summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2018-11-13 22:27:58 +0100
committerLudovic Courtès <ludo@gnu.org>2018-11-14 21:34:08 +0100
commit89f1fee8e788fc32d08583b4207c1ecb91d50f28 (patch)
tree252322e3e453925897131092dcab98ee8480cc0c
parentee2cfdfe86b0ba7de0312592cbfb96ea175e8863 (diff)
downloadguix-89f1fee8e788fc32d08583b4207c1ecb91d50f28.tar.gz
download: Access content-addressed mirrors over HTTPS.
Bug <http://bugs.gnu.org/22774> is no longer relevant now that we use
"builtin:download" exclusively.

* guix/download.scm (%content-addressed-mirrors): Use "https", not
"http".
-rw-r--r--guix/download.scm7
1 files changed, 3 insertions, 4 deletions
diff --git a/guix/download.scm b/guix/download.scm
index b74fd31c1f..0f92e12c08 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -372,19 +372,18 @@
   ;; List of content-addressed mirrors.  Each mirror is represented as a
   ;; procedure that takes a file name, an algorithm (symbol) and a hash
   ;; (bytevector), and returns a URL or #f.
-  ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>.
   '(begin
      (use-modules (guix base32) (guix base16))
 
      (list (lambda (file algo hash)
              ;; Files served by 'guix publish' are accessible under a single
              ;; hash algorithm.
-             (string-append "http://mirror.hydra.gnu.org/file/"
+             (string-append "https://mirror.hydra.gnu.org/file/"
                             file "/" (symbol->string algo) "/"
                             (bytevector->nix-base32-string hash)))
            (lambda (file algo hash)
              ;; 'tarballs.nixos.org' supports several algorithms.
-             (string-append "http://tarballs.nixos.org/"
+             (string-append "https://tarballs.nixos.org/"
                             (symbol->string algo) "/"
                             (bytevector->nix-base32-string hash)))
            (lambda (file algo hash)
@@ -392,7 +391,7 @@
              ;; tarballs, but tarballs are sometimes available (and can be
              ;; explicitly stored there.)  For example, see
              ;; <https://archive.softwareheritage.org/api/1/content/sha256:92d0fa1c311cacefa89853bdb53c62f4110cdfda3820346b59cbd098f40f955e/>.
-             (string-append "http://archive.softwareheritage.org/api/1/content/"
+             (string-append "https://archive.softwareheritage.org/api/1/content/"
                             (symbol->string algo) ":"
                             (bytevector->base16-string hash) "/raw/")))))