bug#49508: Implement --allow-insecure-transport for `guix pull`

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#49508: Implement --allow-insecure-transport for `guix pull`

From:	Ludovic Courtès
Subject:	bug#49508: Implement --allow-insecure-transport for `guix pull`
Date:	Tue, 08 Feb 2022 11:18:08 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hi,

Leo Famulari <leo@famulari.name> skribis:

> As discussed in #46829, `guix pull` needs an option like
> --allow-insecure-transport so that users can continue to pull from the
> same channel even when their local certificate store has expired or is
> otherwise invalid.

Agreed.

Unfortunately it seems that libgit2 doesn’t let us turn off certificate
verification:

  https://libgit2.org/libgit2/#HEAD/group/libgit2

‘verify_server_cert’ in src/streams/openssl.c is called
unconditionally.  So it seems that the first thing to do would be to
submit a patch upstream that would allow users to disable certificate
checks via ‘git_libgit2_opts’.

Now, by default, ‘guix pull’ honors /etc/ssl/certs.  Assuming those are
up-to-date, it should be fine, right?

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#49508: Implement --allow-insecure-transport for `guix pull`, Ludovic Courtès <=
- bug#49508: Implement --allow-insecure-transport for `guix pull`, Leo Famulari, 2022/02/08

Prev by Date: bug#53696: Integer overflow on Guix GC size calculation
Next by Date: bug#53463: ci.guix.gnu.org not building the 'guix' job
Previous by thread: bug#53325: povray: Fails to build (_Pragma errors)
Next by thread: bug#49508: Implement --allow-insecure-transport for `guix pull`
Index(es):
- Date
- Thread