guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] pull: Default to HTTPS.


From: Leo Famulari
Subject: Re: [PATCH v3] pull: Default to HTTPS.
Date: Wed, 1 Mar 2017 17:07:08 -0500
User-agent: Mutt/1.7.2 (2016-11-26)

On Wed, Mar 01, 2017 at 10:20:00PM +0100, Marius Bakke wrote:
> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
> (guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate.

Nice! It works without GnuTLS in $PATH and an unset $SSL_CERT_DIR :)

By the way, the only thing I'm waiting for before submitting an le-certs
package is one more person to check that they can reproduce the
certificates that would be provided by the le-certs package, as
requested here:

http://lists.gnu.org/archive/html/guix-devel/2017-02/msg01146.html

>  (define %snapshot-url
>    ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download";
> -  "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz";
> +  "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz";
>    )

> +  (define (use-le-certs? url)
> +    (string=? url %snapshot-url))

I thought about it, and we should probably relax this, to match
"https://git.savannah.gnu.org/cgit/guix.git";, so that everything would
work in cases like this...

$ guix pull 
--url=https://git.savannah.gnu.org/cgit/guix.git/snapshot/v0.12.0.tar.gz

... and for future cases when `guix pull` may use Git.

> +  (define (fetch-tarball store url)
> +    (download-to-store store url "guix-latest.tar.gz"))
> +
>    (with-error-handling
>      (let* ((opts  (parse-options))
>             (store (open-connection))
>             (url   (assoc-ref opts 'tarball-url)))
> -      (let ((tarball (download-to-store store url "guix-latest.tar.gz")))
> +      (let ((tarball (if (use-gnutls? url)
> +                         (begin
> +                           ;; Add GnuTLS to inputs and load path.
> +                           (set! %load-path
> +                             (cons (string-append (package-output store 
> gnutls)
> +                                                  "/share/guile/site/"
> +                                                  (effective-version))
> +                                   %load-path))
> +                           (if (use-le-certs? url)
> +                               (parameterize ((%x509-certificate-directory
> +                                               (string-append 
> (package-output store nss-certs)
> +                                                              
> "/etc/ssl/certs")))
> +                                 (fetch-tarball store url))
> +                               (fetch-tarball store url)))
> +                         (fetch-tarball store url))))

I hope some more seasoned Schemers will offer their review :)

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]