guix download: Add '--no-check-certificate' option.

* guix/download.scm (download-to-store): Add #:verify-certificate?
parameter and honor it.
* guix/scripts/download.scm (%default-options): Add
'verify-certificate?' key.
(show-help, %options): Add '--no-check-certificate'.
(guix-download): Pass #:verify-certificate to 'download-to-store'.
* doc/guix.texi (Invoking guix download): Document it.
This commit is contained in:
Ludovic Courtès 2016-11-07 23:29:45 +01:00
parent bc3c41ce36
commit 64b8695cd8
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
3 changed files with 30 additions and 7 deletions

View File

@ -4771,15 +4771,23 @@ GnuTLS-Guile}, for more information.
@command{guix download} verifies HTTPS server certificates by loading @command{guix download} verifies HTTPS server certificates by loading
the certificates of X.509 authorities from the directory pointed to by the certificates of X.509 authorities from the directory pointed to by
the @code{SSL_CERT_DIR} environment variable (@pxref{X.509 the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
Certificates}). Certificates}), unless @option{--no-check-certificate} is used.
The following option is available: The following options are available:
@table @code @table @code
@item --format=@var{fmt} @item --format=@var{fmt}
@itemx -f @var{fmt} @itemx -f @var{fmt}
Write the hash in the format specified by @var{fmt}. For more Write the hash in the format specified by @var{fmt}. For more
information on the valid values for @var{fmt}, @pxref{Invoking guix hash}. information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
@item --no-check-certificate
Do not validate the X.509 certificates of HTTPS servers.
When using this option, you have @emph{absolutely no guarantee} that you
are communicating with the authentic server responsible for the given
URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
@end table @end table
@node Invoking guix hash @node Invoking guix hash

View File

@ -434,10 +434,12 @@ own. This helper makes it easier to deal with \"tar bombs\"."
#:local-build? #t))) #:local-build? #t)))
(define* (download-to-store store url #:optional (name (basename url)) (define* (download-to-store store url #:optional (name (basename url))
#:key (log (current-error-port)) recursive?) #:key (log (current-error-port)) recursive?
(verify-certificate? #t))
"Download from URL to STORE, either under NAME or URL's basename if "Download from URL to STORE, either under NAME or URL's basename if
omitted. Write progress reports to LOG. RECURSIVE? has the same effect as omitted. Write progress reports to LOG. RECURSIVE? has the same effect as
the same-named parameter of 'add-to-store'." the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines
whether or not to validate HTTPS server certificates."
(define uri (define uri
(string->uri url)) (string->uri url))
@ -448,7 +450,10 @@ the same-named parameter of 'add-to-store'."
(lambda (temp port) (lambda (temp port)
(let ((result (let ((result
(parameterize ((current-output-port log)) (parameterize ((current-output-port log))
(build:url-fetch url temp #:mirrors %mirrors)))) (build:url-fetch url temp
#:mirrors %mirrors
#:verify-certificate?
verify-certificate?))))
(close port) (close port)
(and result (and result
(add-to-store store name recursive? "sha256" temp))))))) (add-to-store store name recursive? "sha256" temp)))))))

View File

@ -41,7 +41,8 @@
(define %default-options (define %default-options
;; Alist of default option values. ;; Alist of default option values.
`((format . ,bytevector->nix-base32-string))) `((format . ,bytevector->nix-base32-string)
(verify-certificate? . #t)))
(define (show-help) (define (show-help)
(display (_ "Usage: guix download [OPTION] URL (display (_ "Usage: guix download [OPTION] URL
@ -52,6 +53,9 @@ Supported formats: 'nix-base32' (default), 'base32', and 'base16'
('hex' and 'hexadecimal' can be used as well).\n")) ('hex' and 'hexadecimal' can be used as well).\n"))
(format #t (_ " (format #t (_ "
-f, --format=FMT write the hash in the given format")) -f, --format=FMT write the hash in the given format"))
(format #t (_ "
--no-check-certificate
do not validate the certificate of HTTPS servers "))
(newline) (newline)
(display (_ " (display (_ "
-h, --help display this help and exit")) -h, --help display this help and exit"))
@ -77,6 +81,9 @@ Supported formats: 'nix-base32' (default), 'base32', and 'base16'
(alist-cons 'format fmt-proc (alist-cons 'format fmt-proc
(alist-delete 'format result)))) (alist-delete 'format result))))
(option '("no-check-certificate") #f #f
(lambda (opt name arg result)
(alist-cons 'verify-certificate? #f result)))
(option '(#\h "help") #f #f (option '(#\h "help") #f #f
(lambda args (lambda args
@ -120,7 +127,10 @@ Supported formats: 'nix-base32' (default), 'base32', and 'base16'
(parameterize ((current-terminal-columns (parameterize ((current-terminal-columns
(terminal-columns))) (terminal-columns)))
(download-to-store store (uri->string uri) (download-to-store store (uri->string uri)
(basename (uri-path uri))))))) (basename (uri-path uri))
#:verify-certificate?
(assoc-ref opts
'verify-certificate?))))))
(hash (call-with-input-file (hash (call-with-input-file
(or path (or path
(leave (_ "~a: download failed~%") (leave (_ "~a: download failed~%")