* guix/scripts/substitute.scm (or*): New macro.
(%cache-url): Honor "untrusted-substitute-urls".
* guix/tests.scm (%test-substitute-urls): New variable.
(open-connection-for-tests): Use it.
* tests/derivations.scm ("derivation-prerequisites-to-build and substitutes",
"derivation-prerequisites-to-build and substitutes, non-substitutable
build", "derivation-prerequisites-to-build and substitutes, local build"):
Pass it to 'set-build-options'.
* tests/guix-daemon.sh: Likewise.
* tests/store.scm ("substitute query, alternating URLs"): New test.
("substitute query", "substitute", "substitute + build-things with output
path", "substitute, corrupt output hash", "substitute --fallback"): Pass
#:substitute-urls to 'set-build-options'.
This ensures that switching between different substitute servers doesn't lead
to a polluted narinfo cache.
* guix/scripts/substitute.scm (narinfo-cache-file): Add 'cache-url'
parameter. Add the base32 of CACHE-URL as a sub-directory under
%NARINFO-CACHE-DIRECTORY. Update callers.
(cached-narinfo): Likewise. Call 'mkdir-p' on the dirname of the cache
file. Update callers.
(remove-expired-cached-narinfos): Add 'directory' parameter and use it
instead of %NARINFO-CACHE-DIRECTORY.
(narinfo-cache-directories): New procedure.
(maybe-remove-expired-cached-narinfo): Call 'remove-expired-cached-narinfos'
for each item returned by 'narinfo-cache-directories'.
* guix/scripts/substitute.scm (<cache>): Rename to...
(<cache-info>): ... this.
(open-cache): Rename to...
(download-cache-info): ... this. Return a <cache-info> or #f.
(open-cache*): Remove.
(cache-narinfo!): Take a URL instead of a <cache> as the first parameter.
(fetch-narinfos): Likewise. Call 'download-cache-info'. Remove use of
'force'.
(guix-substitute): Replace calls to 'open-cache*' with %CACHE-URL.
Reported
at <http://lists.gnu.org/archive/html/guix-devel/2015-07/msg00119.html>.
* guix/scripts/substitute.scm (http-multiple-get): When RESP has "Connection:
close", consume HEAD anyway; always call PROC to read from BODY.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Previously, code using directly (guix build download) was still affected
by <http://bugs.gnu.org/15368>. This includes source derivations, the
'guix download' command, and (guix gnu-maintenance).
'guix substitute' was unaffected since it used (guix http-client), which
already had the fix.
* guix/http-client.scm (open-socket-for-uri): Remove.
(http-fetch): Remove #:buffered? argument to 'open-socket-for-uri';
use 'setvbuf' instead.
* guix/scripts/substitute.scm (fetch): Likewise.
* guix/build/download.scm (open-socket-for-uri): New procedure, taken
from guix/http-client.scm, but without the #:buffered? parameter.
In practice we would not leak much since we reconnect after ~100
requests (with nginx running on hydra.gnu.org.)
* guix/scripts/substitute.scm (http-multiple-get): Call 'close-port'
before 'connect'.