civodul pushed a commit to branch master
in repository guix.
commit 6d02a994f911a75e3a223a22c05c2939cdfed2b5
Author: Ludovic Courtès <[email protected]>
AuthorDate: Mon Oct 4 23:03:41 2021 +0200
download: Honor #:verify-certificate? for SWH downloads.
Previously, the SWH + Disarchive fallback could fail with:
Trying to use Disarchive to assemble
/gnu/store/…-ucsim-0.6-pre68.tar.gz...
Assembling the directory ucsim-0.6-pre68
Downloading /gnu/store/…-ucsim-0.6-pre68.tar.gz from Software Heritage...
X.509 certificate of 'archive.softwareheritage.org' could not be verified:
signer-not-found
invalid
Could not resolve directory reference
This will no longer be the case since 'guix perform-download'
passes #:verify-certificate? #f.
* guix/build/download.scm (disarchive-fetch/any): Parameterize
'%verify-swh-certificate?'.
---
guix/build/download.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 1ed6230..fd8fe69 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -674,7 +674,8 @@ and write the output to FILE."
(match (fetch-specification uris)
(#f (format #t "could not find its Disarchive specification~%")
#f)
- (spec (parameterize ((%disarchive-log-port (current-output-port)))
+ (spec (parameterize ((%disarchive-log-port (current-output-port))
+ (%verify-swh-certificate? verify-certificate?))
(false-if-exception*
(disarchive-assemble spec file #:resolver resolve))))))))
