guix/guix/download.scm
Maxim Cournoyer bdaef69556
gnu-maintenance: Allow mirror URLs to fallback to the generic HTML updater.
* guix/gnu-maintenance.scm (http-url?): Extract from html-updatable-package?,
modify to return the HTTP URL, and support the mirror:// scheme.
(%disallowed-hosting-sites): New variable, extracted from
html-updatable-package.
(html-updatable-package?): Rewrite a mirror:// URL to an HTTP or HTTPS one.
* guix/download.scm (%mirrors): Update comment.
2023-08-26 11:38:56 -04:00

669 lines
29 KiB
Scheme
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016, 2017, 2020, 2022 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Guy Fleury Iteriteka <hoonandon@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix download)
#:use-module (ice-9 match)
#:use-module (guix derivations)
#:use-module (guix packages)
#:use-module (guix store)
#:autoload (guix build download) (url-fetch)
#:use-module (guix monads)
#:use-module (guix gexp)
#:use-module (guix utils)
#:use-module (web uri)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:export (%mirrors
%disarchive-mirrors
%download-fallback-test
(url-fetch* . url-fetch)
url-fetch/executable
url-fetch/tarbomb
url-fetch/zipbomb
download-to-store))
;;; Commentary:
;;;
;;; Produce fixed-output derivations with data fetched over HTTP or FTP.
;;;
;;; Code:
(define %mirrors
;; Mirror lists used when `mirror://' URLs are passed. The first mirror
;; entry of each set should ideally be the most authoritative one, as that's
;; what the generic HTML updater will pick to look for updates, with
;; possible exceptions when the authoritative mirror is too slow.
(let* ((gnu-mirrors
'(;; This one redirects to a (supposedly) nearby and (supposedly)
;; up-to-date mirror.
"https://ftpmirror.gnu.org/gnu/"
"ftp://ftp.cs.tu-berlin.de/pub/gnu/"
"ftp://ftp.funet.fi/pub/mirrors/ftp.gnu.org/gnu/"
;; This one is the master repository, and thus it's always
;; up-to-date.
"http://ftp.gnu.org/pub/gnu/")))
`((gnu ,@gnu-mirrors)
(gcc
"ftp://ftp.nluug.nl/mirror/languages/gcc/"
"ftp://ftp.fu-berlin.de/unix/languages/gcc/"
"ftp://ftp.irisa.fr/pub/mirrors/gcc.gnu.org/gcc/"
"ftp://gcc.gnu.org/pub/gcc/"
,@(map (cut string-append <> "/gcc") gnu-mirrors))
(gnupg
"http://artfiles.org/gnupg.org"
"http://www.crysys.hu/"
"https://gnupg.org/ftp/gcrypt/"
"ftp://mirrors.dotsrc.org/gcrypt/"
"ftp://mirror.cict.fr/gnupg/"
"ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/"
"ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/"
"ftp://ftp.hi.is/pub/mirrors/gnupg/"
"ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/"
"ftp://ftp.bit.nl/mirror/gnupg/"
"ftp://ftp.surfnet.nl/pub/security/gnupg/"
"ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/"
"ftp://ftp.sunet.se/pub/security/gnupg/"
"ftp://mirror.switch.ch/mirror/gnupg/"
"ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/"
"ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/"
"ftp://ftp.ring.gr.jp/pub/net/gnupg/"
"ftp://ftp.gnupg.org/gcrypt/")
(gnome
"https://download.gnome.org/"
"http://ftp.gnome.org/pub/GNOME/")
(hackage
"http://hackage.haskell.org/")
(savannah ; http://download0.savannah.gnu.org/mirmon/savannah/
"https://download.savannah.gnu.org/releases/"
"https://de.freedif.org/savannah/"
"https://ftp.cc.uoc.gr/mirrors/nongnu.org/"
"http://ftp.twaren.net/Unix/NonGNU/" ; https appears unsupported
"https://mirror.csclub.uwaterloo.ca/nongnu/"
"https://nongnu.askapache.com/"
"https://savannah.c3sl.ufpr.br/"
"https://download-mirror.savannah.gnu.org/releases/"
"ftp://ftp.twaren.net/Unix/NonGNU/"
"ftp://mirror.csclub.uwaterloo.ca/nongnu/"
"ftp://mirror.publicns.net/pub/nongnu/"
"ftp://savannah.c3sl.ufpr.br/")
(sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/
"http://downloads.sourceforge.net/project/"
"http://ufpr.dl.sourceforge.net/project/"
"http://freefr.dl.sourceforge.net/project/"
"http://internode.dl.sourceforge.net/project/"
"http://jaist.dl.sourceforge.net/project/"
"http://liquidtelecom.dl.sourceforge.net/project/"
;; "http://nbtelecom.dl.sourceforge.net/project/" ;never returns 404s
"http://nchc.dl.sourceforge.net/project/"
"http://netcologne.dl.sourceforge.net/project/"
"http://netix.dl.sourceforge.net/project/"
"http://pilotfiber.dl.sourceforge.net/project/"
"http://tenet.dl.sourceforge.net/project/")
(netfilter.org ; https://www.netfilter.org/mirrors.html
"http://ftp.netfilter.org/pub/"
"ftp://ftp.es.netfilter.org/mirrors/netfilter/"
"ftp://ftp.hu.netfilter.org/"
"ftp://www.lt.netfilter.org/pub/")
(kernel.org
"http://linux-kernel.uio.no/pub/"
"http://ftp.be.debian.org/pub/"
"https://mirrors.edge.kernel.org/pub/"
"ftp://ftp.funet.fi/pub/mirrors/ftp.kernel.org/pub/")
(apache ; from http://www.apache.org/mirrors/dist.html
"http://www.eu.apache.org/dist/"
"http://www.us.apache.org/dist/"
"https://ftp.nluug.nl/internet/apache/"
"http://apache.mirror.iweb.ca/"
"http://mirrors.ircam.fr/pub/apache/"
"http://apache.mirrors.ovh.net/ftp.apache.org/dist/"
"http://apache-mirror.rbc.ru/pub/apache/"
"ftp://ftp.osuosl.org/pub/apache/"
"http://mirrors.ibiblio.org/apache/"
;; As a last resort, try the archive.
"http://archive.apache.org/dist/")
(xorg ; from http://www.x.org/wiki/Releases/Download
"http://www.x.org/releases/" ; main mirrors
"http://mirror.csclub.uwaterloo.ca/x.org/" ; North America
"http://xorg.mirrors.pair.com/"
"ftp://mirror.csclub.uwaterloo.ca/x.org/"
"ftp://xorg.mirrors.pair.com/"
"ftp://artfiles.org/x.org/" ; Europe
"ftp://ftp.chg.ru/pub/X11/x.org/"
"ftp://ftp.fu-berlin.de/unix/X11/FTP.X.ORG/"
"ftp://ftp.gwdg.de/pub/x11/x.org/"
"ftp://ftp.mirrorservice.org/sites/ftp.x.org/"
"ftp://ftp.ntua.gr/pub/X11/"
"ftp://ftp.piotrkosoft.net/pub/mirrors/ftp.x.org/"
"ftp://ftp.portal-to-web.de/pub/mirrors/x.org/"
"ftp://ftp.solnet.ch/mirror/x.org/"
"ftp://mi.mirror.garr.it/mirrors/x.org/"
"ftp://mirror.cict.fr/x.org/"
"ftp://mirror.switch.ch/mirror/X11/"
"ftp://mirrors.ircam.fr/pub/x.org/"
"ftp://x.mirrors.skynet.be/pub/ftp.x.org/"
"ftp://ftp.cs.cuhk.edu.hk/pub/X11" ; East Asia
"ftp://ftp.u-aizu.ac.jp/pub/x11/x.org/"
"ftp://ftp.yz.yamagata-u.ac.jp/pub/X11/x.org/"
"ftp://ftp.kaist.ac.kr/x.org/"
"ftp://mirrors.go-part.com/xorg/"
"ftp://ftp.is.co.za/pub/x.org") ; South Africa
(cpan
"http://www.cpan.org/"
"http://cpan.metacpan.org/"
;; A selection of HTTP mirrors from http://www.cpan.org/SITES.html.
;; Europe.
"http://ftp.belnet.be/mirror/ftp.cpan.org/"
"http://mirrors.nic.cz/CPAN/"
"http://mirror.ibcp.fr/pub/CPAN/"
"http://ftp.ntua.gr/pub/lang/perl/"
"http://mirror.as43289.net/pub/CPAN/"
"http://cpan.cs.uu.nl/"
"http://cpan.uib.no/"
"http://cpan-mirror.rbc.ru/pub/CPAN/"
"http://mirror.sbb.rs/CPAN/"
"http://cpan.lnx.sk/"
"http://ftp.rediris.es/mirror/CPAN/"
"http://mirror.ox.ac.uk/sites/www.cpan.org/"
;; Africa.
"http://mirror.liquidtelecom.com/CPAN/"
"http://cpan.mirror.ac.za/"
"http://mirror.is.co.za/pub/cpan/"
"http://cpan.saix.net/"
"http://mirror.ucu.ac.ug/cpan/"
;; North America.
"http://mirrors.gossamer-threads.com/CPAN/"
"http://mirror.csclub.uwaterloo.ca/CPAN/"
"http://mirrors.ucr.ac.cr/CPAN/"
"http://www.msg.com.mx/CPAN/"
"http://mirrors.namecheap.com/CPAN/"
"http://mirror.uic.edu/CPAN/"
"http://mirror.datapipe.net/CPAN/"
"http://mirror.cc.columbia.edu/pub/software/cpan/"
"http://mirror.uta.edu/CPAN/"
;; South America.
"http://cpan.mmgdesigns.com.ar/"
"http://mirror.nbtelecom.com.br/CPAN/"
"http://linorg.usp.br/CPAN/"
"http://cpan.dcc.uchile.cl/"
"http://mirror.cedia.org.ec/CPAN/"
;; Oceania.
"http://cpan.mirror.serversaustralia.com.au/"
"http://mirror.waia.asn.au/pub/cpan/"
"http://mirror.as24220.net/pub/cpan/"
"http://cpan.lagoon.nc/pub/CPAN/"
"http://cpan.inspire.net.nz/"
;; Asia.
"http://mirror.dhakacom.com/CPAN/"
"http://mirrors.ustc.edu.cn/CPAN/"
"http://ftp.cuhk.edu.hk/pub/packages/perl/CPAN/"
"http://kambing.ui.ac.id/cpan/"
"http://cpan.hostiran.ir/"
"http://ftp.nara.wide.ad.jp/pub/CPAN/"
"http://mirror.neolabs.kz/CPAN/"
"http://cpan.nctu.edu.tw/"
"http://cpan.ulak.net.tr/"
"http://mirrors.vinahost.vn/CPAN/")
(cran
;; Arbitrary mirrors from http://cran.r-project.org/mirrors.html
;; This one automatically redirects to servers worldwide
"http://cran.r-project.org/"
"http://cran.rstudio.com/"
"http://cran.univ-lyon1.fr/"
"http://cran.ism.ac.jp/"
"http://cran.stat.auckland.ac.nz/"
"http://cran.mirror.ac.za/"
"http://cran.csie.ntu.edu.tw/")
(ctan
;; This is the CTAN mirror multiplexor service, which automatically
;; redirect to a mirror in or close to the country of the requester
;; (see: https://ctan.org/mirrors/).
"https://mirror.ctan.org/")
(imagemagick
;; from http://www.imagemagick.org/script/download.php
;; (without mirrors that are unavailable or not up to date)
"https://sunsite.icm.edu.pl/packages/ImageMagick/releases"
"http://mirror.checkdomain.de/imagemagick/releases"
"ftp://ftp.u-aizu.ac.jp/pub/graphics/image/ImageMagick/imagemagick.org/releases"
"ftp://ftp.nluug.nl/pub/ImageMagick/"
"http://www.imagemagick.org/download/releases/"
;; Try this if all else fails (normally contains just the latest version).
"http://www.imagemagick.org/download/")
(debian
"http://ftp.de.debian.org/debian/"
"http://ftp.fr.debian.org/debian/"
"http://ftp.debian.org/debian/"
"http://archive.debian.org/debian/")
(kde
"https://download.kde.org/"
"https://download.kde.org/Attic/" ; for when it gets archived.
;; I could not find the classic static mirror list anymore. Instead,
;; add .mirrorlist to the end of a recent download.kde.org tarball URL.
;; Europe
"https://mirrors.xtom.de/kde/"
"https://mirror.lyrahosting.com/pub/kde/"
"https://mirrors.xtom.nl/kde/"
"https://mirror.hs-esslingen.de/Mirrors/ftp.kde.org/pub/kde/"
"https://mirror.kumi.systems/kde/ftp/"
"https://mirrors.ircam.fr/pub/KDE/"
"https://ftp.gwdg.de/pub/linux/kde/"
"https://mirrors.gethosted.online/kde/pub/kde/"
"https://fr2.rpmfind.net/linux/KDE/"
"https://mirror.faigner.de/kde/ftp/"
"https://www.mirrorservice.org/sites/download.kde.org/"
"https://mirrors.ukfast.co.uk/sites/kde.org/ftp/"
"https://mirrors.dotsrc.org/kde/"
"http://kde.mirror.anlx.net/"
"https://mirror.karneval.cz/pub/kde/"
"https://ftp.fi.muni.cz/pub/kde/"
"https://www-ftp.lip6.fr/pub/X11/kde/"
"https://ftp.icm.edu.pl/pub/unix/kde/"
"https://kde.mirror.garr.it/kde/ftp/"
"https://ftp.acc.umu.se/mirror/kde.org/ftp/"
"https://mirrors.up.pt/pub/kde/"
"https://mirrors.nav.ro/kde/"
"https://mirrors.xtom.ee/kde/"
"https://ftp.funet.fi/pub/mirrors/ftp.kde.org/pub/kde/"
"https://kde.ip-connect.vn.ua/"
"https://mirrors.netix.net/kde/"
"https://ftp.cc.uoc.gr/mirrors/kde/"
;; North America
"https://mirror.its.dal.ca/kde/"
"https://nnenix.mm.fcix.net/kdeftp/"
"https://mirrors.mit.edu/kde/"
"https://mirror.csclub.uwaterloo.ca/kde/"
"https://mirror.fcix.net/kdeftp/"
"https://mirrors.ocf.berkeley.edu/kde/"
"https://mirrors.xtom.com/kde/"
;; South America
"https://kde.c3sl.ufpr.br/"
;; Asia
"https://mirrors.bfsu.edu.cn/kde/"
"https://ftp-srv2.kddi-research.jp/pub/X11/kde/"
"https://mirrors.xtom.jp/kde/"
"https://mirrors.xtom.hk/kde/"
;; Africa
"http://mirror.retentionrange.co.bw/kde/"
;; Oceania
"https://mirrors.xtom.au/kde/")
(openbsd
"https://ftp.openbsd.org/pub/OpenBSD/"
;; Anycast CDN redirecting to your friendly local mirror.
"https://mirrors.evowise.com/pub/OpenBSD/"
;; Other HTTPS mirrors from https://www.openbsd.org/ftp.html
"https://mirror.aarnet.edu.au/pub/OpenBSD/"
"https://ftp2.eu.openbsd.org/pub/OpenBSD/"
"https://openbsd.c3sl.ufpr.br/pub/OpenBSD/"
"https://openbsd.ipacct.com/pub/OpenBSD/"
"https://ftp.OpenBSD.org/pub/OpenBSD/"
"https://openbsd.cs.toronto.edu/pub/OpenBSD/"
"https://openbsd.delfic.org/pub/OpenBSD/"
"https://openbsd.mirror.netelligent.ca/pub/OpenBSD/"
"https://mirrors.ucr.ac.cr/pub/OpenBSD/"
"https://mirrors.dotsrc.org/pub/OpenBSD/"
"https://mirror.one.com/pub/OpenBSD/"
"https://ftp.fr.openbsd.org/pub/OpenBSD/"
"https://ftp2.fr.openbsd.org/pub/OpenBSD/"
"https://mirrors.ircam.fr/pub/OpenBSD/"
"https://ftp.spline.de/pub/OpenBSD/"
"https://mirror.hs-esslingen.de/pub/OpenBSD/"
"https://ftp.halifax.rwth-aachen.de/openbsd/"
"https://ftp.hostserver.de/pub/OpenBSD/"
"https://ftp.fau.de/pub/OpenBSD/"
"https://ftp.cc.uoc.gr/pub/OpenBSD/"
"https://openbsd.hk/pub/OpenBSD/"
"https://ftp.heanet.ie/pub/OpenBSD/"
"https://openbsd.mirror.garr.it/pub/OpenBSD/"
"https://mirror.litnet.lt/pub/OpenBSD/"
"https://mirror.meerval.net/pub/OpenBSD/"
"https://ftp.nluug.nl/pub/OpenBSD/"
"https://ftp.bit.nl/pub/OpenBSD/"
"https://mirrors.dalenys.com/pub/OpenBSD/"
"https://ftp.icm.edu.pl/pub/OpenBSD/"
"https://ftp.rnl.tecnico.ulisboa.pt/pub/OpenBSD/"
"https://mirrors.pidginhost.com/pub/OpenBSD/"
"https://mirror.yandex.ru/pub/OpenBSD/"
"https://ftp.eu.openbsd.org/pub/OpenBSD/"
"https://ftp.yzu.edu.tw/pub/OpenBSD/"
"https://www.mirrorservice.org/pub/OpenBSD/"
"https://anorien.csc.warwick.ac.uk/pub/OpenBSD/"
"https://mirror.bytemark.co.uk/pub/OpenBSD/"
"https://mirrors.sonic.net/pub/OpenBSD/"
"https://ftp3.usa.openbsd.org/pub/OpenBSD/"
"https://mirrors.syringanetworks.net/pub/OpenBSD/"
"https://openbsd.mirror.constant.com/pub/OpenBSD/"
"https://ftp4.usa.openbsd.org/pub/OpenBSD/"
"https://ftp5.usa.openbsd.org/pub/OpenBSD/"
"https://mirror.esc7.net/pub/OpenBSD/")
(mate
"https://pub.mate-desktop.org/releases/"
"http://pub.mate-desktop.org/releases/")
(qt
"https://mirrors.ocf.berkeley.edu/qt/official_releases/"
"https://ftp.jaist.ac.jp/pub/qtproject/official_releases/"
"https://ftp.nluug.nl/languages/qt/official_releases/"
"https://mirrors.cloud.tencent.com/qt/official_releases/"
"https://mirrors.sjtug.sjtu.edu.cn/qt/official_releases/"
"https://qtproject.mirror.liquidtelecom.com/official_releases/"
"https://download.qt.io/official_releases/")))) ;slow
(define %mirror-file
;; Copy of the list of mirrors to a file. This allows us to keep a single
;; copy in the store, and computing it here avoids repeated calls to
;; 'object->string'.
(plain-file "mirrors" (object->string %mirrors)))
(define %content-addressed-mirrors
;; List of content-addressed mirrors. Each mirror is represented as a
;; procedure that takes a file name, an algorithm (symbol) and a hash
;; (bytevector), and returns a URL or #f.
'(begin
(use-modules (guix base16) (guix base32))
(define (guix-publish host)
(lambda (file algo hash)
;; Files served by 'guix publish' are accessible under a single
;; hash algorithm.
(string-append "https://" host "/file/"
file "/" (symbol->string algo) "/"
(bytevector->nix-base32-string hash))))
(list (guix-publish
;; bordeaux.guix.gnu.org uses the nar-herder rather than guix
;; publish, but it supports the same style of requests
"bordeaux.guix.gnu.org")
(guix-publish "ci.guix.gnu.org")
(lambda (file algo hash)
;; 'tarballs.nixos.org' supports several algorithms.
(string-append "https://tarballs.nixos.org/"
(symbol->string algo) "/"
(bytevector->nix-base32-string hash)))
(lambda (file algo hash)
;; Software Heritage usually archives VCS history rather than
;; tarballs, but tarballs are sometimes available (and can be
;; explicitly stored there.) For example, see
;; <https://archive.softwareheritage.org/api/1/content/sha256:92d0fa1c311cacefa89853bdb53c62f4110cdfda3820346b59cbd098f40f955e/>.
(string-append "https://archive.softwareheritage.org/api/1/content/"
(symbol->string algo) ":"
(bytevector->base16-string hash) "/raw/")))))
(define %content-addressed-mirror-file
;; Content-addressed mirrors stored in a file.
(plain-file "content-addressed-mirrors"
(object->string %content-addressed-mirrors)))
(define %no-mirrors-file
;; File specifying an empty list of mirrors, for fallback tests.
(plain-file "no-content-addressed-mirrors" (object->string ''())))
(define %disarchive-mirrors
;; TODO: Eventually turn into a procedure that takes a hash algorithm
;; (symbol) and hash (bytevector).
'("https://disarchive.guix.gnu.org/"
"https://disarchive.ngyro.com/"))
(define %disarchive-mirror-file
(plain-file "disarchive-mirrors" (object->string %disarchive-mirrors)))
(define %no-disarchive-mirrors-file
;; File specifying an empty list of Disarchive mirrors, for fallback tests.
(plain-file "no-disarchive-mirrors" (object->string '())))
(define built-in-builders*
(store-lift built-in-builders))
(define* (built-in-download file-name url
#:key system hash-algo hash
mirrors content-addressed-mirrors
disarchive-mirrors
executable?
(guile 'unused))
"Download FILE-NAME from URL using the built-in 'download' builder. When
EXECUTABLE? is true, make the downloaded file executable.
This is an \"out-of-band\" download in that the returned derivation does not
explicitly depend on Guile, GnuTLS, etc. Instead, the daemon performs the
download by itself using its own dependencies."
(mlet %store-monad ((mirrors (lower-object mirrors))
(content-addressed-mirrors
(lower-object content-addressed-mirrors))
(disarchive-mirrors (lower-object disarchive-mirrors)))
(raw-derivation file-name "builtin:download" '()
#:system system
#:hash-algo hash-algo
#:hash hash
#:recursive? executable?
#:sources (list mirrors
content-addressed-mirrors
disarchive-mirrors)
;; Honor the user's proxy and locale settings.
#:leaked-env-vars '("http_proxy" "https_proxy"
"LC_ALL" "LC_MESSAGES" "LANG"
"COLUMNS")
#:env-vars `(("url" . ,(object->string url))
("mirrors" . ,mirrors)
("content-addressed-mirrors"
. ,content-addressed-mirrors)
("disarchive-mirrors" . ,disarchive-mirrors)
,@(if executable?
'(("executable" . "1"))
'()))
;; Do not offload this derivation because we cannot be
;; sure that the remote daemon supports the 'download'
;; built-in. We may remove this limitation when support
;; for that built-in is widespread.
#:local-build? #t)))
(define %download-fallback-test
;; Define whether to test one of the download fallback mechanism. Possible
;; values are:
;;
;; - #f, to use the normal download methods, not trying to exercise the
;; fallback mechanism;
;;
;; - 'none, to disable all the fallback mechanisms;
;;
;; - 'content-addressed-mirrors, to purposefully attempt to download from
;; a content-addressed mirror;
;;
;; - 'disarchive-mirrors, to download from Disarchive + Software Heritage.
;;
;; This is meant to be used for testing purposes.
(make-parameter (and=> (getenv "GUIX_DOWNLOAD_FALLBACK_TEST")
string->symbol)))
(define* (url-fetch* url hash-algo hash
#:optional name
#:key (system (%current-system))
(guile (default-guile))
executable?)
"Return a fixed-output derivation that fetches data from URL (a string, or a
list of strings denoting alternate URLs), which is expected to have hash HASH
of type HASH-ALGO (a symbol). By default, the file name is the base name of
URL; optionally, NAME can specify a different file name. When EXECUTABLE? is
true, make the downloaded file executable.
When one of the URL starts with mirror://, then its host part is
interpreted as the name of a mirror scheme, taken from %MIRROR-FILE.
Alternatively, when URL starts with file://, return the corresponding file
name in the store."
(define file-name
(match url
((head _ ...)
(basename head))
(_
(basename url))))
(let ((uri (and (string? url) (string->uri url))))
(if (or (and (string? url) (not uri))
(and uri (memq (uri-scheme uri) '(#f file))))
(interned-file (if uri (uri-path uri) url)
(or name file-name))
(mlet %store-monad ((builtins (built-in-builders*)))
;; The "download" built-in builder was added in guix-daemon in
;; Nov. 2016 and made it in the 0.12.0 release of Dec. 2016. We now
;; require it.
(unless (member "download" builtins)
(error "'guix-daemon' is too old, please upgrade" builtins))
(built-in-download (or name file-name)
(match (%download-fallback-test)
((or #f 'none) url)
(_ "https://example.org/does-not-exist"))
#:guile guile
#:system system
#:hash-algo hash-algo
#:hash hash
#:executable? executable?
#:mirrors %mirror-file
#:content-addressed-mirrors
(match (%download-fallback-test)
((or #f 'content-addressed-mirrors)
%content-addressed-mirror-file)
(_ %no-mirrors-file))
#:disarchive-mirrors
(match (%download-fallback-test)
((or #f 'disarchive-mirrors)
%disarchive-mirror-file)
(_ %no-disarchive-mirrors-file)))))))
(define* (url-fetch/executable url hash-algo hash
#:optional name
#:key (system (%current-system))
(guile (default-guile)))
"Like 'url-fetch', but make the downloaded file executable."
(url-fetch* url hash-algo hash name
#:system system
#:guile guile
#:executable? #t))
(define* (url-fetch/tarbomb url hash-algo hash
#:optional name
#:key (system (%current-system))
(guile (default-guile)))
"Similar to 'url-fetch' but unpack the file from URL in a directory of its
own. This helper makes it easier to deal with \"tar bombs\"."
(define file-name
(match url
((head _ ...)
(basename head))
(_
(basename url))))
(define gzip
(module-ref (resolve-interface '(gnu packages compression)) 'gzip))
(define tar
(module-ref (resolve-interface '(gnu packages base)) 'tar))
(mlet %store-monad ((drv (url-fetch* url hash-algo hash
(string-append "tarbomb-"
(or name file-name))
#:system system
#:guile guile))
(guile (package->derivation guile system)))
;; Take the tar bomb, and simply unpack it as a directory.
;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
(gexp->derivation (or name file-name)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(mkdir #$output)
(setenv "PATH" (string-append #+gzip "/bin"))
(chdir #$output)
(invoke (string-append #+tar "/bin/tar")
"xf" #$drv)))
#:system system
#:guile-for-build guile
#:graft? #f
#:local-build? #t)))
(define* (url-fetch/zipbomb url hash-algo hash
#:optional name
#:key (system (%current-system))
(guile (default-guile)))
"Similar to 'url-fetch' but unpack the zip file at URL in a directory of its
own. This helper makes it easier to deal with \"zip bombs\"."
(define file-name
(match url
((head _ ...)
(basename head))
(_
(basename url))))
(define unzip
(module-ref (resolve-interface '(gnu packages compression)) 'unzip))
(mlet %store-monad ((drv (url-fetch* url hash-algo hash
(string-append "zipbomb-"
(or name file-name))
#:system system
#:guile guile))
(guile (package->derivation guile system)))
;; Take the zip bomb, and simply unpack it as a directory.
;; Use ungrafted unzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
(gexp->derivation (or name file-name)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(mkdir #$output)
(chdir #$output)
(invoke (string-append #+unzip "/bin/unzip")
#$drv)))
#:system system
#:guile-for-build guile
#:graft? #f
#:local-build? #t)))
(define* (download-to-store store url #:optional (name (basename url))
#:key (log (current-error-port)) recursive?
(verify-certificate? #t))
"Download from URL to STORE, either under NAME or URL's basename if
omitted. Write progress reports to LOG. RECURSIVE? has the same effect as
the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines
whether or not to validate HTTPS server certificates."
(define uri
(string->uri url))
(if (or (not uri) (memq (uri-scheme uri) '(file #f)))
(add-to-store store name recursive? "sha256"
(if uri (uri-path uri) url))
(call-with-temporary-output-file
(lambda (temp port)
(let ((result
(parameterize ((current-output-port log))
(url-fetch url temp
#:mirrors %mirrors
#:verify-certificate? verify-certificate?))))
(close port)
(and result
(add-to-store store name recursive? "sha256" temp)))))))
;;; download.scm ends here