[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] pull: Default to HTTPS.
From: |
Leo Famulari |
Subject: |
Re: [PATCH v3] pull: Default to HTTPS. |
Date: |
Wed, 1 Mar 2017 17:07:08 -0500 |
User-agent: |
Mutt/1.7.2 (2016-11-26) |
On Wed, Mar 01, 2017 at 10:20:00PM +0100, Marius Bakke wrote:
> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
> (guix-pull): Add GNUTLS and NSS-CERTS to inputs when appropriate.
Nice! It works without GnuTLS in $PATH and an unset $SSL_CERT_DIR :)
By the way, the only thing I'm waiting for before submitting an le-certs
package is one more person to check that they can reproduce the
certificates that would be provided by the le-certs package, as
requested here:
http://lists.gnu.org/archive/html/guix-devel/2017-02/msg01146.html
> (define %snapshot-url
> ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download"
> - "http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
> + "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz"
> )
> + (define (use-le-certs? url)
> + (string=? url %snapshot-url))
I thought about it, and we should probably relax this, to match
"https://git.savannah.gnu.org/cgit/guix.git", so that everything would
work in cases like this...
$ guix pull
--url=https://git.savannah.gnu.org/cgit/guix.git/snapshot/v0.12.0.tar.gz
... and for future cases when `guix pull` may use Git.
> + (define (fetch-tarball store url)
> + (download-to-store store url "guix-latest.tar.gz"))
> +
> (with-error-handling
> (let* ((opts (parse-options))
> (store (open-connection))
> (url (assoc-ref opts 'tarball-url)))
> - (let ((tarball (download-to-store store url "guix-latest.tar.gz")))
> + (let ((tarball (if (use-gnutls? url)
> + (begin
> + ;; Add GnuTLS to inputs and load path.
> + (set! %load-path
> + (cons (string-append (package-output store
> gnutls)
> + "/share/guile/site/"
> + (effective-version))
> + %load-path))
> + (if (use-le-certs? url)
> + (parameterize ((%x509-certificate-directory
> + (string-append
> (package-output store nss-certs)
> +
> "/etc/ssl/certs")))
> + (fetch-tarball store url))
> + (fetch-tarball store url)))
> + (fetch-tarball store url))))
I hope some more seasoned Schemers will offer their review :)
signature.asc
Description: PGP signature