From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Problem with pkgconfig source https redirect Date: Thu, 11 Feb 2016 10:48:49 +0100 Message-ID: <877fibvapq.fsf@gnu.org> References: <874mdhp91g.fsf@mordocai.net> <20160210094344.7aff4457@debian-netbook> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40600) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aTnrs-0004P9-HI for guix-devel@gnu.org; Thu, 11 Feb 2016 04:48:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aTnro-00060Q-F5 for guix-devel@gnu.org; Thu, 11 Feb 2016 04:48:56 -0500 In-Reply-To: (David Thompson's message of "Wed, 10 Feb 2016 16:40:03 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: "Thompson, David" Cc: guix-devel --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable "Thompson, David" skribis: > The bigger problem to be aware of is this: No package in the gnutls > dependency graph may have its source code downloaded over HTTPS. Even > if we hack around this for pkg-config, I'm sure it will bite us again > when another upstream starts enforcing HTTPS. > > So, what can we do here? Nix recently added a =E2=80=98fetchurl=E2=80=99 primitive to the Nix langua= ge, in part to address this problem. The equivalent for us is to simply perform the download on the =E2=80=9Chost side=E2=80=9D rather than on the =E2=80=9Cbuild side=E2=80=9D, thus entirel= y side-stepping the issue. Moving code from one side to the other is obviously easy for us. One way to do that is by adding a new origin method, along the lines of this incomplete patch: --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm index 5923395..299c7c8 100644 --- a/gnu/packages/pkg-config.scm +++ b/gnu/packages/pkg-config.scm @@ -32,7 +32,7 @@ (name "pkg-config") (version "0.29") (source (origin - (method url-fetch) + (method host-url-fetch) (uri (string-append "http://pkgconfig.freedesktop.org/releases/pkg-config-" version ".tar.gz")) diff --git a/guix/download.scm b/guix/download.scm index 204cfc0..32b5e4d 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright =C2=A9 2012, 2013, 2014, 2015 Ludovic Court=C3=A8s +;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2016 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2013, 2014, 2015 Andreas Enge ;;; ;;; This file is part of GNU Guix. @@ -31,6 +31,7 @@ #:use-module (srfi srfi-26) #:export (%mirrors url-fetch + host-url-fetch download-to-store)) =20 ;;; Commentary: @@ -294,6 +295,12 @@ in the store." ;; .) #:local-build? #t))))) =20 +(define* (host-url-fetch url hash-algo hash + #:optional name) + ;; FIXME: Check HASH, and cache downloaded stuff in ~/.cache/guix, simil= ar + ;; to what 'http-fetch/cached' does. See 'downloadFileCached' in Nix. + (download-to-store* url name)) + (define* (download-to-store store url #:optional (name (basename url)) #:key (log (current-error-port)) recursive?) "Download from URL to STORE, either under NAME or URL's basename if @@ -314,4 +321,7 @@ the same-named parameter of 'add-to-store'." (and result (add-to-store store name recursive? "sha256" temp))))))) =20 +(define download-to-store* + (store-lift download-to-store)) + ;;; download.scm ends here --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Some care is needed to get performance right and to make sure we never needlessly re-download stuff, but it=E2=80=99s definitely doable. Ludo=E2=80=99. --=-=-=--