2013-01-05 16:08:07 +01:00
|
|
|
|
;;; GNU Guix --- Functional package management for GNU
|
2017-03-13 21:51:27 +01:00
|
|
|
|
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
|
2015-02-19 01:33:10 +01:00
|
|
|
|
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
|
2015-09-05 20:32:39 +02:00
|
|
|
|
;;; Copyright © 2015 Steve Sprang <scs@stevesprang.com>
|
2012-11-12 23:10:26 +01:00
|
|
|
|
;;;
|
2013-01-05 16:08:07 +01:00
|
|
|
|
;;; This file is part of GNU Guix.
|
2012-11-12 23:10:26 +01:00
|
|
|
|
;;;
|
2013-01-05 16:08:07 +01:00
|
|
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
2012-11-12 23:10:26 +01:00
|
|
|
|
;;; under the terms of the GNU General Public License as published by
|
|
|
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
|
|
|
;;; your option) any later version.
|
|
|
|
|
;;;
|
2013-01-05 16:08:07 +01:00
|
|
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
2012-11-12 23:10:26 +01:00
|
|
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
;;; GNU General Public License for more details.
|
|
|
|
|
;;;
|
|
|
|
|
;;; You should have received a copy of the GNU General Public License
|
2013-01-05 16:08:07 +01:00
|
|
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
|
|
|
|
(define-module (guix build download)
|
|
|
|
|
#:use-module (web uri)
|
2015-11-12 22:37:32 +01:00
|
|
|
|
#:use-module (web http)
|
2015-05-06 10:31:11 +02:00
|
|
|
|
#:use-module ((web client) #:hide (open-socket-for-uri))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
#:use-module (web response)
|
2016-06-28 15:36:34 +02:00
|
|
|
|
#:use-module (guix base64)
|
2012-11-12 23:10:26 +01:00
|
|
|
|
#:use-module (guix ftp-client)
|
|
|
|
|
#:use-module (guix build utils)
|
|
|
|
|
#:use-module (rnrs io ports)
|
2016-06-28 15:36:34 +02:00
|
|
|
|
#:use-module (rnrs bytevectors)
|
2012-11-12 23:20:06 +01:00
|
|
|
|
#:use-module (srfi srfi-1)
|
2012-11-12 23:10:26 +01:00
|
|
|
|
#:use-module (srfi srfi-11)
|
2015-02-27 15:00:38 +01:00
|
|
|
|
#:use-module (srfi srfi-19)
|
2012-11-12 23:20:06 +01:00
|
|
|
|
#:use-module (srfi srfi-26)
|
2016-11-07 23:07:08 +01:00
|
|
|
|
#:autoload (ice-9 ftw) (scandir)
|
2012-11-12 23:10:26 +01:00
|
|
|
|
#:use-module (ice-9 match)
|
2013-01-06 18:24:53 +01:00
|
|
|
|
#:use-module (ice-9 format)
|
2015-05-06 10:31:11 +02:00
|
|
|
|
#:export (open-socket-for-uri
|
|
|
|
|
open-connection-for-uri
|
2017-03-13 21:51:27 +01:00
|
|
|
|
%x509-certificate-directory
|
2016-03-17 21:34:33 +01:00
|
|
|
|
close-connection
|
2015-02-19 01:33:10 +01:00
|
|
|
|
resolve-uri-reference
|
2014-12-29 20:51:12 +01:00
|
|
|
|
maybe-expand-mirrors
|
2014-12-28 17:55:16 +01:00
|
|
|
|
url-fetch
|
2015-09-15 07:31:11 +02:00
|
|
|
|
byte-count->string
|
2016-04-14 22:50:48 +02:00
|
|
|
|
current-terminal-columns
|
2013-06-20 23:41:11 +02:00
|
|
|
|
progress-proc
|
2015-09-15 07:31:11 +02:00
|
|
|
|
uri-abbreviation
|
2016-04-20 23:01:41 +02:00
|
|
|
|
nar-uri-abbreviation
|
2015-09-15 07:31:11 +02:00
|
|
|
|
store-path-abbreviation))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
|
|
|
|
;;; Commentary:
|
|
|
|
|
;;;
|
|
|
|
|
;;; Fetch data such as tarballs over HTTP or FTP (builder-side code).
|
|
|
|
|
;;;
|
|
|
|
|
;;; Code:
|
|
|
|
|
|
2015-02-27 14:57:54 +01:00
|
|
|
|
(define %http-receive-buffer-size
|
|
|
|
|
;; Size of the HTTP receive buffer.
|
|
|
|
|
65536)
|
|
|
|
|
|
2016-04-14 22:50:48 +02:00
|
|
|
|
(define current-terminal-columns
|
|
|
|
|
;; Number of columns of the terminal.
|
|
|
|
|
(make-parameter 80))
|
|
|
|
|
|
2015-09-09 22:59:52 +02:00
|
|
|
|
(define (nearest-exact-integer x)
|
|
|
|
|
"Given a real number X, return the nearest exact integer, with ties going to
|
|
|
|
|
the nearest exact even integer."
|
|
|
|
|
(inexact->exact (round x)))
|
|
|
|
|
|
2015-02-27 15:00:38 +01:00
|
|
|
|
(define (duration->seconds duration)
|
|
|
|
|
"Return the number of seconds represented by DURATION, a 'time-duration'
|
|
|
|
|
object, as an inexact number."
|
|
|
|
|
(+ (time-second duration)
|
|
|
|
|
(/ (time-nanosecond duration) 1e9)))
|
|
|
|
|
|
2015-09-05 20:32:39 +02:00
|
|
|
|
(define (seconds->string duration)
|
2015-09-17 05:43:58 +02:00
|
|
|
|
"Given DURATION in seconds, return a string representing it in 'mm:ss' or
|
|
|
|
|
'hh:mm:ss' format, as needed."
|
2015-09-05 20:32:39 +02:00
|
|
|
|
(if (not (number? duration))
|
2015-09-17 05:43:58 +02:00
|
|
|
|
"00:00"
|
2015-09-09 22:59:52 +02:00
|
|
|
|
(let* ((total-seconds (nearest-exact-integer duration))
|
2015-09-05 20:32:39 +02:00
|
|
|
|
(extra-seconds (modulo total-seconds 3600))
|
2015-09-17 05:43:58 +02:00
|
|
|
|
(num-hours (quotient total-seconds 3600))
|
|
|
|
|
(hours (and (positive? num-hours) num-hours))
|
2015-09-05 20:32:39 +02:00
|
|
|
|
(mins (quotient extra-seconds 60))
|
|
|
|
|
(secs (modulo extra-seconds 60)))
|
2015-09-17 05:43:58 +02:00
|
|
|
|
(format #f "~@[~2,'0d:~]~2,'0d:~2,'0d" hours mins secs))))
|
2015-09-05 20:32:39 +02:00
|
|
|
|
|
|
|
|
|
(define (byte-count->string size)
|
|
|
|
|
"Given SIZE in bytes, return a string representing it in a human-readable
|
|
|
|
|
way."
|
|
|
|
|
(let ((KiB 1024.)
|
|
|
|
|
(MiB (expt 1024. 2))
|
|
|
|
|
(GiB (expt 1024. 3))
|
|
|
|
|
(TiB (expt 1024. 4)))
|
|
|
|
|
(cond
|
2015-09-09 22:59:52 +02:00
|
|
|
|
((< size KiB) (format #f "~dB" (nearest-exact-integer size)))
|
|
|
|
|
((< size MiB) (format #f "~dKiB" (nearest-exact-integer (/ size KiB))))
|
2015-09-05 20:32:39 +02:00
|
|
|
|
((< size GiB) (format #f "~,1fMiB" (/ size MiB)))
|
|
|
|
|
((< size TiB) (format #f "~,2fGiB" (/ size GiB)))
|
|
|
|
|
(else (format #f "~,3fTiB" (/ size TiB))))))
|
|
|
|
|
|
|
|
|
|
(define* (progress-bar % #:optional (bar-width 20))
|
|
|
|
|
"Return % as a string representing an ASCII-art progress bar. The total
|
|
|
|
|
width of the bar is BAR-WIDTH."
|
|
|
|
|
(let* ((fraction (/ % 100))
|
|
|
|
|
(filled (inexact->exact (floor (* fraction bar-width))))
|
|
|
|
|
(empty (- bar-width filled)))
|
|
|
|
|
(format #f "[~a~a]"
|
|
|
|
|
(make-string filled #\#)
|
|
|
|
|
(make-string empty #\space))))
|
2015-02-27 15:00:38 +01:00
|
|
|
|
|
2015-09-15 07:31:11 +02:00
|
|
|
|
(define (string-pad-middle left right len)
|
|
|
|
|
"Combine LEFT and RIGHT with enough padding in the middle so that the
|
2015-09-17 13:22:01 +02:00
|
|
|
|
resulting string has length at least LEN (it may overflow). If the string
|
|
|
|
|
does not overflow, the last char in RIGHT will be flush with the LEN
|
|
|
|
|
column."
|
|
|
|
|
(let* ((total-used (+ (string-length left)
|
|
|
|
|
(string-length right)))
|
|
|
|
|
(num-spaces (max 1 (- len total-used)))
|
|
|
|
|
(padding (make-string num-spaces #\space)))
|
|
|
|
|
(string-append left padding right)))
|
2015-09-15 07:31:11 +02:00
|
|
|
|
|
2015-10-01 11:28:58 +02:00
|
|
|
|
(define* (ellipsis #:optional (port (current-output-port)))
|
|
|
|
|
"Make a rough guess at whether Unicode's HORIZONTAL ELLIPSIS can be written
|
|
|
|
|
in PORT's encoding, and return either that or ASCII dots."
|
|
|
|
|
(if (equal? (port-encoding port) "UTF-8")
|
|
|
|
|
"…"
|
|
|
|
|
"..."))
|
|
|
|
|
|
2015-09-15 07:31:11 +02:00
|
|
|
|
(define* (store-path-abbreviation store-path #:optional (prefix-length 6))
|
2015-09-24 21:54:37 +02:00
|
|
|
|
"If STORE-PATH is the file name of a store entry, return an abbreviation of
|
|
|
|
|
STORE-PATH for display, showing PREFIX-LENGTH characters of the hash.
|
|
|
|
|
Otherwise return STORE-PATH."
|
|
|
|
|
(if (string-prefix? (%store-directory) store-path)
|
|
|
|
|
(let ((base (basename store-path)))
|
|
|
|
|
(string-append (string-take base prefix-length)
|
2015-10-01 11:28:58 +02:00
|
|
|
|
(ellipsis)
|
2015-09-24 21:54:37 +02:00
|
|
|
|
(string-drop base 32)))
|
|
|
|
|
store-path))
|
2015-09-15 07:31:11 +02:00
|
|
|
|
|
2017-04-22 01:09:45 +02:00
|
|
|
|
(cond-expand
|
|
|
|
|
(guile-2.2
|
2017-04-22 14:40:51 +02:00
|
|
|
|
;; Guile 2.2.2 has a bug whereby 'time-monotonic' objects have seconds and
|
|
|
|
|
;; nanoseconds swapped (fixed in Guile commit 886ac3e). Work around it.
|
2017-04-22 01:09:45 +02:00
|
|
|
|
(define time-monotonic time-tai))
|
|
|
|
|
(else #t))
|
|
|
|
|
|
2015-09-15 07:31:11 +02:00
|
|
|
|
(define* (progress-proc file size
|
|
|
|
|
#:optional (log-port (current-output-port))
|
2015-09-17 13:22:01 +02:00
|
|
|
|
#:key (abbreviation basename))
|
2015-09-05 20:32:39 +02:00
|
|
|
|
"Return a procedure to show the progress of FILE's download, which is SIZE
|
|
|
|
|
bytes long. The returned procedure is suitable for use as an argument to
|
2015-09-15 07:31:11 +02:00
|
|
|
|
`dump-port'. The progress report is written to LOG-PORT, with ABBREVIATION
|
|
|
|
|
used to shorten FILE for display."
|
2015-02-27 15:04:05 +01:00
|
|
|
|
;; XXX: Because of <http://bugs.gnu.org/19939> this procedure is often not
|
|
|
|
|
;; called as frequently as we'd like too; this is especially bad with Nginx
|
|
|
|
|
;; on hydra.gnu.org, which returns whole nars as a single chunk.
|
2015-02-27 15:00:38 +01:00
|
|
|
|
(let ((start-time #f))
|
|
|
|
|
(let-syntax ((with-elapsed-time
|
|
|
|
|
(syntax-rules ()
|
|
|
|
|
((_ elapsed body ...)
|
|
|
|
|
(let* ((now (current-time time-monotonic))
|
|
|
|
|
(elapsed (and start-time
|
|
|
|
|
(duration->seconds
|
|
|
|
|
(time-difference now
|
|
|
|
|
start-time)))))
|
|
|
|
|
(unless start-time
|
|
|
|
|
(set! start-time now))
|
|
|
|
|
body ...)))))
|
|
|
|
|
(if (number? size)
|
|
|
|
|
(lambda (transferred cont)
|
|
|
|
|
(with-elapsed-time elapsed
|
2015-09-05 20:32:39 +02:00
|
|
|
|
(let* ((% (* 100.0 (/ transferred size)))
|
|
|
|
|
(throughput (if elapsed
|
|
|
|
|
(/ transferred elapsed)
|
|
|
|
|
0))
|
|
|
|
|
(left (format #f " ~a ~a"
|
2015-09-15 07:31:11 +02:00
|
|
|
|
(abbreviation file)
|
2015-09-05 20:32:39 +02:00
|
|
|
|
(byte-count->string size)))
|
|
|
|
|
(right (format #f "~a/s ~a ~a~6,1f%"
|
|
|
|
|
(byte-count->string throughput)
|
|
|
|
|
(seconds->string elapsed)
|
2015-09-15 07:31:11 +02:00
|
|
|
|
(progress-bar %) %)))
|
2016-04-14 22:47:40 +02:00
|
|
|
|
(display "\r\x1b[K" log-port)
|
2016-04-14 22:50:48 +02:00
|
|
|
|
(display (string-pad-middle left right
|
|
|
|
|
(current-terminal-columns))
|
|
|
|
|
log-port)
|
2015-02-27 15:00:38 +01:00
|
|
|
|
(flush-output-port log-port)
|
|
|
|
|
(cont))))
|
|
|
|
|
(lambda (transferred cont)
|
|
|
|
|
(with-elapsed-time elapsed
|
2015-09-15 07:31:11 +02:00
|
|
|
|
(let* ((throughput (if elapsed
|
|
|
|
|
(/ transferred elapsed)
|
|
|
|
|
0))
|
|
|
|
|
(left (format #f " ~a"
|
|
|
|
|
(abbreviation file)))
|
|
|
|
|
(right (format #f "~a/s ~a | ~a transferred"
|
|
|
|
|
(byte-count->string throughput)
|
|
|
|
|
(seconds->string elapsed)
|
|
|
|
|
(byte-count->string transferred))))
|
2016-04-14 22:47:40 +02:00
|
|
|
|
(display "\r\x1b[K" log-port)
|
2016-04-14 22:50:48 +02:00
|
|
|
|
(display (string-pad-middle left right
|
|
|
|
|
(current-terminal-columns))
|
|
|
|
|
log-port)
|
2015-02-27 15:00:38 +01:00
|
|
|
|
(flush-output-port log-port)
|
|
|
|
|
(cont))))))))
|
2013-01-06 18:24:53 +01:00
|
|
|
|
|
2013-01-11 15:41:58 +01:00
|
|
|
|
(define* (uri-abbreviation uri #:optional (max-length 42))
|
|
|
|
|
"If URI's string representation is larger than MAX-LENGTH, return an
|
|
|
|
|
abbreviation of URI showing the scheme, host, and basename of the file."
|
|
|
|
|
(define uri-as-string
|
|
|
|
|
(uri->string uri))
|
|
|
|
|
|
|
|
|
|
(define (elide-path)
|
2016-04-20 22:52:35 +02:00
|
|
|
|
(let* ((path (uri-path uri))
|
|
|
|
|
(base (basename path))
|
|
|
|
|
(prefix (string-append (symbol->string (uri-scheme uri)) "://"
|
|
|
|
|
|
|
|
|
|
;; `file' URIs have no host part.
|
|
|
|
|
(or (uri-host uri) "")
|
|
|
|
|
|
|
|
|
|
(string-append "/" (ellipsis) "/"))))
|
|
|
|
|
(if (> (+ (string-length prefix) (string-length base)) max-length)
|
|
|
|
|
(string-append prefix (ellipsis)
|
|
|
|
|
(string-drop base (quotient (string-length base) 2)))
|
|
|
|
|
(string-append prefix base))))
|
2013-01-11 15:41:58 +01:00
|
|
|
|
|
|
|
|
|
(if (> (string-length uri-as-string) max-length)
|
|
|
|
|
(let ((short (elide-path)))
|
|
|
|
|
(if (< (string-length short) (string-length uri-as-string))
|
|
|
|
|
short
|
|
|
|
|
uri-as-string))
|
|
|
|
|
uri-as-string))
|
|
|
|
|
|
2016-04-20 23:01:41 +02:00
|
|
|
|
(define (nar-uri-abbreviation uri)
|
|
|
|
|
"Abbreviate URI, which is assumed to be the URI of a nar as served by Hydra
|
|
|
|
|
and 'guix publish', something like
|
|
|
|
|
\"http://example.org/nar/1ldrllwbna0aw5z8kpci4fsvbd2w8cw4-texlive-bin-2015\"."
|
|
|
|
|
(let* ((uri (if (string? uri) (string->uri uri) uri))
|
|
|
|
|
(path (basename (uri-path uri))))
|
|
|
|
|
(if (and (> (string-length path) 33)
|
|
|
|
|
(char=? (string-ref path 32) #\-))
|
|
|
|
|
(string-drop path 33)
|
|
|
|
|
path)))
|
|
|
|
|
|
2016-05-27 10:33:23 +02:00
|
|
|
|
(define* (ftp-fetch uri file #:key timeout)
|
|
|
|
|
"Fetch data from URI and write it to FILE. Return FILE on success. Bail
|
|
|
|
|
out if the connection could not be established in less than TIMEOUT seconds."
|
2017-03-28 13:27:56 +02:00
|
|
|
|
(let* ((conn (match (and=> (uri-userinfo uri)
|
|
|
|
|
(cut string-split <> #\:))
|
2017-03-21 12:15:14 +01:00
|
|
|
|
(((? string? user))
|
|
|
|
|
(ftp-open (uri-host uri) #:timeout timeout
|
|
|
|
|
#:username user))
|
|
|
|
|
(((? string? user) (? string? pass))
|
|
|
|
|
(ftp-open (uri-host uri) #:timeout timeout
|
|
|
|
|
#:username user
|
|
|
|
|
#:password pass))
|
|
|
|
|
(_ (ftp-open (uri-host uri) #:timeout timeout))))
|
2013-01-06 18:24:53 +01:00
|
|
|
|
(size (false-if-exception (ftp-size conn (uri-path uri))))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
(in (ftp-retr conn (basename (uri-path uri))
|
|
|
|
|
(dirname (uri-path uri)))))
|
|
|
|
|
(call-with-output-file file
|
|
|
|
|
(lambda (out)
|
2013-01-06 18:24:53 +01:00
|
|
|
|
(dump-port in out
|
2015-02-27 14:57:54 +01:00
|
|
|
|
#:buffer-size %http-receive-buffer-size
|
2013-01-11 15:41:58 +01:00
|
|
|
|
#:progress (progress-proc (uri-abbreviation uri) size))))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
|
|
|
|
(ftp-close conn))
|
2013-01-06 18:24:53 +01:00
|
|
|
|
(newline)
|
2012-11-12 23:10:26 +01:00
|
|
|
|
file)
|
|
|
|
|
|
2013-01-20 22:28:38 +01:00
|
|
|
|
;; Autoload GnuTLS so that this module can be used even when GnuTLS is
|
|
|
|
|
;; not available. At compile time, this yields "possibly unbound
|
|
|
|
|
;; variable" warnings, but these are OK: we know that the variables will
|
|
|
|
|
;; be bound if we need them, because (guix download) adds GnuTLS as an
|
|
|
|
|
;; input in that case.
|
|
|
|
|
|
|
|
|
|
;; XXX: Use this hack instead of #:autoload to avoid compilation errors.
|
|
|
|
|
;; See <http://bugs.gnu.org/12202>.
|
|
|
|
|
(module-autoload! (current-module)
|
|
|
|
|
'(gnutls) '(make-session connection-end/client))
|
|
|
|
|
|
2016-03-17 21:34:33 +01:00
|
|
|
|
(define %tls-ports
|
|
|
|
|
;; Mapping of session record ports to the underlying file port.
|
|
|
|
|
(make-weak-key-hash-table))
|
|
|
|
|
|
|
|
|
|
(define (register-tls-record-port record-port port)
|
|
|
|
|
"Hold a weak reference from RECORD-PORT to PORT, where RECORD-PORT is a TLS
|
|
|
|
|
session record port using PORT as its underlying communication port."
|
|
|
|
|
(hashq-set! %tls-ports record-port port))
|
2013-05-10 01:14:25 +02:00
|
|
|
|
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(define %x509-certificate-directory
|
|
|
|
|
;; The directory where X.509 authority PEM certificates are stored.
|
|
|
|
|
(make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
|
|
|
|
|
(getenv "SSL_CERT_DIR")))) ;like OpenSSL
|
|
|
|
|
|
|
|
|
|
(define (make-credendials-with-ca-trust-files directory)
|
|
|
|
|
"Return certificate credentials with X.509 authority certificates read from
|
|
|
|
|
DIRECTORY. Those authority certificates are checked when
|
|
|
|
|
'peer-certificate-status' is later called."
|
|
|
|
|
(let ((cred (make-certificate-credentials))
|
|
|
|
|
(files (or (scandir directory
|
|
|
|
|
(lambda (file)
|
|
|
|
|
(string-suffix? ".pem" file)))
|
|
|
|
|
'())))
|
|
|
|
|
(for-each (lambda (file)
|
2016-12-16 18:00:01 +01:00
|
|
|
|
(let ((file (string-append directory "/" file)))
|
|
|
|
|
;; Protect against dangling symlinks.
|
|
|
|
|
(when (file-exists? file)
|
|
|
|
|
(set-certificate-credentials-x509-trust-file!
|
|
|
|
|
cred file
|
|
|
|
|
x509-certificate-format/pem))))
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(or files '()))
|
|
|
|
|
cred))
|
|
|
|
|
|
|
|
|
|
(define (peer-certificate session)
|
|
|
|
|
"Return the certificate of the remote peer in SESSION."
|
|
|
|
|
(match (session-peer-certificate-chain session)
|
|
|
|
|
((first _ ...)
|
|
|
|
|
(import-x509-certificate first x509-certificate-format/der))))
|
|
|
|
|
|
|
|
|
|
(define (assert-valid-server-certificate session server)
|
|
|
|
|
"Return #t if the certificate of the remote peer for SESSION is a valid
|
|
|
|
|
certificate for SERVER, where SERVER is the expected host name of peer."
|
|
|
|
|
(define cert
|
|
|
|
|
(peer-certificate session))
|
|
|
|
|
|
|
|
|
|
;; First check whether the server's certificate matches SERVER.
|
|
|
|
|
(unless (x509-certificate-matches-hostname? cert server)
|
|
|
|
|
(throw 'tls-certificate-error 'host-mismatch cert server))
|
|
|
|
|
|
|
|
|
|
;; Second check its validity and reachability from the set of authority
|
|
|
|
|
;; certificates loaded via 'set-certificate-credentials-x509-trust-file!'.
|
|
|
|
|
(match (peer-certificate-status session)
|
|
|
|
|
(() ;certificate is valid
|
|
|
|
|
#t)
|
|
|
|
|
((statuses ...)
|
|
|
|
|
(throw 'tls-certificate-error 'invalid-certificate cert server
|
|
|
|
|
statuses))))
|
|
|
|
|
|
|
|
|
|
(define (print-tls-certificate-error port key args default-printer)
|
|
|
|
|
"Print the TLS certificate error represented by ARGS in an intelligible
|
|
|
|
|
way."
|
|
|
|
|
(match args
|
|
|
|
|
(('host-mismatch cert server)
|
|
|
|
|
(format port
|
|
|
|
|
"X.509 server certificate for '~a' does not match: ~a~%"
|
|
|
|
|
server (x509-certificate-dn cert)))
|
|
|
|
|
(('invalid-certificate cert server statuses)
|
|
|
|
|
(format port
|
|
|
|
|
"X.509 certificate of '~a' could not be verified:~%~{ ~a~%~}"
|
|
|
|
|
server
|
|
|
|
|
(map certificate-status->string statuses)))))
|
|
|
|
|
|
|
|
|
|
(set-exception-printer! 'tls-certificate-error
|
|
|
|
|
print-tls-certificate-error)
|
|
|
|
|
|
|
|
|
|
(define* (tls-wrap port server #:key (verify-certificate? #t))
|
2014-09-22 21:06:39 +02:00
|
|
|
|
"Return PORT wrapped in a TLS connection to SERVER. SERVER must be a DNS
|
|
|
|
|
host name without trailing dot."
|
2013-01-20 22:28:38 +01:00
|
|
|
|
(define (log level str)
|
|
|
|
|
(format (current-error-port)
|
|
|
|
|
"gnutls: [~a|~a] ~a" (getpid) level str))
|
|
|
|
|
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(let ((session (make-session connection-end/client))
|
|
|
|
|
(ca-certs (%x509-certificate-directory)))
|
2014-09-22 21:06:39 +02:00
|
|
|
|
|
|
|
|
|
;; Some servers such as 'cloud.github.com' require the client to support
|
|
|
|
|
;; the 'SERVER NAME' extension. However, 'set-session-server-name!' is
|
|
|
|
|
;; not available in older GnuTLS releases. See
|
|
|
|
|
;; <http://bugs.gnu.org/18526> for details.
|
|
|
|
|
(if (module-defined? (resolve-interface '(gnutls))
|
|
|
|
|
'set-session-server-name!)
|
|
|
|
|
(set-session-server-name! session server-name-type/dns server)
|
|
|
|
|
(format (current-error-port)
|
|
|
|
|
"warning: TLS 'SERVER NAME' extension not supported~%"))
|
|
|
|
|
|
2013-01-20 22:28:38 +01:00
|
|
|
|
(set-session-transport-fd! session (fileno port))
|
|
|
|
|
(set-session-default-priority! session)
|
2016-04-20 13:12:57 +02:00
|
|
|
|
|
|
|
|
|
;; The "%COMPAT" bit allows us to work around firewall issues (info
|
|
|
|
|
;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
|
|
|
|
|
;; Explicitly disable SSLv3, which is insecure:
|
|
|
|
|
;; <https://tools.ietf.org/html/rfc7568>.
|
|
|
|
|
(set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")
|
|
|
|
|
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(set-session-credentials! session
|
|
|
|
|
(if (and verify-certificate? ca-certs)
|
|
|
|
|
(make-credendials-with-ca-trust-files
|
|
|
|
|
ca-certs)
|
|
|
|
|
(make-certificate-credentials)))
|
2013-01-20 22:28:38 +01:00
|
|
|
|
|
|
|
|
|
;; Uncomment the following lines in case of debugging emergency.
|
|
|
|
|
;;(set-log-level! 10)
|
|
|
|
|
;;(set-log-procedure! log)
|
|
|
|
|
|
|
|
|
|
(handshake session)
|
2016-11-07 23:07:08 +01:00
|
|
|
|
|
|
|
|
|
;; Verify the server's certificate if needed.
|
|
|
|
|
(when verify-certificate?
|
|
|
|
|
(catch 'tls-certificate-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
(assert-valid-server-certificate session server))
|
|
|
|
|
(lambda args
|
|
|
|
|
(close-port port)
|
|
|
|
|
(apply throw args))))
|
|
|
|
|
|
2013-05-10 01:14:25 +02:00
|
|
|
|
(let ((record (session-record-port session)))
|
|
|
|
|
;; Since we use `fileno' above, the file descriptor behind PORT would be
|
|
|
|
|
;; closed when PORT is GC'd. If we used `port->fdes', it would instead
|
|
|
|
|
;; never be closed. So we use `fileno', but keep a weak reference to
|
|
|
|
|
;; PORT, so the file descriptor gets closed when RECORD is GC'd.
|
2016-03-17 21:34:33 +01:00
|
|
|
|
(register-tls-record-port record port)
|
2013-05-10 01:14:25 +02:00
|
|
|
|
record)))
|
2013-01-20 22:28:38 +01:00
|
|
|
|
|
2015-11-12 22:37:32 +01:00
|
|
|
|
(define (ensure-uri uri-or-string) ;XXX: copied from (web http)
|
|
|
|
|
(cond
|
|
|
|
|
((string? uri-or-string) (string->uri uri-or-string))
|
|
|
|
|
((uri? uri-or-string) uri-or-string)
|
|
|
|
|
(else (error "Invalid URI" uri-or-string))))
|
|
|
|
|
|
|
|
|
|
(define current-http-proxy
|
|
|
|
|
;; XXX: Add a dummy definition for Guile < 2.0.10; this is used in
|
|
|
|
|
;; 'open-socket-for-uri'.
|
|
|
|
|
(or (and=> (module-variable (resolve-interface '(web client))
|
|
|
|
|
'current-http-proxy)
|
|
|
|
|
variable-ref)
|
|
|
|
|
(const #f)))
|
|
|
|
|
|
|
|
|
|
(define* (open-socket-for-uri uri-or-string #:key timeout)
|
|
|
|
|
"Return an open input/output port for a connection to URI. When TIMEOUT is
|
|
|
|
|
not #f, it must be a (possibly inexact) number denoting the maximum duration
|
|
|
|
|
in seconds to wait for the connection to complete; passed TIMEOUT, an
|
|
|
|
|
ETIMEDOUT error is raised."
|
|
|
|
|
;; Includes a fix for <http://bugs.gnu.org/15368> which affects Guile's
|
2015-11-12 23:15:18 +01:00
|
|
|
|
;; 'open-socket-for-uri' up to 2.0.11 included, uses 'connect*' instead
|
|
|
|
|
;; of 'connect', and uses AI_ADDRCONFIG.
|
2015-11-12 22:37:32 +01:00
|
|
|
|
|
|
|
|
|
(define http-proxy (current-http-proxy))
|
|
|
|
|
(define uri (ensure-uri (or http-proxy uri-or-string)))
|
|
|
|
|
(define addresses
|
|
|
|
|
(let ((port (uri-port uri)))
|
|
|
|
|
(delete-duplicates
|
|
|
|
|
(getaddrinfo (uri-host uri)
|
|
|
|
|
(cond (port => number->string)
|
|
|
|
|
(else (symbol->string (uri-scheme uri))))
|
2015-11-12 23:15:18 +01:00
|
|
|
|
(if (number? port)
|
|
|
|
|
(logior AI_ADDRCONFIG AI_NUMERICSERV)
|
|
|
|
|
AI_ADDRCONFIG))
|
2015-11-12 22:37:32 +01:00
|
|
|
|
(lambda (ai1 ai2)
|
|
|
|
|
(equal? (addrinfo:addr ai1) (addrinfo:addr ai2))))))
|
|
|
|
|
|
|
|
|
|
(let loop ((addresses addresses))
|
|
|
|
|
(let* ((ai (car addresses))
|
|
|
|
|
(s (with-fluids ((%default-port-encoding #f))
|
|
|
|
|
;; Restrict ourselves to TCP.
|
|
|
|
|
(socket (addrinfo:fam ai) SOCK_STREAM IPPROTO_IP))))
|
|
|
|
|
(catch 'system-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
(connect* s (addrinfo:addr ai) timeout)
|
|
|
|
|
|
|
|
|
|
;; Buffer input and output on this port.
|
|
|
|
|
(setvbuf s _IOFBF)
|
|
|
|
|
;; If we're using a proxy, make a note of that.
|
|
|
|
|
(when http-proxy (set-http-proxy-port?! s #t))
|
|
|
|
|
s)
|
|
|
|
|
(lambda args
|
|
|
|
|
;; Connection failed, so try one of the other addresses.
|
|
|
|
|
(close s)
|
|
|
|
|
(if (null? (cdr addresses))
|
|
|
|
|
(apply throw args)
|
|
|
|
|
(loop (cdr addresses))))))))
|
|
|
|
|
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(define* (open-connection-for-uri uri
|
|
|
|
|
#:key
|
|
|
|
|
timeout
|
|
|
|
|
(verify-certificate? #t))
|
2016-03-17 21:34:33 +01:00
|
|
|
|
"Like 'open-socket-for-uri', but also handle HTTPS connections. The
|
2016-11-07 23:07:08 +01:00
|
|
|
|
resulting port must be closed with 'close-connection'. When
|
|
|
|
|
VERIFY-CERTIFICATE? is true, verify HTTPS server certificates."
|
2017-03-17 23:41:37 +01:00
|
|
|
|
;; Note: Guile 2.2.0's (web client) has a same-named export that's actually
|
|
|
|
|
;; undefined. See Guile commit 011669af3b428e5626f7bbf66b11d57d9768c047.
|
|
|
|
|
|
2015-04-30 22:13:04 +02:00
|
|
|
|
(define https?
|
|
|
|
|
(eq? 'https (uri-scheme uri)))
|
|
|
|
|
|
|
|
|
|
(let-syntax ((with-https-proxy
|
|
|
|
|
(syntax-rules ()
|
|
|
|
|
((_ exp)
|
|
|
|
|
;; For HTTPS URIs, honor 'https_proxy', not 'http_proxy'.
|
|
|
|
|
;; FIXME: Proxying is not supported for https.
|
|
|
|
|
(let ((thunk (lambda () exp)))
|
|
|
|
|
(if (and https?
|
|
|
|
|
(module-variable
|
|
|
|
|
(resolve-interface '(web client))
|
|
|
|
|
'current-http-proxy))
|
|
|
|
|
(parameterize ((current-http-proxy #f))
|
2015-07-17 22:31:12 +02:00
|
|
|
|
(when (and=> (getenv "https_proxy")
|
|
|
|
|
(negate string-null?))
|
2015-04-30 22:13:04 +02:00
|
|
|
|
(format (current-error-port)
|
|
|
|
|
"warning: 'https_proxy' is ignored~%"))
|
|
|
|
|
(thunk))
|
|
|
|
|
(thunk)))))))
|
|
|
|
|
(with-https-proxy
|
2015-11-12 22:37:32 +01:00
|
|
|
|
(let ((s (open-socket-for-uri uri #:timeout timeout)))
|
2015-05-06 09:50:15 +02:00
|
|
|
|
;; Buffer input and output on this port.
|
|
|
|
|
(setvbuf s _IOFBF %http-receive-buffer-size)
|
|
|
|
|
|
2015-04-30 22:13:04 +02:00
|
|
|
|
(if https?
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(tls-wrap s (uri-host uri)
|
|
|
|
|
#:verify-certificate? verify-certificate?)
|
2015-04-30 22:13:04 +02:00
|
|
|
|
s)))))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
2016-03-17 21:34:33 +01:00
|
|
|
|
(define (close-connection port)
|
|
|
|
|
"Like 'close-port', but (1) idempotent, and (2) also closes the underlying
|
|
|
|
|
port if PORT is a TLS session record port."
|
|
|
|
|
;; FIXME: This is a partial workaround for <http://bugs.gnu.org/20145>,
|
|
|
|
|
;; because 'http-fetch' & co. may return a chunked input port whose 'close'
|
|
|
|
|
;; method calls 'close-port', not 'close-connection'.
|
|
|
|
|
(unless (port-closed? port)
|
|
|
|
|
(close-port port))
|
|
|
|
|
(and=> (hashq-ref %tls-ports port)
|
|
|
|
|
close-connection))
|
|
|
|
|
|
2012-11-12 23:10:26 +01:00
|
|
|
|
;; XXX: This is an awful hack to make sure the (set-port-encoding! p
|
|
|
|
|
;; "ISO-8859-1") call in `read-response' passes, even during bootstrap
|
|
|
|
|
;; where iconv is not available.
|
|
|
|
|
(module-define! (resolve-module '(web response))
|
|
|
|
|
'set-port-encoding!
|
|
|
|
|
(lambda (p e) #f))
|
|
|
|
|
|
2016-04-29 22:12:24 +02:00
|
|
|
|
;; XXX: Work around <http://bugs.gnu.org/23421>, fixed in Guile commit
|
|
|
|
|
;; 16050431f29d56f80c4a8253506fc851b8441840. Guile's date validation
|
|
|
|
|
;; procedure rejects dates in which the hour is not padded with a zero but
|
|
|
|
|
;; with whitespace.
|
|
|
|
|
(begin
|
|
|
|
|
(define-syntax string-match?
|
|
|
|
|
(lambda (x)
|
|
|
|
|
(syntax-case x ()
|
|
|
|
|
((_ str pat) (string? (syntax->datum #'pat))
|
|
|
|
|
(let ((p (syntax->datum #'pat)))
|
|
|
|
|
#`(let ((s str))
|
|
|
|
|
(and
|
|
|
|
|
(= (string-length s) #,(string-length p))
|
|
|
|
|
#,@(let lp ((i 0) (tests '()))
|
|
|
|
|
(if (< i (string-length p))
|
|
|
|
|
(let ((c (string-ref p i)))
|
|
|
|
|
(lp (1+ i)
|
|
|
|
|
(case c
|
|
|
|
|
((#\.) ; Whatever.
|
|
|
|
|
tests)
|
|
|
|
|
((#\d) ; Digit.
|
|
|
|
|
(cons #`(char-numeric? (string-ref s #,i))
|
|
|
|
|
tests))
|
|
|
|
|
((#\a) ; Alphabetic.
|
|
|
|
|
(cons #`(char-alphabetic? (string-ref s #,i))
|
|
|
|
|
tests))
|
|
|
|
|
(else ; Literal.
|
|
|
|
|
(cons #`(eqv? (string-ref s #,i) #,c)
|
|
|
|
|
tests)))))
|
|
|
|
|
tests)))))))))
|
|
|
|
|
|
|
|
|
|
(define (parse-rfc-822-date str space zone-offset)
|
|
|
|
|
(let ((parse-non-negative-integer (@@ (web http) parse-non-negative-integer))
|
|
|
|
|
(parse-month (@@ (web http) parse-month))
|
|
|
|
|
(bad-header (@@ (web http) bad-header)))
|
|
|
|
|
;; We could verify the day of the week but we don't.
|
|
|
|
|
(cond ((string-match? (substring str 0 space) "aaa, dd aaa dddd dd:dd:dd")
|
|
|
|
|
(let ((date (parse-non-negative-integer str 5 7))
|
|
|
|
|
(month (parse-month str 8 11))
|
|
|
|
|
(year (parse-non-negative-integer str 12 16))
|
|
|
|
|
(hour (parse-non-negative-integer str 17 19))
|
|
|
|
|
(minute (parse-non-negative-integer str 20 22))
|
|
|
|
|
(second (parse-non-negative-integer str 23 25)))
|
|
|
|
|
(make-date 0 second minute hour date month year zone-offset)))
|
|
|
|
|
((string-match? (substring str 0 space) "aaa, d aaa dddd dd:dd:dd")
|
|
|
|
|
(let ((date (parse-non-negative-integer str 5 6))
|
|
|
|
|
(month (parse-month str 7 10))
|
|
|
|
|
(year (parse-non-negative-integer str 11 15))
|
|
|
|
|
(hour (parse-non-negative-integer str 16 18))
|
|
|
|
|
(minute (parse-non-negative-integer str 19 21))
|
|
|
|
|
(second (parse-non-negative-integer str 22 24)))
|
|
|
|
|
(make-date 0 second minute hour date month year zone-offset)))
|
|
|
|
|
|
|
|
|
|
;; The next two clauses match dates that have a space instead of
|
|
|
|
|
;; a leading zero for hours, like " 8:49:37".
|
|
|
|
|
((string-match? (substring str 0 space) "aaa, dd aaa dddd d:dd:dd")
|
|
|
|
|
(let ((date (parse-non-negative-integer str 5 7))
|
|
|
|
|
(month (parse-month str 8 11))
|
|
|
|
|
(year (parse-non-negative-integer str 12 16))
|
|
|
|
|
(hour (parse-non-negative-integer str 18 19))
|
|
|
|
|
(minute (parse-non-negative-integer str 20 22))
|
|
|
|
|
(second (parse-non-negative-integer str 23 25)))
|
|
|
|
|
(make-date 0 second minute hour date month year zone-offset)))
|
|
|
|
|
((string-match? (substring str 0 space) "aaa, d aaa dddd d:dd:dd")
|
|
|
|
|
(let ((date (parse-non-negative-integer str 5 6))
|
|
|
|
|
(month (parse-month str 7 10))
|
|
|
|
|
(year (parse-non-negative-integer str 11 15))
|
|
|
|
|
(hour (parse-non-negative-integer str 17 18))
|
|
|
|
|
(minute (parse-non-negative-integer str 19 21))
|
|
|
|
|
(second (parse-non-negative-integer str 22 24)))
|
|
|
|
|
(make-date 0 second minute hour date month year zone-offset)))
|
|
|
|
|
|
|
|
|
|
(else
|
|
|
|
|
(bad-header 'date str) ; prevent tail call
|
|
|
|
|
#f))))
|
|
|
|
|
(module-set! (resolve-module '(web http))
|
|
|
|
|
'parse-rfc-822-date parse-rfc-822-date))
|
|
|
|
|
|
2015-02-19 01:33:10 +01:00
|
|
|
|
;; XXX: Work around <http://bugs.gnu.org/19840>, present in Guile
|
|
|
|
|
;; up to 2.0.11.
|
|
|
|
|
(unless (or (> (string->number (major-version)) 2)
|
|
|
|
|
(> (string->number (minor-version)) 0)
|
|
|
|
|
(> (string->number (micro-version)) 11))
|
2015-02-25 01:58:13 +01:00
|
|
|
|
(let ((var (module-variable (resolve-module '(web http))
|
|
|
|
|
'declare-relative-uri-header!)))
|
|
|
|
|
;; If 'declare-relative-uri-header!' doesn't exist, forget it.
|
|
|
|
|
(when (and var (variable-bound? var))
|
|
|
|
|
(let ((declare-relative-uri-header! (variable-ref var)))
|
|
|
|
|
(declare-relative-uri-header! "Location")))))
|
2015-02-19 01:33:10 +01:00
|
|
|
|
|
|
|
|
|
(define (resolve-uri-reference ref base)
|
|
|
|
|
"Resolve the URI reference REF, interpreted relative to the BASE URI, into a
|
|
|
|
|
target URI, according to the algorithm specified in RFC 3986 section 5.2.2.
|
|
|
|
|
Return the resulting target URI."
|
|
|
|
|
|
|
|
|
|
(define (merge-paths base-path rel-path)
|
|
|
|
|
(let* ((base-components (string-split base-path #\/))
|
|
|
|
|
(base-directory-components (match base-components
|
|
|
|
|
((components ... last) components)
|
|
|
|
|
(() '())))
|
|
|
|
|
(base-directory (string-join base-directory-components "/")))
|
|
|
|
|
(string-append base-directory "/" rel-path)))
|
|
|
|
|
|
|
|
|
|
(define (remove-dot-segments path)
|
|
|
|
|
(let loop ((in
|
|
|
|
|
;; Drop leading "." and ".." components from a relative path.
|
|
|
|
|
;; (absolute paths will start with a "" component)
|
|
|
|
|
(drop-while (match-lambda
|
|
|
|
|
((or "." "..") #t)
|
|
|
|
|
(_ #f))
|
|
|
|
|
(string-split path #\/)))
|
|
|
|
|
(out '()))
|
|
|
|
|
(match in
|
|
|
|
|
(("." . rest)
|
|
|
|
|
(loop rest out))
|
|
|
|
|
((".." . rest)
|
|
|
|
|
(match out
|
|
|
|
|
((or () (""))
|
|
|
|
|
(error "remove-dot-segments: too many '..' components" path))
|
|
|
|
|
(_
|
|
|
|
|
(loop rest (cdr out)))))
|
|
|
|
|
((component . rest)
|
|
|
|
|
(loop rest (cons component out)))
|
|
|
|
|
(()
|
|
|
|
|
(string-join (reverse out) "/")))))
|
|
|
|
|
|
|
|
|
|
(cond ((or (uri-scheme ref)
|
|
|
|
|
(uri-host ref))
|
|
|
|
|
(build-uri (or (uri-scheme ref)
|
|
|
|
|
(uri-scheme base))
|
|
|
|
|
#:userinfo (uri-userinfo ref)
|
|
|
|
|
#:host (uri-host ref)
|
|
|
|
|
#:port (uri-port ref)
|
|
|
|
|
#:path (remove-dot-segments (uri-path ref))
|
|
|
|
|
#:query (uri-query ref)
|
|
|
|
|
#:fragment (uri-fragment ref)))
|
|
|
|
|
((string-null? (uri-path ref))
|
|
|
|
|
(build-uri (uri-scheme base)
|
|
|
|
|
#:userinfo (uri-userinfo base)
|
|
|
|
|
#:host (uri-host base)
|
|
|
|
|
#:port (uri-port base)
|
|
|
|
|
#:path (remove-dot-segments (uri-path base))
|
|
|
|
|
#:query (or (uri-query ref)
|
|
|
|
|
(uri-query base))
|
|
|
|
|
#:fragment (uri-fragment ref)))
|
|
|
|
|
(else
|
|
|
|
|
(build-uri (uri-scheme base)
|
|
|
|
|
#:userinfo (uri-userinfo base)
|
|
|
|
|
#:host (uri-host base)
|
|
|
|
|
#:port (uri-port base)
|
|
|
|
|
#:path (remove-dot-segments
|
|
|
|
|
(if (string-prefix? "/" (uri-path ref))
|
|
|
|
|
(uri-path ref)
|
|
|
|
|
(merge-paths (uri-path base)
|
|
|
|
|
(uri-path ref))))
|
|
|
|
|
#:query (uri-query ref)
|
|
|
|
|
#:fragment (uri-fragment ref)))))
|
|
|
|
|
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(define* (http-fetch uri file #:key timeout (verify-certificate? #t))
|
2016-05-27 10:33:23 +02:00
|
|
|
|
"Fetch data from URI and write it to FILE; when TIMEOUT is true, bail out if
|
|
|
|
|
the connection could not be established in less than TIMEOUT seconds. Return
|
2016-11-07 23:07:08 +01:00
|
|
|
|
FILE on success. When VERIFY-CERTIFICATE? is true, verify HTTPS
|
|
|
|
|
certificates; otherwise simply ignore them."
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
2014-02-10 00:03:34 +01:00
|
|
|
|
(define headers
|
2016-06-28 15:36:34 +02:00
|
|
|
|
`(;; Some web sites, such as http://dist.schmorp.de, would block you if
|
2014-10-19 12:07:26 +02:00
|
|
|
|
;; there's no 'User-Agent' header, presumably on the assumption that
|
|
|
|
|
;; you're a spammer. So work around that.
|
|
|
|
|
(User-Agent . "GNU Guile")
|
|
|
|
|
|
|
|
|
|
;; Some servers, such as https://alioth.debian.org, return "406 Not
|
|
|
|
|
;; Acceptable" when not explicitly told that everything is accepted.
|
2016-06-28 15:36:34 +02:00
|
|
|
|
(Accept . "*/*")
|
|
|
|
|
|
|
|
|
|
;; Basic authentication, if needed.
|
|
|
|
|
,@(match (uri-userinfo uri)
|
|
|
|
|
((? string? str)
|
|
|
|
|
`((Authorization . ,(string-append "Basic "
|
|
|
|
|
(base64-encode
|
|
|
|
|
(string->utf8 str))))))
|
|
|
|
|
(_ '()))))
|
2014-02-10 00:03:34 +01:00
|
|
|
|
|
2012-11-12 23:10:26 +01:00
|
|
|
|
(let*-values (((connection)
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(open-connection-for-uri uri
|
|
|
|
|
#:timeout timeout
|
|
|
|
|
#:verify-certificate?
|
|
|
|
|
verify-certificate?))
|
2013-01-06 18:36:50 +01:00
|
|
|
|
((resp bv-or-port)
|
2017-03-17 23:07:01 +01:00
|
|
|
|
(http-get uri #:port connection #:decode-body? #f
|
|
|
|
|
#:streaming? #t
|
|
|
|
|
#:headers headers))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
((code)
|
2013-01-06 18:36:50 +01:00
|
|
|
|
(response-code resp))
|
|
|
|
|
((size)
|
|
|
|
|
(response-content-length resp)))
|
2012-11-12 23:09:32 +01:00
|
|
|
|
(case code
|
|
|
|
|
((200) ; OK
|
|
|
|
|
(begin
|
|
|
|
|
(call-with-output-file file
|
|
|
|
|
(lambda (p)
|
2013-01-06 18:36:50 +01:00
|
|
|
|
(if (port? bv-or-port)
|
|
|
|
|
(begin
|
|
|
|
|
(dump-port bv-or-port p
|
2015-02-27 14:57:54 +01:00
|
|
|
|
#:buffer-size %http-receive-buffer-size
|
2013-01-11 15:41:58 +01:00
|
|
|
|
#:progress (progress-proc (uri-abbreviation uri)
|
2013-01-06 18:36:50 +01:00
|
|
|
|
size))
|
|
|
|
|
(newline))
|
|
|
|
|
(put-bytevector p bv-or-port))))
|
2012-11-12 23:09:32 +01:00
|
|
|
|
file))
|
2013-01-25 21:36:26 +01:00
|
|
|
|
((301 ; moved permanently
|
2016-04-12 10:14:59 +02:00
|
|
|
|
302 ; found (redirection)
|
|
|
|
|
307) ; temporary redirection
|
2015-02-19 01:33:10 +01:00
|
|
|
|
(let ((uri (resolve-uri-reference (response-location resp) uri)))
|
2012-11-12 23:09:32 +01:00
|
|
|
|
(format #t "following redirection to `~a'...~%"
|
|
|
|
|
(uri->string uri))
|
|
|
|
|
(close connection)
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(http-fetch uri file
|
|
|
|
|
#:timeout timeout
|
|
|
|
|
#:verify-certificate? verify-certificate?)))
|
2012-11-12 23:09:32 +01:00
|
|
|
|
(else
|
|
|
|
|
(error "download failed" (uri->string uri)
|
|
|
|
|
code (response-reason-phrase resp))))))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(define-syntax-rule (false-if-exception* body ...)
|
|
|
|
|
"Like `false-if-exception', but print the exception on the error port."
|
|
|
|
|
(catch #t
|
|
|
|
|
(lambda ()
|
|
|
|
|
body ...)
|
|
|
|
|
(lambda (key . args)
|
|
|
|
|
#f)
|
|
|
|
|
(lambda (key . args)
|
|
|
|
|
(print-exception (current-error-port) #f key args))))
|
|
|
|
|
|
2014-12-29 20:51:12 +01:00
|
|
|
|
(define (uri-vicinity dir file)
|
|
|
|
|
"Concatenate DIR, slash, and FILE, keeping only one slash in between.
|
|
|
|
|
This is required by some HTTP servers."
|
|
|
|
|
(string-append (string-trim-right dir #\/) "/"
|
|
|
|
|
(string-trim file #\/)))
|
|
|
|
|
|
|
|
|
|
(define (maybe-expand-mirrors uri mirrors)
|
|
|
|
|
"If URI uses the 'mirror' scheme, expand it according to the MIRRORS alist.
|
|
|
|
|
Return a list of URIs."
|
|
|
|
|
(case (uri-scheme uri)
|
|
|
|
|
((mirror)
|
|
|
|
|
(let ((kind (string->symbol (uri-host uri)))
|
|
|
|
|
(path (uri-path uri)))
|
|
|
|
|
(match (assoc-ref mirrors kind)
|
|
|
|
|
((mirrors ..1)
|
|
|
|
|
(map (compose string->uri (cut uri-vicinity <> path))
|
|
|
|
|
mirrors))
|
|
|
|
|
(_
|
|
|
|
|
(error "unsupported URL mirror kind" kind uri)))))
|
|
|
|
|
(else
|
|
|
|
|
(list uri))))
|
|
|
|
|
|
2016-05-14 17:37:47 +02:00
|
|
|
|
(define* (url-fetch url file
|
|
|
|
|
#:key
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(timeout 10) (verify-certificate? #t)
|
2016-05-14 17:37:47 +02:00
|
|
|
|
(mirrors '()) (content-addressed-mirrors '())
|
|
|
|
|
(hashes '()))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
"Fetch FILE from URL; URL may be either a single string, or a list of
|
|
|
|
|
string denoting alternate URLs for FILE. Return #f on failure, and FILE
|
2016-05-14 17:37:47 +02:00
|
|
|
|
on success.
|
|
|
|
|
|
|
|
|
|
When MIRRORS is defined, it must be an alist of mirrors; it is used to resolve
|
|
|
|
|
'mirror://' URIs.
|
|
|
|
|
|
|
|
|
|
HASHES must be a list of algorithm/hash pairs, where each algorithm is a
|
|
|
|
|
symbol such as 'sha256 and each hash is a bytevector.
|
|
|
|
|
CONTENT-ADDRESSED-MIRRORS must be a list of procedures that, given a hash
|
|
|
|
|
algorithm and a hash, return a URL where the specified data can be retrieved
|
2016-11-07 23:07:08 +01:00
|
|
|
|
or #f.
|
|
|
|
|
|
|
|
|
|
When VERIFY-CERTIFICATE? is true, validate HTTPS server certificates;
|
|
|
|
|
otherwise simply ignore them."
|
2012-11-12 23:10:26 +01:00
|
|
|
|
(define uri
|
2014-12-29 20:51:12 +01:00
|
|
|
|
(append-map (cut maybe-expand-mirrors <> mirrors)
|
2012-11-12 23:20:06 +01:00
|
|
|
|
(match url
|
|
|
|
|
((_ ...) (map string->uri url))
|
|
|
|
|
(_ (list (string->uri url))))))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
|
|
|
|
|
(define (fetch uri file)
|
2015-09-17 13:22:01 +02:00
|
|
|
|
(format #t "~%Starting download of ~a~%From ~a...~%"
|
2012-11-12 23:10:26 +01:00
|
|
|
|
file (uri->string uri))
|
|
|
|
|
(case (uri-scheme uri)
|
2013-01-20 22:28:38 +01:00
|
|
|
|
((http https)
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(false-if-exception* (http-fetch uri file
|
|
|
|
|
#:verify-certificate?
|
|
|
|
|
verify-certificate?
|
|
|
|
|
#:timeout timeout)))
|
2013-01-20 22:28:38 +01:00
|
|
|
|
((ftp)
|
2016-11-07 23:07:08 +01:00
|
|
|
|
(false-if-exception* (ftp-fetch uri file
|
|
|
|
|
#:timeout timeout)))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
(else
|
|
|
|
|
(format #t "skipping URI with unsupported scheme: ~s~%"
|
|
|
|
|
uri)
|
|
|
|
|
#f)))
|
|
|
|
|
|
2016-05-27 10:29:10 +02:00
|
|
|
|
(define content-addressed-uris
|
2016-05-14 17:37:47 +02:00
|
|
|
|
(append-map (lambda (make-url)
|
|
|
|
|
(filter-map (match-lambda
|
|
|
|
|
((hash-algo . hash)
|
2016-07-31 18:25:18 +02:00
|
|
|
|
(let ((file (strip-store-file-name file)))
|
|
|
|
|
(string->uri (make-url file hash-algo hash)))))
|
2016-05-14 17:37:47 +02:00
|
|
|
|
hashes))
|
|
|
|
|
content-addressed-mirrors))
|
|
|
|
|
|
2014-04-16 12:25:25 +02:00
|
|
|
|
;; Make this unbuffered so 'progress-proc' works as expected. _IOLBF means
|
|
|
|
|
;; '\n', not '\r', so it's not appropriate here.
|
|
|
|
|
(setvbuf (current-output-port) _IONBF)
|
|
|
|
|
|
2012-11-12 23:10:26 +01:00
|
|
|
|
(setvbuf (current-error-port) _IOLBF)
|
|
|
|
|
|
2016-05-27 10:29:10 +02:00
|
|
|
|
(let try ((uri (append uri content-addressed-uris)))
|
2012-11-12 23:10:26 +01:00
|
|
|
|
(match uri
|
|
|
|
|
((uri tail ...)
|
|
|
|
|
(or (fetch uri file)
|
|
|
|
|
(try tail)))
|
|
|
|
|
(()
|
|
|
|
|
(format (current-error-port) "failed to download ~s from ~s~%"
|
|
|
|
|
file url)
|
|
|
|
|
#f))))
|
|
|
|
|
|
2015-02-27 15:00:38 +01:00
|
|
|
|
;;; Local Variables:
|
|
|
|
|
;;; eval: (put 'with-elapsed-time 'scheme-indent-function 1)
|
|
|
|
|
;;; End:
|
|
|
|
|
|
2012-11-12 23:10:26 +01:00
|
|
|
|
;;; download.scm ends here
|