download: Honor #:verify-certificate? for SWH downloads.

Previously, the SWH + Disarchive fallback could fail with: Trying to use Disarchive to assemble /gnu/store/…-ucsim-0.6-pre68.tar.gz... Assembling the directory ucsim-0.6-pre68 Downloading /gnu/store/…-ucsim-0.6-pre68.tar.gz from Software Heritage... X.509 certificate of 'archive.softwareheritage.org' could not be verified: signer-not-found invalid Could not resolve directory reference This will no longer be the case since 'guix perform-download' passes #:verify-certificate? #f. * guix/build/download.scm (disarchive-fetch/any): Parameterize '%verify-swh-certificate?'.
2021-10-04 23:03:41 +02:00 · 2021-10-04 23:03:41 +02:00 · 6d02a994f9
parent ce83883f3d
commit 6d02a994f9
1 changed files with 2 additions and 1 deletions
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@ -674,7 +674,8 @@ (define (resolve addresses output)
     (match (fetch-specification uris)
       (#f (format #t "could not find its Disarchive specification~%")
           #f)
-       (spec (parameterize ((%disarchive-log-port (current-output-port)))
+       (spec (parameterize ((%disarchive-log-port (current-output-port))
+                            (%verify-swh-certificate? verify-certificate?))
               (false-if-exception*
                (disarchive-assemble spec file #:resolver resolve))))))))