aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-11-26 12:30:45 +0100
committerLudovic Courtès <ludo@gnu.org>2019-11-27 00:03:03 +0100
commit434138e2f26b28bb5cc83e62327aae8ed0902475 (patch)
tree172c6e034fb8cb633b39223ea9e20149a2a4d97c
parent7f3bbfaf8ec3b96e02e0cf74e7515ac33c002107 (diff)
downloadguix-434138e2f26b28bb5cc83e62327aae8ed0902475.tar.gz
guix-434138e2f26b28bb5cc83e62327aae8ed0902475.zip
substitute: Make '%allow-unauthenticated-substitutes?' public.
* guix/scripts/substitute.scm (warn-about-missing-authentication): New procedure. (%allow-unauthenticated-substitutes?): Turn into a public parameter and use 'warn-about-missing-authentication'. (valid-narinfo?): Adjust accordingly. * tests/substitute.scm (call-with-narinfo): Likewise.
-rwxr-xr-xguix/scripts/substitute.scm22
-rw-r--r--tests/substitute.scm6
2 files changed, 17 insertions, 11 deletions
diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index 992b21d505..ba2fb291d8 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -86,6 +86,8 @@
read-narinfo
write-narinfo
+ %allow-unauthenticated-substitutes?
+
substitute-urls
guix-substitute))
@@ -118,15 +120,21 @@
(string-append %state-directory "/substitute/cache"))
(string-append (cache-directory #:ensure? #f) "/substitute")))
+(define (warn-about-missing-authentication)
+ (warning (G_ "authentication and authorization of substitutes \
+disabled!~%"))
+ #t)
+
(define %allow-unauthenticated-substitutes?
;; Whether to allow unchecked substitutes. This is useful for testing
;; purposes, and should be avoided otherwise.
- (and (and=> (getenv "GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES")
- (cut string-ci=? <> "yes"))
- (begin
- (warning (G_ "authentication and authorization of substitutes \
-disabled!~%"))
- #t)))
+ (make-parameter
+ (and=> (getenv "GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES")
+ (cut string-ci=? <> "yes"))
+ (lambda (value)
+ (when value
+ (warn-about-missing-authentication))
+ value)))
(define %narinfo-ttl
;; Number of seconds during which cached narinfo lookups are considered
@@ -370,7 +378,7 @@ No authentication and authorization checks are performed here!"
(define* (valid-narinfo? narinfo #:optional (acl (current-acl))
#:key verbose?)
"Return #t if NARINFO's signature is not valid."
- (or %allow-unauthenticated-substitutes?
+ (or (%allow-unauthenticated-substitutes?)
(let ((hash (narinfo-sha256 narinfo))
(signature (narinfo-signature narinfo))
(uri (uri->string (first (narinfo-uris narinfo)))))
diff --git a/tests/substitute.scm b/tests/substitute.scm
index ff2be662be..a4246aff82 100644
--- a/tests/substitute.scm
+++ b/tests/substitute.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -169,9 +169,7 @@ a file for NARINFO."
(cute write-file
(string-append narinfo-directory "/example.out") <>))
- (set! (@@ (guix scripts substitute)
- %allow-unauthenticated-substitutes?)
- #f))
+ (%allow-unauthenticated-substitutes? #f))
thunk
(lambda ()
(when (file-exists? cache-directory)