M doc/guix.texi => doc/guix.texi +10 -2
@@ 4771,15 4771,23 @@ GnuTLS-Guile}, for more information.
@command{guix download} verifies HTTPS server certificates by loading
the certificates of X.509 authorities from the directory pointed to by
the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
-Certificates}).
+Certificates}), unless @option{--no-check-certificate} is used.
-The following option is available:
+The following options are available:
@table @code
@item --format=@var{fmt}
@itemx -f @var{fmt}
Write the hash in the format specified by @var{fmt}. For more
information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
+
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
+
@end table
@node Invoking guix hash
M guix/download.scm => guix/download.scm +8 -3
@@ 434,10 434,12 @@ own. This helper makes it easier to deal with \"tar bombs\"."
#:local-build? #t)))
(define* (download-to-store store url #:optional (name (basename url))
- #:key (log (current-error-port)) recursive?)
+ #:key (log (current-error-port)) recursive?
+ (verify-certificate? #t))
"Download from URL to STORE, either under NAME or URL's basename if
omitted. Write progress reports to LOG. RECURSIVE? has the same effect as
-the same-named parameter of 'add-to-store'."
+the same-named parameter of 'add-to-store'. VERIFY-CERTIFICATE? determines
+whether or not to validate HTTPS server certificates."
(define uri
(string->uri url))
@@ 448,7 450,10 @@ the same-named parameter of 'add-to-store'."
(lambda (temp port)
(let ((result
(parameterize ((current-output-port log))
- (build:url-fetch url temp #:mirrors %mirrors))))
+ (build:url-fetch url temp
+ #:mirrors %mirrors
+ #:verify-certificate?
+ verify-certificate?))))
(close port)
(and result
(add-to-store store name recursive? "sha256" temp)))))))
M guix/scripts/download.scm => guix/scripts/download.scm +12 -2
@@ 41,7 41,8 @@
(define %default-options
;; Alist of default option values.
- `((format . ,bytevector->nix-base32-string)))
+ `((format . ,bytevector->nix-base32-string)
+ (verify-certificate? . #t)))
(define (show-help)
(display (_ "Usage: guix download [OPTION] URL
@@ 52,6 53,9 @@ Supported formats: 'nix-base32' (default), 'base32', and 'base16'
('hex' and 'hexadecimal' can be used as well).\n"))
(format #t (_ "
-f, --format=FMT write the hash in the given format"))
+ (format #t (_ "
+ --no-check-certificate
+ do not validate the certificate of HTTPS servers "))
(newline)
(display (_ "
-h, --help display this help and exit"))
@@ 77,6 81,9 @@ Supported formats: 'nix-base32' (default), 'base32', and 'base16'
(alist-cons 'format fmt-proc
(alist-delete 'format result))))
+ (option '("no-check-certificate") #f #f
+ (lambda (opt name arg result)
+ (alist-cons 'verify-certificate? #f result)))
(option '(#\h "help") #f #f
(lambda args
@@ 120,7 127,10 @@ Supported formats: 'nix-base32' (default), 'base32', and 'base16'
(parameterize ((current-terminal-columns
(terminal-columns)))
(download-to-store store (uri->string uri)
- (basename (uri-path uri)))))))
+ (basename (uri-path uri))
+ #:verify-certificate?
+ (assoc-ref opts
+ 'verify-certificate?))))))
(hash (call-with-input-file
(or path
(leave (_ "~a: download failed~%")