From 6d02a994f911a75e3a223a22c05c2939cdfed2b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 4 Oct 2021 23:03:41 +0200 Subject: [PATCH] download: Honor #:verify-certificate? for SWH downloads. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, the SWH + Disarchive fallback could fail with: Trying to use Disarchive to assemble /gnu/store/…-ucsim-0.6-pre68.tar.gz... Assembling the directory ucsim-0.6-pre68 Downloading /gnu/store/…-ucsim-0.6-pre68.tar.gz from Software Heritage... X.509 certificate of 'archive.softwareheritage.org' could not be verified: signer-not-found invalid Could not resolve directory reference This will no longer be the case since 'guix perform-download' passes #:verify-certificate? #f. * guix/build/download.scm (disarchive-fetch/any): Parameterize '%verify-swh-certificate?'. --- guix/build/download.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/guix/build/download.scm b/guix/build/download.scm index 1ed623034b..fd8fe69901 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -674,7 +674,8 @@ (define (resolve addresses output) (match (fetch-specification uris) (#f (format #t "could not find its Disarchive specification~%") #f) - (spec (parameterize ((%disarchive-log-port (current-output-port))) + (spec (parameterize ((%disarchive-log-port (current-output-port)) + (%verify-swh-certificate? verify-certificate?)) (false-if-exception* (disarchive-assemble spec file #:resolver resolve))))))))