From 64b8695cd8bbdca44dde226bde698489d68a44be Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 7 Nov 2016 23:29:45 +0100 Subject: guix download: Add '--no-check-certificate' option. * guix/download.scm (download-to-store): Add #:verify-certificate? parameter and honor it. * guix/scripts/download.scm (%default-options): Add 'verify-certificate?' key. (show-help, %options): Add '--no-check-certificate'. (guix-download): Pass #:verify-certificate to 'download-to-store'. * doc/guix.texi (Invoking guix download): Document it. --- guix/download.scm | 11 ++++++++--- guix/scripts/download.scm | 14 ++++++++++++-- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'guix') diff --git a/guix/download.scm b/guix/download.scm index d94051951c..0c275053c5 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -434,10 +434,12 @@ (define tar #:local-build? #t))) (define* (download-to-store store url #:optional (name (basename url)) - #:key (log (current-error-port)) recursive?) + #:key (log (current-error-port)) recursive? + (verify-certificate? #t)) "Download from URL to STORE, either under NAME or URL's basename if omitted. Write progress reports to LOG. RECURSIVE? has the same effect as -the same-named parameter of 'add-to-store'." +the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines +whether or not to validate HTTPS server certificates." (define uri (string->uri url)) @@ -448,7 +450,10 @@ (define uri (lambda (temp port) (let ((result (parameterize ((current-output-port log)) - (build:url-fetch url temp #:mirrors %mirrors)))) + (build:url-fetch url temp + #:mirrors %mirrors + #:verify-certificate? + verify-certificate?)))) (close port) (and result (add-to-store store name recursive? "sha256" temp))))))) diff --git a/guix/scripts/download.scm b/guix/scripts/download.scm index bcb4eaa043..ec30b05ac0 100644 --- a/guix/scripts/download.scm +++ b/guix/scripts/download.scm @@ -41,7 +41,8 @@ (define-module (guix scripts download) (define %default-options ;; Alist of default option values. - `((format . ,bytevector->nix-base32-string))) + `((format . ,bytevector->nix-base32-string) + (verify-certificate? . #t))) (define (show-help) (display (_ "Usage: guix download [OPTION] URL @@ -52,6 +53,9 @@ (define (show-help) ('hex' and 'hexadecimal' can be used as well).\n")) (format #t (_ " -f, --format=FMT write the hash in the given format")) + (format #t (_ " + --no-check-certificate + do not validate the certificate of HTTPS servers ")) (newline) (display (_ " -h, --help display this help and exit")) @@ -77,6 +81,9 @@ (define fmt-proc (alist-cons 'format fmt-proc (alist-delete 'format result)))) + (option '("no-check-certificate") #f #f + (lambda (opt name arg result) + (alist-cons 'verify-certificate? #f result))) (option '(#\h "help") #f #f (lambda args @@ -120,7 +127,10 @@ (define (parse-options) (parameterize ((current-terminal-columns (terminal-columns))) (download-to-store store (uri->string uri) - (basename (uri-path uri))))))) + (basename (uri-path uri)) + #:verify-certificate? + (assoc-ref opts + 'verify-certificate?)))))) (hash (call-with-input-file (or path (leave (_ "~a: download failed~%") -- cgit v1.2.3