01/06: download: Honor #:verify-certificate? for SWH downloads.

[guix-commits]

civodul pushed a commit to branch master
in repository guix.

commit 6d02a994f911a75e3a223a22c05c2939cdfed2b5
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Oct 4 23:03:41 2021 +0200

    download: Honor #:verify-certificate? for SWH downloads.
    
    Previously, the SWH + Disarchive fallback could fail with:
    
      Trying to use Disarchive to assemble 
/gnu/store/…-ucsim-0.6-pre68.tar.gz...
      Assembling the directory ucsim-0.6-pre68
      Downloading /gnu/store/…-ucsim-0.6-pre68.tar.gz from Software Heritage...
      X.509 certificate of 'archive.softwareheritage.org' could not be verified:
        signer-not-found
        invalid
    
      Could not resolve directory reference
    
    This will no longer be the case since 'guix perform-download'
    passes #:verify-certificate? #f.
    
    * guix/build/download.scm (disarchive-fetch/any): Parameterize
    '%verify-swh-certificate?'.
---
 guix/build/download.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/guix/build/download.scm b/guix/build/download.scm
index 1ed6230..fd8fe69 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -674,7 +674,8 @@ and write the output to FILE."
      (match (fetch-specification uris)
        (#f (format #t "could not find its Disarchive specification~%")
            #f)
-       (spec (parameterize ((%disarchive-log-port (current-output-port)))
+       (spec (parameterize ((%disarchive-log-port (current-output-port))
+                            (%verify-swh-certificate? verify-certificate?))
                (false-if-exception*
                 (disarchive-assemble spec file #:resolver resolve))))))))