Commit Graph

97 Commits

Author SHA1 Message Date
Ludovic Courtès
43937666ba
download: 'tls-wrap' treats premature TLS termination as EOF.
This is a backport of Guile commit
076276c4f580368b4106316a77752d69c8f1494a.

* guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
call in 'catch' and handle 'error/premature-termination' GnuTLS errors.
2021-03-19 21:44:36 +01:00
Ludovic Courtès
b168acae2a
download: 'tls-wrap' returns an unbuffered custom port.
Partly fixes <https://bugs.gnu.org/46967>.

* guix/build/download.scm (tls-wrap)[unbuffered]: New procedure.
Pass the result of 'make-custom-binary-input/output-port' to
'unbuffered'.
2021-03-11 23:19:52 +01:00
Ludovic Courtès
279d932b1c
download: 'tls-wrap' avoids intermediate buffer.
* guix/build/download.scm (tls-wrap)[read!]: Read straight into BV
instead of calling 'get-bytevector-some' and 'unget-bytevector'.
2021-03-11 23:19:52 +01:00
Ludovic Courtès
4a6ec23a97
download: Delete the output file upon failure.
This allows ENOSPC conditions to be properly reported as such rather
than as a hash mismatch due to the availability of a truncated file.

Fixes <https://bugs.gnu.org/39993>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.

* guix/build/download.scm (url-fetch): In the failure case, delete FILE.
2020-03-22 00:02:23 +01:00
Ludovic Courtès
d8a822f462
download: Remove (web http) workarounds no longer relevant.
* guix/build/download.scm <top level>: Remove workarounds for
<https://bugs.gnu.org/23421> and for
<https://lists.gnu.org/archive/html/guix-devel/2017-11/msg00070.html>.
2020-03-11 18:42:09 +01:00
Ludovic Courtès
058d0251bd
download, git: Refer to the right module in 'module-use!' call.
This fixes a regression introduced in
6a7c4636d4.

* guix/build/download.scm (load-gnutls): Call 'resolve-module' instead
of 'current-module'.
* guix/git.scm (load-git-submodules): Likewise.
2020-01-07 12:25:09 +01:00
Ludovic Courtès
6a7c4636d4
Adjust module autoloads.
In Guile < 2.9.7, autoloading a module would give you access to all its
bindings.  In future versions, autoloading a module gives access only to
the listed bindings, as per #:select (see <https://bugs.gnu.org/38895>).

This commit adjusts autoloads to the new semantics, allowing Guix to be
built with Guile 2.9.7/2.9.8.

* guix/build/download.scm <top level>: Remove call to 'module-autoload!'.
(load-gnutls): New procedure.
(tls-wrap): Call it.
* guix/git.scm <top level>: Remove call to 'module-autoload!'.
(load-git-submodules): New procedure.
(update-submodules): Call it instead of 'resolve-interface'.
* gnu/bootloader/grub.scm: Replace #:autoload with #:use-module.
* gnu/packages.scm: Likewise.
* gnu/packages/ssh.scm: Likewise.
* gnu/packages/tex.scm: Likewise.
* gnu/services/cuirass.scm: Likewise.
* gnu/services/mcron.scm: Likewise.
* guix/lint.scm: Augment list of bindings in #:autoload.
* guix/scripts/build.scm: Likewise.
* guix/scripts/gc.scm: Likewise.
* guix/scripts/pack.scm: Likewise.
* guix/scripts/publish.scm: Likewise.
* guix/scripts/pull.scm: Likewise.
* guix/utils.scm: Remove unnecessary #:autoload clauses; replace one
of them with #:use-module.
2020-01-06 16:31:54 +01:00
Ludovic Courtès
f4cde9ac4a
download: Do not leak file descriptors on TLS ports.
Fixes <https://bugs.gnu.org/20145>.

* guix/build/download.scm (%tls-ports, register-tls-record-port): Remove.
(tls-wrap): Remove call to 'register-tls-record-port'.  Return a custom
binary input/output port instead.  This is a backport of what Guile
2.2's (web client) module has been doing.
(close-connection): Define as an alias for 'close-port'.
* guix/http-client.scm (http-fetch): Remove #:keep-alive? parameter,
which was ignored and unused.
Pass #:keep-alive? #f to 'http-get'.
* guix/lint.scm (probe-uri): Use 'close-port' instead of 'close-connection'.
* guix/scripts/substitute.scm (http-multiple-get): Likewise.
2020-01-03 16:06:26 +01:00
Marius Bakke
621fb83a1f
download: Enable TLS 1.3.
This reverts commit e4ee842026.

* guix/build/download.scm (tls-wrap): Dot not disable TLS 1.3.
2019-12-26 14:29:43 +01:00
Ludovic Courtès
0d78d0f09c
download: Load *.crt certificate bundles when *.pem files are missing.
Fixes <https://bugs.gnu.org/38254>.

* guix/build/download.scm (make-credendials-with-ca-trust-files): Look
for *.crt files under DIRECTORY when *.pem files cannot be found.
2019-11-18 12:17:32 +01:00
Ludovic Courtès
674e143cf8
download: Honor /etc/ssl/certs when 'SSL_CERT_DIR' is not set.
* guix/build/download.scm (%x509-certificate-directory): Use
"/etc/ssl/certs" as a last resort.  This ensures, for instance, that
'guix download' honors system-wide certificates when SSL_CERT_DIR is
unset.
2019-10-21 18:16:16 +02:00
宋文武
9bc8175cfa
download: Support 'https_proxy'.
* guix/build/download.scm (setup-http-tunnel): New procedure.
(open-connection-for-uri): Honor the 'https_proxy' environment variable.
2019-05-13 21:36:03 +08:00
Ludovic Courtès
e4ee842026
download: Ask not to use TLS 1.3.
Works around <https://bugs.gnu.org/34102>.
Reported by Marius Bakke <mbakke@fastmail.com>.

* guix/build/download.scm (tls-wrap): Add "-VERS-TLS1.3" to the priority
string when (gnutls-version) is not prefixed by "3.5".
2019-01-26 23:18:14 +01:00
Ludovic Courtès
76832d3420
Remove most uses of the _IO*F constants.
These constants, for use with 'setvbuf', were deprecated in Guile 2.2
and disappeared in Guile 3.0.  Here we keep these constants in
build-side code where removing them is not feasible.

* guix/build/download-nar.scm (download-nar): Adjust 'setvbuf' calls to
the Guile 2.2+ API.
* guix/build/download.scm (open-socket-for-uri): Likewise.
(open-connection-for-uri, url-fetch): Likewise.
* guix/build/make-bootstrap.scm (make-stripped-libc): Likewise.
* guix/build/union.scm (setvbuf) [guile-2.0]: New conditional wrapper.
(union-build): Adjust to new API.
* guix/ftp-client.scm (ftp-open, ftp-list, ftp-retr): Likewise.
* guix/http-client.scm (http-fetch): Likewise.
* guix/inferior.scm (proxy): Likewise.
* guix/scripts/substitute.scm (fetch, http-multiple-get): Likewise.
* guix/self.scm (compiled-modules): Likewise.
* guix/ssh.scm (remote-daemon-channel, store-import-channel)
(store-export-channel): Likewise.
* guix/ui.scm (initialize-guix): Likewise.
* tests/publish.scm (http-get-port): Likewise.
* guix/store.scm (%newlines): Adjust comment.
2019-01-09 14:47:53 +01:00
Ludovic Courtès
c3d9bca48a
download: Remove Guile 2.0 workaround.
* guix/build/download.scm: Remove Guile 2.0 workaround.
2019-01-09 14:47:53 +01:00
Ludovic Courtès
a65177a657
maint: Remove 'cond-expand' forms for Guile 2.0.
Note: Leave 'cond-expand' forms used in the build-side modules that can
run on %BOOTSTRAP-GUILE, which is currently Guile 2.0.

* guix/build/compile.scm: Move 'use-modules' clause from 'cond-expand'
to 'define-module' form.
(%default-optimizations): Remove 'cond-expand'.
* guix/build/download.scm (tls-wrap): Remove 'cond-expand'.
* guix/build/syscalls.scm: Remove 'cond-expand' form around
'%set-automatic-finalization-enabled?!' and
'without-automatic-finalization'.
* guix/inferior.scm (port->inferior): Remove 'cond-expand'.
* guix/scripts/pack.scm (wrapped-package)[build]: Remove 'cond-expand'.
* guix/status.scm (build-event-output-port): Remove 'cond-expand'.
* guix/store.scm (open-inet-socket): Remove 'cond-expand'.
* guix/ui.scm (install-locale): Remove 'cond-expand'.
* tests/status.scm ("current-build-output-port, UTF-8 + garbage"):
Remove 'cond-expand'.
* tests/store.scm ("current-build-output-port, UTF-8 + garbage"):
Remove 'cond-expand'.
2019-01-09 14:47:53 +01:00
Ludovic Courtès
240a9c69a6
perform-download: Optionally report a "download-progress" trace.
* guix/scripts/perform-download.scm (perform-download): Add
 #:print-build-trace? and pass it to 'url-fetch'.
(guix-perform-download): Define 'print-build-trace?' and pass it to
'perform-download'.
* guix/build/download.scm (ftp-fetch): Add #:print-build-trace? and
honor it.
(url-fetch): Likewise.
* nix/libstore/builtins.cc (builtinDownload): Set _NIX_OPTIONS
environment variable.
2018-09-27 23:21:53 +02:00
Ludovic Courtès
1d84d7bf60
build: Require Guile >= 2.0.13.
* README, configure.ac, doc/guix.texi (Requirements): Increase minimum
Guile version from 2.0.9 to 2.0.13.
* config-daemon.ac: Remove use of 'GUIX_CHECK_UNBUFFERED_CBIP'.
* m4/guix.m4 (GUIX_CHECK_UNBUFFERED_CBIP): Remove.
* guix/build/download.scm (current-http-proxy): Remove.
* guix/build/syscalls.scm (%libc-errno-pointer, errno): Remove.
(syscall->procedure): Use #:return-errno unconditionally.
* guix/hash.scm (open-sha256-input-port)[unbuffered]: Remove outdated
comment.
* guix/http-client.scm (when-guile<=2.0.5-or-otherwise-broken): Remove.
<top level>: Remove 'when-guile<=2.0.5-or-otherwise-broken' block.
* guix/scripts/substitute.scm (fetch): Remove 'guile-version>?'
conditional.
* tests/hash.scm (supports-unbuffered-cbip?): Remove.
<top level>: Remove 'test-skip' call.
2018-02-26 18:19:34 +01:00
Maxim Cournoyer
8fbc1a2208
download: Fix return value of the url-fetch procedure.
Fixes <https://bugs.gnu.org/30270>.
Regression was introduced by commit 347fa4aebf.

* guix/build/download.scm (url-fetch): Return `file' instead of #t upon success.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2018-01-28 23:14:55 +01:00
Eric Bavier
7f04197fef
utils: Fix cond-expand for Guile 2.0.
* guix/build/download.scm (tls-wrap): Use 'guile-2.2' feature instead.
2017-12-10 15:58:55 -06:00
Ludovic Courtès
866f37fb7e
download: Improve efficiency of 'write-request' over TLS.
This is another instance of <https://bugs.gnu.org/22966>.
The Microsoft-IIS/7.5 server at static.nvd.nist.gov would sometimes hang
when receiving our requests byte by byte.

* guix/build/download.scm (tls-wrap) [!guile-2.0]: Add 'setvbuf' call.
2017-11-16 08:45:14 +01:00
Ludovic Courtès
9f8605958e
download: Pass the timeout to 'ftp-retr'.
This ensures the timeout applies when connecting to the port returned by
PASV.

* guix/ftp-client.scm (ftp-list): Add #:timeout parameter.  Use
'connect*' instead of 'connect' and pass TIMEOUT.
(ftp-retr): Likewise.
* guix/build/download.scm (ftp-fetch): Pass TIMEOUT to 'ftp-retr'.
2017-11-14 23:46:53 +01:00
Ludovic Courtès
65a19abf3f
download: Work around more bogus HTTP handling in Guile 2.2 <= 2.2.2.
Reported by Mark H Weaver <mhw@netris.org>
at <https://lists.gnu.org/archive/html/guix-devel/2017-11/msg00190.html>.

* guix/build/download.scm (guile-2.2) [write-request-line]: Backport
Guile commit 6ad28ae3bc6a6d9e95ab7d70510d12c97673a143.
2017-11-11 15:20:02 +01:00
Ludovic Courtès
59da6f04f4
download: Work around bogus HTTP handling in Guile 2.2 <= 2.2.2.
Reported by Konrad Hinsen <konrad.hinsen@fastmail.net>
at <https://lists.gnu.org/archive/html/guix-devel/2017-11/msg00070.html>.

* guix/build/download.scm (write-request-line) [guile-2.2]: New
procedure.
2017-11-10 23:11:52 +01:00
Ludovic Courtès
8c3488259e
Add (guix progress).
Among other things, this removes (guix utils), (guix ui), (guix config),
etc. from the closure of (guix build download), as was the case since
798648515b.

* guix/utils.scm (<progress-reporter>, call-with-progress-reporter):
Move to...
* guix/progress.scm: ... here.  New file.
* Makefile.am (MODULES): Add it.
* guix/build/download.scm (current-terminal-columns)
(nearest-exact-integer, duration->seconds, seconds->string)
(byte-count->string, progress-bar, string-pad-middle)
(rate-limited, progress-reporter/file, dump-port*)
(time-monotonic): Move to progress.scm.
* guix/scripts/download.scm: Adjust accordingly.
* guix/scripts/substitute.scm: Likewise.
2017-10-19 23:21:49 +02:00
Ludovic Courtès
347fa4aebf
download: Make 'http-fetch' public.
* guix/build/download.scm (http-fetch): Remove 'file' parameter.  Change
to return an input port and the content-length.  Make public.
(url-fetch): Adjust accordingly.
2017-10-19 23:21:49 +02:00
Ludovic Courtès
b3ac341d4e
download: Remove old-Guile leftovers.
This is a followup to 36626c556e.

* guix/build/download.scm (http-fetch): Rename 'port-or-bv' to 'port'.
Assume (port? port) is always true, and remove other branch.
2017-10-19 23:21:49 +02:00
宋文武
798648515b
download: Don't report the progress too fast.
* guix/utils.scm (<progress-reporter>): New record type.
(call-with-progress-reporter): New procedure.
* guix/build/download.scm (dump-port*, rate-limited, progress-reporter/file):
New procedures.
(ftp-fetch, http-fetch): Use 'dump-port*'.
(progress-proc): Remove procedure.
* guix/scripts/substitute.scm (progress-report-port): Rewrite in terms of
<progress-reporter>.
(process-substitution): Adjust accordingly.
2017-09-20 19:49:31 +08:00
Tobias Geerinckx-Rice
57d2898772
Handle the same HTTP redirects everywhere.
* guix/build/download.scm (http-fetch): Complete the hard-coded list of HTTP
redirection status codes.
* guix/http-client.scm (http-fetch): Likewise.
* guix/scripts/lint.scm (probe-uri): Likewise.
2017-09-05 20:57:13 +02:00
Ludovic Courtès
27fd13c3c2
download: Work around GnuTLS bug with UTF-8 certificate file names.
Reported by Mark H Weaver <mhw@netris.org>
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>.

* guix/build/download.scm (set-certificate-credentials-x509-trust-file!*):
New procedure.
(make-credendials-with-ca-trust-files): Use it instead of
'set-certificate-credentials-x509-trust-file!'.
2017-05-30 13:24:55 +02:00
Ludovic Courtès
7b9ac883ea
download: Continue handshake upon TLS warning alerts.
This allows us to download from site such as
<https://fusionforge.int-evry.fr> where the server does not recognize
the server name passed via the 'server_name' extension.

* guix/build/download.scm (tls-wrap): Catch 'gnutls-error' around
'handshake'.  Upon ERROR/WARNING-ALERT-RECEIVED, print a message and
call 'handshake'.
2017-05-02 23:41:13 +02:00
Ludovic Courtès
25a49294ca
cache: Work around 'time-monotonic' bug in Guile 2.2.2.
* guix/cache.scm (time-monotonic) [guile-2.2]: New variable.
* tests/cache.scm (time-monotonic) [guile-2.2]: Likewise.
* guix/build/download.scm (time-monotonic) [guile-2.2]: Adjust comment:
it's a 2.2.2 bug.
2017-04-22 14:42:15 +02:00
Ludovic Courtès
1fe958d62a
download: Work around Guile 2.2 bug with 'time-monotonic' objects.
* guix/build/download.scm (time-monotonic) [guile-2.2]: New variable.
2017-04-22 01:25:22 +02:00
Ludovic Courtès
6dfd683dc7
download: Properly parse ftp:// URLs that lack user info.
Fixes a regression introduced in
a4f5423415.

Reported by Hartmut Goebel.

* guix/build/download.scm (ftp-fetch): Account for the case where
'uri-userinfo' returns #f.  Remove the case where it returns "" since
that cannot happen.
2017-03-28 13:30:09 +02:00
Roel Janssen
a4f5423415
download: Handle username and password properties for FTP URIs.
* guix/build/download.scm (ftp-fetch): Process username and password from a URI.
2017-03-21 12:15:14 +01:00
Ludovic Courtès
4fd06a4dd1
http-client: Avoid name clash with 'open-connection-for-uri' in 2.2.0.
* guix/build/download.scm (open-connection-for-uri): Add note about
same-named binding in Guile 2.2.0.
* guix/http-client.scm: Use 'guix:open-connection-for-uri' for the
procedure coming from (guix build download).
* guix/scripts/lint.scm: Likewise.
* guix/scripts/substitute.scm: Likewise.
2017-03-18 00:39:50 +01:00
Ludovic Courtès
36626c556e
build: Require Guile >= 2.0.9.
* configure.ac: Bump requirement to 2.0.9.
* doc/guix.texi (Requirements): Adjust accordingly.
* README (Requirements): Likewise.
* build-aux/download.scm: Remove workaround for <http://bugs.gnu.org/13095>.
* guix/build/download.scm: Likewise.
(http-fetch)[post-2.0.7?]: Remove.  Remove conditional code for not
POST-2.0.7?.
* guix/http-client.scm:  Remove workaround for <http://bugs.gnu.org/13095>.
(http-fetch)[post-2.0.7?]: Remove.  Remove conditional code for not
POST-2.0.7?.
* guix/serialization.scm (read-latin1-string): Remove mention of 2.0.9.
* tests/nar.scm: Use (ice-9 control).
(let/ec): Remove.
2017-03-18 00:39:49 +01:00
Ludovic Courtès
b111bceecc
download: Export '%x509-certificate-directory'.
* guix/build/download.scm (%x509-certificate-directory): Export, as
expected by (guix scripts pull) since commit
7e81d699de.
2017-03-13 21:52:38 +01:00
Ludovic Courtès
580deec5b4
download: Protect against dangling symlinks in $SSL_CERT_DIR.
Reported by Christopher Baines <mail@cbaines.net>
in <https://bugs.gnu.org/25213>.

* guix/build/download.scm (make-credendials-with-ca-trust-files): Check
whether FILE exists before calling
'set-certificate-credentials-x509-trust-file!'.
2016-12-16 18:00:01 +01:00
Ludovic Courtès
bc3c41ce36
download: Verify TLS certificates unless asked not to.
Fixes <http://bugs.gnu.org/24466>.
Reported by Leo Famulari <leo@famulari.name>.

* guix/build/download.scm (%x509-certificate-directory): New variable.
(make-credendials-with-ca-trust-files, peer-certificate)
(assert-valid-server-certificate, print-tls-certificate-error): New
procedures.  Add 'print-tls-certificate-error' as an exception printer
for 'tls-certificate-error'.
(tls-wrap): Add #:verify-certificate? parameter and honor it.
(open-connection-for-uri): Likewise.
(http-fetch): Likewise.
(url-fetch): Likewise.
* guix/download.scm (url-fetch)[builder]: Pass #:verify-certificate? #f.
* guix/scripts/lint.scm (probe-uri): Add case for 'tls-certificate-error'.
(validate-uri): Likewise.
* doc/guix.texi (Invoking guix download): Mention 'SSL_CERT_DIR'.
2016-11-07 23:39:01 +01:00
Ludovic Courtès
38f1cf8a8e
download: Pass the raw file name to content-addressed mirrors.
* guix/build/download.scm (url-fetch)[content-addressed-uris]: Call
'strip-store-file-name' on FILE before passing it to 'make-url'.
2016-07-31 18:27:14 +02:00
Ludovic Courtès
ab84b927ef
download: Prepare to support the 'guix publish' /file URLs.
* guix/download.scm (%content-addressed-mirrors): Add 'file' parameter
to the lambda.
* guix/build/download.scm (url-fetch)[content-addressed-uris]: Adjust
accordingly.
2016-07-20 17:02:35 +02:00
David Thompson
242ad41c01
download: Use basic authentication when userinfo is present in URI.
* guix/download.scm (url-fetch): Include (guix base64) module on the
  build-side.
* guix/build/download.scm (http-fetch): Add "Authorization" header when
  userinfo is present in the URI.
2016-06-29 08:51:41 -04:00
Ludovic Courtès
b18ede2704
download: Default to a 10s connection establishment timeout.
* guix/build/download.scm (ftp-fetch): Add #:timeout and pass it to
'ftp-open'.
(http-fetch): Add #:timeout and pass it to 'open-connection-for-uri' and
in recursive calls.
(url-fetch): Add #:timeout and pass it to 'http-fetch' and 'ftp-fetch'.
2016-05-27 10:37:11 +02:00
Ludovic Courtès
dab2472c6a
download: Use URI objects for content-addressed mirrors.
This fixes a bug whereby 'http-fetch' would be passed a string instead
of a URI object.

* guix/build/download.scm (url-fetch): Rename 'content-addressed-urls'
to 'content-addressed-uris', and call 'string->uri'.
2016-05-27 10:37:11 +02:00
Ricardo Wurmus
8bfd602bb0 build: Accept dates with space-padded hour field.
* guix/build/download.scm: Replace "parse-rfc-822-date" from the (web
  http) module.
2016-05-16 18:26:26 +02:00
Ludovic Courtès
cd436bf05a
download: Support content-addressed mirrors.
* guix/download.scm (%content-addressed-mirrors)
(%content-addressed-mirror-file): New variables.
* guix/download.scm (url-fetch)[builder]: Define
'value-from-environment.  Pass #:hashes and
 #:content-addressed-mirrors to 'url-fetch'.
Define "guix download hashes" environment variable.
* guix/build/download.scm (url-fetch): Add #:content-addressed-mirrors
and #:hashes.
[content-addressed-urls]: New variable.
Use it.
2016-05-14 17:37:47 +02:00
Ludovic Courtès
cf5e58297d substitute: Better abbreviate substitute URL in progress report.
Suggested by Danny Milosavljevic <dannym@scratchpost.org>.

* guix/build/download.scm (nar-uri-abbreviation): New procedure.
* guix/scripts/substitute.scm (process-substitution): Use it instead of
'store-path-abbreviation'.
2016-04-20 23:01:41 +02:00
Ludovic Courtès
3e31ec827a download: 'uri-abbreviation' can abbreviate the URI's basename.
* guix/build/download.scm (uri-abbreviation): Use 'ellipsis' instead of
"...".  Abbreviate the basename of PATH if needed.
2016-04-20 22:52:35 +02:00
Ludovic Courtès
967ee481e8 download: Add "%COMPAT" to the priority string.
Fixes <http://bugs.gnu.org/23311>.

* guix/build/download.scm (tls-wrap): Add 'set-session-priorities!' call.
2016-04-20 13:17:52 +02:00