aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-07-09 17:24:13 +0200
committerLudovic Courtès <ludo@gnu.org>2020-07-10 00:11:00 +0200
commita7696b9733d4ede9817a0a0accb5ce5b85d9a2d3 (patch)
treea552dd04f18d9858d96e57e750d949efedfa1876
parent722ad41c44a499d2250c79527ef7d069ca728de0 (diff)
downloadguix-a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3.tar.gz
guix-a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3.zip
git-download: Don't verify X.509 certificate of SWH.
Fixes <https://bugs.gnu.org/42286>. Regression introduced with the switch to Guile 3.0 in commit b6bee63bed4f013064c0d902e7c8b83ed7514ade. * guix/git-download.scm (git-fetch): Parameterize %VERIFY-SWH-CERTIFICATE.
-rw-r--r--guix/git-download.scm4
1 files changed, 3 insertions, 1 deletions
diff --git a/guix/git-download.scm b/guix/git-download.scm
index a1c1adf760..71ea1031c5 100644
--- a/guix/git-download.scm
+++ b/guix/git-download.scm
@@ -140,9 +140,11 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f."
(download-nar #$output)
;; As a last resort, attempt to download from Software Heritage.
+ ;; Disable X.509 certificate verification to avoid depending
+ ;; on nss-certs--we're authenticating the checkout anyway.
;; XXX: Currently recursive checkouts are not supported.
(and (not recursive?)
- (begin
+ (parameterize ((%verify-swh-certificate? #f))
(format (current-error-port)
"Trying to download from Software Heritage...~%")
(swh-download (getenv "git url") (getenv "git commit")