[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#49508: Implement --allow-insecure-transport for `guix pull`
From: |
Ludovic Courtès |
Subject: |
bug#49508: Implement --allow-insecure-transport for `guix pull` |
Date: |
Tue, 08 Feb 2022 11:18:08 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Leo Famulari <leo@famulari.name> skribis:
> As discussed in #46829, `guix pull` needs an option like
> --allow-insecure-transport so that users can continue to pull from the
> same channel even when their local certificate store has expired or is
> otherwise invalid.
Agreed.
Unfortunately it seems that libgit2 doesn’t let us turn off certificate
verification:
https://libgit2.org/libgit2/#HEAD/group/libgit2
‘verify_server_cert’ in src/streams/openssl.c is called
unconditionally. So it seems that the first thing to do would be to
submit a patch upstream that would allow users to disable certificate
checks via ‘git_libgit2_opts’.
Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are
up-to-date, it should be fine, right?
Thanks,
Ludo’.
- bug#49508: Implement --allow-insecure-transport for `guix pull`,
Ludovic Courtès <=