[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: `guix pull` over HTTPS
|
From: |
Marius Bakke |
|
Subject: |
Re: `guix pull` over HTTPS |
|
Date: |
Wed, 01 Mar 2017 22:21:15 +0100 |
|
User-agent: |
Notmuch/0.23.5 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu) |
Leo Famulari <address@hidden> writes:
> On Wed, Mar 01, 2017 at 03:36:11AM +0100, Marius Bakke wrote:
>> Subject: [PATCH] pull: Default to HTTPS.
>>
>> * guix/build/download.scm (tls-wrap): Add CERTIFICATE-DIRECTORY parameter.
>> (open-connection-for-uri): Adjust parameters to match.
>> (http-fetch): Likewise.
>> (url-fetch): Likewise.
>> * guix/download.scm (download-to-store): Likewise.
>> * guix/scripts/pull.scm (%snapshot-url): Use HTTPS.
>> (guix-pull): Verify against the store path of NSS-CERTS.
>
> When I don't have GnuTLS in my environment, it fails like this:
>
> Starting download of /tmp/guix-file.pSCYyI
> From https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz...
> ;;; Failed to autoload make-session in (gnutls):
> ;;; ERROR: missing interface for module (gnutls)
> ERROR: In procedure module-lookup: Unbound variable: make-session
> failed to download "/tmp/guix-file.pSCYyI" from
> "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz";
> guix pull: error: failed to download up-to-date source, exiting
>
> Also, I think we should only use a default trust store when pulling from
> %snapshot-url.
Please try version 3 of the patch, where I tried to address these
issues. It is also far simpler than the previous approaches.
signature.asc
Description: PGP signature