guix-devel/guix/build
Ludovic Courtès bc3c41ce36
download: Verify TLS certificates unless asked not to.
Fixes <http://bugs.gnu.org/24466>.
Reported by Leo Famulari <leo@famulari.name>.

* guix/build/download.scm (%x509-certificate-directory): New variable.
(make-credendials-with-ca-trust-files, peer-certificate)
(assert-valid-server-certificate, print-tls-certificate-error): New
procedures.  Add 'print-tls-certificate-error' as an exception printer
for 'tls-certificate-error'.
(tls-wrap): Add #:verify-certificate? parameter and honor it.
(open-connection-for-uri): Likewise.
(http-fetch): Likewise.
(url-fetch): Likewise.
* guix/download.scm (url-fetch)[builder]: Pass #:verify-certificate? #f.
* guix/scripts/lint.scm (probe-uri): Add case for 'tls-certificate-error'.
(validate-uri): Likewise.
* doc/guix.texi (Invoking guix download): Mention 'SSL_CERT_DIR'.
2016-11-07 23:39:01 +01:00
..
ant-build-system.scm guix: ant-build-system: Fix pattern for collecting jar files. 2016-09-03 10:36:20 +02:00
asdf-build-system.scm build-system: Add asdf-build-system. 2016-10-08 21:20:35 +08:00
bournish.scm bournish: Add 'reboot' command. 2016-10-10 21:40:23 +02:00
cmake-build-system.scm utils: 'modify-phases' no longer introduces quotes. 2015-03-31 22:43:01 +02:00
cvs.scm cvs: Disable compression. 2016-04-01 00:05:42 +02:00
download.scm download: Verify TLS certificates unless asked not to. 2016-11-07 23:39:01 +01:00
emacs-build-system.scm Merge branch 'master' into core-updates 2016-06-27 09:30:01 +02:00
emacs-utils.scm build: emacs-utils: Add 'emacs-byte-compile-directory'. 2015-07-08 10:53:05 +02:00
git.scm git-download: Correctly implement recursive checkouts. 2016-01-05 00:28:42 +01:00
glib-or-gtk-build-system.scm build-system/glib-or-gtk: Don't generate 'icon-theme.cache'. 2015-09-11 20:24:30 +08:00
gnu-build-system.scm build-system/gnu: Do not patch symlinks. 2016-02-09 11:39:30 +01:00
gnu-dist.scm utils: 'modify-phases' no longer introduces quotes. 2015-03-31 22:43:01 +02:00
graft.scm grafts: Remove unnecessary 'umask' call. 2016-10-17 23:59:03 +02:00
gremlin.scm gremlin: Add support for the expansion of $ORIGIN in RUNPATH. 2015-04-23 18:52:40 +02:00
haskell-build-system.scm build-system/haskell: Fix package.conf parsing. 2016-01-19 18:01:07 -06:00
hg.scm guix: Add downloader for Mercurial repositories. 2016-06-15 17:02:18 +02:00
lisp-utils.scm build-system: Add asdf-build-system. 2016-10-08 21:20:35 +08:00
perl-build-system.scm utils: 'modify-phases' no longer introduces quotes. 2015-03-31 22:43:01 +02:00
profiles.scm profiles: Export 'ensure-writable-directory' and use it. 2015-05-27 22:36:52 +02:00
pull.scm build: Improve Guile 2.2 compatibility. 2016-09-29 23:59:06 +02:00
python-build-system.scm Revert "guix: python-build-system: Fix an outdated comment." 2016-10-13 15:27:16 -04:00
qt-utils.scm build: Add wrap-qt-program. 2016-08-30 22:38:28 +02:00
r-build-system.scm build: Add R build system. 2015-08-31 15:39:34 +02:00
rpath.scm Add (guix build rpath). 2013-05-08 23:45:02 +02:00
ruby-build-system.scm guix: ruby-build-system: Add replace-git-ls-files. 2016-08-30 10:31:48 +10:00
store-copy.scm vm: Move store copy handling to (guix build store-copy). 2014-09-04 23:24:54 +02:00
svn.scm guix: Support authentication when fetching from SVN. 2016-07-03 18:55:30 +02:00
syscalls.scm syscalls: Use #:return-errno? when it is available. 2016-09-06 11:12:11 +02:00
union.scm union: Compare inode numbers in 'file=?'. 2016-05-23 18:05:46 +02:00
utils.scm utils: Have search-path-as-list pattern search for directories. 2015-10-29 17:30:18 -05:00
waf-build-system.scm utils: 'modify-phases' no longer introduces quotes. 2015-03-31 22:43:01 +02:00