bug#25975: Use HTTPS in `guix pull`

[Ludovic Courtès]

Leo Famulari <address@hidden> skribis:

> On Fri, Mar 10, 2017 at 11:33:41AM +0100, Ludovic Courtès wrote:
>> > I thought about this a bit yesterday. Only three certificate files are
>> > needed for the Let's Encrypt certificate store: the root certificate,
>> > the active intermediate, and the backup intermediate.*
>> >
>> > We know where they can be downloaded from, and we know their SHA256
>> > hash, so we could download them directly instead of using a package.
>> 
>> Maybe a trivial-build-system package to download these 3 files and put
>> them in a directory would do.
>
> Here's a patch.
>
> From 6fea91135a625a13d92d6951d150d8dc5eb68dc1 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Tue, 28 Feb 2017 20:21:10 -0500
> Subject: [PATCH] gnu: Add le-certs.
>
> * gnu/packages/certs.scm (le-certs): New variable.

Great, that was fast!

> +    (arguments
> +     '(#:modules ((guix build utils))
> +       #:builder
> +       (begin
> +         (use-modules (guix build utils))
> +         (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
> +               (intermediate (assoc-ref %build-inputs 
> "letsencryptauthorityx3.pem"))
> +               (backup (assoc-ref %build-inputs 
> "letsencryptauthorityx4.pem"))
> +               (out (string-append (assoc-ref %outputs "out") 
> "/etc/ssl/certs")))
> +           (mkdir-p out)
> +           (map (lambda (cert)
> +                  (copy-file cert (string-append out "/"
> +                                                 (strip-store-file-name 
> cert))))
> +                (list root intermediate backup))))))

‘for-each’ instead of ‘map’, to make it clear that it’s for side
effects.

> +    (license license:public-domain))) ; XXX what license?

It’s not copyrightable so yeah, this is a good approximation.

Thank you!

Ludo’.