guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 5c6c1eb419e70810dec3615b254219f9d32e215d
Author: Nguyễn Gia Phong <[email protected]>
AuthorDate: Thu Jun 4 15:34:34 2026 +0900
*-download: Disable certificate verification.
* guix/android-repo-download.scm (android-repo-fetch):
Pass #:verify-certificate? #f to download-nar.
* guix/bzr-download.scm (bzr-fetch): Likewise.
* guix/cvs-download.scm (cvs-fetch): Likewise.
* guix/hg-download.scm (hg-fetch): Likewise.
* guix/svn-download.scm (svn-fetch): Likewise.
* guix/fossil-download.scm (fossil-fetch): Likewise.
Merges: https://codeberg.org/guix/guix/pulls/9072
Reviewed-by: Ludovic Courtès <[email protected]>
---
guix/android-repo-download.scm | 2 +-
guix/bzr-download.scm | 2 +-
guix/cvs-download.scm | 2 +-
guix/fossil-download.scm | 2 +-
guix/hg-download.scm | 6 +++---
guix/svn-download.scm | 4 ++--
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/guix/android-repo-download.scm b/guix/android-repo-download.scm
index 9a134c269a..7b63d388fc 100644
--- a/guix/android-repo-download.scm
+++ b/guix/android-repo-download.scm
@@ -125,7 +125,7 @@ generic name if unset."
#$output
#:git-repo-command
(string-append #+git-repo "/bin/repo"))
- (download-nar #$output))))))
+ (download-nar #$output #:verify-certificate? #f))))))
(mlet %store-monad ((guile (package->derivation guile system)))
(gexp->derivation (or name "android-repo-checkout") build
diff --git a/guix/bzr-download.scm b/guix/bzr-download.scm
index 382476b22e..cdd7f43139 100644
--- a/guix/bzr-download.scm
+++ b/guix/bzr-download.scm
@@ -91,7 +91,7 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a
generic name if #f."
#:bzr-command
(string-append #+bzr "/bin/brz"))))
(and (download-method-enabled? 'nar)
- (download-nar #$output)))))))
+ (download-nar #$output #:verify-certificate? #f)))))))
(mlet %store-monad ((guile (package->derivation guile system)))
(gexp->derivation (or name "bzr-branch") build
diff --git a/guix/cvs-download.scm b/guix/cvs-download.scm
index 068f284a45..7d7d741b71 100644
--- a/guix/cvs-download.scm
+++ b/guix/cvs-download.scm
@@ -98,7 +98,7 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a
generic name if #f."
#:cvs-command
#+(file-append cvs "/bin/cvs")))
(and (download-method-enabled? 'nar)
- (download-nar #$output))
+ (download-nar #$output #:verify-certificate? #f))
(and (download-method-enabled? 'swh)
(parameterize ((%verify-swh-certificate? #f))
(swh-download-directory-by-nar-hash
diff --git a/guix/fossil-download.scm b/guix/fossil-download.scm
index 792fb4776e..c8eeb0c7f8 100644
--- a/guix/fossil-download.scm
+++ b/guix/fossil-download.scm
@@ -117,7 +117,7 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a
generic name if #f."
#+(file-append fossil "/bin/fossil"))
(try other-download-methods)))
(('nar other-download-methods ...)
- (or (download-nar #$output)
+ (or (download-nar #$output #:verify-certificate? #f)
(try other-download-methods)))
((archive other-download-methods ...)
(or (fossil-fetch-url #$uri #$check-in #$output
diff --git a/guix/hg-download.scm b/guix/hg-download.scm
index df48ed6eb7..ce13a158c0 100644
--- a/guix/hg-download.scm
+++ b/guix/hg-download.scm
@@ -109,11 +109,11 @@
(getenv "hg ref changeset")
#$output
#:hg-command (string-append #+hg "/bin/hg")))
- (and (download-method-enabled? 'nar)
- (download-nar #$output))
- ;; As a last resort, attempt to download from Software Heritage.
;; Disable X.509 certificate verification to avoid depending
;; on nss-certs--we're authenticating the checkout anyway.
+ (and (download-method-enabled? 'nar)
+ (download-nar #$output #:verify-certificate? #f))
+ ;; As a last resort, attempt to download from Software Heritage.
(and (download-method-enabled? 'swh)
(parameterize ((%verify-swh-certificate? #f))
(format (current-error-port)
diff --git a/guix/svn-download.scm b/guix/svn-download.scm
index f99a326f0b..81a98b1121 100644
--- a/guix/svn-download.scm
+++ b/guix/svn-download.scm
@@ -123,7 +123,7 @@
#:user-name (getenv "svn user name")
#:password (getenv "svn password")))
(and (download-method-enabled? 'nar)
- (download-nar #$output))
+ (download-nar #$output #:verify-certificate? #f))
(and (download-method-enabled? 'swh)
(parameterize ((%verify-swh-certificate? #f))
(swh-download-directory-by-nar-hash
@@ -257,7 +257,7 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a
generic name if #f."
(when (file-exists? #$output)
(delete-file-recursively #$output))
(or (and (download-method-enabled? 'nar)
- (download-nar #$output))
+ (download-nar #$output #:verify-certificate? #f))
(and (download-method-enabled? 'swh)
;; SWH keeps HASH as an ExtID for the combination
;; of files/directories, which allows us to
