[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: guix download: Add '--no-check-certificate' option.

From: Ludovic Courtès
Subject: 02/02: guix download: Add '--no-check-certificate' option.
Date: Mon, 7 Nov 2016 22:40:53 +0000 (UTC)

civodul pushed a commit to branch master
in repository guix.

commit 64b8695cd8bbdca44dde226bde698489d68a44be
Author: Ludovic Courtès <address@hidden>
Date:   Mon Nov 7 23:29:45 2016 +0100

    guix download: Add '--no-check-certificate' option.
    * guix/download.scm (download-to-store): Add #:verify-certificate?
    parameter and honor it.
    * guix/scripts/download.scm (%default-options): Add
    'verify-certificate?' key.
    (show-help, %options): Add '--no-check-certificate'.
    (guix-download): Pass #:verify-certificate to 'download-to-store'.
    * doc/guix.texi (Invoking guix download): Document it.
 doc/guix.texi             |   12 ++++++++++--
 guix/download.scm         |   11 ++++++++---
 guix/scripts/download.scm |   14 ++++++++++++--
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 349c481..d99f409 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4771,15 +4771,23 @@ GnuTLS-Guile}, for more information.
 @command{guix download} verifies HTTPS server certificates by loading
 the certificates of X.509 authorities from the directory pointed to by
 the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
+Certificates}), unless @option{--no-check-certificate} is used.
-The following option is available:
+The following options are available:
 @table @code
 @item address@hidden
 @itemx -f @var{fmt}
 Write the hash in the format specified by @var{fmt}.  For more
 information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
address@hidden --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
 @end table
 @node Invoking guix hash
diff --git a/guix/download.scm b/guix/download.scm
index d940519..0c27505 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -434,10 +434,12 @@ own.  This helper makes it easier to deal with \"tar 
                       #:local-build? #t)))
 (define* (download-to-store store url #:optional (name (basename url))
-                            #:key (log (current-error-port)) recursive?)
+                            #:key (log (current-error-port)) recursive?
+                            (verify-certificate? #t))
   "Download from URL to STORE, either under NAME or URL's basename if
 omitted.  Write progress reports to LOG.  RECURSIVE? has the same effect as
-the same-named parameter of 'add-to-store'."
+the same-named parameter of 'add-to-store'.  VERIFY-CERTIFICATE? determines
+whether or not to validate HTTPS server certificates."
   (define uri
     (string->uri url))
@@ -448,7 +450,10 @@ the same-named parameter of 'add-to-store'."
        (lambda (temp port)
          (let ((result
                 (parameterize ((current-output-port log))
-                  (build:url-fetch url temp #:mirrors %mirrors))))
+                  (build:url-fetch url temp
+                                   #:mirrors %mirrors
+                                   #:verify-certificate?
+                                   verify-certificate?))))
            (close port)
            (and result
                 (add-to-store store name recursive? "sha256" temp)))))))
diff --git a/guix/scripts/download.scm b/guix/scripts/download.scm
index bcb4eaa..ec30b05 100644
--- a/guix/scripts/download.scm
+++ b/guix/scripts/download.scm
@@ -41,7 +41,8 @@
 (define %default-options
   ;; Alist of default option values.
-  `((format . ,bytevector->nix-base32-string)))
+  `((format . ,bytevector->nix-base32-string)
+    (verify-certificate? . #t)))
 (define (show-help)
   (display (_ "Usage: guix download [OPTION] URL
@@ -52,6 +53,9 @@ Supported formats: 'nix-base32' (default), 'base32', and 
 ('hex' and 'hexadecimal' can be used as well).\n"))
   (format #t (_ "
   -f, --format=FMT       write the hash in the given format"))
+  (format #t (_ "
+      --no-check-certificate
+                         do not validate the certificate of HTTPS servers "))
   (display (_ "
   -h, --help             display this help and exit"))
@@ -77,6 +81,9 @@ Supported formats: 'nix-base32' (default), 'base32', and 
                   (alist-cons 'format fmt-proc
                               (alist-delete 'format result))))
+        (option '("no-check-certificate") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'verify-certificate? #f result)))
         (option '(#\h "help") #f #f
                 (lambda args
@@ -120,7 +127,10 @@ Supported formats: 'nix-base32' (default), 'base32', and 
                      (parameterize ((current-terminal-columns
                        (download-to-store store (uri->string uri)
-                                          (basename (uri-path uri)))))))
+                                          (basename (uri-path uri))
+                                          #:verify-certificate?
+                                          (assoc-ref opts
+                                                     'verify-certificate?))))))
            (hash  (call-with-input-file
                       (or path
                           (leave (_ "~a: download failed~%")

reply via email to

[Prev in Thread] Current Thread [Next in Thread]