pull: Default to HTTPS.

* guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
(guix-pull): Authenticate against LE-CERTS when URL is from Savannah.
This commit is contained in:
Marius Bakke 2017-03-01 22:11:02 +01:00
parent 720cb10c15
commit 7e81d699de
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA

View file

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -29,10 +30,13 @@ (define-module (guix scripts pull)
#:use-module (guix monads) #:use-module (guix monads)
#:use-module ((guix build utils) #:use-module ((guix build utils)
#:select (with-directory-excursion delete-file-recursively)) #:select (with-directory-excursion delete-file-recursively))
#:use-module ((guix build download)
#:select (%x509-certificate-directory))
#:use-module (gnu packages base) #:use-module (gnu packages base)
#:use-module (gnu packages guile) #:use-module (gnu packages guile)
#:use-module ((gnu packages bootstrap) #:use-module ((gnu packages bootstrap)
#:select (%bootstrap-guile)) #:select (%bootstrap-guile))
#:use-module ((gnu packages certs) #:select (le-certs))
#:use-module (gnu packages compression) #:use-module (gnu packages compression)
#:use-module (gnu packages gnupg) #:use-module (gnu packages gnupg)
#:use-module (srfi srfi-1) #:use-module (srfi srfi-1)
@ -45,7 +49,7 @@ (define-module (guix scripts pull)
(define %snapshot-url (define %snapshot-url
;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download" ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download"
"http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz" "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
) )
(define-syntax-rule (with-environment-variable variable value body ...) (define-syntax-rule (with-environment-variable variable value body ...)
@ -221,11 +225,25 @@ (define (parse-options)
(leave (_ "~A: unexpected argument~%") arg)) (leave (_ "~A: unexpected argument~%") arg))
%default-options)) %default-options))
(define (use-le-certs? url)
(string-prefix? "https://git.savannah.gnu.org/" url))
(define (fetch-tarball store url)
(download-to-store store url "guix-latest.tar.gz"))
(with-error-handling (with-error-handling
(let* ((opts (parse-options)) (let* ((opts (parse-options))
(store (open-connection)) (store (open-connection))
(url (assoc-ref opts 'tarball-url))) (url (assoc-ref opts 'tarball-url)))
(let ((tarball (download-to-store store url "guix-latest.tar.gz"))) (let ((tarball
(if (use-le-certs? url)
(let* ((drv (package-derivation store le-certs))
(certs (string-append (derivation->output-path drv)
"/etc/ssl/certs")))
(build-derivations store (list drv))
(parameterize ((%x509-certificate-directory certs))
(fetch-tarball store url)))
(fetch-tarball store url))))
(unless tarball (unless tarball
(leave (_ "failed to download up-to-date source, exiting\n"))) (leave (_ "failed to download up-to-date source, exiting\n")))
(parameterize ((%guile-for-build (parameterize ((%guile-for-build