guix_mirror_bot pushed a commit to branch master
in repository guix.
commit faed4b5306472fb23504e2214291ce4baf49b40a
Author: Nguyễn Gia Phong <[email protected]>
AuthorDate: Thu Jun 4 15:26:10 2026 +0900
build: download-nar: Make certificate verification optional.
* guix/build/download-nar.scm (download-nar): Add #:verify-certificate?
option to be passed to (guix build download)'s http-fetch.
Merges: https://codeberg.org/guix/guix/pulls/9072
Reviewed-by: Ludovic Courtès <[email protected]>
---
guix/build/download-nar.scm | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/guix/build/download-nar.scm b/guix/build/download-nar.scm
index f26ad28cd0..e1153e2027 100644
--- a/guix/build/download-nar.scm
+++ b/guix/build/download-nar.scm
@@ -57,9 +57,11 @@ ITEM."
(restore-file decompressed-port
item))))
-(define* (download-nar item #:optional (output item))
+(define* (download-nar item #:optional (output item)
+ #:key (verify-certificate? #t))
"Download and extract to OUTPUT the normalized archive for ITEM, a store
-item. Return #t on success, #f otherwise."
+item. Return #t on success, #f otherwise. HTTPS certificates are verified
+when (and only when) VERIFY-CERTIFICATE? is true."
;; Let progress reports go through.
(setvbuf (current-error-port) 'none)
(setvbuf (current-output-port) 'none)
@@ -72,7 +74,8 @@ item. Return #t on success, #f otherwise."
(let-values (((port size)
(catch #t
(lambda ()
- (http-fetch (string->uri url)))
+ (http-fetch (string->uri url)
+ #:verify-certificate?
verify-certificate?))
(lambda (key . args)
(format #t "Unable to fetch from ~a, ~a: ~a~%"
(uri-host (string->uri url))
