diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-07-09 17:24:13 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-07-10 00:11:00 +0200 |
commit | a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3 (patch) | |
tree | a552dd04f18d9858d96e57e750d949efedfa1876 | |
parent | 722ad41c44a499d2250c79527ef7d069ca728de0 (diff) | |
download | guix-a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3.tar.gz guix-a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3.zip |
git-download: Don't verify X.509 certificate of SWH.
Fixes <https://bugs.gnu.org/42286>.
Regression introduced with the switch to Guile 3.0 in commit
b6bee63bed4f013064c0d902e7c8b83ed7514ade.
* guix/git-download.scm (git-fetch): Parameterize %VERIFY-SWH-CERTIFICATE.
-rw-r--r-- | guix/git-download.scm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/guix/git-download.scm b/guix/git-download.scm index a1c1adf760..71ea1031c5 100644 --- a/guix/git-download.scm +++ b/guix/git-download.scm @@ -140,9 +140,11 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." (download-nar #$output) ;; As a last resort, attempt to download from Software Heritage. + ;; Disable X.509 certificate verification to avoid depending + ;; on nss-certs--we're authenticating the checkout anyway. ;; XXX: Currently recursive checkouts are not supported. (and (not recursive?) - (begin + (parameterize ((%verify-swh-certificate? #f)) (format (current-error-port) "Trying to download from Software Heritage...~%") (swh-download (getenv "git url") (getenv "git commit") |