[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/05: git-download: Don't verify X.509 certificate of SWH.
|
From: |
guix-commits |
|
Subject: |
03/05: git-download: Don't verify X.509 certificate of SWH. |
|
Date: |
Thu, 9 Jul 2020 18:22:18 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Thu Jul 9 17:24:13 2020 +0200
git-download: Don't verify X.509 certificate of SWH.
Fixes <https://bugs.gnu.org/42286>.
Regression introduced with the switch to Guile 3.0 in commit
b6bee63bed4f013064c0d902e7c8b83ed7514ade.
* guix/git-download.scm (git-fetch): Parameterize %VERIFY-SWH-CERTIFICATE.
---
guix/git-download.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/guix/git-download.scm b/guix/git-download.scm
index a1c1adf..71ea103 100644
--- a/guix/git-download.scm
+++ b/guix/git-download.scm
@@ -140,9 +140,11 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a
generic name if #f."
(download-nar #$output)
;; As a last resort, attempt to download from Software
Heritage.
+ ;; Disable X.509 certificate verification to avoid depending
+ ;; on nss-certs--we're authenticating the checkout anyway.
;; XXX: Currently recursive checkouts are not supported.
(and (not recursive?)
- (begin
+ (parameterize ((%verify-swh-certificate? #f))
(format (current-error-port)
"Trying to download from Software
Heritage...~%")
(swh-download (getenv "git url") (getenv "git commit")