summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2021-10-04 23:03:41 +0200
committerLudovic Courtès <ludo@gnu.org>2021-10-07 10:47:43 +0200
commit6d02a994f911a75e3a223a22c05c2939cdfed2b5 (patch)
tree0a45dabff82c7fa89122bfec9a615e73a311d00d
parentce83883f3d8bf6e6d25091acd018a8236a5754e1 (diff)
downloadguix-6d02a994f911a75e3a223a22c05c2939cdfed2b5.tar.gz
download: Honor #:verify-certificate? for SWH downloads.
Previously, the SWH + Disarchive fallback could fail with:

  Trying to use Disarchive to assemble /gnu/store/…-ucsim-0.6-pre68.tar.gz...
  Assembling the directory ucsim-0.6-pre68
  Downloading /gnu/store/…-ucsim-0.6-pre68.tar.gz from Software Heritage...
  X.509 certificate of 'archive.softwareheritage.org' could not be verified:
    signer-not-found
    invalid

  Could not resolve directory reference

This will no longer be the case since 'guix perform-download'
passes #:verify-certificate? #f.

* guix/build/download.scm (disarchive-fetch/any): Parameterize
'%verify-swh-certificate?'.
Diffstat
-rw-r--r--guix/build/download.scm3
1 files changed, 2 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 1ed623034b..fd8fe69901 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -674,7 +674,8 @@ and write the output to FILE."
      (match (fetch-specification uris)
        (#f (format #t "could not find its Disarchive specification~%")
            #f)
-       (spec (parameterize ((%disarchive-log-port (current-output-port)))
+       (spec (parameterize ((%disarchive-log-port (current-output-port))
+                            (%verify-swh-certificate? verify-certificate?))
                (false-if-exception*
                 (disarchive-assemble spec file #:resolver resolve))))))))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-23 21:01:18 +0000