @@ (define* (git-download-to-store* url (string-drop url (string-length "file:"))) url))) (with-store store - ;; TODO: Verify certificate support and deactivation. (with-git-error-handling (latest-repository-commit store url #:recursive? recursive? - #:ref reference))))) + #:ref reference + #:verify-certificate? + verify-certificate?))))) (define %default-options ;; Alist of default option values. @@ -207,9 +210,10 @@ (define (show-help) (define (add-git-download-option result) (alist-cons 'download-proc - ;; XXX: #:verify-certificate? currently ignored. (lambda* (url #:key verify-certificate? ref recursive?) - (git-download-to-store* url ref recursive?)) + (git-download-to-store* url ref recursive? + #:verify-certificate? + verify-certificate?)) (alist-delete 'download result))) (define %options @@ -243,20 +247,20 @@ (define %options (alist-cons 'verify-certificate? #f result))) (option '(#\o "output") #t #f (lambda (opt name arg result) - (let* ((git - (assoc-ref result 'git-reference))) + (let* ((git (assoc-ref result 'git-reference))) (if git (alist-cons 'download-proc - (lambda* (url - #:key - verify-certificate? - ref - recursive?) + (lambda* (url #:key + (verify-certificate? #t) + ref + recursive?) (git-download-to-file url arg (assoc-ref result 'git-reference) - recursive?)) + recursive? + #:verify-certificate? + verify-certificate?)) (alist-delete 'download result)) (alist-cons 'download-proc (lambda* (url -- 2.46.0