The custom input/output port wrapping the TLS session record port would
introduce overhead, and it would also prevent its uses in a non-blocking
context--e.g., with Fibers. The port close mechanism added in GnuTLS
3.7.7 allows us to get rid of that wrapper.
* guix/build/download.scm (wrap-record-port-for-gnutls<3.7.7): New
procedure, with code formerly in 'tls-wrap'.
(tls-wrap): Check for 'set-session-record-port-close!' and use it when
available; otherwise call 'wrap-record-port-for-gnutls<3.7.7'.
Previously we'd load /etc/ssl/certs/*.pem (or similar) every time
'http-fetch' is called.
* guix/build/download.scm (make-credendials-with-ca-trust-files): Wrap
in 'mlambda'.
Previously, the SWH + Disarchive fallback could fail with:
Trying to use Disarchive to assemble /gnu/store/…-ucsim-0.6-pre68.tar.gz...
Assembling the directory ucsim-0.6-pre68
Downloading /gnu/store/…-ucsim-0.6-pre68.tar.gz from Software Heritage...
X.509 certificate of 'archive.softwareheritage.org' could not be verified:
signer-not-found
invalid
Could not resolve directory reference
This will no longer be the case since 'guix perform-download'
passes #:verify-certificate? #f.
* guix/build/download.scm (disarchive-fetch/any): Parameterize
'%verify-swh-certificate?'.
Suggested by Florian Pelz <pelzflorian@pelzflorian.de>.
* guix/build/download.scm (internet-archive-uri): New procedure.
(url-fetch): Append it to the list of URIs after
CONTENT-ADDRESSED-URIS.
As discussed at <https://issues.guix.gnu.org/47336#16>.
* guix/build/download.scm (url-fetch)[disarchive-uris]: Accept MIRROR as
a procedure.
* guix/download.scm (%disarchive-mirrors): Add comment. This change can
only be made once a 'guix perform-download' that understands procedures
is widely deployed.
Fixes <https://bugs.gnu.org/49223>.
Reported by Domagoj Stolfa <ds815@gmx.com>.
* guix/build/download.scm (tls-wrap): Retry up to 5 times when
'handshake' throws a non-fatal error.
Normal error reporting was disrupted by the introduction of
Disarchive in commit fbc2a52a32. In
particular, running 'guix download' would succeed with a partially
downloaded file.
* guix/build/download.scm (disarchive-fetch/any): Return '#f' when
Disarchive cannot be found, the specification cannot be found, or
Disarchive fails due to an error.
This is a fixed version of 66b14dccdd,
which was reverted in e74250c3c5.
* guix/download.scm (%disarchive-mirrors): New variable.
(%disarchive-mirror-file): New variable.
(built-in-download): Add 'disarchive-mirrors' keyword argument and
pass its value along to the 'builtin:download' derivation.
(url-fetch): Pass '%disarchive-mirror-file' to 'built-in-download'.
* guix/scripts/perform-download.scm (perform-download): Read
Disarchive mirrors from the environment and pass them to
'url-fetch'.
* guix/build/download.scm (disarchive-fetch/any): New procedure.
(url-fetch): Add 'disarchive-mirrors' keyword argument, use it to
make a list of URIs, and use the new procedure to fetch the file if
all other methods fail.
* build-aux/build-self.scm (build-program)[select?]: Exclude '(guix
build download)'.
* guix/self.scm (compiled-guix)[*core-modules*]: Add 'guile-json' to
the list of extensions.
* guix/download.scm (%disarchive-mirrors): New variable.
(%disarchive-mirror-file): New variable.
(built-in-download): Add 'disarchive-mirrors' keyword argument and
pass its value along to the 'builtin:download' derivation.
(url-fetch): Pass '%disarchive-mirror-file' to 'built-in-download'.
* guix/scripts/perform-download.scm (perform-download): Read
Disarchive mirrors from the environment and pass them to
'url-fetch'.
* guix/build/download.scm (disarchive-fetch/any): New procedure.
(url-fetch): Add 'disarchive-mirrors' keyword argument, use it to
make a list of URIs, and use the new procedure to fetch the file if
all other methods fail.
This is a backport of Guile commit
076276c4f580368b4106316a77752d69c8f1494a.
* guix/build/download.scm (tls-wrap)[read!]: Wrap 'get-bytevector-n!'
call in 'catch' and handle 'error/premature-termination' GnuTLS errors.
Partly fixes <https://bugs.gnu.org/46967>.
* guix/build/download.scm (tls-wrap)[unbuffered]: New procedure.
Pass the result of 'make-custom-binary-input/output-port' to
'unbuffered'.
This allows ENOSPC conditions to be properly reported as such rather
than as a hash mismatch due to the availability of a truncated file.
Fixes <https://bugs.gnu.org/39993>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* guix/build/download.scm (url-fetch): In the failure case, delete FILE.
This fixes a regression introduced in
6a7c4636d4.
* guix/build/download.scm (load-gnutls): Call 'resolve-module' instead
of 'current-module'.
* guix/git.scm (load-git-submodules): Likewise.
In Guile < 2.9.7, autoloading a module would give you access to all its
bindings. In future versions, autoloading a module gives access only to
the listed bindings, as per #:select (see <https://bugs.gnu.org/38895>).
This commit adjusts autoloads to the new semantics, allowing Guix to be
built with Guile 2.9.7/2.9.8.
* guix/build/download.scm <top level>: Remove call to 'module-autoload!'.
(load-gnutls): New procedure.
(tls-wrap): Call it.
* guix/git.scm <top level>: Remove call to 'module-autoload!'.
(load-git-submodules): New procedure.
(update-submodules): Call it instead of 'resolve-interface'.
* gnu/bootloader/grub.scm: Replace #:autoload with #:use-module.
* gnu/packages.scm: Likewise.
* gnu/packages/ssh.scm: Likewise.
* gnu/packages/tex.scm: Likewise.
* gnu/services/cuirass.scm: Likewise.
* gnu/services/mcron.scm: Likewise.
* guix/lint.scm: Augment list of bindings in #:autoload.
* guix/scripts/build.scm: Likewise.
* guix/scripts/gc.scm: Likewise.
* guix/scripts/pack.scm: Likewise.
* guix/scripts/publish.scm: Likewise.
* guix/scripts/pull.scm: Likewise.
* guix/utils.scm: Remove unnecessary #:autoload clauses; replace one
of them with #:use-module.
Fixes <https://bugs.gnu.org/20145>.
* guix/build/download.scm (%tls-ports, register-tls-record-port): Remove.
(tls-wrap): Remove call to 'register-tls-record-port'. Return a custom
binary input/output port instead. This is a backport of what Guile
2.2's (web client) module has been doing.
(close-connection): Define as an alias for 'close-port'.
* guix/http-client.scm (http-fetch): Remove #:keep-alive? parameter,
which was ignored and unused.
Pass #:keep-alive? #f to 'http-get'.
* guix/lint.scm (probe-uri): Use 'close-port' instead of 'close-connection'.
* guix/scripts/substitute.scm (http-multiple-get): Likewise.
Fixes <https://bugs.gnu.org/38254>.
* guix/build/download.scm (make-credendials-with-ca-trust-files): Look
for *.crt files under DIRECTORY when *.pem files cannot be found.
* guix/build/download.scm (%x509-certificate-directory): Use
"/etc/ssl/certs" as a last resort. This ensures, for instance, that
'guix download' honors system-wide certificates when SSL_CERT_DIR is
unset.
Works around <https://bugs.gnu.org/34102>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* guix/build/download.scm (tls-wrap): Add "-VERS-TLS1.3" to the priority
string when (gnutls-version) is not prefixed by "3.5".
* guix/scripts/perform-download.scm (perform-download): Add
#:print-build-trace? and pass it to 'url-fetch'.
(guix-perform-download): Define 'print-build-trace?' and pass it to
'perform-download'.
* guix/build/download.scm (ftp-fetch): Add #:print-build-trace? and
honor it.
(url-fetch): Likewise.
* nix/libstore/builtins.cc (builtinDownload): Set _NIX_OPTIONS
environment variable.
This is another instance of <https://bugs.gnu.org/22966>.
The Microsoft-IIS/7.5 server at static.nvd.nist.gov would sometimes hang
when receiving our requests byte by byte.
* guix/build/download.scm (tls-wrap) [!guile-2.0]: Add 'setvbuf' call.
This ensures the timeout applies when connecting to the port returned by
PASV.
* guix/ftp-client.scm (ftp-list): Add #:timeout parameter. Use
'connect*' instead of 'connect' and pass TIMEOUT.
(ftp-retr): Likewise.
* guix/build/download.scm (ftp-fetch): Pass TIMEOUT to 'ftp-retr'.
Among other things, this removes (guix utils), (guix ui), (guix config),
etc. from the closure of (guix build download), as was the case since
798648515b.
* guix/utils.scm (<progress-reporter>, call-with-progress-reporter):
Move to...
* guix/progress.scm: ... here. New file.
* Makefile.am (MODULES): Add it.
* guix/build/download.scm (current-terminal-columns)
(nearest-exact-integer, duration->seconds, seconds->string)
(byte-count->string, progress-bar, string-pad-middle)
(rate-limited, progress-reporter/file, dump-port*)
(time-monotonic): Move to progress.scm.
* guix/scripts/download.scm: Adjust accordingly.
* guix/scripts/substitute.scm: Likewise.
* guix/build/download.scm (http-fetch): Remove 'file' parameter. Change
to return an input port and the content-length. Make public.
(url-fetch): Adjust accordingly.
This is a followup to 36626c556e.
* guix/build/download.scm (http-fetch): Rename 'port-or-bv' to 'port'.
Assume (port? port) is always true, and remove other branch.
* guix/utils.scm (<progress-reporter>): New record type.
(call-with-progress-reporter): New procedure.
* guix/build/download.scm (dump-port*, rate-limited, progress-reporter/file):
New procedures.
(ftp-fetch, http-fetch): Use 'dump-port*'.
(progress-proc): Remove procedure.
* guix/scripts/substitute.scm (progress-report-port): Rewrite in terms of
<progress-reporter>.
(process-substitution): Adjust accordingly.
* guix/build/download.scm (http-fetch): Complete the hard-coded list of HTTP
redirection status codes.
* guix/http-client.scm (http-fetch): Likewise.
* guix/scripts/lint.scm (probe-uri): Likewise.
Reported by Mark H Weaver <mhw@netris.org>
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>.
* guix/build/download.scm (set-certificate-credentials-x509-trust-file!*):
New procedure.
(make-credendials-with-ca-trust-files): Use it instead of
'set-certificate-credentials-x509-trust-file!'.
This allows us to download from site such as
<https://fusionforge.int-evry.fr> where the server does not recognize
the server name passed via the 'server_name' extension.
* guix/build/download.scm (tls-wrap): Catch 'gnutls-error' around
'handshake'. Upon ERROR/WARNING-ALERT-RECEIVED, print a message and
call 'handshake'.
Fixes a regression introduced in
a4f5423415.
Reported by Hartmut Goebel.
* guix/build/download.scm (ftp-fetch): Account for the case where
'uri-userinfo' returns #f. Remove the case where it returns "" since
that cannot happen.
Ludovic Courtès
Timothy Sample
Marius Bakke
宋文武
Maxim Cournoyer
Eric Bavier
Tobias Geerinckx-Rice
Roel Janssen